Skip to content
Tips for Tech

Tech Alert Briefing for 3/2/2007

March 2, 2007
Update covering February 23 - March 1, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson reports that March is the Month of PHP Bugs.


Jeff Patterson,
BOL GURUYou'll also learn about:

  • Adding to the list of MS Office 2003 flaws;
  • Mozilla's patch for Firefox holes;
  • Another ActiveX control concern;
  • A worm attack on a Sun Solaris daemon;
  • A concern for Google Desktop users;
  • Weak Vista user controls;
  • An Oracle security alert;
  • The latest US-CERT list;
  • Research on bacterial backups; and
  • Renewed interest in CRM software.

Get the details below.
Free Secure Instant Messaging White Paper

Introducing
WebEx AIM Pro Business Edition


Osterman Research?s semi-annual tracking survey reveals that IM is found in over 93% of businesses.However, IT departments have a difficult time halting the proliferation of unsecured and unmanaged IM in their organization.

Learn more about securing IM

FREE Webcast: Trends in Commercial Credit Risk Management
Join Harland Financial Solutions for a free Webcast on Trends in Commercial Credit Risk Management. Learn about the relationship between risk and profitability, and how the proposed Basel risk-based capital rules will affect institutions of all sizes. Click here to register! Call 800-815-5592 or email moreinfo@harlandfs.com for details.

March - In Like a Lion, Out Like a PHP?
March has been designated the Month of PHP Bugs.The researchers sponsoring the daily list of bugs is planning on releasing a new bug in the PHP core each day of the month.If you develop with PHP, you need to keep an eye on this list of bugs.

More Office 2003 Flaws
Another Windows Metafile (WMF) flaw has been announced in Word and Windows Explorer in XP and Server 2003.An additional flaw in Excel 2003 was also announced.Both of these flaws can lead to the crash of the affected applications.Check CSOOnline for additional details.Microsoft has already released six security bulletins for Office 2003 in the first two months of this year.

Firefox Patch Released
Mozilla released a patch for Firefox to plug seven security holes.All Firefox users are strongly encouraged to update.This release was quickly followed by an announcement of new proof-of-concept code that takes advantage of an unpatched vulnerability that could allow a malicious website to crash the browser and take control of the attacked computer.Internet safety remains a major concern.

Another ActiveX Control Glitch
US CERT released a vulnerability note on the SupportSoft ActiveX control used by many third-party vendors in remote software support.The vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.The SupportSoft control is used by companies such as BellSouth, IBM, Lockheed Martin, Symantec and Verizon.

Worm Alert for Sun Solaris
US CERT has released an alert on a new worm traveling the Internet that exploits a flaw in the Sun Solaris telnet daemon.Sun has patched the flaw, but apparently many system administrators have not applied the patch and the worm has spread worldwide.

Jargon Watch: Anti-DNS Pinning
Anti-DNS Pinning is an attack vector which manipulates the method that a browser uses to work with the Internet's Domain Name System (DNS) - One of the backbone systems of the Internet that translates commonly known names like BOL's (www.bankersonline.com) into the Internet Protocol (IP) addresses (216.219.235.242) used by computers to access web sites.This attack vector is difficult to pull off and is not likely to be used by cyber criminals for some time, but should still be on the security professional's watch list.

Google Desktop Data Unprotected
CSOOnline reports that Google Desktop is vulnerable to an emerging attack vector known as anti-DNS pinning.This attack could give a cyber criminal access to any data indexed by Google Desktop on the affected computer.

Gap Gives Vista Users Free Rein
A flaw in Windows Vista that allows users to escalate their own privileges on a Vista computer has been reported by eEye Digital Security.The flaw allows standard user access to be escalated to System level access on the affected computer.CSOOnline has the full story.

Oracle Misspoke, Patches Needed
A security researcher has shown that Oracle users with minimal privileges can execute PL SQL injection attacks, despite Oracle's claim that users needed "create procedure" rights.This new attack method can be executed by anyone who can connect to the database.Oracle recommends that all patches be applied as soon as possible.Read the Oracle paper and decide how vulnerable your systems are.

US-CERT Vulnerability Summary Lists 94
The US-CERT Vulnerability Summary for the Week of February 19, 2007 lists fifty-three High severity vulnerabilities including Apple's OS-X, Cisco IP Phones, JBoss Application Server, Internet Explorer, Red Hat Linux, multiple Symantec products, Trend Micro ServerProtect, and VMWare Workstation.An additional twenty-four Medium and seventeen Low severity vulnerabilities were announced.These included vulnerabilities in Clam AV, Cisco Secure Services Client, Windows XP, Vista and Server 2003, Mozilla Firefox, Nortel's Net Direct client, Verisign's Managed PKI ActiveX control, SpamAssassin, IBM's DB2, and the Linux kernel.

Are Bacterial Backups in Your Future?
CDs, DVDs, backup tapes, optical disks, and microfilm.All of these media types have been used to store information for backup purposes.And they are generally considered good for up to 100 years.The next major breakthrough in backup storage technology may allow for data to be stored for several millennia.And it doesn't use lasers or magnetic heads to write the data.The next storage media may be common bacteria.Read ComputerWorld to learn how scientists have modified the DNA in bacteria to store text and image data and what it may mean for the future of information technology.

Will CRM Make a Comeback?
What are your top plans for technology spending for the next year?For most European banks, Customer Relationship Management (CRM) software is at the top of the list.With the market for customers becoming more competitive, banks are having to invest more in finding new and retaining existing customers.Silicon.com has more information.


Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist

Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.

First published on 03/01/2007

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives