Closures in Nebraska, Florida, Illinois and Oregon bring the number of bank failures to 13 this year as the financial crisis continues to roll.
NEW YORK (CNNMoney.com) -- Four banks folded Friday, bringing the total number of banks to fail this year to 13.
Deposits at Sherman County Bank, based in Loup City, Neb., the first bank in the state to fail since 1990, will be taken over by Heritage Bank, based in Wood River, Neb., according to the Federal Deposit Insurance Corporation.
Meanwhile, accounts held by Riverside Bank of the Gulf Coast based in Cape Coral, Fla., will be assumed by TIB Bank based in Naples, Fla., the FDIC said. It is the second bank to fail in Florida this year and the fourth to go under in that state since the economic crisis unfurled.
Corn Belt Bank and Trust Company, based in Pittsfield, Ill., the third bank to fail in the state since January 2008, was also shuttered by state regulators, and its deposits were turned over to The Carlinville National Bank out of Carlinville, Ill.
Pinnacle Bank, Beaverton, Oregon, was closed by the Oregon Division of Finance and Corporate Securities. The FDIC entered into an agreement with Washington Trust Bank, Spokane, Washington, to assume all of the deposits of Pinnacle Bank.
Customers who banked with Sherman County Bank, Riverside, Corn Belt Bank, or Pinnacle Bank will automatically become customers of the new owners, and will retain their account protection under the FDIC, which insures single accounts up to $250,000, and joint accounts up to $500,000, the government agency said.
Due to the Presidents Day holiday on Monday, Sherman County Bank's four branches, Riverside's nine branches, and Corn Belt Bank's two, will reopen on Tuesday as branches of the new deposit holders, the agency said.
Over the three-day weekend, those customers will be able to use checks, ATMs and debit cards as normal. Customers who have taken out loans from a failed bank should continue to make regular payments, the FDIC said.
Sherman County Bank held assets worth about $129.8 million, and held deposits worth about $85.1 million, as of Feb. 12, the FDIC said. Heritage Bank has agreed to purchase about $21.8 million of Sherman County Bank's assets.
Riverside Bank held assets worth about $539 million, and held deposits worth about $424 million, as of December last year, the FDIC said. TIB Bank will not assume $142.6 million worth of brokered deposits held by Riverside Bank, but agreed to buy $125 million of Riverside's assets.
Corn Belt Bank carried assets worth about $271.8 million, with deposits of $234.4 million, according to the agency. Carlinville National will not take on $92 million of Corn Belt's brokered deposits, but would buy $60.7 million of Corn Belt's assets, the FDIC said.
Pinnacle Bank had total assets of approximately $73 million and total deposits of $64 million. In addition to assuming all of the deposits of the failed bank, including those from brokers, Washington Trust Bank agreed to purchase approximately $72 million in assets at a discount of $7.6 million, the FDIC announced late Friday.
Altogether, the bank failures announced Friday will cost the FDIC about $341.6 million.
The unfolding financial crisis continues to take a toll on banks. If banks continue to fail at a rate of at least one per week, on average, then 2009 could see twice as many failures as in 2008. Last year, 25 banks were closed nationwide, which was the highest annual total since 1993, when 42 banks went under.
Economists expect the number of failed banks to continue rising this year, as the financial crisis plays out and the economic outlook remains dark.
First Published: February 13, 2009: 6:12 PM ET
Read More......
2.14.2009
Stocks slide at end of rough week
Wall Street retreats as investors eye the House's OK of the stimulus plan. The Senate votes tonight.
NEW YORK (CNNMoney.com) -- Stocks tumbled Friday as investors took in stride the House's passage of the $787 billion economic stimulus plan and geared up for next week's foreclosure plan.
The Dow Jones industrial average (INDU) fell 82 points, or about 1%, ending below 8,000 for the fourth session in a row.
The Standard & Poor's 500 (SPX) index lost 8 points, or about 1%. The Nasdaq composite (COMP) lost 7 points, or about 0.5%, also according to early tallies.
Stocks slipped earlier this week after the government released a bank bailout plan that lacked detail and the haggling over the economic stimulus plan stretched out another week. One bright spot came on Thursday when reports that the Obama administration is working on a plan to modify home loans helped stocks bounce back from three-month lows.
Optimism about the home loan plan remained in place Friday, but it was countered by ongoing questions about the other government initiatives. The House approved the $787 billion economic stimulus package Friday afternoon and the Senate all but approved it Friday night.
Morgan Stanley (MS, Fortune 500), Citigroup (C, Fortune 500) and JPMorgan Chase (JPM, Fortune 500) have all announced moratoriums on some or all foreclosures through early March, so as to allow the Obama administration time to finalize the home loan deal.
The decision follows a promise made by chief executives at some of the biggest U.S. banks Wednesday to temporarily halt foreclosures. The executives were testifying at a congressional hearing on how they had used the first half of the bank bailout money.
For the week, the Dow lost 5.2%, the S&P 500 lost 4.8% and the Nasdaq lost 3.6%.
"I think government has been a disappointment for Wall Street this week," said Ben Halliburton, chief investment officer and founder at Tradition Capital Management.
"The stimulus is a bit of a disappointment because it's not going to create as many jobs as initially thought," he said. "The Treasury plan is still being detailed, and people had hoped that more progress would have been made already."
Market breadth was negative and volume was pretty light ahead of the long holiday weekend. All financial markets are closed Monday for Presidents Day.
On the New York Stock Exchange, decliners beat advancers three to two on volume of 1.24 billion shares. On the Nasdaq, losers topped winners by a narrow margin on volume of 2.02 billion shares.
Washington: The House of Representatives passed the revamped $787 billion economic stimulus bill in a mostly party-line vote. The Senate is expected to vote Friday evening.
Pending the Senate's approval, President Obama is expected to sign the hotly debated bill into law on Monday, Presidents Day.
The bill is a mix of tax cuts, aid and spending initiatives and combines previously approved measures in the House and Senate. But critics are concerned it doesn't go far enough to address the underlying problems in the economy.
In Europe, the Group of Seven finance ministers met Friday to discuss the global economic crisis.
Economy: Friday's one economic report was the University of Michigan's February consumer sentiment index. The index weakened by more than expected, falling to 56.2 from 61.2 in the previous month. Economists surveyed by Briefing.com thought it would dip to 60.2.
Bonds: Treasury prices tumbled, raising the yield on the benchmark 10-year note to 2.89% from 2.79% Wednesday. Treasury prices and yields move in opposite directions.
Lending rates were almost unchanged. The 3-month Libor rate inched up to 1.24% from 1.23% Thursday, according to Bloomberg.com. The overnight Libor rate held steady at 0.30%. Libor is a bank lending rate.
Other markets: In global trading, most Asian and European markets ended higher.
The dollar fell against the euro and rose against the yen.
U.S. light crude oil for March delivery rose $3.53 to settle at $37.51 a barrel on the New York Mercantile Exchange.
COMEX gold for April delivery fell $7 to settle at $942.20 an ounce.
Gasoline prices rose almost a cent to a national average of $1.961 a gallon, according to a survey of credit-card swipes released Friday by motorist group AAA.
First Published: February 13, 2009: 10:49 AM ET
Read More......
NEW YORK (CNNMoney.com) -- Stocks tumbled Friday as investors took in stride the House's passage of the $787 billion economic stimulus plan and geared up for next week's foreclosure plan.
The Dow Jones industrial average (INDU) fell 82 points, or about 1%, ending below 8,000 for the fourth session in a row.
The Standard & Poor's 500 (SPX) index lost 8 points, or about 1%. The Nasdaq composite (COMP) lost 7 points, or about 0.5%, also according to early tallies.
Stocks slipped earlier this week after the government released a bank bailout plan that lacked detail and the haggling over the economic stimulus plan stretched out another week. One bright spot came on Thursday when reports that the Obama administration is working on a plan to modify home loans helped stocks bounce back from three-month lows.
Optimism about the home loan plan remained in place Friday, but it was countered by ongoing questions about the other government initiatives. The House approved the $787 billion economic stimulus package Friday afternoon and the Senate all but approved it Friday night.
Morgan Stanley (MS, Fortune 500), Citigroup (C, Fortune 500) and JPMorgan Chase (JPM, Fortune 500) have all announced moratoriums on some or all foreclosures through early March, so as to allow the Obama administration time to finalize the home loan deal.
The decision follows a promise made by chief executives at some of the biggest U.S. banks Wednesday to temporarily halt foreclosures. The executives were testifying at a congressional hearing on how they had used the first half of the bank bailout money.
For the week, the Dow lost 5.2%, the S&P 500 lost 4.8% and the Nasdaq lost 3.6%.
"I think government has been a disappointment for Wall Street this week," said Ben Halliburton, chief investment officer and founder at Tradition Capital Management.
"The stimulus is a bit of a disappointment because it's not going to create as many jobs as initially thought," he said. "The Treasury plan is still being detailed, and people had hoped that more progress would have been made already."
Market breadth was negative and volume was pretty light ahead of the long holiday weekend. All financial markets are closed Monday for Presidents Day.
On the New York Stock Exchange, decliners beat advancers three to two on volume of 1.24 billion shares. On the Nasdaq, losers topped winners by a narrow margin on volume of 2.02 billion shares.
Washington: The House of Representatives passed the revamped $787 billion economic stimulus bill in a mostly party-line vote. The Senate is expected to vote Friday evening.
Pending the Senate's approval, President Obama is expected to sign the hotly debated bill into law on Monday, Presidents Day.
The bill is a mix of tax cuts, aid and spending initiatives and combines previously approved measures in the House and Senate. But critics are concerned it doesn't go far enough to address the underlying problems in the economy.
In Europe, the Group of Seven finance ministers met Friday to discuss the global economic crisis.
Economy: Friday's one economic report was the University of Michigan's February consumer sentiment index. The index weakened by more than expected, falling to 56.2 from 61.2 in the previous month. Economists surveyed by Briefing.com thought it would dip to 60.2.
Bonds: Treasury prices tumbled, raising the yield on the benchmark 10-year note to 2.89% from 2.79% Wednesday. Treasury prices and yields move in opposite directions.
Lending rates were almost unchanged. The 3-month Libor rate inched up to 1.24% from 1.23% Thursday, according to Bloomberg.com. The overnight Libor rate held steady at 0.30%. Libor is a bank lending rate.
Other markets: In global trading, most Asian and European markets ended higher.
The dollar fell against the euro and rose against the yen.
U.S. light crude oil for March delivery rose $3.53 to settle at $37.51 a barrel on the New York Mercantile Exchange.
COMEX gold for April delivery fell $7 to settle at $942.20 an ounce.
Gasoline prices rose almost a cent to a national average of $1.961 a gallon, according to a survey of credit-card swipes released Friday by motorist group AAA.
First Published: February 13, 2009: 10:49 AM ET
Read More......
2.13.2009
Can the Obamoids balance the interests of both taxpayers and Wall Street?
By Allan Sloan, senior editor at large
February 13, 2009: 6:25 AM ET
NEW YORK (Fortune) -- Watching the Obama administration deal with Wall Street is like watching the New York Yankees deal with their star third baseman, Alex Rodriguez, who recently admitted to having used steroids.
To appease their fans, the Yankees have to say that what A-Rod (or A-Roid, if you prefer) did was wrong. But they don't dare void his contract and throw him off the team, because they'd be worse off without him.
The Obama administration is trying a similar balancing act with Wall Street. On the one hand, the Obamoids denounce the Street, echoing the rage felt by many of us (including me) about lavish pay packages going to people whose firms' financial excesses required a taxpayer bailout and touched off our horrible economic problems.
On the other hand, Obama and his Treasury Secretary, Tim Geithner, know they need Wall Street to help pull our economy and financial system out of the pit. So the cap they've announced on Wall Street pay is almost entirely symbolic, with little or no substance. (Here's why.)
But Street-bashing didn't stop Geithner from unveiling a Financial Stability Plan that would transfer hundreds of billions of dollars of value from taxpayers to Wall Street by providing loans and guarantees at prices well below what the financial markets would charge.
That would be on top of the endless supply of ultracheap money the Federal Reserve and Treasury have already made available to financial firms. Not to mention the cheap government investment capital they've gotten under the Troubled Asset Relief Program.
The new Financial Stability Plan itself is a balancing act too, parts of which I - unlike Wall Street, which sliced $500 billion from the stock market's value the day it was announced - actually like. For starters, the plan takes a mature approach to the question of whether banks are using bailout money to make loans, which is the point of the enterprise. Rather than demand that banks getting aid show that they've expanded their loan portfolios, the plan requires them to show that they're making more loans than they would have without the aid. That strikes me as the right way to measure things, rather than forcing banks - which already have enough bad paper on their books - to make loans they consider sketchy.
This plan also pragmatically tries to balance protecting taxpayers' interests with making sure that firms needing more government capital don't decide to risk failure rather than come back for a bailout.
It was fine for Warren Buffett to impose tough terms on Goldman Sachs (GS, Fortune 500) last September - a 10% annual dividend on $5 billion of preferred stock plus the right to buy $5 billion of common stock at the then-prevailing price. Uncle Sam, by contrast, got only a 5% dividend and warrants on 15% of the preferred stock amount from its first round of bank investments. But Buffett's job is to make money for shareholders of Berkshire Hathaway (BRKB) (who include me), not to keep the financial system going. The government's job is to balance pumping up the economy with being prudent stewards of taxpayer money, not to make the biggest possible return.
Wall Street could use some balance too - it can't do business as usual when there are millions of people losing their jobs, millions more scared they'll be next, and tens of millions worried about the carnage the market implosion has done to their retirement accounts and 529 accounts for their kids' education. Instead of paying its worker bees low salaries - low in terms of being able to afford a middle- or upper-middle-class life in the oh-so-expensive New York City area - Wall Street ought to offer higher salaries and far smaller bonuses. That would help balance Wall Street and Main Street concerns.
In an ideal world the Obama folk would have announced a brilliant, detailed recovery plan, markets would be soaring, and we'd be chanting, "Yes, we can." Alas, that didn't happen. But just as I'd settle for A-Rod leading the Yankees instead of distracting them, I'll settle for the administration getting the balance almost right. It would leave us a lot better off than we are now.
Read More......
February 13, 2009: 6:25 AM ET
NEW YORK (Fortune) -- Watching the Obama administration deal with Wall Street is like watching the New York Yankees deal with their star third baseman, Alex Rodriguez, who recently admitted to having used steroids.
To appease their fans, the Yankees have to say that what A-Rod (or A-Roid, if you prefer) did was wrong. But they don't dare void his contract and throw him off the team, because they'd be worse off without him.
The Obama administration is trying a similar balancing act with Wall Street. On the one hand, the Obamoids denounce the Street, echoing the rage felt by many of us (including me) about lavish pay packages going to people whose firms' financial excesses required a taxpayer bailout and touched off our horrible economic problems.
On the other hand, Obama and his Treasury Secretary, Tim Geithner, know they need Wall Street to help pull our economy and financial system out of the pit. So the cap they've announced on Wall Street pay is almost entirely symbolic, with little or no substance. (Here's why.)
But Street-bashing didn't stop Geithner from unveiling a Financial Stability Plan that would transfer hundreds of billions of dollars of value from taxpayers to Wall Street by providing loans and guarantees at prices well below what the financial markets would charge.
That would be on top of the endless supply of ultracheap money the Federal Reserve and Treasury have already made available to financial firms. Not to mention the cheap government investment capital they've gotten under the Troubled Asset Relief Program.
The new Financial Stability Plan itself is a balancing act too, parts of which I - unlike Wall Street, which sliced $500 billion from the stock market's value the day it was announced - actually like. For starters, the plan takes a mature approach to the question of whether banks are using bailout money to make loans, which is the point of the enterprise. Rather than demand that banks getting aid show that they've expanded their loan portfolios, the plan requires them to show that they're making more loans than they would have without the aid. That strikes me as the right way to measure things, rather than forcing banks - which already have enough bad paper on their books - to make loans they consider sketchy.
This plan also pragmatically tries to balance protecting taxpayers' interests with making sure that firms needing more government capital don't decide to risk failure rather than come back for a bailout.
It was fine for Warren Buffett to impose tough terms on Goldman Sachs (GS, Fortune 500) last September - a 10% annual dividend on $5 billion of preferred stock plus the right to buy $5 billion of common stock at the then-prevailing price. Uncle Sam, by contrast, got only a 5% dividend and warrants on 15% of the preferred stock amount from its first round of bank investments. But Buffett's job is to make money for shareholders of Berkshire Hathaway (BRKB) (who include me), not to keep the financial system going. The government's job is to balance pumping up the economy with being prudent stewards of taxpayer money, not to make the biggest possible return.
Wall Street could use some balance too - it can't do business as usual when there are millions of people losing their jobs, millions more scared they'll be next, and tens of millions worried about the carnage the market implosion has done to their retirement accounts and 529 accounts for their kids' education. Instead of paying its worker bees low salaries - low in terms of being able to afford a middle- or upper-middle-class life in the oh-so-expensive New York City area - Wall Street ought to offer higher salaries and far smaller bonuses. That would help balance Wall Street and Main Street concerns.
In an ideal world the Obama folk would have announced a brilliant, detailed recovery plan, markets would be soaring, and we'd be chanting, "Yes, we can." Alas, that didn't happen. But just as I'd settle for A-Rod leading the Yankees instead of distracting them, I'll settle for the administration getting the balance almost right. It would leave us a lot better off than we are now.
Read More......
Largest single-day bounce of the year for crude as Congress votes to approve a $789 billion bill to revitalize U.S. economy.
By Kenneth Musante, CNNMoney.com staff writer
Last Updated: February 13, 2009: 3:24 PM ET
NEW YORK (CNNMoney.com) -- Oil prices jumped Friday by the largest amount in a single-day since the end of 2008 as a $787 billion stimulus bill designed to jump-start the economy moved one step closer to full congressional approval.
U.S. crude for March delivery ended the trading day up $3.53 to $37.51 a barrel in New York. The largest previous single-session increase came on Dec. 31, 2008, when prices rose by $5.57 a barrel.
The final version of the hotly debated bill was approved by House of Representatives by a vote of 246 to 183 Friday.
The bill is expected to be approved by the Senate as well, and given to President Obama to sign by Monday, Presidents Day.
"To some extent that may be contributing to some willingness to take on more risk," said Rachel Ziemba, energy analyst with research firm RGE Monitor.
Concern about the U.S. economy and its corresponding demand for petroleum-based fuels has helped send crude prices plummeting from a record high of $147.27 a barrel last summer.
The Obama administration's economic team says the stimulus plan will create or save 3 million to 4 million jobs.
However, some say the package doesn't go far enough to address the economy's underlying problems.
"The main response to the stimulus has been one of being underwhelmed," said Ziemba. But investors may be playing off the fact that it is imminent, and that the negotiations have been completed, she added.
Price gap: Investors were also evening out the gap between oil sold in New York and and oil sold in London.
The price of Brent crude in London ended trading yesterday at $46.03 a barrel, while oil trading in New York closed at $33.98, a difference of more than $12 a barrel.
The price gap, along with the fact that U.S. crude hit a 7-week low yesterday, has prompted a lot of investors to sell Brent crude and buy U.S. crude, according to Tom Orr, head of research for trading firm Weeden & Co.
By afternoon eastern time, Brent crude had fallen $2.40 a barrel.
Still, "the fundamentals of crude are not very good," said Orr.
Demand: Concerns about falling demand persisted after the Organization of Petroleum Exporting Countries sharply cut its global demand forecast for this year.
The group said Friday it expected global demand for crude to tumble by 580,000 barrels per day this year - a much greater decline than the 180,000 barrels per day predicted in its previous forecast.
Earlier this week, the IEA also said it expected demand to fall by a whopping 980,000 barrels per day this year.
"We're seeing some of the biggest demand drops due to the global economy," said Phil Flynn, senior analyst with Alaron Trading in Chicago.
The predictions are "just another reminder that we're not quite through this crisis yet," he added.
Gasoline: Meanwhile the price of unleaded gas at the pump rose to a national average of $1.961 a gallon from $1.952 on Thursday, according to a daily survey of gas station credit card swipes from motorist group AAA.
First Published: February 13, 2009: 2:16 PM ET Read More......
Last Updated: February 13, 2009: 3:24 PM ET
NEW YORK (CNNMoney.com) -- Oil prices jumped Friday by the largest amount in a single-day since the end of 2008 as a $787 billion stimulus bill designed to jump-start the economy moved one step closer to full congressional approval.
U.S. crude for March delivery ended the trading day up $3.53 to $37.51 a barrel in New York. The largest previous single-session increase came on Dec. 31, 2008, when prices rose by $5.57 a barrel.
The final version of the hotly debated bill was approved by House of Representatives by a vote of 246 to 183 Friday.
The bill is expected to be approved by the Senate as well, and given to President Obama to sign by Monday, Presidents Day.
"To some extent that may be contributing to some willingness to take on more risk," said Rachel Ziemba, energy analyst with research firm RGE Monitor.
Concern about the U.S. economy and its corresponding demand for petroleum-based fuels has helped send crude prices plummeting from a record high of $147.27 a barrel last summer.
The Obama administration's economic team says the stimulus plan will create or save 3 million to 4 million jobs.
However, some say the package doesn't go far enough to address the economy's underlying problems.
"The main response to the stimulus has been one of being underwhelmed," said Ziemba. But investors may be playing off the fact that it is imminent, and that the negotiations have been completed, she added.
Price gap: Investors were also evening out the gap between oil sold in New York and and oil sold in London.
The price of Brent crude in London ended trading yesterday at $46.03 a barrel, while oil trading in New York closed at $33.98, a difference of more than $12 a barrel.
The price gap, along with the fact that U.S. crude hit a 7-week low yesterday, has prompted a lot of investors to sell Brent crude and buy U.S. crude, according to Tom Orr, head of research for trading firm Weeden & Co.
By afternoon eastern time, Brent crude had fallen $2.40 a barrel.
Still, "the fundamentals of crude are not very good," said Orr.
Demand: Concerns about falling demand persisted after the Organization of Petroleum Exporting Countries sharply cut its global demand forecast for this year.
The group said Friday it expected global demand for crude to tumble by 580,000 barrels per day this year - a much greater decline than the 180,000 barrels per day predicted in its previous forecast.
Earlier this week, the IEA also said it expected demand to fall by a whopping 980,000 barrels per day this year.
"We're seeing some of the biggest demand drops due to the global economy," said Phil Flynn, senior analyst with Alaron Trading in Chicago.
The predictions are "just another reminder that we're not quite through this crisis yet," he added.
Gasoline: Meanwhile the price of unleaded gas at the pump rose to a national average of $1.961 a gallon from $1.952 on Thursday, according to a daily survey of gas station credit card swipes from motorist group AAA.
First Published: February 13, 2009: 2:16 PM ET Read More......
2.11.2009
IE or Firefox: Which browser is more secure?
Surprise! Opinions on which Web browser offers better security are not as stark as they were a few years ago.
February 2, 2009 (CSO) The conventional wisdom in security circles used to be that micr*soft's Internet Explorer was hopelessly attack-prone and that only someone with a cyber death wish would prefer it over such alternatives as Mozilla Firefox, Opera or Apple's Safari browser.
That's no doubt still the case for some. But with micr*soft more focused on IE security than it used to be and the market increasingly saturated with Web-browsing alternatives like Google Chrome, opinions aren't as sharp as they once were.
CSOonline.com recently conducted a highly unscientific, very informal poll of security practitioners, asking which browser they consider more secure. Firefox still scores well for many who like the frequent and easy security updates. But IE seems to be gaining more acceptance, especially since micr*soft released version 7 a couple of years ago. As for Google's Chrome, the jury is still out.
In the final analysis, though, security pros say the quality of one's IT defenses can't be based on the browser a company uses. If one were to get into a flaw count between browsers (micr*soft's Jeff Jones used to make a lot noise in the blogging world doing just that; we won't do that here) the security of each would rate about the same.
With attacks increasingly aimed at the application layer, and Web apps a particularly juicy target, it's clearly critical that all browser-makers continue to improve. However, security pros say that from their point of view, it's better to worry less about the browser and more about what other security layers are in place throughout the organization. In other words, one secure browser will never be a substitute for defense-in-depth.
Favoring Firefox
When Mozilla launched Firefox 1.0 in late 2004, users praised it as the ironclad alternative to IE, whose security reputation was at a low point after years of withering attacks targeting a cornucopia of vulnerabilities. Some began questioning the security of Firefox after a steady stream of security fixes that rivaled the number usually found in a micr*soft Patch Tuesday release. But its popularity remains largely undiminished among the security crowd.
Asked for his preference, Chicago-based critical infrastructure researcher and security author Bob Radvanovsky didn't hesitate.
"Firefox, without a doubt," he said. "Something that doesn't record my keystrokes or keep my cached information, and does what I ask it to do."
Tudor Panaitescu, manager of global network security at Colorcon Inc. in the Greater Philadelphia area, said Firefox has been an important part of his efforts to be Windows-free.
"I am using Firefox on Linux 99.9 percent of the time. I have to admit that for the last couple of years I am Windows free, no Windows on my workstation at work nor on my PCs at home," he said. "I am a long-time Netscape/Mozilla suite/Firefox user, I recommend it to all my friends and family, and I definitely consider it more secure than everything else out there."
Panaitescu said he has worked with IE and Safari but hasn't tried Chrome yet. "IE is notorious for security issues and Safari is based on the same renderer and is not so friendly," he said. "I've also heard of some security issues there, too and it doesn't run on Linux (AFAIK)."
Others, like Russ Hall, owner of Nebraska-based Perfect Security LLC, prefer Firefox but only with some setting tweaks. He said he feels most secure using Firefox 3 with plug-ins NoScript and Sandboxie.
"It is true that sites can't display scripts without my toggling that feature but I haven't found this distracting," he said. "Sandboxie will prompt if you download something that should be saved permanently. Otherwise, it is flushed at the end of the session."
IE better, but still flawed
IE still has many security holes, and micr*soft's monthly patch updates almost always include a cumulative update for the browser. But the mere mention of IE doesn't cause the chorus of sneers and groans that were typical half a decade ago.
That doesn't mean security pros now embrace it unconditionally. Some have learned to accept it as a necessary evil because of its compatibility with various websites that won't work in Firefox.
"I use IE 7, but I must confess this is not a security choice but a compatibility one," said François Amigorena, president and CEO of French security software company IS Decisions. "As an Independent software vendor specializing in security solutions for Windows-based infrastructures, my company uses a bunch of micr*soft products, including Exchange, SQL Server, Dynamics CRM, SharePoint, Groove, Live Meeting, and so on."
Therefore, he said, the company is "forced" to stick with IE in order to avoid heavy compatibility issues.
Others are more indifferent about which browser they use. It's not that they don't care. It's that they feel about the same level of security with the likes of IE and Firefox.
One IT security professional who requested anonymity said he uses both and makes sure each are kept up to date on the security patches. He also uses a secure hardware device from IronKey to store his online passwords, so when he needs to use someone else's PC he can launch the browser from the secure memory on his USB key.
"I don't know if this really make me more secure, but I feel more secure and with the password management on the key I can create really strong random passwords since I don't have to remember them," he said. (See Researcher Promotes Concept of 'Safe' and 'Promiscuous' Browsers for a related point of view from WhiteHat Security founder Jeremiah Grossman, who emphasized the browser settings and uses rather than the choice of browser.)
No substitute for layered security For most of those interviewed for this article, the browser one uses isn't as relevant in the big security picture as the defensive layers across the network. A vendor can make the most ironclad browser ever, but it will never be a substitute for a multi-tiered security program.
"In terms of vulnerability, all the browsers are the same," said Nicolas Fort, product manager at Vasco Data Security. "The big point for me is that security is a different layer, it has to be provided."
He would never trust the security of a browser by itself if he were making a transaction on a banking site. Instead, he said he would want to use a different mechanism to ensure authentication.
John Cass, a Boston-based online marketer and author of "Strategies & Tools For Corporate Blogging," said the most attacked browser is always going to be the one with the most market share.
"Perhaps your article should state or conclude that no browser is safe, and here are some best practices to follow to mitigate the chances of problems happening due to security issues," he responded.
Read More......
February 2, 2009 (CSO) The conventional wisdom in security circles used to be that micr*soft's Internet Explorer was hopelessly attack-prone and that only someone with a cyber death wish would prefer it over such alternatives as Mozilla Firefox, Opera or Apple's Safari browser.
That's no doubt still the case for some. But with micr*soft more focused on IE security than it used to be and the market increasingly saturated with Web-browsing alternatives like Google Chrome, opinions aren't as sharp as they once were.
CSOonline.com recently conducted a highly unscientific, very informal poll of security practitioners, asking which browser they consider more secure. Firefox still scores well for many who like the frequent and easy security updates. But IE seems to be gaining more acceptance, especially since micr*soft released version 7 a couple of years ago. As for Google's Chrome, the jury is still out.
In the final analysis, though, security pros say the quality of one's IT defenses can't be based on the browser a company uses. If one were to get into a flaw count between browsers (micr*soft's Jeff Jones used to make a lot noise in the blogging world doing just that; we won't do that here) the security of each would rate about the same.
With attacks increasingly aimed at the application layer, and Web apps a particularly juicy target, it's clearly critical that all browser-makers continue to improve. However, security pros say that from their point of view, it's better to worry less about the browser and more about what other security layers are in place throughout the organization. In other words, one secure browser will never be a substitute for defense-in-depth.
Favoring Firefox
When Mozilla launched Firefox 1.0 in late 2004, users praised it as the ironclad alternative to IE, whose security reputation was at a low point after years of withering attacks targeting a cornucopia of vulnerabilities. Some began questioning the security of Firefox after a steady stream of security fixes that rivaled the number usually found in a micr*soft Patch Tuesday release. But its popularity remains largely undiminished among the security crowd.
Asked for his preference, Chicago-based critical infrastructure researcher and security author Bob Radvanovsky didn't hesitate.
"Firefox, without a doubt," he said. "Something that doesn't record my keystrokes or keep my cached information, and does what I ask it to do."
Tudor Panaitescu, manager of global network security at Colorcon Inc. in the Greater Philadelphia area, said Firefox has been an important part of his efforts to be Windows-free.
"I am using Firefox on Linux 99.9 percent of the time. I have to admit that for the last couple of years I am Windows free, no Windows on my workstation at work nor on my PCs at home," he said. "I am a long-time Netscape/Mozilla suite/Firefox user, I recommend it to all my friends and family, and I definitely consider it more secure than everything else out there."
Panaitescu said he has worked with IE and Safari but hasn't tried Chrome yet. "IE is notorious for security issues and Safari is based on the same renderer and is not so friendly," he said. "I've also heard of some security issues there, too and it doesn't run on Linux (AFAIK)."
Others, like Russ Hall, owner of Nebraska-based Perfect Security LLC, prefer Firefox but only with some setting tweaks. He said he feels most secure using Firefox 3 with plug-ins NoScript and Sandboxie.
"It is true that sites can't display scripts without my toggling that feature but I haven't found this distracting," he said. "Sandboxie will prompt if you download something that should be saved permanently. Otherwise, it is flushed at the end of the session."
IE better, but still flawed
IE still has many security holes, and micr*soft's monthly patch updates almost always include a cumulative update for the browser. But the mere mention of IE doesn't cause the chorus of sneers and groans that were typical half a decade ago.
That doesn't mean security pros now embrace it unconditionally. Some have learned to accept it as a necessary evil because of its compatibility with various websites that won't work in Firefox.
"I use IE 7, but I must confess this is not a security choice but a compatibility one," said François Amigorena, president and CEO of French security software company IS Decisions. "As an Independent software vendor specializing in security solutions for Windows-based infrastructures, my company uses a bunch of micr*soft products, including Exchange, SQL Server, Dynamics CRM, SharePoint, Groove, Live Meeting, and so on."
Therefore, he said, the company is "forced" to stick with IE in order to avoid heavy compatibility issues.
Others are more indifferent about which browser they use. It's not that they don't care. It's that they feel about the same level of security with the likes of IE and Firefox.
One IT security professional who requested anonymity said he uses both and makes sure each are kept up to date on the security patches. He also uses a secure hardware device from IronKey to store his online passwords, so when he needs to use someone else's PC he can launch the browser from the secure memory on his USB key.
"I don't know if this really make me more secure, but I feel more secure and with the password management on the key I can create really strong random passwords since I don't have to remember them," he said. (See Researcher Promotes Concept of 'Safe' and 'Promiscuous' Browsers for a related point of view from WhiteHat Security founder Jeremiah Grossman, who emphasized the browser settings and uses rather than the choice of browser.)
No substitute for layered security For most of those interviewed for this article, the browser one uses isn't as relevant in the big security picture as the defensive layers across the network. A vendor can make the most ironclad browser ever, but it will never be a substitute for a multi-tiered security program.
"In terms of vulnerability, all the browsers are the same," said Nicolas Fort, product manager at Vasco Data Security. "The big point for me is that security is a different layer, it has to be provided."
He would never trust the security of a browser by itself if he were making a transaction on a banking site. Instead, he said he would want to use a different mechanism to ensure authentication.
John Cass, a Boston-based online marketer and author of "Strategies & Tools For Corporate Blogging," said the most attacked browser is always going to be the one with the most market share.
"Perhaps your article should state or conclude that no browser is safe, and here are some best practices to follow to mitigate the chances of problems happening due to security issues," he responded.
Read More......
Subscribe to:
Posts (Atom)
