Tech Alert Briefing for 8/10/2007

August 10, 2007
Update covering August 3 - August 9, 2007

Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Pattersonwarns us about easily hacked physical security systems.


Jeff Patterson,
BOL GURUYou'll also learn about:

• Russians who raided Turks' accounts with a U.S. computer
• the revival of Russian malware purveyors
• spam that uses PDF to fool filters
• security patches from Cisco
• Microsoft's August update plans
• US-CERT's latest list of security flaws

Get the details below.
Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.

Access Control Easily Hacked
A security researcher showed at DefCon how easy it was to hack standard proximity cards and access control devices that use the standard Wiegand Protocol.These security devices help to restrict access to certain areas.Security Fix has the details on how easy it is to trick the devices into replaying the code of the last person who entered and how they could easily be programmed to lock everyone out.

Does your bank require Internet banking customers to change their passwords frequently?

Does your competition, especially larger banks, require their customers to change their passwords frequently?

Would it be better to require complex passwords for Internet banking customers and "encourage" but not "require" password changes?

Is a long, strong password changed once a year better than a short, weak password changed every 30 days?

Join Jimmy Sawyers

Wednesday,
August 15, 2007
for a 2 hour webinar on
Insider Tips on Network & Internet Security


Did your bank change its password requirements once multi-factor authentication was implemented?

Get tips and suggestions in this candid and entertaining presentation of the Network and Internet Security trends impacting banks today.

Presented from a banking perspective by a former banker and now a leading consultant to the banking industry with over 22 years of experience in banking technology.

Two-Year Russian Scam Raided Turks
A pair of Russian hackers stole over $500,000 from Turkish bank accounts.Using a dedicated server connected to a US data center and a Remote Administration Trojan the pair compromised bank customers' computers and stole their login information.The Register has additional information.

BOL Scams Index
Have you cast your vote for the hottest scam for the BankersOnline Scams Index? Check back and vote again, because we're changing the "candidates" on the ballot to include mortgage and credit card fraud. The poll, located on the BOL home page, will update with each vote throughout the week. Thanks for participating!
Volga Malware Returns
Yahoo! News reports that Russian based servers are resurging as a purveyor of malware.According to the article, one Russian server was found hosting over 400 pieces of malware and a security vendor reports that the country is rapidly moving up to the top of the malware distributors list again.

PDF Docs Fool Spam Filters
PDF spammers are getting more creative, introducing randomly generated text and images into PDF documents in the latest attempt to thwart anti-spam engines.Read CSOOnline and find out how hard spammers are working to get their message into your inbox.

Cisco Updates Released
Cisco released ten security updates to address flaws in multiple products including Cisco CallManager and IOS.Three of the vulnerabilities could allow moderate damage to your systems.Find out more on CNet.

August Patch Tuesday Plans Announced
Microsoft will be releasing nine updates next week, six of which are rated as critical.Windows, Office, Internet Explorer and Virtual PC will all have updates available.

US-CERT Lists 89 Flaws
The US-CERT Vulnerability Summary for the Week of July 30, 2007 lists twenty-six High, sixty-one Medium and two Low-severity vulnerabilities. Weaknesses were listed in multiple Apple products; the Nessus vulnerability scanner; Samba; Sun Solaris; the popular TOR proxy software; and VMWare Workstation.

A Genuine iPhone Giveaway
Get details of BOL Learning Connect's iPhone Giveaway. If you have to worry about patches and hackers, you need to communicate with your team. Do it in >

P.S. from the BOL Team:Don't wait until that panicked moment that occurs when you learn your institution's name is being used as the hook in a phishing scam.Be prepared.Download the free financial institution phishing attack response kit from Harland Financial Solutions.See the link above.


Subscribe to Tech Talk and BOL Tech Advisories.
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.