Blog

To test email, send a help message to a mailing list server, [email protected], for example.  Just include the word help in the body of the message.  Another good place to send email (with anything in the subject and body) to is [email protected].  This sends a message back with a report about your spf configuration and includes details about your original email.

As of IOS 12.3(1), Cisco introduced support for enforcing a minimum number of password characters and sending a syslog message after a specified number of failed login attempts.  Enabling these commands will help banks comply with regulations and their own policies as well as improve the security of their Cisco IOS devices.  I have not found similar commands for CatOS or PIX OS yet. [more]

security passwords min-length <length>

• global command that sets the minimum password length for user, enable, and line passwords.
• Default is six, but it should be configured according to bank policies.

security authentication failure rate <threshold-rate> log

• global command that sets the number of failed login attempts (without at least a 15-second delay) before a syslog message is generated
• Threshold value can be 2-1024.  A value of 1 will not generate any syslog messages.  Default is 10, but should comply with bank policies.

Microsoft plans to deliver their latest version of Internet Explorer (version 7) as a high-priority security update via Automatic Updates (AU) and the Windows Update and Microsoft Update sites. The IE update will be available shortly after its final version release (expected within the next few weeks).

Internet Explorer 7 Release Candidate 1 (RC1) is currently available from Microsoft's website (http://www.microsoft.com/windows/ie/downloads/default.mspx). IT Administrators should begin installing and testing this new version of IE for application compatibility.

Microsoft is providing a Blocker Toolkit for enterprise customers who want to block automatic delivery of IE7. The Blocker Toolkit can be downloaded from Microsoft's Download Center at:
http://go.microsoft.com/fwlink/?linkid=65788

Symantec has recently released information about a critical vulnerability found in their Client Security and AntiVirus Corporate Edition products that may allow local or remote attackers to crash a system or execute arbitrary code.

The following Symantec Client Security products are affected: [more]

• v3.1 (build 3.1.0.394)
• v3.1 (build 3.1.0.400)
• v3.0 (build 3.0.2.2000)
• v3.0 (build 3.0.2.2001)
• v3.0 (build 3.0.2.2010)
• v3.0 (build 3.0.2.2020)

• v10.1 (build 10.1.0.396)
• v10.1 (build 10.1.0.400)
• v10.0 (build 10.0.2.2000)
• v10.0 (build 10.0.2.2001)
• v10.0 (build 10.0.2.2010)
• v10.0 (build 10.0.2.2020)

Security patches to address affected products, as well as more information about this vulnerability can be obtained at:
http://www.symantec.com/avcenter/security/Content/2006.05.25.html

Microsoft has recently released information about a critical vulnerability found in their Exchange Server product. The vulnerability, if exploited, could allow a remote attacker to execute arbitrary code and gain complete control of the Exchange mail server.

The following Microsoft Exchange Server products are affected:

• Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
• Microsoft Exchange Server 2003 Service Pack 1
• Microsoft Exchange Server 2003 Service Pack 2

Security patches to address affected products can be obtained at:
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx

A vulnerability has been discovered in Microsoft's Picture and Fax Viewer that allows arbitrary code embedded in image files to be executed without user intervention. This vulnerability can be exploited by simply loading a picture from a malicious website or e-mail message. Microsoft is aware of the problem and is working on a fix. Until an update has been released, users are encouraged to exercise extreme caution when browsing the web or opening e-mails with embedded pictures. It is also important that Anti-virus and Anti-spyware applications be kept up-to-date.

Following daylight savings time change, some backup applications will modify the scheduled backup job start time to preserve a 24-hour time gap between the current and previous day’s job. In particular, CoNetrix has determined Veritas’ Backup Exec version 9.x and greater will push the scheduled backup job back one hour from the original start time. For example, a backup job typically scheduled to start at 10:00pm on Monday will start at 11:00pm on Monday. This may cause conflicts with overlapping scheduled jobs. Veritas states that the problem should automatically correct itself following the first run after the time change. Users should check their scheduled backup jobs to ensure the start time for each job is correct.

APC's PowerChute Business Edition 6.x must be upgraded to 7.x. PowerChute software manages the UPS system (Uninterruptible Power Supply).

If you are still using any version of PowerChute Business Edition 6.x, you may experience various computer issues. The most common symptom is that servers are hanging or booting slowly. Other symptoms may be a delay while trying to access the Control Panel or an inability to stop the PBCE Services.

Due to expiration of the Sun Java Runtime Environment certificate, versions 6.x of PowerChute Business Edition will cease to operate normally as of July 27, 2005. Failure to upgrade will result in PowerChute Business Edition no longer providing monitoring and graceful shutdown of your system. In order for PowerChute Business Edition to remain functional, users must upgrade to any version of 7.x. [more]

CoNetrix recommends customers take the following steps to ensure they are not affected by possible problems resulting from the expiration of the Sun Java Runtime Environment certificate:

• Logon to your servers as an administrative user.
• Goto: Start -> Settings -> Control Panel -> Administrative Tools -> Services
• Check the list of services for APCPBEAgent and APCPBEServer

If the services exist:

• Right click on the service name and goto Properties
• On the General tab, change Startup type to Disabled
• Click OK and close the Services window
• Upgrade to PowerChute Business Edition 7.x

For more information regarding this vulnerability, please visit:
CRITICAL UPDATE REQUIRED PowerChute Business Edition - Customers Using 6.x Must Upgrade to 7.x due to Java Runtime Environment expiration

Personal or confidential information about an individual or organization can be collected and exposed without a person’s prior knowledge or informed consent. This information can be used to compromise a bank's systems or to conduct identity theft. Practices to prevent and detect spyware should be regularly reviewed to ensure that an institution is aware of all risks to its systems and to sensitive customer information.

Tips to Prevent Spyware [more]
http://www.ftc.gov/bcp/conline/pubs/alerts/spywarealrt.htm

• Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that spyware could exploit.
• Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including spyware.
• Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
• Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the "Medium" setting for Internet Explorer. Keep your browser updated.
• Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the "X" icon in the title bar.
• Don't click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.

Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.

The best prevention is awareness training to help employees adopt the behavior needed to prevent spyware on bank computers and on personal computers that are used to connect to the bank's network. Internet banking customers would also benefit from training. Education should advise of the risks in using public computers – such as those in hotels, libraries, or Internet cafés because of the uncertainty of the spyware which may have been installed on the public equipment.

Detection includes installing client solutions to block spyware. This software should be run on a regular basis to combat spyware infections.

If you could benefit from spyware prevention or detection services or need assistance with technology support, please contact us.

For more information regarding this vulnerability, please visit:
http://www.fdic.gov/news/news/financial/2005/fil6605.html
http://www.cio-today.com/news/Internet-Users-Change-Habits-for-Spyware/story.xhtml?story_id=020000O5OSBS
http://japantoday.com/e/?content=news&cat=2&id=343907
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1108774,00.html?track=NL-105&ad=523375
http://www.eweek.com/article2/0,1759,1839427,00.asp