Skip to content
Tips for Tech

Tech Alert Briefing for 4/27/2007

April 27, 2007
Update covering April 20 - April 26, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson writes about a class-action suit against TJX.


Jeff Patterson,
BOL GURUYou'll also learn about:

  • An end-run around multi-factor authentication;
  • Security gaps in Nortel's VPN routers;
  • A flaw in Adobe's Photoshop;
  • Low demand for mobile device banking services; and
  • US-CERT's latest list of security vulnerabilities.

Get the details below.

Free Webinar Series ? Best Practices
Join Harland Financial Solutions for a series of complimentary Webinars focusing on industry trends and best practices. Designed for financial institution executives, you can choose from topics such as Deposit Pricing, Event Detection and Delivery, the latest Deposit Benchmarking research findings, and much more. Click here to view the complete schedule or to register.

Gartner's "FFIEC Guidance Drives Online U.S. Banking Security Upgrades" report finds that "two-thirds of 50 U.S. banks surveyed met the year-end 2006 deadline."

The Gartner report, made available by SecureWorks, includes financial institution security spending, what solutions were implemented, status on implementations across the industry and numbers of breaches and disclosures. Click here to view the report.
Bankers Strike Back at TJX
The Massachusetts Bankers Association filed a class-action lawsuit against TJX Companies this month.They seek tens of millions of dollars in restitution to offset the costs of member banks forced to block and reissue thousands of debit and credit cards.Find out more in CSOOnline.

Multi-Factor Authentication No Panacea
Despite two-factor authentication, customers of ABN Amro have had money stolen from their accounts through online fraud.The technique involved downloading malware from a fraudulent email to customers. The malware allowed the cyber criminals to capture the time-sensitive key generated by a security token.With the key the criminals were able to access the customers' accounts and transfer funds. Read the full story on Silicon.com.

Nortel VPN Security Gaps
Nortel warned customers this week that several of its VPN routers have security flaws that could allow unauthorized remote access to their networks.One of the flaws involves embedded user accounts used for diagnostics that can easily be compromised, and another could allow the cracking of VPN user passwords.ComputerWorld has additional details.

Jargon Watch: Virtual Private Network
A virtual private network (VPN) is a private network established within a publicly accessible network (such as a carrier's network or the Internet). The private network takes advantage of the economies of scale of the larger network while maintaining firewalls and other security measures to protect proprietary information.

Photoshop Bitmap Gap Allows Over-Exposure
US-CERT is warning Adobe Photoshop users not to open unexpected bitmap files.A newly-discovered vulnerability in Photoshop could allow an attacker to execute arbitrary code and take control of an affected system through a maliciously crafted bitmap.

Rethinking Mobile Online Banking
New research indicates that only eight percent of consumers may be interested in mobile device banking services.The story on vnunet.com recommends that financial institutions try not to duplicate online banking services for mobile devices and instead find services that play to the strengths of mobile technology.

Latest Vulnerability Summary Lists 147 Gaps
The US-CERT Vulnerability Summary for the Week of April 16, 2007 lists seventy-five High, forty-one Medium and thirty-one Low severity vulnerabilities, including gaps in multiple Cisco and Oracle products, Adobe Flash Player, Apache's HTTP Server, ClamAV, McAfee VirusScan Enterprise, Microsoft Windows 2000 and 2003, and Sun Solaris.


Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Video Training
Video Training:
Safeguarding Customer Information

Policy:
Information Systems Security

Job Description:
Chief Technology Information Officer
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.

First published on 04/26/2007

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Search Briefings

Briefing Archives