CU InfoSECURITY News Providing a brief summary of news and information related to security issues for credit unions - Plus some interesting and fun web sites.(Click on photos to enlarge)
Friday, February 29, 2008
Another text-messaging scam hits St. Louis area
Another credit union is reporting its members and nonmembers are receiving e-mails and text messages on their cell phones that attempt to capture personal identification information.
Arsenal CU, in St. Louis, and the Missouri Attorney General Jay Nixon are warning consumers in St. Louis about the scheme.
The e-mails and messages are in Arsenal's name and began arriving on Feb. 15.
Nixon said the messages claim there is a problem with recipients' account. Consumers receiving the messages may or may not be members of the credit union. They are customers of several different cell phone companies.
The bogus messages instructed recipients to provide information about their credit union account, and debit card and credit card numbers. The thieves created a false replica of Arsenal's online account access page and set up a phone number that connected callers to an automated voice message from "Arsenal CU" asking for the card information. The phone number was deactivated on Feb. 24.
As soon as Arsenal became aware of the situation, its phishing attack response plan went into action. Several staffers went in to work Sunday afternoon to respond to calls and e-mails. The credit union also posted phishing alerts on its website and in its lobbies, and reported the incident to the Internet Crime Complaint Center.
"We are all over it, and our members told us they appreciate that," said Ken Moser, Arsenal vice president of marketing. "We will continue to provide ongoing education to our members to let them know that we would never ask for their personal information via e-mail."
Arsenal CU, in St. Louis, and the Missouri Attorney General Jay Nixon are warning consumers in St. Louis about the scheme.
The e-mails and messages are in Arsenal's name and began arriving on Feb. 15.
Nixon said the messages claim there is a problem with recipients' account. Consumers receiving the messages may or may not be members of the credit union. They are customers of several different cell phone companies.
The bogus messages instructed recipients to provide information about their credit union account, and debit card and credit card numbers. The thieves created a false replica of Arsenal's online account access page and set up a phone number that connected callers to an automated voice message from "Arsenal CU" asking for the card information. The phone number was deactivated on Feb. 24.
As soon as Arsenal became aware of the situation, its phishing attack response plan went into action. Several staffers went in to work Sunday afternoon to respond to calls and e-mails. The credit union also posted phishing alerts on its website and in its lobbies, and reported the incident to the Internet Crime Complaint Center.
"We are all over it, and our members told us they appreciate that," said Ken Moser, Arsenal vice president of marketing. "We will continue to provide ongoing education to our members to let them know that we would never ask for their personal information via e-mail."
Wednesday, February 27, 2008
Keesler FCU hit by cell phone text scam
A cell phone text-message scam was targeted against Keesler FCU on Saturday, the credit union announced Tuesday.
The cell phone text messages and faxes were broadcast to members and nonmembers in an attempt to get credit, debit or ATM card information, the Biloxi, Miss.-based credit union said.
The messages appeared to come from the $1.5 billion credit union and requested that the recipient respond to the communication with the card number, personal identification number or other personal information.
Keesler recently was also a victim of another e-mail phishing scam, according to Sharon Seanor, vice president of marketing at the credit union.
"These fraudulent attempts were very sophisticated. They attempted to create a sense or urgency or panic, so that the recipient would be tricked to respond. For example, in this case, the scammers indicated that the recipient's bill service had expired," Seanor said.
The credit union immediately posted a warning on its website and notified a local television station, which aired a story about the scam.
The credit union said it would continue to educate members about how to avoid falling victim to fraudulent activity. "We will never initiate any communication to obtain account information, since we already have that information on file," said the release.
The cell phone text messages and faxes were broadcast to members and nonmembers in an attempt to get credit, debit or ATM card information, the Biloxi, Miss.-based credit union said.
The messages appeared to come from the $1.5 billion credit union and requested that the recipient respond to the communication with the card number, personal identification number or other personal information.
Keesler recently was also a victim of another e-mail phishing scam, according to Sharon Seanor, vice president of marketing at the credit union.
"These fraudulent attempts were very sophisticated. They attempted to create a sense or urgency or panic, so that the recipient would be tricked to respond. For example, in this case, the scammers indicated that the recipient's bill service had expired," Seanor said.
The credit union immediately posted a warning on its website and notified a local television station, which aired a story about the scam.
The credit union said it would continue to educate members about how to avoid falling victim to fraudulent activity. "We will never initiate any communication to obtain account information, since we already have that information on file," said the release.
Friday, February 22, 2008
Alabama league introduces data security legislation
The Alabama Credit Union League (ACUL) has introduced a bill in the state legislature aimed at protecting consumers' financial data.
The legislation, introduced by State Rep. Tammy Irons (D) and State Sen. Parker Griffith (D), contains three provisions:
1 - Entities that experience a data breach would be required to notify consumers;
2 - Sensitive consumer financial data, such as the content of a magnetic stripe on a plastic card, personal identification number or card validation code, cannot be retained; and
3 - Any entity that experiences a breach and holds prohibited data must reimburse the issuing financial institution for the cost of reissuing cards or taking steps to protect accounts.
The legislation, introduced by State Rep. Tammy Irons (D) and State Sen. Parker Griffith (D), contains three provisions:
1 - Entities that experience a data breach would be required to notify consumers;
2 - Sensitive consumer financial data, such as the content of a magnetic stripe on a plastic card, personal identification number or card validation code, cannot be retained; and
3 - Any entity that experiences a breach and holds prohibited data must reimburse the issuing financial institution for the cost of reissuing cards or taking steps to protect accounts.
Wednesday, February 20, 2008
Gartner: Regular Online Banking Use Climbing
A new survey From Gartner shows that, to the surprise of no one in the financial services industry, online banking continues to grow as a mainstream access channel.
The polling of more than 2,000 adults last summer in the UK and the U.S. now finds that 33 percent of all US adults now regularly bank online – a trend less pronounced in the UK, where its 14 million or 26 percent of the British population.
“The current usage levels in both countries show that adoption is now taking place within the mainstream of consumers, among people who use new channels and services if, and only if, they see intrinsic value from the new technology,” said David Schehr, research director for Gartner’s Financial Services research team, in a statement. “Online banking has clearly made this transition in consumer minds.”
Among other key findings: online banking doesn’t result in any less branch-banking activity by customers, but is linked to higher use of ATMs and telephone banking; and online banking is acclimating customers to higher support level expectations.
Online banking is also making customers more open to emerging transactions channel – a curious finding given other recent Gartner viewpoints that predict mobile banking may become the Edsel of our era (see BTN’s Talk Back question of the week).
The polling of more than 2,000 adults last summer in the UK and the U.S. now finds that 33 percent of all US adults now regularly bank online – a trend less pronounced in the UK, where its 14 million or 26 percent of the British population.
“The current usage levels in both countries show that adoption is now taking place within the mainstream of consumers, among people who use new channels and services if, and only if, they see intrinsic value from the new technology,” said David Schehr, research director for Gartner’s Financial Services research team, in a statement. “Online banking has clearly made this transition in consumer minds.”
Among other key findings: online banking doesn’t result in any less branch-banking activity by customers, but is linked to higher use of ATMs and telephone banking; and online banking is acclimating customers to higher support level expectations.
Online banking is also making customers more open to emerging transactions channel – a curious finding given other recent Gartner viewpoints that predict mobile banking may become the Edsel of our era (see BTN’s Talk Back question of the week).
Should Credit Unions Help Illegal Aliens?
If this doesn't tick you off nothing will.
Important read no matter who you decide to vote for!
WHAT COSTS MORE PER YEAR THAN THE IRAQ WAR?
Illegal Aliens Cause Massive Cuts For US Citizens
1. $11 Billion to $22 billion is spent on welfare to illegal aliens each year.
http://tinyurl.com/zob77
2. $2.2 Billion dollars a year is spent on food assistance programs such as food stamps, WIC, and free school lunches for illegal aliens.
http://www.cis.org/articles/2004/fiscalexec.html
3. $2.5 Billion dollars a year is spent on Medicaid for illegal aliens.
http://www.cis.org/articles/2004/fiscalexec.html
4. $12 Billion dollars a year is spent on primary and secondary school education for children here illegally and they cannot speak a word of English!
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.0.html
5. $17 Billion dollars a year is spent for education for the American-born children of illegal aliens, known as anchor babies.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
6. $3 Million Dollars a DAY is spent to incarcerate illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
7. 30% percent of all Federal Prison inmates are illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
8. $90 Billion Dollars a year is spent on illegal aliens for Welfare and Social Services by the American taxpayers.
http://premium.cnn.com/TRANSCIPTS/0610/29/ldt.01.html
9. $200 Billion Dollars a year in suppressed American wages are caused by the illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
10. The illegal aliens in the United States have a crime rate that's two-and-a-half times that of white non-illegal aliens. In particular, their children, are going to make a huge additional crime problem in the US .
http://transcripts.cnn.com/TRANSCRIPTS/0606/12/ldt.01.html
11. During the year of 2005 there were 4 to 10 MILLION illegal aliens that crossed our Southern Border also, as many as 19,500 illegal aliens from Terrorist Countries. Millions of pounds of drugs, cocaine, meth, heroin and marijuana, crossed into the U. S from the Southern border. Homeland Security Report.
http://tinyurl.com/t9sht
12. The National Policy Institute, "estimated that the total cost of mass deportation would be between $206 and $230 billion or an average cost of between $41 and $46 billion annually over a five year period."
http://www.nationalpolicyinstitute.org/pdf/deportation.pdf
13. In 2006 illegal aliens sent home $45 BILLION in remittances back to their countries of origin.
http://www.rense.com/general75/niht.htm
14. "The Dark Side of Illegal Immigration: Nearly One Million Sex Crimes Committed by Illegal Immigrants In The United States ".
http://www.drdsk.com/articleshtml
Important read no matter who you decide to vote for!
WHAT COSTS MORE PER YEAR THAN THE IRAQ WAR?
Illegal Aliens Cause Massive Cuts For US Citizens
1. $11 Billion to $22 billion is spent on welfare to illegal aliens each year.
http://tinyurl.com/zob77
2. $2.2 Billion dollars a year is spent on food assistance programs such as food stamps, WIC, and free school lunches for illegal aliens.
http://www.cis.org/articles/2004/fiscalexec.html
3. $2.5 Billion dollars a year is spent on Medicaid for illegal aliens.
http://www.cis.org/articles/2004/fiscalexec.html
4. $12 Billion dollars a year is spent on primary and secondary school education for children here illegally and they cannot speak a word of English!
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.0.html
5. $17 Billion dollars a year is spent for education for the American-born children of illegal aliens, known as anchor babies.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
6. $3 Million Dollars a DAY is spent to incarcerate illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
7. 30% percent of all Federal Prison inmates are illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
8. $90 Billion Dollars a year is spent on illegal aliens for Welfare and Social Services by the American taxpayers.
http://premium.cnn.com/TRANSCIPTS/0610/29/ldt.01.html
9. $200 Billion Dollars a year in suppressed American wages are caused by the illegal aliens.
http://transcripts.cnn.com/TRANSCRIPTS/0604/01/ldt.01.html
10. The illegal aliens in the United States have a crime rate that's two-and-a-half times that of white non-illegal aliens. In particular, their children, are going to make a huge additional crime problem in the US .
http://transcripts.cnn.com/TRANSCRIPTS/0606/12/ldt.01.html
11. During the year of 2005 there were 4 to 10 MILLION illegal aliens that crossed our Southern Border also, as many as 19,500 illegal aliens from Terrorist Countries. Millions of pounds of drugs, cocaine, meth, heroin and marijuana, crossed into the U. S from the Southern border. Homeland Security Report.
http://tinyurl.com/t9sht
12. The National Policy Institute, "estimated that the total cost of mass deportation would be between $206 and $230 billion or an average cost of between $41 and $46 billion annually over a five year period."
http://www.nationalpolicyinstitute.org/pdf/deportation.pdf
13. In 2006 illegal aliens sent home $45 BILLION in remittances back to their countries of origin.
http://www.rense.com/general75/niht.htm
14. "The Dark Side of Illegal Immigration: Nearly One Million Sex Crimes Committed by Illegal Immigrants In The United States ".
http://www.drdsk.com/articleshtml
Total cost is a whooping... $338.3 BILLION A YEAR!!!
And Credit Unions are helping illegal aliens live in this country. What's your opinion? Check Comments below and speak up.
And Credit Unions are helping illegal aliens live in this country. What's your opinion? Check Comments below and speak up.
Converting CU Suggests Member Data Was Stolen
The credit union that most recently suspended its attempt to become a mutual bank worries that someone might have compromised its security and stolen member data in order to call members to get them to oppose the conversion attempt.
Officials with the $114 million First Basin Credit Union have not yet commented on the conversion suspension to the trade press, but CEO Shem Culpepper told local media outlets on Friday that the CU was investigating whether member data may have been stolen and who, the credit union alleged, might have been calling members to tell them they would lose their funds on deposit if the conversion went through.
Leaders of Save First Basin, the member group opposed to the conversion, denied their group had made any calls and some members opposed to the conversion scoffed at the CU’s allegation, suggesting that it was merely a way for the credit union to save face after, the members suggested, balloting on the measure ran so heavily against it.
Officials with the $114 million First Basin Credit Union have not yet commented on the conversion suspension to the trade press, but CEO Shem Culpepper told local media outlets on Friday that the CU was investigating whether member data may have been stolen and who, the credit union alleged, might have been calling members to tell them they would lose their funds on deposit if the conversion went through.
Leaders of Save First Basin, the member group opposed to the conversion, denied their group had made any calls and some members opposed to the conversion scoffed at the CU’s allegation, suggesting that it was merely a way for the credit union to save face after, the members suggested, balloting on the measure ran so heavily against it.
Tuesday, February 19, 2008
Lawbreakers Fed. Credit Union
It’s admirable that the ASI Fed. Credit Union in Harahan, LA is moving to open a Latino branch office to serve their Spanish speaking members. Every employee will speak both Spanish and English and all documents will be printed in both languages. A good move.
The area’s growing Hispanic population includes thousands of workers who entered the U.S. without the required documentation. ASI’s branch will feature “safe accounts” – savings accounts from which members can make withdrawals using an ATM card. A second ATM card offers a way for foreign workers to send funds to family members back in their home country.
Whoa. To help illegal aliens continue to break the law? – Bad Move.
The key word here is “illegal.” Why does anyone want to be an enabler to blatantly help people break the law? I would think NCUA should be concerned.
Why don’t we just organize a new credit union called “Lawbreakers Fed. Credit Union?” It would have a very large field of membership. Where should convicts in prison put their money? Why in the Lawbreakers FCU. When they get out of prison, many would have a nice savings account to help them get back into society. Funds in the credit union would come from the Mafia or other organized crime groups. This could easily be a billion dollar credit union. There are a number of former credit union employees in jail who could serve on the board of directors. They know credit unions.
CUNA Mutual will not insure a person who is convicted of fraud in a credit union . . . but they continue to insure a credit union who serves illegals in their field of membership. Something is wrong here.
Helping aliens in our society is an admirable move. Yes, our country was built by people from foreign countries who, for the most part, entered our country legally. I’m all for supporting legal aliens. Unfortunately our government has not enforced the law and has done a poor job in keeping lawbreakers out of the country. But that seems to be OK as credit unions step forward to help the law breakers.
Give me a break!
The area’s growing Hispanic population includes thousands of workers who entered the U.S. without the required documentation. ASI’s branch will feature “safe accounts” – savings accounts from which members can make withdrawals using an ATM card. A second ATM card offers a way for foreign workers to send funds to family members back in their home country.
Whoa. To help illegal aliens continue to break the law? – Bad Move.
The key word here is “illegal.” Why does anyone want to be an enabler to blatantly help people break the law? I would think NCUA should be concerned.
Why don’t we just organize a new credit union called “Lawbreakers Fed. Credit Union?” It would have a very large field of membership. Where should convicts in prison put their money? Why in the Lawbreakers FCU. When they get out of prison, many would have a nice savings account to help them get back into society. Funds in the credit union would come from the Mafia or other organized crime groups. This could easily be a billion dollar credit union. There are a number of former credit union employees in jail who could serve on the board of directors. They know credit unions.
CUNA Mutual will not insure a person who is convicted of fraud in a credit union . . . but they continue to insure a credit union who serves illegals in their field of membership. Something is wrong here.
Helping aliens in our society is an admirable move. Yes, our country was built by people from foreign countries who, for the most part, entered our country legally. I’m all for supporting legal aliens. Unfortunately our government has not enforced the law and has done a poor job in keeping lawbreakers out of the country. But that seems to be OK as credit unions step forward to help the law breakers.
Give me a break!
Thursday, February 14, 2008
National Center for Member Trust information on CUs morphing into banks
Founded by credit union executives Bucky Sebastian, Jim Blaine and Randy Chambers, the National Center for Member Trust provides information for members-at-large of credit unions facing CU-to-bank conversion attempts.
This writer has no doubt that the American Bankers Association and other interest groups which are friendly to bank conversions intensely dislike this organization. After all, CU-to-bank conversions are not being demanded by rank-and-file CU members-at-large. CU-to-bank conversions are being pushed under the euphemism of "charter choice" by small groups of insiders who really don't want to discuss their reasons or motives.
I comprehend many of the "charter choice" business arguments cited in favor of CU-to-bank conversions, but believe that these conversions ought to be regulated and taxed.
Federal law does not currently compel a credit union which converts from a CU to a bank charter to disperse the "members' equity" to the members. This loophole needs to be eliminated by an Act of Congress. In a CU-to-bank conversion, the "members' equity" accumulated during decades of tax-exempt not-for-profit status ought to be paid out to the member-owners of the organization.
Congress needs to amend the Internal Revenue Code to impose these nominal requirements on all Federal and State credit unions as a condition of continuing to receive 501(c)(1) or 501(c)(14) tax-exempt status.
The Member Trust web site offers useful information about basic differences between credit unions and banks, and is a step in the right direction.
This writer has no doubt that the American Bankers Association and other interest groups which are friendly to bank conversions intensely dislike this organization. After all, CU-to-bank conversions are not being demanded by rank-and-file CU members-at-large. CU-to-bank conversions are being pushed under the euphemism of "charter choice" by small groups of insiders who really don't want to discuss their reasons or motives.
I comprehend many of the "charter choice" business arguments cited in favor of CU-to-bank conversions, but believe that these conversions ought to be regulated and taxed.
Federal law does not currently compel a credit union which converts from a CU to a bank charter to disperse the "members' equity" to the members. This loophole needs to be eliminated by an Act of Congress. In a CU-to-bank conversion, the "members' equity" accumulated during decades of tax-exempt not-for-profit status ought to be paid out to the member-owners of the organization.
Congress needs to amend the Internal Revenue Code to impose these nominal requirements on all Federal and State credit unions as a condition of continuing to receive 501(c)(1) or 501(c)(14) tax-exempt status.
The Member Trust web site offers useful information about basic differences between credit unions and banks, and is a step in the right direction.
Tuesday, February 12, 2008
100% increase in new phish targets reported
Credit unions and other financial institutions continue to be top targets for phishing attacks, accounting for nine out of 10 new brands targeted during fourth quarter last year, says a new report.
In 2007, more than 900 new brands were first-time targets of phishing attacks. That's more than a 100% increase in new targets compared with new targets in 2005 and 2006, said Cyveillance, a cyber intelligence company, in its latest "Online Financial Fraud and Identity Theft Report."
Broad-based phishing attacks aimed at new companies and industries reached its high point of 431 during first quarter 2007 then decreased significantly the rest of the year. About 106 new brands were targets in the fourth quarter.
The data indicates the attacks were more focused throughout 2007, repeatedly targeting prominent brands in key industries, said the Arlington, Va.-based Cyveillance.
During the year, phishing attacks became more sophisticated and evolved to incorporate legitimate brand names and URLs. Attacks leveraging compromised websites grew to 51% in fourth quarter from 38% in third quarter.
In 2007, more than 900 new brands were first-time targets of phishing attacks. That's more than a 100% increase in new targets compared with new targets in 2005 and 2006, said Cyveillance, a cyber intelligence company, in its latest "Online Financial Fraud and Identity Theft Report."
Broad-based phishing attacks aimed at new companies and industries reached its high point of 431 during first quarter 2007 then decreased significantly the rest of the year. About 106 new brands were targets in the fourth quarter.
The data indicates the attacks were more focused throughout 2007, repeatedly targeting prominent brands in key industries, said the Arlington, Va.-based Cyveillance.
During the year, phishing attacks became more sophisticated and evolved to incorporate legitimate brand names and URLs. Attacks leveraging compromised websites grew to 51% in fourth quarter from 38% in third quarter.
Monday, February 11, 2008
ID Theft Declines, But Makes Low-Tech Migration
Identity fraud losses declined 12 percent in 2007, but phone and mail fraud schemes are skyrocketing as crooks continue to adopt more traditional offline scams. Those are some of the highlights coming out today from the 2008 Javelin Strategy & Research ID Theft report, one of the major industry benchmarks—which also includes the FTC’s periodic Consumer Sentinel report—that tracks fraud patterns and losses suffered by millions of U.S. ID theft victims each year.
Improved consumer online vigilance and the adoption of multi-factor authentication standards are among the factors noted by Javelin president in cutting down on fraud, although it may explain the jump in phone and mail fraud transactions that in 2007 accounted for 40 percent of ID theft activity, after being responsible for only 3 percent the year before.
The findings “reinforce” a three-year trend in which criminals are stealing personal information primarily through stolen personal belongings and phone calls, according to the report. “It’s very much multi-channel, both low-tech and new tech,” says Van Dyke.
Overall, victim numbers dipped to the lowest level in five years, down to 8.1 million people in 2007, compared to 8.4 million in 2006.
Overall fraud costs dropped from $51 to $45 billion and continuing a downward trend of losses that Javelin first tracked for 2006. Unfortunately for consumers, the drop in overall fraud is not reflected in per-incident expenses they had to pay up for stolen identities. That’s gone up 25 percent to $691 per episode.
Improved consumer online vigilance and the adoption of multi-factor authentication standards are among the factors noted by Javelin president in cutting down on fraud, although it may explain the jump in phone and mail fraud transactions that in 2007 accounted for 40 percent of ID theft activity, after being responsible for only 3 percent the year before.
The findings “reinforce” a three-year trend in which criminals are stealing personal information primarily through stolen personal belongings and phone calls, according to the report. “It’s very much multi-channel, both low-tech and new tech,” says Van Dyke.
Overall, victim numbers dipped to the lowest level in five years, down to 8.1 million people in 2007, compared to 8.4 million in 2006.
Overall fraud costs dropped from $51 to $45 billion and continuing a downward trend of losses that Javelin first tracked for 2006. Unfortunately for consumers, the drop in overall fraud is not reflected in per-incident expenses they had to pay up for stolen identities. That’s gone up 25 percent to $691 per episode.
Thursday, February 7, 2008
Stealing Signals
The New England Patriots, one of the two or three best teams in the last five years, have been accused of stealing signals from the other team with a video camera.
Femember when the NFL changed the rules to allow a radio link from the quarterback's helmet to the sidelines? A smart team could not only eavesdrop on the other team, but selectively jam the signal when it would be most critical. The rules said that if one team's radio link didn't work, the other team had to turn its off, but that's a minor consideration if you know it's coming.
Femember when the NFL changed the rules to allow a radio link from the quarterback's helmet to the sidelines? A smart team could not only eavesdrop on the other team, but selectively jam the signal when it would be most critical. The rules said that if one team's radio link didn't work, the other team had to turn its off, but that's a minor consideration if you know it's coming.
Security: Getting Free Food at a Fast-Food Drive-In
It's easy. Find a fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food.
This won't work at the more-common U.S. configuration: a microphone where you order, and a single window where you both pay and receive your food.
Wait until there is someone behind you and someone in front of you. Don't order anything at the first window. Tell the clerk that you forgot your money and didn't order anything. Then drive to the second window, and take the food that the person behind you ordered.
It's a clever exploit. Basically, it's a synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.
It's relatively easy to fix. The restaurant could give the customer a numbered token upon ordering and paying, which he would redeem at the next window for his food. Or the second window could demand to see the receipt. Or the two windows could talk to each other more, maybe by putting information about the car and driver into the computer. But, of course, these security solutions reduce the system's optimization.
So if not a lot of people do this, the vulnerability will remain open.
This won't work at the more-common U.S. configuration: a microphone where you order, and a single window where you both pay and receive your food.
Wait until there is someone behind you and someone in front of you. Don't order anything at the first window. Tell the clerk that you forgot your money and didn't order anything. Then drive to the second window, and take the food that the person behind you ordered.
It's a clever exploit. Basically, it's a synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.
It's relatively easy to fix. The restaurant could give the customer a numbered token upon ordering and paying, which he would redeem at the next window for his food. Or the second window could demand to see the receipt. Or the two windows could talk to each other more, maybe by putting information about the car and driver into the computer. But, of course, these security solutions reduce the system's optimization.
So if not a lot of people do this, the vulnerability will remain open.
Wednesday, February 6, 2008
10 dumb things users do that can mess up their computers
Overview: Users find plenty of ways to run into trouble, from gunking up their system with shareware to leaving it exposed to attackers to forgetting about using surge protectors.
Share this list with your own users so they can sidestep preventable problems like these. Technology may be changing at a lightning-fast pace, but one thing remains constant: Users make mistakes with their computers.
Sometimes, the mistakes are just slip-ups that could happen to anyone (ourselves included). But other times, an avalanche of issues is unleashed simply because a user didn't know any better. It may look like they've done something dumb, but if we haven't taught them better habits, we've done something even dumber.
To help your users understand some of the basic practices that will prevent problems, IT pro Deb Shinder put together a list of typical things users do that can lead to trouble. For example, she says users may:
~ Plug into the wall without surge protection
~ Surf the Internet without a firewall
~ Install and uninstall lots of programs, especially betas
~ Click on every link they encounter in e-mails and on Web pages
This download is also available as an an entry in our 10 Things blog. Click here to access: http://i.i.com.com/cnwk.1d/i/tr/downloads/home/10_things_dumb.pdf
Share this list with your own users so they can sidestep preventable problems like these. Technology may be changing at a lightning-fast pace, but one thing remains constant: Users make mistakes with their computers.
Sometimes, the mistakes are just slip-ups that could happen to anyone (ourselves included). But other times, an avalanche of issues is unleashed simply because a user didn't know any better. It may look like they've done something dumb, but if we haven't taught them better habits, we've done something even dumber.
To help your users understand some of the basic practices that will prevent problems, IT pro Deb Shinder put together a list of typical things users do that can lead to trouble. For example, she says users may:
~ Plug into the wall without surge protection
~ Surf the Internet without a firewall
~ Install and uninstall lots of programs, especially betas
~ Click on every link they encounter in e-mails and on Web pages
This download is also available as an an entry in our 10 Things blog. Click here to access: http://i.i.com.com/cnwk.1d/i/tr/downloads/home/10_things_dumb.pdf
What's Next? - Black Airline Pilots Tap Wings Financial as Their Official Credit Union
Black Airline Pilots Tap Wings Financial as Official Credit Union
Wings Financial Federal Credit Union announced that it has been selected by the Organization of Black Airline Pilots as its official credit union.
No disrespect to the Organization of Black Airline Pilots . . . but I wonder what's next? Organization of Muslim Pilots? Association of Bosnian Pilots? Organization of Latio Pilots.
Wings Financial Federal Credit Union announced that it has been selected by the Organization of Black Airline Pilots as its official credit union.
No disrespect to the Organization of Black Airline Pilots . . . but I wonder what's next? Organization of Muslim Pilots? Association of Bosnian Pilots? Organization of Latio Pilots.
AOL Revenue Continues to Drop
AOL’s revenue and operating income continued to slide as the parent Time Warner focuses on advertising. For the fourth quarter, AOL reported operating income of $274 million on revenue of $1.25 billion. That’s down from operating income of $910 million on revenue of $1.84 billion.
AOL’s results are an interesting sidebar to the Microsoft-Yahoo saga.
The Microsoft $44.6 billion bid for Yahoo gives Time Warner an excuse to dump AOL. Perhaps Google would buy AOL. In either case, AOL is in play or it’ll become left out of the advertising consolidation. AOL simply won’t be able to compete in online advertising world dominated by Google and Microsoft.
In the meantime, AOL erosion continues. Nevertheless, it is still amazing that AOL still has 9.3 million access subscribers. Who are these people? And why are they paying for what they could get for free?
But I digress. By revenue AOL is just a hair larger than Time Warner’s publishing business. And in the fourth quarter publishing had more revenue. For 2007, AOL had revenue of $5.18 billion, down from $7.78 billion in 2006. On the bright side, operating income was up for the year to $2 billion in 2007 from $1.89 billion in 2006. The results were roughly in line with Wall Street’s expectations. For instance, Merrill Lynch analyst Jessica Reif Cohen had projected AOL advertising revenue growth of 10 percent and that’s what the online unit delivered.
Other notable nuggets:
~ Revenue at AOL was down 33 percent for 2007 and 32 percent for the fourth quarter.
~ Subscription revenue fell 52 percent due to the sale of AOL’s international access business.
~ Adjusted operating income before depreciation and amortization was up 4 percent for 2007.
~ In the fourth quarter that measure of operating income was up 29 percent.
~ In the fourth quarter, AOL had 109 million average monthly domestic unique visitors and 49 billion page views.
~ AOL had 9.3 million U.S. access subscribers at the end of 2007, down 3.8 million from a year ago. Even so losing 740,000 subscribers in the fourth quarter was better than Deutsche Bank’s projection for a loss of 1 million lost subscribers. Who are these people?
AOL’s results are an interesting sidebar to the Microsoft-Yahoo saga.The Microsoft $44.6 billion bid for Yahoo gives Time Warner an excuse to dump AOL. Perhaps Google would buy AOL. In either case, AOL is in play or it’ll become left out of the advertising consolidation. AOL simply won’t be able to compete in online advertising world dominated by Google and Microsoft.
In the meantime, AOL erosion continues. Nevertheless, it is still amazing that AOL still has 9.3 million access subscribers. Who are these people? And why are they paying for what they could get for free?
But I digress. By revenue AOL is just a hair larger than Time Warner’s publishing business. And in the fourth quarter publishing had more revenue. For 2007, AOL had revenue of $5.18 billion, down from $7.78 billion in 2006. On the bright side, operating income was up for the year to $2 billion in 2007 from $1.89 billion in 2006. The results were roughly in line with Wall Street’s expectations. For instance, Merrill Lynch analyst Jessica Reif Cohen had projected AOL advertising revenue growth of 10 percent and that’s what the online unit delivered.
Other notable nuggets:
~ Revenue at AOL was down 33 percent for 2007 and 32 percent for the fourth quarter.
~ Subscription revenue fell 52 percent due to the sale of AOL’s international access business.
~ Adjusted operating income before depreciation and amortization was up 4 percent for 2007.
~ In the fourth quarter that measure of operating income was up 29 percent.
~ In the fourth quarter, AOL had 109 million average monthly domestic unique visitors and 49 billion page views.
~ AOL had 9.3 million U.S. access subscribers at the end of 2007, down 3.8 million from a year ago. Even so losing 740,000 subscribers in the fourth quarter was better than Deutsche Bank’s projection for a loss of 1 million lost subscribers. Who are these people?
Friday, February 1, 2008
Our National Anthem
Every so often a young person comes along that brings a big smile to your face and a warm feeling in your heart. After all, they're the future of our country. This young lad could well be one of our future leaders. He's 7 years old singing the National Anthem at a Basketball game. A great finish. Enjoy.
http://video.aol.com/video-detail/7-year-old-sings-national-anthem/40945200
or http://tinyurl.com/2c7u4z
http://video.aol.com/video-detail/7-year-old-sings-national-anthem/40945200
or http://tinyurl.com/2c7u4z
The Ultimate Cubicle Prank
This is the inevitable result of an ever-escalating cubicle-prank arms race, especially in an environment where management has a sense of humor, and engineers work in the building.
View at: http://blogs.techrepublic.com.com/geekend/?p=1128
or at: http://tinyurl.com/yqz79e
View at: http://blogs.techrepublic.com.com/geekend/?p=1128
or at: http://tinyurl.com/yqz79e
Establish a strategy for security breach notification
When it comes to security breaches, it’s important to remember that old adage about quality vs. quantity. Data breaches aren’t just about a hacker breaking into a network and stealing information. In fact, they come in all shapes and sizes:
> A data breach can occur with a lost or stolen laptop that has someone’s social security number.
> A data breach can occur with a lost BlackBerry that has personal information about employees or customers.
> A data breach can occur with a fax that includes financial information that’s thrown away instead of shredded.
In other words, a data breach can happen anytime an unauthorized individual has access to sensitive or private information. It’s important to remember that a variety of factors can lead to this exposure.
Read the rest of the solution at: http://blogs.techrepublic.com.com/security/?p=398
or at: http://tinyurl.com/yqz79e
> A data breach can occur with a lost or stolen laptop that has someone’s social security number.
> A data breach can occur with a lost BlackBerry that has personal information about employees or customers.
> A data breach can occur with a fax that includes financial information that’s thrown away instead of shredded.
In other words, a data breach can happen anytime an unauthorized individual has access to sensitive or private information. It’s important to remember that a variety of factors can lead to this exposure.
Read the rest of the solution at: http://blogs.techrepublic.com.com/security/?p=398
or at: http://tinyurl.com/yqz79e
An inside job: Funds missing from Houston Police FCU
More than $300,000 may be missing from the Houston Police Department FCU the credit union recently discovered. A branch manager discovered an undetermined amount of missing funds from the credit union's vault Tuesday while conducting an audit, police said (Khou.com Jan. 30).
Although neither the credit union nor police would say how much money was missing, sources said it was more than $300,000, according to sources. The Houston Police Department scheduled polygraph tests at the credit union Tuesday, KHOU said.
Houston Police FCU has more than 25,000 members--mostly police, civilian employees of the police force and their families. The credit union has about $300 million in assets.
Although neither the credit union nor police would say how much money was missing, sources said it was more than $300,000, according to sources. The Houston Police Department scheduled polygraph tests at the credit union Tuesday, KHOU said.
Houston Police FCU has more than 25,000 members--mostly police, civilian employees of the police force and their families. The credit union has about $300 million in assets.
Subscribe to:
Posts (Atom)
