In an unusual form of phishing, hackers cracked the computers hosting the Web sites of three Florida banks, redirecting banking customers to a bogus homepage in order to steal account information and other personal data.ElectroNet Intermedia Consulting, the Tallahassee, Fla., service provider that hosts the sites of Capital City Bank, Wakulla Bank and Premier Bank, told the Tallahassee Democrat newspaper that the scam was spotted within an hour after it started March 21, and the sites were shutdown for a short period.  The Florida Department of Law Enforcement was investigating the case, and no arrests had been made. Neither the FDLE nor ElectroNet were immediately available for comment.

The incident marked a new tactic in phishing, a form of deception in which crooks use spam to lure people to bogus banking sites to enter passwords and other personal information, said John Quarterman, chief executive of Austin, Texas-based, InternetPerils Inc., which tracks Internet scams. 

The hackers entered two servers running Microsoft Internet Information Services and planted the script needed to redirect people from the banks’ legitimate sites to a bogus one, Quarterman said in his blog. According to the Democrat, when people clicked on the fake page to get to their accounts, they were sent to another bogus page requesting the personal information.

Read the complete article HERE…

EEye Digital Security has released a temporary patch for a zero-day vulnerability in Internet Explorer that is being used by malicious Web sites to install spyware on users’ computers, officials said Tuesday. The eEye patch is meant as a placeholder until Microsoft Corp. releases a permanent fix, which is expected by April 11, Marc Maiffret, co-founder and chief hacking officer of eEye, based in Aliso Viejo, Calif., said. At that time, users of the eEye patch are advised to use the add/remove program in Windows to delete the fix before installing the Microsoft patch.Meanwhile, Websense Inc. said Tuesday that the number of Web sites exploiting the vulnerability has declined from the 200 reported Monday. However, Dan Hubbard, senior director of security at the San Diego-based company, said he has seen an increase in the number of different exploits, indicating that more people or groups are writing code to take advantage of the flaw. As a result, the number of malicious Web sites was expected to increase.

The vulnerability, called the CreateTextRange bug, enables hackers to …

Read the rest of the article HERE…

It is my opinion that email archiving is about to become a requirement for all financial institutions.

The regulators often times do not look into how long an institution is keeping their emails. Their main concerns are standard backup scenarios. [tag]Tapes[/tag], DVDs, NAS devices, whatever…as long as everything gets backed up, they don’t drill down. But there is more to it than that. Everybody can see that emailing has gone from a business feature of 5 years ago to a business requirement today. Some business just couldn’t function without it… I know ours would be affected substantially. And those emails hold some very important information that financial institutions are going to need to be able to retrieve.
With email servers, most systems place caps as to how much will be stored on their servers and if emails fill to that cap then the oldest emails gets purged.

This is going to have to change.

Emails are already being used as legal evidence in court cases, to handle employee dispute issues, or to protect the institution from fraudlent activities and we need to start holding on to those emails and creating policies and procedures for how it will be handle from now on.

Michael Vizard at BASELINE (The Project Management Center)

Is electricity the next scarce I.T. resource?

With the price of oil forecast to stay above $50 per barrel over the next seven years, the time has come to start thinking long and hard about what impact the cost of electricity is going to have on information-technology budgets. For example, Google engineers have already warned their bosses that the cost of the electricity needed to run the company’s servers will soon be a lot greater than the actual purchase price of the server.American Power Conversion CTO Neil Rassmussen, who admittedly has a vested interest in the topic, takes it a step further by estimating that the total cost of ownership of a rack for a 10-year period ranges from $80,000 to $150,000 per rack, with electricity costs accounting for about 20% of those dollars.While most electricity costs are rising due to factors outside the control of I.T., such as burgeoning oil demand in China or natural disasters in the Gulf of Mexico, other factors at play here are within I.T.’s grasp.

The most obvious of those elements concerns the way technology shops deploy blade servers. Power consumption of these servers can run 30 kilowatts or more per rack. Typically, the units’ heat dissipation requires I.T. departments to bring in air conditioning units to cool the data center, which in turn consumes more electricity; as much as 50% of the power consumed in a data center is essentially wasted because of inefficient architectures.

Read complete article…