Tech Alert Briefing for 10/19/2007
October 19, 2007
Update covering October 12 - October 18, 2007
Welcome to Tech Talk! In this week's edition, BOL Gurus John Burnett and Andy Zavoina write about Oracle patches, media file woes, "phissing," nasty websites and more.
Andy
John
You'll read about:
Get the details below.
Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.
Information Security Is Increasingly Complex
Hackers Are Increasingly Sophisticated
Is your organization prepared for the current risks? Your customer contact center handles large volumes of sensitive customer information every day. Download a free paper and learn how to ensure you're protected against every kind of breach.
Convergys - Outthinking. Outdoing.
Training on CD-ROM
Remote Deposit Capture:
Images or ACH?
Shipping mid-October
Insider Tips:
Network & Internet Security
Order Now
Patch & Vulnerability
Management
Order Now
Oracle Release Patches 51 Flaws
Oracle released its quarterly patch update on Wednesday, October 17, addressing 51 security vulnerabilities in its Database Server, Application Server, Enterprise Manager, E-Business Suite, and PeopleSoft Enterprise products. One of the security gaps patched in the Database Server application carries the highest risk rating (6.5) assigned by the Common Vulnerability Scoring System. Read more about these critical updates in Computerworld.
RealPlayer Flaw Exploits Underway
Symantec is warning its clients about current attacks on a RealPlayer Active X control weakness on machines with both RealPlayer and Microsoft's Internet Explorer installed. According to Symantec, the exploit code could be embedded in the HTML in advertisements on otherwise trustworthy sites. For more information, read Computerworld's article.
Music to "Pump and Dump" By?
One of the latest attempts to flood email boxes with bogus pump and dump promotions uses MP3 files in another attempt to get around firewalls and filters. Emails arrive with names of real recording artists in their subject lines, but the MP3 files at the other end of links in the messages are short messages pushing shares of a penny stock. Security Fix's article explains why these files may be very hard to keep out of your inbox.
Upgrade's "AIM" Misses Target
AOL's recent upgrade of its widely-used AOL Instant Messenger (AIM) was supposed to cure a security flaw. According to at least one security expert, the security gap is still open, and an attacker could exploit it to run malware on a compromised machine. Read Computerworld's article for more information.
Is Windows Update Ignoring Controls?
Last month, Microsoft had to deflect criticism when it apparently sent a "stealth update" that affected even machines with the Auto Update service shut off. This week, some Microsoft Vista users are complaining their machines were reset to turn Auto Update on, and systems had rebooted, causing the loss of some data. The claims began shortly after last week's Patch Tuesday updates were released. Computerworld has details.
Storm Botnet Could Be Sold -- In Pieces
The addition of encryption to the peer-to-peer communications between nodes of the Storm Virus botnet may signal plans to sell or lease parts of the spamming network to other spam pranksters and fraudsters, according to a SecureWorks blog. One security expert describes the Storm network as extremely organized, with separation of duties, to make it harder to attack and destroy. CNET News.com has the story.
Red Flag Alert!
The long-awaited Red Flag and Address Discrepancy regulations are in the final approval stages, and will be published very soon. Read BOL's Special Briefing summarizing the new regulations. "Phissing" and Other eMail Scams
Do you know how to recognize a phissing spoof? That's right, phissing. If you've received an email announcing that some unnamed family member, friend or colleague has sent you an e-postcard, you've seen a phissing attempt up close. You'll see how to recognize phissing and other types of email spoofs and how to deal with them in an easily-read article at Webby.com.
IT Managers Worry About Corporate Image
Among the things that IT managers worry about -- a list that includes the expected concerns about natural disasters, virus attacks, and terrorism -- a Symantec survey found an increasing concern for brand image. Symantec's Guy Bunker suggests that TJX Companies' experience may have made IT managers more aware of the potential for damage to a company's image. Read more at Silicon.com.
Prurient Interests Also Cause Concern
Easier worksite access to salacious material on the web is another worry for IT managers and other senior executives. Among other woes, the potential for employee lawsuits looms large. Get the details in this USA Today article.
Multitask or Multi-drag?
A survey of 524 information technology managers and end users revealed that email and telephone calls were a boost to productivity. But they also felt instant messaging, blogs and softphones were a drag to productivity. Some of the negative responses in the poll also demonstrate fear that IM, PDAs and mobile phones involve the likeliest potential for a data breach as well. Read more in Networkworld.
Microsoft Explains URI Stance
Microsoft explained its position on a vulnerability that exists in Windows XP and Windows Server 2003 environments running IE 7. They say that the Universal Resource Identifiers (URI) -- such as "mailto" which opens a user's email program and prefills the "To:" field -- are their responsibility when both are Microsoft programs. Fixing problems from third party developers is not their job. And Microsoft doesn't plan to change how Windows processes third party protocol requests. Computerworld has the story.
PCWorld reports an unofficial patch was subsequently posted by a researcher. Obviously use of this unsanctioned patch would be done at the user's risk.
Bogus Complaints from the Better Business Bureau!
Have phony emails about Better Business Bureau complaints hit executives in your area? We're including them in our BOL Scams Index survey this week. Vote on the BOL home page, to help us compile a list of the scams our readers see. Thanks for participating!
Top 10 Tech Strategies
PCW Business Center reports on a Gartner Inc. list of the top ten IT strategies for 2008. Leading the list is a prompt to go green -- before government regulations require it. Number 2 is unified communications as media transforms from analog to digital. See how your strategic goals compare to the remaining eight.
You Can Tweak Your Energy Costs
PCWorld has an article on reducing your energy bill by tweaking the BIOS and Windows settings on your computers. Every bank is looking to control costs. In some cases you could save $100 per year, per computer. That is $10,000 if you have 100 computers. This is a win-win.
Microsoft Shipping Updated Backup Software
Microsoft has announced that it has started shipping its System Center Data Protection Manager 2007 software, a component of Microsoft's System Center family of management products, providing recovery from disk and archive to tape in Microsoft environments. For more information, see the Computerworld article.
100 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of October 8, 2007, lists 37 High, 60 Medium and 3 Low severity vulnerabilities. High severity weaknesses were reportedin Adobe Pagemaker, Alcatel routers, Cisco IOS and Wireless LAN products, and multiple Microsoft offerings, among others. Several of the Microsoft vulnerabilities were reportedly addressed in this month's Patch Tuesday updates from Microsoft.
P.S. from the BOL Team:Don't wait until that panicked moment that occurs when you learn your institution's name is being used as the hook in a phishing scam.Be prepared.Download the free financial institution phishing attack response kit from Harland Financial Solutions.
Subscribe to Tech Talk and BOL Tech Advisories
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.
print
share