Skip to content
Tips for Tech

Tech Alert Briefing for 2/16/2006

February 16, 2006
Update covering February 9-15, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson reports on massive cyber-testing by Homeland Security.


Jeff Patterson,
BOL GURU

    You'll also learn about:
  • Continuing MS Word worries;
  • The latest US-CERT vulnerabilities list;
  • Gaps in Cisco's IPS;
  • A new IT security tool;
  • Unsecure Treo handheld phones;
  • Holes in wireless router security;
  • Another pandemic planning concern;
  • Cheaper cybercrime; and
  • Homeland Security plans for massive testing.

Get the details below.
Free Secure Instant Messaging White Paper

Introducing
WebEx AIM Pro Business Edition


Osterman Research?s semi-annual tracking survey reveals that IM is found in over 93% of businesses.However, IT departments have a difficult time halting the proliferation of unsecured and unmanaged IM in their organization.

Learn more about securing IM

FREE Webcast: Trends in Commercial Credit Risk Management
Join Harland Financial Solutions for a free Webcast on Trends in Commercial Credit Risk Management. Learn about the relationship between risk and profitability, and how the proposed Basel risk-based capital rules will affect institutions of all sizes. Click here to register! Call 800-815-5592 or email moreinfo@harlandfs.com for details.

Jargon Watch: Zero-day Vulnerabilities
Zero-day vulnerabilities are exploits of discovered vulnerabilities either before the vulnerability is made public or the same day the vulnerability is published.While patches are eventually released (sometimes within a few days), zero-day exploits provide attackers with a window of opportunity to gain unauthorized access to a system or cause a denial of service attack against a system.

A Dozen Microsoft Patches
IT administrators had their Valentine's Day disrupted when Microsoft issued 12 updates to fix 20 security holes, including five zero-day vulnerabilities, the day before.SANS ranks five of the updates with its "Patch Now" rating, making the patches extremely high priorities.Another of the updates fixes a hole in Microsoft's Malware Protection Engine that could allow for remote code execution.

Word Worries Continue
A day after February's Patch Tuesday fixed several flaws in MS Office, Microsoft announced a new zero-day vulnerability in MS Word.This vulnerability affects Office 2000 and Office XP and could allow the attacker to take complete control of the affected systems.It appears network administrators will have to continue blocking those Word documents.

US-CERT Lists 131 Gaps
The US-CERT Vulnerability Summary for the Week of February 5, 2007, lists 66 High severity, 25 Medium and 40 Low severity vulnerabilities.New vulnerabilities were announced in BrightStor ARCServe Backup, Bugzilla, Cold Fusion, Comodo Firewall Pro, the Firefox and Opera web browsers, HP's HP-UX and Tru64 Unix, Intel's 200BG wireless driver, Mambo, PostgreSQL, Samba, Trend Micro's Scan Engine, Yahoo! Messenger, Slackware Linux, and the Linux kernel.

Cisco IPS: Oops
Cisco is warning of multiple vulnerabilities in the Intrusion Prevention System (IPS) features of its Internetwork Operating System.These vulnerabilities could lead to denial-of-service attacks against the institution.InformationWeek has additional information.

EPS: Another IT Security Tool
McAfee and other companies are marketing Extrusion Prevention Systems (EPS) to fill the gap in network-based information protection schemes.Where Intrusion Prevention Systems (IPS) monitor network traffic, EPS systems reside on the desktop and can be used to monitor, log, or block access to specific data.The new systems can disallow copying of selected data to a USB Drive and can enforce information security policies when the computer is not connected to the network.Read Network Computing for the details.

Who's Looking at Your Treo Data?
Palm Treos running the Palm OS have a security flaw that can allow a cyber criminal to access data even if the handheld is locked.Using the "Find" feature of the Treo, anyone can access data, even if the handheld is locked.Find out more in InformationWeek.

Is There a Mis-Router in Your Home?
Cyber criminals have a new attack vector by using malicious web pages against the wireless routers in many users' homes.If the user simply installs the router and doesn't change the default password, a malicious web site can modify the router's firmware and direct the router to a DNS server of the hacker's choosing.This could allow the cyber criminals to trick users into downloading malware as legitimate updates and provides a method for phishers to steal even more bank logins.DLink and Cisco routers have been shown to be vulnerable to this attack.CSOOnline has the entire story.

Another Tweak for Your Pandemic Plan
Experts are warning that the plans of many business and government agencies to keep their operations running in the event of pandemic influenza may not work.Those organizations relying on telecommuting for workers may have their plans disrupted by a bandwidth-choking surge of Internet traffic.Such a surge could require the need for government restrictions on high bandwidth traffic such as videos.Check out ComputerWorld and alter your pandemic planning accordingly.

Cheaper Cybercrime
RSA is reporting that the price of the tools used in cybercrime is dropping.These tools include everything from lists of verified email addresses, user logins, and access to a hacked root server to "super Trojans" to be used to install malware on a victim's computer.This can't be good news for the ever-vigilant security professional.

Homeland Security Test Plans
The Department of Homeland Security is preparing a massive cybersecurity test for early 2008.This test will be used to evaluate both the public and private sectors ability to provide a coordinated response to a massive cyberattack.This test is expected to include more participants than the first Cyber Storm test in February 2006.


Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist

Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.

First published on 02/15/2006

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives