Author: seth

We just got back from the TBA 4th Annual Technology Conference and despite the weather conditions, it was a great success. We were able to take almost the entire team down to enjoy the sessions and meet up and chat with some clients and vendors that we work with. Henry’s presentation got canceled due to the wintry conditions on Wednesday but I was able to present my topic on new Web technologies and the value of blogs, podcasts, and wiki’s to financial institutions.

It’s time to start looking at Sarbanes-Oxley in a more positive light.
By Maria Bruno-Britz
<!– remove http:// substring (if present) from the url –>Bank Systems & Technology

Now that the critical period to achieve Sarbanes-Oxley compliance is just an unpleasant memory, it is time for banks to rethink their strategic approaches to SOX requirements. Since the regulation was introduced, experts have espoused that the massive efforts to bring companies’ IT systems into alignment with the regulation should be seen as an opportunity. According to Paul Hamerman, VP of enterprise applications for Forrester Research (Cambridge, Mass.), for those companies savvy enough to recognize the act’s hidden benefits, now is the time to take their SOX strategies to the next level.”The first time around with SOX, there was an imposed deadline and everyone scrambled to meet minimum compliance requirements,” Hamerman explains. “Now, it’s time to look at the underlying systems and processes, and see how they can gain efficiencies from them.”

In an unusual form of phishing, hackers cracked the computers hosting the Web sites of three Florida banks, redirecting banking customers to a bogus homepage in order to steal account information and other personal data.ElectroNet Intermedia Consulting, the Tallahassee, Fla., service provider that hosts the sites of Capital City Bank, Wakulla Bank and Premier Bank, told the Tallahassee Democrat newspaper that the scam was spotted within an hour after it started March 21, and the sites were shutdown for a short period. The Florida Department of Law Enforcement was investigating the case, and no arrests had been made. Neither the FDLE nor ElectroNet were immediately available for comment.

The short of this article is that allowing flash applications in facebook/myspace is similar to the security issues we see with running “ajax” in browsers.

The long of the article is that an application is allowed to execute code within the flash environment. Normally, this behavior is limited to the local flash environment so the threat is limited. However, it has recently been discovered that there are ways to reach outside of the environment and access other domains. Aside from the obvious risk, there is the side effect that any attacks executed this way would appear to be perpetrated by the victim’s account rather than the attacker. Myspace and Facebook appear to be acting quickly to resolve the issue.

From Bank Systems & Technology Online

One of our clients recently asked for some guidance concerning Instant Messaging applications. Here are my thoughts on the subject: