Skip to content
Tips for Tech

Tech Alert Briefing for 2/23/2007

February 23, 2007
Update covering February 16-22, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson reports on potential Chinese hackers.


Jeff Patterson,
BOL GURUYou'll also learn about:

  • Problems with Cisco IP phones;
  • A successful pharming attack on banks;
  • Zero-day exploits on Microsoft Office;
  • Alternatives to the MS Office suite;
  • More Internet Explorer and Firefox bugs;
  • New information on the TJX breach;
  • A critical intrusion detection system flaw;
  • Tips on shutting IT ports and doors;
  • Last week's US-CERT vulnerability list; and
  • New NIST security guides.

Get the details below.
Free Secure Instant Messaging White Paper

Introducing
WebEx AIM Pro Business Edition


Osterman Research?s semi-annual tracking survey reveals that IM is found in over 93% of businesses.However, IT departments have a difficult time halting the proliferation of unsecured and unmanaged IM in their organization.

Learn more about securing IM

FREE Webcast: Trends in Commercial Credit Risk Management
Join Harland Financial Solutions for a free Webcast on Trends in Commercial Credit Risk Management. Learn about the relationship between risk and profitability, and how the proposed Basel risk-based capital rules will affect institutions of all sizes. Click here to register! Call 800-815-5592 or email moreinfo@harlandfs.com for details.

Prediction: China Hacker Haven
FCW reports that Chinese hackers are attacking anything and everything.While most of the attacks appear to be against the U. S. Department of Defense, a recent Chinese white paper suggests that the Chinese government plans to be able to win an "informationized war" by the middle of this century to ensure its freedom of action in international affairs and the ability to influence the global economy.The attacks are believed to be government sponsored.While many may believe these attacks are strictly against the U. S. government, the stated objective to allow the Chinese government to influence the global economy suggests that businesses and financial institutions may be targeted as well.

IP Phones Vulnerable
Cisco announced several vulnerabilities in multiple models of their IP phone group.The vulnerabilities could allow an attacker to change the device's configuration or launch a denial of service attack against the institution relying on the IP telephony products.Read Network Computing and determine what risks may be lurking in your phone system.

Is There a Pharmer in Your Dell?
A large pharming attack was shut down this week, but only after thousands of computers were infected with a Trojan that redirected victims to websites designed to steal login information for at least fifty US, European and Asia-Pacific financial institutions.A bot that allows the attackers to take control of the victim's system may have come in alongside the Trojan.

More Zero-Day Exploit Woes
Following a disturbing pattern, two additional zero-day exploits have been discovered in Microsoft's Office products.At least one virus is actively exploiting the PowerPoint bug.Additional details are available on SecurityFix.

Time to Get Out of the Office?
Network Computing has an excellent article on alternatives to Microsoft Office for IT administrators interested in getting away from the continuing barrage of attacks on Office applications and lowering the total cost involved in each personal computer.

More Browser Bugs
Be careful where you take your computer on the Internet.Additional bugs have been discovered in Microsoft's Internet Explorer and Mozilla's Firefox.One bug that affects both browsers allows malicious websites to steal user data, and another bug in Firefox allows those same sites to modify cookies left by other sites.Read the full story in Silicon.com.

TJX Breach Bigger and Earlier
CNet is running an article that reports the TJX Companies data breach was much more severe than originally thought and started as early as July 2005.Customers who returned goods to stores operated by TJX may have had driver's license information compromised in addition to those whose credit and debit card information was hijacked.

SNORT Gap
A critical flaw was announced in SNORT, one of the most popular intrusion detection systems available.The flaw could allow the computer hosting the software to be compromised or hijacked.A patch is available and users are encouraged to upgrade.CSOOnline has all the details.

Closing Ports and Doors for Security
What are some of the weak links in your network security approach?CSOOnline suggests that USB and Firewire ports are two of the weak links you need to address and provides some examples on software that can be used to shut down the external ports.CSOOnline also warns about smokers who frequently leave back doors unlocked which can allow intruders into the building.

Vulnerability List at 115 Last Week
The US-CERT Vulnerability Summary for the Week of February 12, 2007 lists seventy High severity vulnerabilities including many from last week's Microsoft's patch release, Adobe's Cold Fusion, HP UX, Sun Solaris, and Cisco's Internetwork Operating System.An additional eight Medium and thirty-seven Low severity vulnerabilities were announced.

New Security Guides
The National Institute of Standards and Technology (NIST) has released three new documents.The Guidelines on Electronic Mail Security has been updated to version 2.Also released were the Guide to Intrusion Detection and Prevention Systems and Establishing Wireless Robust Security Networks.Include these guides as must reads for 2007.


Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist

Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.

First published on 02/22/2007

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives