Skip to content
Tips for Tech

Tech Alert Briefing for 12/28/2007

December 28, 2007
Update covering December 21 - December 27, 2007

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about dangerous emails, and look back on 2007 and ahead to 2008.


Andy


John


You'll read about:

  • the latest Storm attacks
  • an update from Adobe
  • 2007's biggest tech stories
  • the evolution of cybercrime
  • TJX's year-end settlement
  • a warning from Microsoft
  • a digital vigilante
  • in-flight web surfing
  • compliance and data security
  • eight "hot" technologies for 2008
  • building skills for success
  • US-CERT's latest vulnerabilities list

Get the details below.

Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.


Training on CD-ROM
Protecting Against &
Responding to
Customer Information Breaches



Insider Tips:
Network & Internet Security

Order Now


Patch & Vulnerability
Management

Order Now
The Storm Is Still Blowing
The Storm Trojan was in the news a lot in 2007, and it will be in tech security headlines well into 2008. Last week there was spam featuring Christmas strippers, quickly followed by a switchto a new spam campaign with email subjects of "Happy 2008!" and "Happy New Year!" on Christmas day. The message invites the reader to the Uhavepostcard.com website (and others), which can install "happy2008.exe" or another infected file on the user's system. The downloaded files are actually new variants of the Storm Trojan. If one of your machines gets infected by the Storm Trojan, it becomes a silent "robot" member of Storm's gigantic computer-slave army, and can be remotely directed to further spread Storm's malicious code.The PCWBusinessCenter has the story. US-CERT has a list of several of the "greetings" used in the malicious emails, along with variations on the downloaded file name and other websites being used by the Storm botnet herders. And according to an SC Magazine article, Cisco is suggesting that 2008 could see bigger attacks from the Storm botnet, as the handlers of the rogue network begin to lease out its vast power to criminals for more spam and denial of service attacks.

Adobe Updates for Security
The United States Computer Emergency Readiness Team (US-CERT) provided an announcement recapping Adobe's December 21, 2007, update for multiple vulnerabilities. Adobe's Flash Player had several issues that could allow a hacker to execute arbitrary code, perform DNS rebinding and cross-site scripting attacks and more. US-CERT's Alert TA07-355A has the details.

Jargon Watch: DNS Rebinding
DNS rebinding is a DNS-based attack on code that's embedded in legitimate web pages. It can allow JavaScript malware to access private networks.
The Tech Year That Was
You can't have a year-end edition of Tech Talk and not look back at what we've all come through. PCWorld has a recap of 2007, looking at the big stories -- Apple's iPhone, Vista's ebbs and flows, product news, Google, hackers and a brief look forward to 2008.

In 2007, Cybercrime Evolved
In his look back at 2007, Washington Post's "Security Fix" columnist Brian Krebssays that organized crime shifted into hi-tech gear in 2007 and took cybercrime to a new level. It's big, big business and the money backing the hacking paid for new schemes that likely showed profitable results -- for the cybercriminal. In his "Cyber Crime 2.0" article, Krebs discusses spam, spear phishing, Mac attacks and more.

TJX Settles with 6 of 7
TJX has settled with six of seven plaintiffs in the suit resulting from the huge TJX data breach, according to Digital Transactions. The terms of the settlement were not released. Only Amerifirst Bank, based in Union Springs, Alabama, remains. CUNA NewsNow reports the settlement should represent 95 percent of the Visa accounts affected in the TJX data breach. Alternative recovery payments were to be received by the settling institutions by December 27.

Windows Home Server Woes
Users of Windows Home Server were warned by Microsoft not to edit files stored on the backup system. Certain programs should not be used to edit files or the files could be corrupted when they are put back on the server.This Computerworld article lists many of the problem programs and provides a link to the Microsoft information document with more information.

Hot in 2008?
Computerworld forecasts that these eight technologies will be "hot" next year:

  • Virtualization
  • Automation
  • Integration
  • Real-time collaboration
  • Web 2.0
  • Ideation
  • Consumer-oriented devices
  • Unified communications Stubborn Fraud Victim Strikes Back
    The internet giveth, and the internet taketh away. PCWorld has a three-part story about digital vigilantes. In part two, Ben Adams tells how he was given a $9,600 cashier's check for his 1949 Chevy pickup truck. The check was bad, and Adams used the internet and eBay to track his truck down. Law enforcemment was initially less than helpful, but Adams' persistence paid off.

    Fly the Internet-Friendly Skies
    Some airlines are promising internet connectivity in-flight. That could allow business travelers to use what has been downtime for more productive purposes. Right? An Associated Press article expresses reservations. What happens when your seat neighbor is using the internet for a phone connection, or watching porn? Some airlines may filter the content available and others may not. Will it be a safe enough connection on which to transmit your corporate secrets, or to do light work? Is in-flight web access a good thing at all? Read the article and decide for yourself.

    Proactivity Preferred
    The IT Policy Compliance Group announced the results of a security study. They say that companies meeting the requirements of IT audits, such as those under Sarbanes-Oxley, keep their data secure.Of 454 companies studied, however, only 13 percent were in this category with three or fewer incidents of data theft in a year. And on the other end of the spectrum, 64 percent of the companies with more than 12 data thefts in a year had more than 16 deficiencies. CIO has more on the survey.

    Tweaking Your Tech Skills
    Improving your technical skillset can make you a more valuable IT professional in 2008.Computerworld lists eight ways to boost your IT approval rating:
    1. Incorporate security into your responsibilities
    2. Re-engineer processes
    3. Use analytics to guide business decisions
    4. Be more versatile
    5. Work on multifunctional programs and multidisciplinary teams
    6. Beef up your business skills
    7. Be more accountable
    8. Manage your own career

    132 Make Latest US-CERT List
    The US-CERT Vulnerability Summary for the Week of December 17, 2007, lists 64 High, 63 Mediumand 5 Low severity weakness. High severity security faults were reported in Adobe Flash Player, Apple Mac OS X and Safari, Wireshark, and others.



    We wish you a Healthy, Safe and Secure 2008!
    Subscribe to Tech Talk and BOL Tech Advisories
    Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.

  • First published on 12/27/2007

    Briefing type: 

    Banker Tools View All

    A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

    Banker Tools

    Penalties View All

    Banker Store View All

    From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

    Banker Store

    hot right now

    image description

    Looking for effective, convenient training on a particular subject?

    BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

    Search Briefings

    Briefing Archives