Skip to content
Tips for Tech

Tech Alert Briefing for 3/30/2007

March 30, 2007
Update covering March 23 - March 29, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson warns that TJX's data breach was the largest ever.


Jeff Patterson,
BOL GURUYou'll also read about:

  • Microsoft's animated cursor flaw
  • A Windows proxy server protocol problem
  • Big increases in ID theft
  • Surprising sources for phishing emails, and
  • The latest US-CERT Vulnerability Summary

Get the details below.
Free Secure Instant Messaging White Paper

Introducing
WebEx AIM Pro Business Edition


Osterman Research?s semi-annual tracking survey reveals that IM is found in over 93% of businesses.However, IT departments have a difficult time halting the proliferation of unsecured and unmanaged IM in their organization.

Learn more about securing IM

FREE Webcast: Trends in Commercial Credit Risk Management
Join Harland Financial Solutions for a free Webcast on Trends in Commercial Credit Risk Management. Learn about the relationship between risk and profitability, and how the proposed Basel risk-based capital rules will affect institutions of all sizes. Click here to register! Call 800-815-5592 or email moreinfo@harlandfs.com for details.


TJX Breach Largest Ever
InformationWeekreports that the TJX Companies data breach was the largest ever.More than 45 million credit and debit card numbers were stolen, according to a recent report filed with the Securities and Exchange Commission.However, due to the lack of controls, the full extent of the damage may never be discovered.

Cursed Cursors?
Microsoft has announced a flaw in the way Windows handles animated cursor files.Simply visiting a malicious web site or opening an infected email could result in a victim's computer being compromised.Read the Microsoft Security Advisoryfor more info.SecurityFixreports that active exploits already exist for this flaw.

Attacks by Proxy?
US-CERTwarns Windows users that a flaw in the Web Proxy Automatic Discovery protocol could allow an attacker to redirect traffic through a malicious proxy server and intercept web and email traffic.A second warningadvises Windows users that exploit code is available for the ADODB.Connection ActiveX control flaw.

A Million Stolen SSNs on Web
Explosive growth in phishing and malware attacks have lead to a dramatic increase in identity theft incidents.One study found over a million suspected stolen Social Security Numbers on the web.Read the full story in InformationWeek.

Big Phish from Big Companies
A large amount of the phishing emails and other spam is coming from compromised computers at some of the world's largest companies.Oracle, HP, ExxonMobil, Home Depot and Best Buy are just a few of the companies discovered by an audit of trapped spam emails.Read the full story in SecurityFixand make sure you don't have any computers spewing spam.

US-CERT Lists 162
The US-CERT Vulnerability Summary for the Week of March 19, 2007, lists sixty-four High, thirty-one Medium and sixty-seven Low severity vulnerabilities.Vulnerabilities were announced in Apache's HTTP Server and Tomcat, multiple Cisco products, F-Secure Anti-Virus, IBM's Websphere Application Server, the Linksys WAG200G, McAfee VirusScan Enterprise, Microsoft's Windows XP and Vista, Windows Server 2003, Internet Explorer, Visual Studio .NET, Mozilla's Firefox, OpenOffice, Opera, Oracle's Application Server, Symantec Personal Firewall, Trend Micro Anti-Virus, and the Linux kernel.


Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist

Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.

First published on 03/29/2007

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Search Briefings

Briefing Archives