R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

February 16, 2003

FYI- Banker Version of "EDIE" - the Electronic Deposit Insurance Estimator - Now Available to Download From the FDIC's Web site - The FDIC is releasing the new banker version of EDIE in a downloadable format that financial institutions may load directly onto their networks. www.fdic.gov/news/news/financial/2003/fil0310.html  
Editor's comment - You may wish to link this site of your web site.

- Pair who hacked court get 9 years - Former computer consultant tried to dismiss pending cases - Two hackers who broke into Riverside County, Calif., court computers and electronically dismissed a variety of pending cases pleaded guilty to the crime Friday.  Both William Grace and Brandon Wilson were sentenced to nine years in jail after pleading guilty to 72 counts of illegally entering a computer system and editing data, along with seven counts of conspiracy to commit extortion.  http://www.msnbc.com/news/870163.asp?0dm=C17LT  
Editor's comment
- This points out the importance of changing passwords and doing proper due diligence on vendors.

FYI- A student at Boston College was indicted by a Massachusetts grand jury yesterday on charges that he surreptitiously installed keystroke-monitoring software on campus computers, then used the software to steal personal information from more than 4,000 individuals who used the machines.  http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,78319,00.html 

FYI- A former Viewsonic Corp. employee was arrested Thursday and charged with sabotaging company computers after he was fired last year.  A federal indictment made public Thursday charges 39-year-old Andy Garcia Montebello with crippling the company’s Taiwan offices for three days last April, causing $100,000 in damage and costing the company $1 million in business.  http://www.msnbc.com/news/869572.asp?0dm=T238T 
Editor's comment - This is one reason why there should be a formal policy for employees that leave your institution for any reason.

FYI - U. S. Treasury to Reinstate USA PATRIOT Act Section 314(a) Information Requests - On November 26, 2002, the Treasury Department announced a brief moratorium on information requests related to Section 314(a) of the USA PATRIOT Act.  Section 314(a) authorizes law enforcement authorities to communicate with banking organizations and financial institutions about suspected money launderers and terrorists. www.federalreserve.gov/BoardDocs/srletters/2003/sr0303.htm

FYI - Firms' hacking-related insurance costs soar - Computer worms and viruses cost companies time and cleanup costs - and now higher insurance premiums.  http://www.usatoday.com/money/industries/technology/2003-02-09-hacker_x.htm 

INTERNET COMPLIANCEFlood Disaster Protection Act

The regulation implementing the National Flood Insurance Program requires a financial institution to notify a prospective borrower and the servicer that the structure securing the loan is located or to be located in a special flood hazard area. The regulation also requires a notice of the servicer's identity be delivered to the insurance provider. While the regulation addresses electronic delivery to the servicer and to the insurance provider, it does not address electronic delivery of the notice to the borrower.

- We continue our coverage of the FDIC's "
Guidance on Managing Risks Associated With Wireless Networks and Wireless Customer Access."

PART I. Risks Associated with Wireless Internal Networks

Financial institutions are evaluating wireless networks as an alternative to the traditional cable to the desktop network. Currently, wireless networks can provide speeds of up to 11Mbps between the workstation and the wireless access device without the need for cabling individual workstations. Wireless networks also offer added mobility allowing users to travel through the facility without losing their network connection. Wireless networks are also being used to provide connectivity between geographically close locations as an alternative to installing dedicated telecommunication lines.

Wireless differs from traditional hard-wired networking in that it provides connectivity to the network by broadcasting radio signals through the airways. Wireless networks operate using a set of FCC licensed frequencies to communicate between workstations and wireless access points. By installing wireless access points, an institution can expand its network to include workstations within broadcast range of the network access point.

The most prevalent class of wireless networks currently available is based on the IEEE 802.11b wireless standard. The standard is supported by a variety of vendors for both network cards and wireless network access points. The wireless transmissions can be encrypted using "Wired Equivalent Privacy" (WEP) encryption. WEP is intended to provide confidentiality and integrity of data and a degree of access control over the network. By design, WEP encrypts traffic between an access point and the client. However, this encryption method has fundamental weaknesses that make it vulnerable. WEP is vulnerable to the following types of decryption attacks:

1)  Decrypting information based on statistical analysis;

2)  Injecting new traffic from unauthorized mobile stations based on known plain text;

3)  Decrypting traffic based on tricking the access point;

4)  Dictionary-building attacks that, after analyzing about a day's worth of traffic, allow real-time automated decryption of all traffic (a dictionary-building attack creates a translation table that can be used to convert encrypted information into plain text without executing the decryption routine); and

5)  Attacks based on documented weaknesses in the RC4 encryption algorithm that allow an attacker to rapidly determine the encryption key used to encrypt the user's session).

PRIVACY - We continue our coverage of the various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies.

The Exceptions

Exceptions to the opt out right are detailed in sections 13, 14, and 15 of the regulations. Financial institutions need not comply with opt-out requirements if they limit disclosure of nonpublic personal information:

1)  To a nonaffiliated third party to perform services for the financial institution or to function on its behalf, including marketing the institution's own products or services or those offered jointly by the institution and another financial institution. The exception is permitted only if the financial institution provides notice of these arrangements and by contract prohibits the third party from disclosing or using the information for other than the specified purposes. In a contract for a joint marketing agreement, the contract must provide that the parties to the agreement are jointly offering, sponsoring, or endorsing a financial product or service. However, if the service or function is covered by the exceptions in section 14 or 15 (discussed below), the financial institution does not have to comply with the additional disclosure and confidentiality requirements of section 13. Disclosure under this exception could include the outsourcing of marketing to an advertising company. (Section 13)

2)  As necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or under certain other circumstances relating to existing relationships with customers. Disclosures under this exception could be in connection with the audit of credit information, administration of a rewards program, or to provide an account statement. (Section 14)

3)  For specified other disclosures that a financial institution normally makes, such as to protect against or prevent actual or potential fraud; to the financial institution's attorneys, accountants, and auditors; or to comply with applicable legal requirements, such as the disclosure of information to regulators. (Section 15)


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated