I think news like this one are better for tweeting instead. Just a thought !
On Thu, Jan 7, 2010 at 11:56 AM, SUMAN SOURAV <[email protected] > wrote: > *ADVISE : SME Must Do Online Banking from Dedicated Computers* > > *US** FBI and the American Bankers Association recommend using dedicated > computers for online banking * > > By Lucian Constantin, Web News Editor > > 4 January 2010 > > > http://news.softpedia.com/news/Small-Businesses-Should-Conduct-Online-Banking-from-Dedicated-Computers-131086.shtml > > Following a flurry of incidents where hundreds of thousands of dollars have > been siphoned from the bank accounts of small businesses and public > institutions, the Federal Bureau of Investigation (FBI) and the American > Bankers Association (ABA) advise using dedicated computers for online > banking operations. This unusual security model should severely limit the > exposure to malware threats for the PCs in question. > > The level of Automated Clearing House (ACH) transfers fraud rose > significantly during last year prompting serious concerns from the > authorities. These fraudulent schemes are complex and usually leave little > evidence behind to help investigators or the victims looking to recover > their losses. > > Such attacks usually start with a computer trojan infecting a computer used > for online banking at an institution. Thousands of different versions of > these trojans are released every month in order to bypass the detection > mechanisms of antivirus software. > > Once on the computer, the malware watches for browsing sessions to known > online banking websites and information such as authentication credentials > or account balance is captured. Subsequently, the attackers direct the > trojan to initiate batches of fraudulent transfers to bank accounts > belonging to various U.S. residents that have been tricked to work for them. > > The latter are known as "money mules" and are usually recruited by fake > foreign companies under the promise of a profitable work-from-home job. > Their task is to receive money allegedly coming from customers of the > company and wire them out of the country, while keeping a commission for > themselves. > > Unfortunately for companies, they are not protected by the same laws as > general consumers. While banks will reimburse the losses caused by fraud > when personal accounts are involved, they are not required to do so for > business accounts. They can recall transfers as long as the money has not > been withdrawn and wired, but if the later happens, it is almost certainly > lost. > > USA Today reports that the feds' recommendation regarding the use of a > dedicated PC for online tasks is based on reducing possible infection > vectors, since apparently browsing to unrelated websites or checking email > from it should be banned. The companies are also advised to request > receiving out of bank payment confirmation. > > We'll go even further and suggest that the dedicated computer use Linux, > FreeBSD, or even Mac OS X, if that suits you better. We're not trying to > start a controversy over which operating system is better or more secure. In > fact, this has nothing to do with the security of the operating system > itself, but the fact that 99.9% of these trojans were constructed for > Windows and will fail to run on anything else. > > The easiest approach is downloading a Linux live CD, booting from it, > performing the online banking tasks, then removing it and restarting back > into Windows. Need to open an excel spreadsheet, browse, check email or > access a network storage? The Ubuntu Linux live CD will allow you to run > Firefox, OpenOffice and perform most of the basic tasks without installing > anything on the local disk. > > > > > > Regards > > Suman > > > Le e-mail provenienti dalla * Sella Synergy India Private Ltd * sono > trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi > per la * Sella Synergy India Private Ltd * stessa, salvo che cio' non sia > espressamente previsto da un precedente accordo. > Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La > preghiamo di comunicarne via e-mail la ricezione al mittente e di > distruggerne il contenuto. La informiamo inoltre che l'utilizzo non > autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. > Grazie per la collaborazione. > > E-mails from* Sella Synergy India Ltd Private * are sent in good faith but > they are neither binding on the * Sella Synergy India Private Ltd * nor to > be understood as creating any obligation on its part except where provided > for an agreement. > This e-mail is confidential. If you have received it by mistake, please > inform the sender by reply e-mail and delete it from your system. Please > also note that the unauthorized disclosure or use of the message or any > attachments could be an offence. > Thank you for your cooperation. > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > -- Regards, Chintan Dave, LinkedIn Profile: http://www.linkedin.com/in/chintandave Blog:http://www.chintandave.com
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
