Tech Alert Briefing for 1/25/2008
January 25, 2008
Update covering January 18 - 24, 2008
Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about hacker power plays, vishing, infected cell phones and more.
Andy
John
You'll read about:
Get the details below.
Lights Out: What the Hack?
Hackers turned off the lights. It wasn't here, at home, but that doesn't mean we are not vulnerable to hack attacks disrupting our electricity or water supplies. In a brief release of information, the CIA said that hackers demanded extortion payments in several regions outside the U.S., and proceeded to turn off the power, as a demonstration of their power. This Associated Press story is on FindLaw.
Mass Attack on Apache Servers
Original estimates of hundreds grew to 10,000 as the number of attacked Apache web servers running open-source Linux grew.SecureWorks believes they know how to defend servers against the attacks. SCMagazine has the story.
Not on Your Vish List
The FBI warns that "vishing" attacks are on the rise. Intypical attacks, consumers get a text message or email that there is a problem with a bank account, and they need to call immediately to reactivate it. The number they call is bogus, but the scripted exchange sounds genuine. VoIP has made these attacks easier to mount, and incidents and losses are on the rise. Read the whole story on PCWorld, and figure out how to warn your customers and protect your bank.
A Bad Start for 2008
The New Year is starting off with a large data breach as GE Money reports losing a backup tape containing 650,000 records of 230 retailers. The tape also carried 150,000 Social Security numbers. It took two months to reconstruct the lost data. Customer notifications should be mailed this week. InfoWorld has more on the story.
Cell Phones with Worms
No longer a proof of concept, there is a worm infecting certain Nokia mobile phones in the real world. This MMS worm comes disguised asBeauty.jpg, Sex.mp3 or Love.rm, said security vendor Fortinet. This worm can harvest the contact telephone numbers stored on the phone andsend those numbers an infected file. For a list of the mobile phones affected and details on the story, go to Computerworld.
Jargon Watch: MMS WormMalware disguised as a multimedia (MMS) message (usually a text message with photos or video files attached) sent to a cell phone. Recipients are tricked into installing the infected file, which then uses the cell phone's contacts directory to send infected MMS messages to other phones.
Sun Releases Big Java Update
A number of security updates are included in the 370 bug fixes that are reportedly included in the latest Java update. Security Fix suggests that these updates be applied as soon as possible.
Home Routers Vulnerable
Zulfikar Ramzan, a security researcher at Symantec, says criminals are attacking home routers and making changes that allow DNS spoofing. This redirects victims to spoofed banking sites where confidential logon data is captured. As you remind your customers about internet security, do you remind them to change the default password on a home router and to keep it updated with security releases? The Register has the story.
Prevent and Prepare for Tech Loss
The Lost and Found service at La Guardia Airport has accumulated 70,000 laptops and PDAs. In fact, 10 to 15 percent of all hand-held computers, PDAs, mobile phones, and pagers are expected to be lost. The time to prevent the loss of your bank's hardware and confidential data is now. "How to Stop Laptop Theft" is a four-page paper on theft prevention. It addresses not only laptops, but PDAs, cell phones, digital cameras, thumb drives and more. You'll find statistics and suggestions on tracking your equipment, recovery software, data backup and encryption, and employee training. PCWBusiness Center has the paper.
Firefox Leak Confirmed
Mozilla has confirmed a weakness in its popular Firefox web browser, according to a story in Computerworld. Firefox users who have installed certain popular extensions are at risk. So far, researchers are calling the weakness "low risk," but it could develop into something more specific. Mozilla is working on a fix, and at least one of the extensions involved has been rewritten to prevent attacks.
Vista SP1 Due Sooner than Expected
Microsoft Windows Vista Service Pack 1 was expected to be released near the end of this first quarter 2008. Indications now are that it may arrive sooner. It is believed that SP1 will make Vista more attractive to the business community. When is SP1 due? read the Computerworld article. For more details on the Beta release of Vista SP1, check out Networkworld.
Flight Time, Work Time
Both American Airlines and Southwest Airlines have announced plans to add high speed Wi-Fi internet access to flights, in a test of the service. Neither airline plans to implement cell or VoIP telephone access, and American's test will be conducted primarily on transcontinental flights. Want more? Check out the details at PCWorld.
Need More Secure E-commerce Connections?
Panda Software has an inexpensive service that will allow banks and online merchants to scan a customer's computer for malware.Read more on this story in Networkworld.
The Changing Role of the CIO
The Chief Information Officer is less and lesslimited to managingIT as they learn more about the business and industry of their companies.Gartner Executive Programs surveyed more than 1,500 CIOs. Read ConnectIT for more on the changing role of IT in business organizations.
112 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of January 14, 2008, lists 59 High, 49 Medium and 4 Low severity weaknesses. High severity security faults were reported 11 times on Oracle software, and also on Tibco, Photopost and Microsoft Excel and Visual InterDev, among others.
Subscribe to Tech Talk and BOL Tech Advisories
In the Banker Store
CD ROM Training
Implementing the Red Flag Guidelines
Video Training
FACTA: Responding to Identity Theft
CD ROM Training
Patch & Vulnerability ManagementArchived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.
print
share