Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Microsoft Refutes Windows Vista Vulnerability Report
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603257
Denial of service holes in Cisco products
http://www.heise-online.co.uk/security/Denial-of-service-holes-in-Cisco-products–/news/110736
http://www.scmagazine.com/uk/news/article/809478/cisco-warns-ip-telephony-flaws/
Privilege escalation through driver bug in Windows
http://www.heise-online.co.uk/security/Privilege-escalation-through-driver-bug-in-Windows–/news/110728
Facebook safeguards ignore enterprise users
http://www.vnunet.com/vnunet/news/2216707/facebook-safeguards-ignore
More Asian companies want code tested
http://www.zdnetasia.com/news/security/0,39044215,62041217,00.htm
PATCHES
Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four Bulletins
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603294
http://www.heise.de/english/newsticker/news/107858
http://www.zdnetasia.com/news/security/0,39044215,62041306,00.htm
http://www.scmagazine.com/uk/news/article/809101/microsoft-releases-three-critical-bulletins-patch-tuesday/
Debian fixes serious crypto bug
http://www.theregister.co.uk/2008/05/13/debian_openssl_bug/
Upgraders to XP SP3 warned over IE downgrades
http://www.zdnetasia.com/news/security/0,39044215,62041200,00.htm
COMPUTER VIRUSES, WORMS & TROJANS
DVD smut malware blights US forces in Iraq
http://www.theregister.co.uk/2008/05/12/dvd_smut_malware_hits_army/
Shape-shifting malware hits the web
http://www.vnunet.com/vnunet/news/2216675/shape-shifting-malware-hits-web
EXPLOITS & ACTIVE ATTACKS
Brute-Force SSH Server Attacks Surge
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207603339
http://www.scmagazine.com/uk/news/article/809222/brute-force-ssh-attacks-surge/
Botnet sics zombie soldiers on gimpy websites
http://www.theregister.co.uk/2008/05/14/asprox_attacks_websites/
Another mass attack on websites
http://www.heise.de/english/newsticker/news/107857
Hackers Find a New Place to Hide Rootkits
http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html
GOVERNMENT SECURITY ISSUES
NATO members set up Cyber Defence Centre
http://news.bbc.co.uk/2/hi/europe/7401260.stm
http://www.heise-online.co.uk/security/NATO-members-set-up-Cyber-Defence-Centre–/news/110738
http://news.smh.com.au/technology/nato-launches-cyber-defence-centre-in-estonia-20080515-2ef3.html
European Commission seeks security genius
http://www.scmagazine.com/uk/news/article/808964/european-commission-seeks-security-genius/
Air Force Colonel Wants to Build a Military Botnet
http://blog.wired.com/27bstroke6/2008/05/air-force-col-w.html
http://blog.wired.com/defense/2008/05/air-force-mater.html
http://news.smh.com.au/technology/colonel-suggests-using-hackers-tool-against-them-20080515-2el0.html
MoD fights data losses with encryption
http://www.silicon.com/publicsector/0,3800010403,39214543,00.htm
http://www.vnunet.com/computing/news/2216316/encryption-software-protect-mod
F.B.I. Says the Military Had Bogus Computer Gear
http://www.theregister.co.uk/2008/05/09/fbi_counterfeit_kit_probe/
http://www.nytimes.com/2008/05/09/technology/09cisco.html?_r=2&adxnnl=1&oref=slogin&ref=technology&adxnnlx=1210594119-OMauZ7uwSY4iw7q4PYQu4A
SPAM, PHISHING & ONLINE SCAMS
Identity fraud hits net telephony
http://news.bbc.co.uk/2/hi/technology/7398676.stm
Spammers open new front on social networking sites
http://www.theregister.co.uk/2008/05/14/social_network_spam/
Phishing Campaign Targets Tax Rebate Checks
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207601673
Google Mail can distribute spam
http://www.heise-online.co.uk/security/Google-Mail-can-distribute-spam–/news/110709
http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html
Spammers fill up on petrol scam
http://www.vnunet.com/vnunet/news/2216339/spammers-fill-gas-scam
PIRACY & COPYRIGHT
Software Piracy On The Rise, Study Finds
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800168
http://news.smh.com.au/technology/software-piracy-increases-in-asiapacific-industry-group-20080515-2een.html
UK software piracy rate declines
http://news.bbc.co.uk/2/hi/technology/7400260.stm
DATALOSS/INFORMATION SECURITY BREACHES
Classified Hong Kong “watch-list” leaked on internet
http://www.topnews.in/classified-hong-kong-watch-list-leaked-internet-240641
DU Students, Alums Warned Of Security Breach
http://www.nbc5.com/news/16205384/detail.html
Hackers take down Zimbabwean state-owned newspaper
http://www.scmagazine.com/uk/news/article/808870/hackers-down-zimbabwean-state-owned-newspaper/
OSU admits computer security breach
http://newsok.com/osu-admits-computer-security-breach/article/3243594/?tm=1210801442
Multiple Chilean government and utilties servers breached
http://www.heise-online.co.uk/security/Multiple-Chilean-government-and-utilties-servers-breached–/news/110706
http://news.bbc.co.uk/1/hi/world/americas/7395295.stm
http://news.smh.com.au/hacker-splashes-data-from-six-million-chileans-on-internet-report/20080512-2d79.html
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10509564
Computer server with client data missing at HSBC Hong Kong
http://rss.xinhuanet.com/newsc/english/2008-05/08/content_8126223.htm
http://www.zdnetasia.com/news/security/0,39044215,62041175,00.htm
Classified Hong Kong “watch-list” leaked on internet
http://www.topnews.in/classified-hong-kong-watch-list-leaked-internet-240641
DWP sending sensitive data with passwords
http://www.computing.co.uk/computing/news/2216315/dwp-sending-sensitive-passwords
http://www.vnunet.com/vnunet/news/2216356/pension-details-leaked-latest
Financial watchdog’s laptop computer stolen from hotel
http://www.independent.ie/business/irish/financial-watchdogs-laptop-computer-stolen-from-hotel-1372336.html
Some Students, Parents Defend New Trier Hacker
http://www.wbbm780.com/pages/2150588.php
http://www.signonsandiego.com/news/business/20080507-9999-1b7saic.html
Park National vendor loses laptop with employees’ personal info
http://www.bizjournals.com/columbus/stories/2008/05/12/tidbits1.html
Photobucket Requests Password Change After Security Issue
http://www.appscout.com/2008/05/photobucket_asks_users_to_chan.php
NBC 4 Investigates Stolen State-Owned Computers
http://www.nbc4i.com/midwest/cmh/news.apx.-content-articles-CMH-2008-05-14-0008.html
Customer data on stolen laptop
http://calsun.canoe.ca/News/Alberta/2008/05/14/5560321-sun.html
ARRESTS, SENTENCING & CONVICTIONS
Five IRS Employees Charged With Snooping on Tax Returns
http://blog.wired.com/27bstroke6/2008/05/five-irs-employ.html
More tied to UCLA snooping
http://www.latimes.com/business/careers/work/la-me-ucla13-2008may13,0,4998130.story
http://www.dailybruin.ucla.edu/news/2008/may/14/13-more-involved-file-breach/
TJX credit card heist suspect, 2 others, accused of new scam
http://www.theregister.co.uk/2008/05/13/trio_accused_in_carding_scam/
Feds nab modern-day Bonnie and Clyde
http://www.theregister.co.uk/2008/05/15/aggravated_identity_theft_charges/
http://www.foxnews.com/story/0,2933,355103,00.html
Mac thief caught on webcam
http://www.smh.com.au/news/technology/mac-thief-caught-on-webcam/2008/05/12/1210444306538.html
http://www.theregister.co.uk/2008/05/12/macbook_betrays_burglars/
http://www.vnunet.com/vnunet/news/2216352/mac-app-catches-crooks
COURT CASES AND LEGAL ISSUES
MySpace wins US$230M in spam suit
http://www.zdnetasia.com/news/security/0,39044215,62041322,00.htm
http://www.theregister.co.uk/2008/05/14/myspace_spam_ruling/
http://www.siliconrepublic.com/news/news.nv?storyid=single11014
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10510354
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Banks agree to TJX breach settlement with Mastercard
http://www.iii.co.uk/news/?type=afxnews&articleid=6711624&action=article
TJX Earnings Suggest that Data Security Doesn’t Worry Consumers
http://blogs.wsj.com/biztech/2008/05/13/tjx-earnings-suggest-that-data–security-doesnt-worry-consumers/?mod=WSJBlog
Draft guidance for securing servers
http://www.gcn.com/online/vol1_no1/46239-1.html
IT body wants internet ‘snoop’ safeguards
http://www.smh.com.au/news/security/it-body-wants-internet-snoop-safeguards/2008/05/12/1210444311183.html
ICO warns of ‘substantial’ fines for data breaches
http://www.vnunet.com/vnunet/news/2216374/fines-data-protection-breaches
http://www.silicon.com/publicsector/0,3800010403,39216158,00.htm
DATA PRIVACY & PROTECTION
Outrage in UK over staff blacklisting database
http://www.siliconrepublic.com/news/news.nv?storyid=single10979
REPORTS & RESEARCH
Researchers dig into x86 chips for stealthier rootkits
http://www.theregister.co.uk/2008/05/12/smm_rootkits/
STUDIES AND SURVEYS
Study finds Vista more vulnerable than Windows 2000
http://www.heise.de/english/newsticker/news/107855
IT students not being educated on security
http://www.computing.co.uk/computing/news/2216373/students-educated-security
One in four data breaches involves schools
http://www.eschoolnews.com/news/top-news/?i=53791;_hbguid=2e98092b-4de1-4167-baed-62da478722f4&d=top-news
SMEs fear their own networks
http://www.vnunet.com/vnunet/news/2216263/smes-fear-own-networks
MISC
Checkpoint guards against web-borne malware
http://www.scmagazine.com/uk/news/article/809232/checkpoint-guards-against-web-borne-malware/
Security Flaws Exposed at Nuke Lab
http://www.time.com/time/nation/article/0,8599,1739535,00.html
Microsoft Cofee brews ‘back door’ fears
http://www.vnunet.com/vnunet/news/2216290/microsoft-cofee-brews-back-door
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
About the Author: bhimport
