10 total posts
HSBC questions online security tool
Bank has seen online takeup without need for extra security
Efforts to standardise online banking security could be undermined by HSBC's refusal to adopt two-factor authentication for access to its web accounts.
Some high-street rivals have explicitly linked growth in online banking with improvement in security procedures.
But figures from HSBC last week show a 55 per cent rise in online customers last year without any extra safety measures. The firm is now questioning the need for investment in industry body Apacs's standard card reader.
The surge in take-up proves customers already feel safe on the internet, says HSBC head of e-commerce Alison Leonard.
Security MVP Demos Broken Wireless Access Protocols
During an updated version of one of the more popular sessions at TechEd each year, senior security engineer and Microsoft MVP Marcus Murray did attendees a major service by demonstrating that hacking into a network is not really an art, and in some ways, not even much of a science.
His "Why I Can Hack Your Network in a Day" session is actually something of a misnomer, as many of the tools he uses (including one written by SysInternals guru-turned-Microsoft fellow Mark Russinovich) can enable individuals to work their way to revealing the passwords of domain administrators in closer to 15 minutes.
Resort dumps Symantec's antispam product
Kingfisher Bay Resort in Australia has ditched Symantec for a rival managed antispam product claiming the product allowed spam to pass through its filters unchecked.
The resort is located on Queensland's Fraser Island and employs 500 staff, with about 100 users relying on e-mail for communication and customer service across the resort's remote sites.
Staff were receiving between 20 to 40 spam e-mails per day prior to the implementation, with more exposed addresses copping more than 100 a day.
Director of parent company Tourism Leisure Corp., David Goodman, said while the company is satisfied with the Symantec corporate edition antivirus deployed on its network, the aging spam solution was reducing productivity.
Hackers load malware onto Mercury music award site
Hackers have been able to load malware onto the official Mercury music awards site, as well as hundreds of other sites, after breaking into the systems of US-based hosting firm DreamHost.
DreamHost blamed a security flaw in its web control panel software for an attack that allowed hackers to compromise a "very small subset" of user accounts. Affected customers have been notified by email. DreamHost said only web content - not credit card or billing information - was compromised.
In a statement published Wednesday, DreamHost said: "The security flaw allowed the attackers to log into our customer web control panel with the access privileges of another user. From our web panel they were able to access individual user password information. The attackers also attempted to gain access to our central database and billing information but were ultimately thwarted in that attempt. No credit card information or customer personal information was obtained."
Bank of Scotland blames human error in data screw-up
Bank of Scotland (HBOS) is telling 62,000 customers they could be at risk of identity theft after it stuck an unencrypted disc in the ordinary post, which was subsequently lost.
The disc, containing information on mortage customers, should have been encrypted before being sent, the bank said, and should have been sent via secure courier rather than the normal postal service. It blamed human error for the problem, but said it believed the disc was genuinely lost rather than stolen.
Spam barrages take down filters, networks
Report shows increase in spam bombardment attacks.
MessageLabs' monthly report on the latest trends in spam has warned of an alarming rise in 'spam spikes', targeted attacks which use high volumes of spam directed at a single company in an attempt to overwhelm gateway spam filters.
Online malware dangers analysed
Two reports out this week have revealed some interesting statistics on the security dangers involved in browsing the Internet, with Google surveying the software running on webservers and which systems carry the most threats, while McAfee's study of search results reveals the dangers lurking in links provided by several major search engines, including Google itself.
AOL was found to be the safest search system, with only 2.9% of results representing a known danger, while Yahoo! was the worst, with 5.4%. Safety in general was found to have improved since the first such survey a year ago, but figures for both Yahoo! and MSN, previously the safest two and now the worst, showed more dangers presented than in the May 2006 study.
Should you use third-party patches?
Security software supplier eEye Digital Security provided an unofficial patch last year to this Microsoft vulnerability and received 70,000 downloads in three days. The increase in zero day attacks is one reason users have been unwilling to wait for official updates.
The early availability of third-party patches gives rise to the question of why Microsoft - with the best knowledge of and access to the source code - takes longer than volunteer programmers to fix the problem.
Microsoft said that creating security updates that fix vulnerabilities is an extensive process, and factors influencing the speed of the process include conducting a risk assessment on the affected product and testing it.
"Once the update is built it must be tested with the different operating systems and applications it affects, then localised for many markets and languages across the globe. In some instances, multiple suppliers are affected by the same or similar issue, which requires a coordinated release," said a Microsoft spokesman.
However, Alan Shimel, chief strategy officer at security supplier StillSecure, said, "The most recent patch by eEye was so widely downloaded because there were real attacks in the wild exploiting this vulnerability, and Microsoft did not respond quickly enough. Users have a legitimate right to download a third-party patch."
Shimel advises using third-party patches with caution, but said that if suppliers did not release patches quickly enough, the whole responsible disclosure system of vulnerability research falls apart.
Four ISPs Join Anti-Spam, E-Mail Delivery Program
Four major Internet service providers on Thursday joined a program that charges major business and e-commerce sites for guaranteed delivery of their e-mails.
Comcast, Cox Communications, Time Warner Cable's Road Runner and Verizon will support Goodmail Systems' CertifiedEmail program, which charges companies a quarter of a penny per message to ensure that their e-mails bypass spam filters and reach their destination. Nonprofit organizations are offered an 80 percent discount on that fee.
Yahoo! and America Online joined CertifiedEmail when the program kicked off in May 2006.