Tech Alert Briefing for 3/16/2007
March 16, 2007
Update covering March 9 - March 15, 2007
Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson writes about an Al-Qaeda plot against the Internet.
BOL GURUYou'll also learn about:
Get the details below.
Free Secure Instant Messaging White Paper
WebEx AIM Pro Business Edition
Osterman Research?s semi-annual tracking survey reveals that IM is found in over 93% of businesses.However, IT departments have a difficult time halting the proliferation of unsecured and unmanaged IM in their organization.
Learn more about securing IM
FREE Webcast: Trends in Commercial Credit Risk Management
Join Harland Financial Solutions for a free Webcast on Trends in Commercial Credit Risk Management. Learn about the relationship between risk and profitability, and how the proposed Basel risk-based capital rules will affect institutions of all sizes. Click here to register! Call 800-815-5592 or email firstname.lastname@example.org for details.
Webcast: SecureWorks talks about Managing Network Security Logs
Log files are a treasure trove of security data. Collecting, understanding and acting on this data is very difficult and time consuming. In this free Webcast look at log aggregation and monitoring, discuss what technology and resources are required and examine best practices.
Register today or formore info email@example.com
Terrorist Plot Against Internet Uncovered
Are terrorists targeting the infrastructure that keeps the Internet going?Scotland Yard believes so. They have uncovered evidence of an Al-Qaeda plot to take out one of the central hubs through which almost all Internet traffic flows in and out of the United Kingdom.The full story is available in the Sunday Times.
Fed Agencies Ban Vista
What do the National Institute of Standards and Technology (NIST), the Department of Transportation (DOT) and the Federal Aviation Administration (FAA) all have in common?They have all banned Microsoft's latest version of Windows - Vista - from being installed.All three departments are concerned that Vista may be incompatible with many of their existing applications.Read the full story in InformationWeek.
Sticky Vista Problem
McAfee is reporting that Microsoft Windows Vista is vulnerable to an attack using the StickyKeys accessibility feature.Windows does not validate that the correct executable is being loaded when a modifier key, such as the Shift key, is pressed five times in succession.A virus or Trojan can modify the StickyKeys program and replace it with any code it wants to run when StickyKeys is launched.
Jargon Watch: StickyKeysAn accessibility feature in computer operating systems that allows users to make one-handed (or one-finger) key combination entries. When the feature is activated, and the user presses and releases the Ctrl, Alt or Shift key, the computer treats the key as if it were still depressed. That makes entering a combination like Ctrl-O or Alt-E possible for more users.
Windows Server 2003 SP2 Released
Microsoft released only two high-priority non-security updates this month despite having nine known outstanding security vulnerabilities.Although giving IT professionals a break from the monthly patch cycle, Microsoft quietly released Service Pack 2for Windows Server 2003.Instead of applying Microsoft patches this month, you will need to start testing this service pack and planning for deployment.
Apple Patches, Too
Apple administrators have a busy month of patching ahead of them as well.Apple released its seventh security update in the last three months and this one is a megapatch, fixing over forty-five security holes.Check CNetfor a sample of many of the patched flaws.
GoDaddy DDoS Attack
CSOOnlinereports that domain registrar and hosting company GoDaddy was attacked with a distributed denial of service attack on Sunday.Although many users believed GoDaddy was suffering from the daylight saving time adjustment, it was the DDoS attack that left many users unable to access email and their websites.
Jargon Watch: Denial of Service AttackAn attack on a computer or internet network that floods it with so many messages that normal traffic is impeded. A denial of service attack interrupts network service for some time, but usually causes no irreparable harm to files. A distributed denial of service (DDoS) attack uses multiple computers throughout a network that it has previously infected. The computers act as "zombies" to send out bogus messages in concert, thereby increasing the messaging "traffic jam."
Are Copiers a Gap in Your Defenses?
Does your information security policy extend to your copier?If not, it probably should be updated.With most new copy machines using hard drives and storing the imagesuntil the drive is full and starts overwriting old data, copied pages containing confidential information could be accessible to anyone with physical or network access to the copier or the hard drive.Read CSOOnlineand start making plans to protect the information stored on your copier.
Any Openings for a Hacker?
In the latest wave of targeted phishing attacks, businesses are being sent emails claiming to be from CareerBuilder.com that contain a link to an online resume.The link actually tries to install a backdoor Trojan to take over the computer.Get all of the details in CSOOnline.
IE7 Phishing Hole
Helping the phishers along, another flaw was discovered in Internet Explorer 7that could allow a fraudulent site to trick the user into loading a malicious web page.Merely clicking the refresh button while on the page can load and execute a fraudulent page while leadingusers to believe they are on the correct site.
For Your Reading List
The Washington Posthas a great article on how cybercriminals and their tools are getting bolder and harder to detect and catch.Every security professional should read this article.
Surfers, Fasten Your Seatbelts?
It took laws and regulations to require seatbelts and airbags in cars.Read Peter Cochrane's blogand see why he believes it will take the same type of government mandates to make computers and the Internet safer.
Fed ID Theft Panel Recommendations
A task force put together by President Bush last year is readying a final set of recommendations on combating identity theft.Included in the recommendations:Make it easier for identity theft victims to allow financial institutions to disclose information about the fraud to law enforcement, eliminate the monetary thresholds in place that trigger when an investigation can start, and create a National Identity Theft Law Enforcement Center.Read about more recommendations in SecurityFix.
Weekly Summary Lists 222 Weak Spots
The US-CERT Vulnerability Summary for the Week of March 5, 2007,lists ninety-nine High severity vulnerabilities including several in Apple software patched last week, Cisco's IOS and Network Analysis Module, Citrix Presentation Server Client, JBOSS, the Linux kernel, Microsoft's Xbox 360 kernel, Mozilla's Sea Monkey and Thunderbird, Novell's BorderManager, Oracle Application Express, TKS Banking Solutions ePortfolio, Trend Micro ServerProtect, and WordPress.An additional forty-two Medium and eighty-one Low severity vulnerabilities were announced.Check this list of vulnerabilities and start planning on how all of these systems will be patched.Just because there were no Microsoft security updates this month doesn't mean it won't be a busy patch month for many.
Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist
Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.
First published on 03/15/2007