Tech Alert Briefing for 1/4/2008
January 4, 2008
Update covering December 28, 2007 - January 3, 2008
Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about threatening sites, batteries in flight, and more.
You'll read about:
Get the details below.
Implementing the Red Flag Guidelines and Address Discrepancy Procedures
January 8, 2008
You'll want to attend this important webinar discussing the final Red Flag Guidelines. There is no reason not to get a "jump start" on having your bank's Identity Theft Prevention Program ready. Having it in place before the deadline simply makes good business sense.
Join BOL Gurus Mary Beth Guard and Jack Holzknecht as they discuss the step-by-step approach that will help you get your Program off the ground successfully.
More information. These Sites Can Byte
Two recent articles discuss how online crooks are taking advantage of high-traffic sites to grab more victims. The Washington Post's Security Fix blog warns of banner ads on MySpace and on Excite.com's search portal. InfoWorld has an article on a report from security gateway vendor Fortinet that an adware-distribution scheme has hit the popular Facebook networking site. Have you blocked these sites yet?
Security researcher Aviv Raff has posted a demonstration of how a weakness in Firefox's most recent version could be used to grab logon and password information from an unwitting user. A user could have a bank's online banking system in the browser, but malicious script could operate in the background to redirect logon data to an ID thief's server. Get the details in this Computerworld article.
RealPlayer: Real Problem
US-CERT issued a recent warning involving RealPlayer Version 11 when run on Windows XP SP2. A flaw known as a stack overflow bug was discovered by a Russian security company and a Flash demonstration has been posted on the Gleg Web site. Gleg sells penetration testing software. They have not released details of the flaw, which US-CERT and others are verifying. Read Computerworld for more.
Two Updates Set for Patch Tuesday
Microsoft has announced plans for two Windows updates to be released in its January "Patch Tuesday" event, next week. Computerworld speculates about which flaws the updates will address in its article.
Flying with Batteries: New Rules
If someone in your bank wants to fly and work on battery power, there are new restrictions on what they can carry.Spare lithium batteries may not be packed in checked baggage and there are new limits on how many spares may be in carry-ons. The new rules apply because fire suppression systems on aircraft are not equipped for fires caused by lithium batteries. You can read more on the restrictions and travel tips to cope with the new rules at safetravel.dot.gov and this CIO article.
Office SP3 May Refuse Old Files
In an effort to enhance security, Service Pack 3 for Microsoft Office 2003 can block access to old file formats. One user was told by Microsoft support that access to older Word files was possible, but it would cost him $250 to get the solution. He found another way. Separately, a registry hack was posted by Microsoft that allows access to the older files. You need to read Computerworld for these solutions.
TMI - Too Much Information
Since email costs basically nothing, just click Reply to All and Send, Right? What if the content is of no interest to "All"? This is one reason Basex Inc. decided information overload was THE problem of 2008. myway has the short story, but we hope it will cause many readers to pause and consider what you can do to reduce the choking glut of information.
Learning from the Past
If we don't learn from history, we're destined to repeat it. Last year ended less than a week ago, but what a year it was! There were record data breaches in 2007, and the fear of identity theft is still foremost in your customers' minds. Instead of being reactive, banks should be proactive.You should be asking what can be learned from those data breaches and how they can be prevented in the future. Start with these Associated Press and PCWorld articles. You can be sure that your customers are reading about this issue.
Public Documents Expose Personal Data
Certainly banks are not the primary cause of data breaches or the exposure of confidential, personal information. It is often important to point this out to customers and to ensure they are aware that other areas of exposure require their attention as well. This Washington Post article discusses the exposure of personal information, including ID data on Colin Powell, Troy Aikman and Maryland's Attorney General, in online records.
Nothing Beats Safe Computing
IT has been specific that all computers need antivirus software and that the software needs to be updated continually. But other than internet abstinence, nothing beats safe computing for protection. In this PCWorld article, it explains clearly how your antivirus software is reactive, and therefore lags behind the quickly evolving malware threats.
Privacy, IT is A-Changin'
IT's privacy concerns are changing, driven not only by regulatory requirements, but also by customer demand and growing corporate consciousness. CIO has eight areas that require your attention in the coming year. These include:
- Information Is Power: Keeping Data Classification up to Date
- Less Is More: Minimizing the Use of Personal Information
- Decode or Not Decode: The Evolving Use of Encryption
- The Three-Legged Stool: Strict Standards for Vendors and Business Partners
- On the Road Again: Personal Information and the Telecommuter's Way of Life
- In Case of Emergency: Having a Plan for the Worst-Case Scenario
- It's a Small World: Developing Privacy Procedures for Home and Abroad
- Building a Better Mousetrap: Keeping Pace with Privacy Management Technology
Firefox 3, Beta 1
If you are interested in reviewing the newest Firefox browser, Beta 1 of Firefox version 3 has been released and Computerworld has a review. Security is improved, as is the ability to manage bookmarked sites. A new download manager can assist when an entire file isn't captured the first time. There are known bugs you need to be aware of, so check out the article before taking the plunge. Update: As we "went to press," Mozilla had made Firefox 3, Beta 2, available.
IT Can Help Marketing
Here is an idea you can pass along to your Marketing department.High Definition Television will soon be the only choice for viewing. Beginning Febuary 17, 2009, analog channels will be gone and many customers' older television sets will require a digital-to-analog converter box. This may be a good time for a customer newsletter article about the government's offer of $40 coupons to defray the cost of those boxes. You can tell your customers how they can get a coupon, and consider offering a special HDTV loan product for those who want to upgrade to digital by buying that big new set now. Win - win. But the government coupon offer ends in March 2009 or when the coupons run out, so don't "sit" on this idea too long! CNet News.com has more on the coupon giveaway.
77 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of December 24, 2007, lists 39 High, 38 Medium and 0 Low severity weakness. High severity security faults were reported in IBM's Domino and Lotus Domino Web Access products, Opera and others.
Subscribe to Tech Talk and BOL Tech Advisories
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.
First published on 01/03/2008