We all know the threats posed by spyware to enterprise networks: user ID and password theft, financial loss, productivity drain, intellectual property theft. Security practitioners have two defenses at their disposal: the human and the technical. While the technology for combating spyware is improving, antivirus...
To help verify a user's identity in the case of a lost password, many Web applications use secret questions. By answering a pre-selected question, a user can demonstrate some personal knowledge of the account owner. A classic example is asking to provide a mother's maiden name.
Answering secret questions requires...
Omar A. Herrera Reyna – CISA, CISSP(omar.herrera@oissg.org)November 2005 IntroductionWith all sort of attacks against e-banking and e-commerce systems targeting primarily customers, securing transactions has become increasingly difficult for banks and online stores.There is a widespread use of credit and...
A. RISK DISCUSSIONIntroductionA significant number of financial institutions1 regulated by the financial institution regulatory agencies (Agencies)2 maintain sites on the World Wide Web. Many of these websites contain weblinks to other sites not under direct control of the financial institution. The use of weblinks...
National Security InstitutePopular E-Greeting Card Carries TrojanAn e-mail message that claims to hold a link to a greeting card is responsible for a recent series of “Trojan horse†cyber-attacks. The e-mail directs recipients to click on a link in order to pick up an e-card from a “secret...
The four federal banking agencies--the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision--today published an interagency advance notice of proposed rulemaking (ANPR) regarding potential...
New data shows that on average, businesses are spending an eye-popping amount of money every month in IT resources to fight the spyware plague.FaceTime Communications, an IT security provider, surveyed more than 1,000 IT managers and end users. The key finding: spyware and other unsanctioned downloads are...
Internet-related crime, fraud, and damage is going through the roof. Here we take a look at what Consumer Reports has named the four major online threats you need to defend against.VIRUSES AND WORMSOldies but goodies (baddies?), these have plagued computer users for nearly two decades. They typically infect computers...
George CapehartIn a previous column we talked about some of the characteristics of Web services systems that have implications for Information Security and identified some of the kinds of security problems that arise in systems that are implemented in this paradigm. One of the sets of problems that was mentioned...
New Viruses Target IMA security firm reports that in July alone, the number of viruses threatening instant messaging systems rose nearly 25%. The acceleration of IM viruses, long predicted by security experts, has come to pass, according to Akonix Systems; new outbreaks with names such as Rants, Prex, and Kirvo are...
According to recent government estimates, some 10 million people a year are victims of identity theft. Some sources estimate that annual losses related to identity theft total as much as: $50 million for individuals and $48 billion for businessesWhile these figures represent an average loss of only about $500 per...
TO:  Chief Executive Officers and Chief Information Technology Officers of National Banks, Federal Branches, Service Providers, Department and Division Heads, and Examining PersonnelPURPOSEThis alert is intended to raise awareness of an increasingly common Internet fraud called “phishing†and...
Many attacks in the past decade have focused on vulnerabilities at the network and operating systems level. Nowadays, hackers seem to be more closely focusing on application level attacks. There are several reasons for this.Too many network protocol suits are being used by organizationsOrganizations tend to use too...
Ever inventive, cyber-criminals who specialize in phishing scams are finding new ways to hook you and your personal financial information.The days of amateurish phishing expeditions filled with typos are long gone. It’s our hope that by learning of the latest techniques, you can stay one jump ahead of this...
Most banks are surprisingly vulnerable to identity theft, according to a hired gun who makes his living by penetrating their security systems.With over 100 successful heists to his credit, Jim Stickley is one of the most successful bank robbers of all time. But he’s not after the cash. He’s after...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
