Skip to content
Tips for Tech

Tech Alert Briefing for 11/16/2007

November 16, 2007
Update covering November 9 - November 15, 2007

Welcome to Tech Talk! In this week's edition, BOL Gurus John Burnett and Andy Zavoina write about the latest patches, valuable laptops, infected new hard drives, and more.



You'll read about:

  • New hard drives with malware pre-installed
  • Top 10 security threats for 2008
  • A $525,000 laptop
  • A Revolution from Steve Case
  • Mobile banking's arrival
  • Two Patch Tuesday
  • Apple's big patch release
  • A malicious security consultant
  • The end of an Active X alert
  • Increases in web access controls
  • Storm's calling card
  • Fake emails from Microsoft
  • Firewalls in need of ignition
  • US-CERT's latest vulnerabilities list

Get the details below.

Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.

Internet Gambling:
The Proposed Regulations

December 6, 2007
You'll want to attend this special one-hour webinar discussing the proposed regs for the Prohibition on Funding of Unlawful Internet Gambling if your bank --

  • receives ACH credits
  • originates ACH debits
  • sends or receives wire transfers
  • issues credit or debit cards
  • acquires card transactions from merchant customers
  • deals in cross-border transactions
  • has customers that offer internet gambling

    Join BOL Guru John Burnett to get a "heads up" on what Treasury and the Fed have proposed to implement this controversial 2006 law.
    More information. As Clean as a New Drive Can Be?
    Seagate confirmed that some of their hard drives were infected with password-stealing Trojans, new out of the box. It is suspected that Chinese authorities were responsible for having the malware installed during assembly. The suspected units are Maxtor Basics 3200, 500GB models. Read more at ComputerWorld.

    McAfee Predicts 2008 Security Threats
    McAfee has made their predictions as to the top 10 security threats for 2008. Included are online gaming, botnets and Web 2.0. But there is also some good news in the report. eChannelLine has the rest of the story.

    How Much is Your Laptop Worth, With Data?
    CIO reports on the value of a laptop. This is not the hardware or software valuation, but what the sensitive data contained on it is worth. $525,000. Read CIO's article to learn more about the value of personal data, information on the number of owners who've had virus problems and potentially unsecured wi-fi connections. Is it time to educate laptop users on the real value of that old laptop they take their eyes off of in the airport, or leave in the cab?

    You Say You Want a Revolution
    Steve Case, founder of AOL, has teamed up with Ted Leonsis, also of AOL, to compete with banks and their financial services. The RevolutionCard is a debit/credit card with no fees. They also offer Revolution MoneyExchange to compete with PayPal, offering free money transfers. They are seeking the social networking market. TechNewsWorld has more on this revolutionary concept.

    Cell Phone Banking Available Now
    AT&T has made banking by cell phone a reality. Wachovia and SunTrust Banks are two new entrants to mobile banking with AT&T, which is allowing software based on technology from Firethorn Holdings on their handsets to be used for banking. Customers can check their balances, view activity on their accounts, transfer funds and pay bills. The software is available to more than 30 million AT&T handsets. PCWorld has more on this story.

    Two Patch Tuesday
    Microsoft had two patches scheduled for Tuesday. One was for a Critical flaw. A remote code execution vulnerability exists in the way that the Windows shell handles specifically crafted URIs (Uniform Resource Identifiers) that are passed to it. The second was deemed Important, and addresses a spoofing vulnerability in Windows DNS Servers. Microsoft has the patches and the details.

    Apple Releases Big Security Update
    This week, Apple released updates patching 41 security flaws in Mac OS X and 10 problems with the Windows version of its Safari web browser, along with updates to several other applications. Computerworld has the details.

    Hiring the BotNet Meister
    John Shiefer is a computer security consultant. Perhaps "in-security" consultant would be a better description. Instead of repairing computers and making them safe, he was installing botnets on them. He may have compromised as many as 250,000 machines. He installed programs that allowed him to steal passwords and user names which he then used to purchase items from eBay and PayPal, and then passed the login information on to others. He also maliciously installed advertising programs on more than 150,000 machines, collecting more than $19,000 in commissions. The LA Times has more on this story.

    Seen our Scams Index Lately?
    Watch our BOL Scams Index this week. We update the list each week with new choices. Vote on the BOL home page to help us compile a list of the scams our readers see. Thanks for participating!
    Active X, Click to Activate - No More
    The strip appearing in Internet Explorer asking if you're certain you want to give approval for the use of Active X controls will soon come to an end. Microsoft announced that an update next month will do away with the warning. This is a result of a $521 million settlement with Eilas Technologies, Inc. More good news: website developers won't have to make any changes for this.PCWorld has the story.

    MySpace, Your Time
    A survey of 228 IT security personnel shows that more than half restrict where on the web employees can browse, and use automated filters to enforce their access rules. The number is expected to increase by 12 percent next year. Two key reasons are security protection and lost productivity. Lost bandwidth was also a concern.MySpace is a target of some filtering programs due to a loss of productivity. PCWorld Business Center has this story.

    Pop-Up Ad Triggered on Infected Machines
    Did anyone in your organization report this week that they saw a pop-up ad appear pushing a "penny stock" called Hemisphere Gold, Inc.? According to an article in SC Magazine, that ad is a little piece of self-sent spam left as a sort of "calling card" proving that the machine has been infected by the infamous Storm Trojan. It is a sure sign that the machine has been recruited into the Storm botnet. Infected machines should be scanned and the malware removed. The article also suggests that infected machines will get hit with another spam attack coinciding with Thanksgiving.

    Phony Microsoft Update eMails
    US-CERT announced Thursday that it had learned of false Microsoft emails in circulation. The messages include links that can direct the user to malicious web sites. There are published guidelines for recognizing scam email messages purporting to come from Microsoft.

    Hot Firewall Issues
    Security researcher David Litchfield reviewed more than one million IP addresses and tested them. His findings are frightening as Litchfield estimates that almost a half-million database servers lack firewall protection. Many of these are not up to date on patches either. CIO has more on this story.

    90 Make Latest US-CERT List
    The US-CERT Vulnerability Summary for the Week of November 5, 2007, lists 49 High, 36 Medium and 5 Low severity vulnerabilities. High severity weaknesses were reportedin Apple Quicktime (7 occurrences), IBM - AIX (5 occurrences), Firefox and Oracle (6 products) and more.

    We wish you a happy Thanksgiving holiday.We'll be back with the next edition of Tech Talk in two weeks.--Andy and John

    P.S. from the BOL Team:Don't wait until that panicked moment that occurs when you learn your institution's name is being used as the hook in a phishing scam.Be prepared.Download the free financial institution phishing attack response kit from Harland Financial Solutions.

    Subscribe to Tech Talk and BOL Tech Advisories
    Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.
  • First published on 11/15/2007

    Briefing type: 

    Banker Tools View All

    A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

    Banker Tools

    Penalties View All

    Banker Store View All

    From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

    Banker Store

    hot right now

    image description

    Looking for effective, convenient training on a particular subject?

    BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

    Search Briefings

    Briefing Archives