Monday, March 31, 2008

March 2008 CU News Below


CU InfoSECURITY News Providing a brief summary of news and information related to security issues for credit unions - Plus some interesting and fun web sites.(Click on photos to enlarge)
Don't forget to "log off."

Saturday, March 22, 2008

Here's a joke that'll get you arrested

Don't say that I didn't warn you:

If you are sitting next to someone who irritates you on a plane or train...

1. Quietly and calmly open up your laptop case.
2. Remove your laptop.
3. Boot it.
4. Make sure the person who won’t leave you alone can see the screen.
5. Open your email client to this message.
6. Close your eyes and tilt your head up to the sky.
7. Then hit this link: http://www.thecleverest.com/countdown.swf

If you try it, post what happened in comments.

Can't Wait Till 2008 - The Election Is Just Around the Corner

Are you ready yet?
http://jokelibrary.net/yyPictures/m/2008b.html

DISAPPEARING CAR DOOR

The original inventors and designers of the exciting Disappearing Car Door technology are now in a position to equip your favorite car with our cool, sexy, safe and convenient automatic car door or design an original vehicle body incorporating this unique technology.

Our vehicle architecture offers an attractive rethink for car design and adds greatly to overall vehicle safety including our structural reintegration of the door with the unibody and our cruciform car door frame technology.

Believe it or not . . . here it is: http://www.disappearing-car-door.com/

Need to Find an 800 Number?

Hard to find 800 numbers. Check here to get toll free direct access to dozens of companies in time of need.

http://www.hardtofind800numbers.com/

Friday, March 21, 2008

Readers choose their 10 favorite Windows programs

I’m familiar with most of the programs on this list, but I found a few that were pleasant surprises. I’m convinced you will too. One thing I found interesting was that readers were far more likely to recommend commercial programs instead of focusing on freebies. My original list was weighted in favor of free software; you’re clearly willing to pay for programs that get the job done.

Do yourself a favor and look over the list. I suggest you click on the following pages 1 thru 4 at the bottom to read the detail description of these favorites. There's some good ones there.
More info at: http://blogs.zdnet.com/Bott/?p=402&tag=nl.e539

Thursday, March 20, 2008

CUs continue to watch for data breach effects

Credit unions continue to monitor potential effects from a data breach involving 165 Hannaford supermarkets in New England and New York, and 106 Sweetbay stores in Florida.

Paula Stopera, Capital Communications CU CEO in Albany, said that the credit union has about 13,000 members who shopped at Hannaford stores during the period in which card information was compromised--Dec. 7, 2007 to March 10.

The credit union responded to news of the breach by sending letters to all members. The good news is that members are covered under the Visa zero liability protection, she said. If the credit union finds fraud on the accounts, it will block and re-issue cards. Replacing the cards could cost up to $100,000, Stopera said.

The league heard about the breach through alerts from Visa and MasterCard Friday, but the companies did not confirm the retailers involved. Hannaford has 40 stores in New York, Sklar said.

During a conference call yesterday, the Florida Credit Union League (FCUL) asked the Office of Financial Regulation in Florida if it had heard about any breach ramifications. The office had not heard of any losses from credit unions as a result of the breach.

The grocery's credit union, Hannaford Associates FCU, Scarborough, Maine, placed a warning on its website about the breach. To date, none of the credit union's cardholders have been affected, and cards are protected by MasterCard and Visa zero liability standards.

Wednesday, March 19, 2008

CUNA Mutual will send out risk alert on March 19

CUNA Mutual policyholders will receive an alert today outlining steps they can take in the event of a card data breach.

The alert comes after news of a data breach involving Hannaford Bros. grocery stores broke earlier this week. The breach affects 165 Hannaford Bros. stores in New England and New York, and 106 Sweetbay stores in Florida.

Credit unions need to read carefully any alerts they receive from credit card companies--in the case of Hannaford Bros., the companies are Visa and MasterCard, Ann Davidson, CUNA Mutual risk manager, told News Now.

The alerts will tell credit unions what data elements were compromised. For instance, the Hannaford breach put Track 1 or Track 2 card data at risk, which could lead to magnetic stripe fraud.

"This is critical because if a thief got enough data for transactions, that is a high risk," she said.
Credit unions also should:

  • Review authorization strategies for adjustments based on compromises;
    Pay attention to the transaction types at risk (signature versus personal identification number);
  • Look at the list of cards that were affected and focus on the ones that are still live;
    Block and re-issue cards that are at risk; and
  • Work with any third-party service providers to make sure they are aware of the situation.
    If card data has been compromised, credit unions "can't afford not to block and re-issue cards," Davidson said.

The Hannaford breach is comparable to last year's TJX breach, but the window of time that the data was exposed is much shorter. The Hannaford breach exposed data from Dec. 2007 to March 2008, whereas TJX was "a number of years," she said.

Saturday, March 15, 2008

This is great ... robber says hire more security guards

A man facing up to 180 years in prison for seven bank heists has simple advice on how banks can avoid people like him: Hire security guards.

“I don’t know why more banks don’t have security guards,” Renell Baker told the South Bend Tribune for a story published Monday. “I would always avoid those ones.”

Baker is set to be sentenced April 8. According to court documents, he stole more than $26,000 from banks between December 2006 and October. Police labeled Baker one of the most prolific bank robbers South Bend has seen in some time. [Read story at PrivateOfficer.com].
.

Ten Most Recent Database Thefts

University Health Care (Utah) - [2008-03-13]
(Stolen laptop contains 4,800 patients' names, Social Security numbers, and health information) [archive]

Harvard University - [2008-03-12
(Personal information of 10,000 including 6,500 Social Security numbers possibly compromised from hack) [archive]

Blue Cross Blue Shield of Western New York - [2008-03-10]
(Missing laptop contains "vital information" of an estimated 40,000) [archive]

MTV Networks - [2008-03-08]
(External breach exposes about 5,000 names and Social Security numbers) [archive]

Cascade Healthcare Community - [2008-03-06]
(Computer virus exposes credit card information, names, and addresses of more than 11,500) [archive]

Nevada Department of Public Safety - [2008-03-05]
(Social Security numbers and addresses of 109 on lost thumb drive) [archive]

Madeley Health Centre (UK) - [2008-03-05]
(Names, addresses, dates of birth and medical treatment details of 238 on stolen memory stick) [archive]

Kraft Foods - [2008-03-03]
(Missing laptop contains names and possibly Social Security numbers of 20,000) [archive]

Wellesley Health Department - [2008-02-29]
(Social Security numbers, names, addresses, and dates of birth for about 480 lost from open envelope) [archive]

Health Net Federal Services - [2008-02-27]
(Social Security numbers for 103,000 posted on web) [archive]

More information is available at: http://attrition.org/dataloss/

For a graphic of the top 10 database breaches since 2000, go to: http://tinyurl.com/244gwl

Wednesday, March 12, 2008

Voice biometrics: coming to a bank near you

At a recent bankers' conference in the US, Australian speech application company VeCommerce presented delegates with a challenge: fool our voice biometric technology and win $US1000. No one did, vindicating the company's claim that the technology is robust enough to be deployed in multifactor authentication for applications such as online banking.

According to Steve Lewis, general manager business consulting for VeCommerce in Australia, while deployments of voice biometric technology have to date been fairly limited, that is set to change.

"We are a the cusp of seeing some major deployments. We are in the process of developing a system for a top tier financial services organisation in Australia which will roll out at the end of this year. That will be a very large scale deployment...Two of the others are looking at similar solutions: once one goes the others will follow."

Lewis said the banks were interested particularly in applying the technology to Internet banking.

"There is so much phishing going on that people are getting nervous about the security of their passwords. A number of banks secure now their transactions through SMS tokens - they send a one time password to your mobile phone. Our product allows the bank to generate a phone call to your mobile phone then it compares your voice to a stored profile."VeCommerce suggests that a voice profile eliminates the need for remembering identifiers such as PINs, passwords, mother's maiden name, or for having special equipment such as PIN pads or fobs.

Also, in situations where callers are required to identify themselves to a call centre operator, it avoids the caller having to provide information such as account number, date of birth, etc which could easily be stolen and used in subsequent identity fraud.

Friday, March 7, 2008

UTC makes bid for Diebold

$3 billion bid would link two leading security and integration providers

United Technologies Corporation (UTC) has proposed to acquire Diebold for roughly $3 billion, at a per share rate of $40. The company announced that it had made the proposal to Diebold's board of directors; UTC said the proposal "represents a premium of approximately 66 percent to Diebold's closing stock price on Feb. 29."
More information at:
http://www.securityinfowatch.com/article/article.jsp?id=14505&siteSection=323
or http://tinyurl.com/ynq25u
.

Prevent Identity Theft — Deter, Detect, Defend

Identity theft sucks. Our mail was stolen recently. All that we know we’re missing are some tax documents, but we’re not taking any chances. Rather than wait for the thieves to do any damage, we’ve taken steps to minimize repercussions.

After filing a report with the US Postal Service, we received a package of information, including a flyer from the Federal Trade Commission describing techniques to fight back against identity theft. The FTC encourages people to share this information, so I’ve converted it to weblog format. This may be seem boring, but it’s important.

According to one study conducted for the FTC [PDF], in 2005, 3.7% of the U.S. adult population were victims of identity theft. Though the median value of the damage caused was $500 per victim, ten percent of victims reported that the thief obtained $6,000 or more. The median time to repair the damage was four hours, but ten percent of victims spent at least 55 hours resolving their trouble.

Identity theft is a real and growing concern. Your best defense is to prepare before it happens.

Tuesday, March 4, 2008

My 10 favorite Windows programs of all time

I’ve been using Windows for nearly two decades, and during that time I’ve tried hundreds of programs. Most come and go, but a handful have stood the test of time for me by solving a particular problem particularly well.

In this article and accompanying gallery, I list 10 Windows programs I use every day. Every one adds a feature that makes Windows easier to use or can help make you more productive. Each one comes from a company that has proven its ability to support the product and improve it over time. I’ve been using every program on this list for long enough to recommend it without reservation.

Most of the programs in this list are free; for those that aren’t a trial version is available. All of the programs in this list run on Windows XP Service Pack 2 and Windows Vista (and most run on other editions as well). I’ve devoted one full page to each program, with info and download links and enough details to help you decide whether it’s something you want to try. I’ve also provided screen shots for each program to help you see what I’m talking about.

Process Explorer (Sysinternals/Microsoft) The most amazing diagnostic tool ever, created by Microsoft Distinguished Fellow Mark Russinovich. If you use Task Manager, you should replace it with this free alternative, which does so much more.

RoboForm (Siber Systems) Create strong passwords, save them, and automatically fill them in using Firefox or IE. If you’re frustrated by passwords, this is your answer.

Keyfinder (Magical Jelly Bean Software) If you had to reinstall Windows tomorrow, do you know where your product ID is? If the answer is no, get this tiny free utility, which finds product IDs for dozens of popular programs (including Windows and Office) and lets you print or save the results.

ClipMate Clipboard Extender (ThornSoft Development) When I set up a new PC, this is the first program I install. It’s that good. I save thousands of keystrokes a year thanks to this gem of a utility.

FeedDemon for Windows (NewsGator Technologies) The best damn RSS reader in the Windows world. Period. And it’s now free.

Windows Live Photo Gallery (Microsoft) You’ll have to search for it, but this updated version of the Windows Photo Gallery that debuted in Vista is worth the hunt. If you’ve chosen to steer clear of Vista, no worries: It works in XP too.

Allway Sync (Usov Lab) This powerful tool synchronizes the contents of folders over a network or to external storage and is an ideal complement to most backup programs.

SnagIt (TechSmith) As a technology writer, I use this screen capture program nearly every day. Even after six years, I’m still discovering new tricks it can do.

IE7 Pro If you use IE7, you need this free add-on, which provides ad blocking, tab management, inline search, crash recovery, and all the other features Microsoft left out.

FinePrint (FinePrint Software) Over the years, I can’t even imagine how many trees I’ve spared with the help of this program. If you print more than a few pages a month, you have to try this.

For more information, visit: http://blogs.zdnet.com/Bott/?p=385&page=1