Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Apache tool generates password hashes using predictable salts
http://www.heise-online.co.uk/security/Apache-tool-generates-password-hashes-using-predictable-salts–/news/110144FrSIRT finds flaws in MySQL
http://www.scmagazine.com/uk/news/article/784470/frsirt-finds-flaws-mysql/
PATCHES
Microsoft Pulls Buggy Windows Vista SP1 Files
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206800819Microsoft publishes list of compatibility problems with Vista Service Pack 1
http://www.heise.de/english/newsticker/news/103815
EXPLOITS & ACTIVE ATTACKS
Cult of the Dead Cow turns Google into a vulnerability scanner
http://www.heise-online.co.uk/security/Cult-of-the-Dead-Cow-turns-Google-into-a-vulnerability-scanner–/news/110087Exploit code for Microsoft Works flaw available: US-CERT
http://www.scmagazine.com/uk/news/article/785183/exploit-code-microsoft-works-flaw-available-us-cert/
http://www.techworld.com/security/news/index.cfm?newsID=11441Public VoIP phones vulnerable to hacking
http://www.zdnetasia.com/news/security/0,39044215,62037943,00.htm
GOVERNMENT SECURITY ISSUES
Nation States’ Espionage and Counterespionage
http://www2.csoonline.com/exclusives/column.html?CID=33542
Government still suffers from information insecurity
http://www.govexec.com/dailyfed/0208/021508j1.htmLatest China scare torpedos 3Com takeover
http://www.channelregister.co.uk/2008/02/20/3com_huawei_deal_collapses/Diplomatic crisis looms as French bugs ‘discovered in UK Defence Minister’s office’
http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=515239&in_page_id=1770
PIRACY & COPYRIGHT
‘Hacker’ launches iTunes copying
http://news.bbc.co.uk/2/hi/technology/7253542.stm
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3403705.ece
DATALOSS/INFORMATION SECURITY BREACHES
Irish blood donor records stolen in New York
http://www.rte.ie/news/2008/0219/blood.html
http://www.siliconrepublic.com/news/news.nv?storyid=single10323
http://www.siliconrepublic.com/news/news.nv?storyid=single10320
http://www.ehealtheurope.net/news/3489/irish_blood_records_stolen_in_new_york
http://www.independent.ie/national-news/alert-as-170000-blood-donor-files-are-stolen-1294079.html
Modesto schools starts blog for workers after data theft
http://www.modbee.com/local/story/213996.htmlChinese hacker steals user information on 18 MILLION online shoppers at Auction.co.kr
http://www.webappsec.org/projects/whid/byid_id_2008-10.shtmlDoS attack prevents access to WordPress.com blogs
http://news.yahoo.com/s/infoworld/20080219/tc_infoworld/95428Petrobras announces loss of top secret information
http://news.xinhuanet.com/english/2008-02/15/content_7609428.htmUniversity Pledges to Boost Tech Security
http://www.thehoya.com/node/15379Brown pledges inquiry after admission assaults were committed by murderers and rapists while DNA disc was lost
http://www.thisislondon.co.uk/news/article-23439932-details/Brown+pledges+inquiry+after+admission+assaults+were+committed+by+murderers+and+rapists+while+DNA+disc+was+lost/article.do
http://www.theregister.co.uk/2008/02/20/government_data_loss/Government slips again on data security
http://www.vnunet.com/vnunet/news/2210071/government-slips-security-againGovernment admits to 200 more laptop thefts
http://www.silicon.com/publicsector/0,3800010403,39170099,00.htm?r=1
ARRESTS, SENTENCING & CONVICTIONS
Japan brings down Godzilla of spam
http://www.theregister.co.uk/2008/02/19/japan_spam_godzilla_arrest/Spain cuffs Wi-Fi leeching lottery scammers
http://www.theregister.co.uk/2008/02/18/spain_lottery_scam_arrests/
COURT CASES AND LEGAL ISSUES
Lawsuit targets Lifeblood
http://www.commercialappeal.com/news/2008/feb/19/lawsuit-targets-lifeblood/
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Lawmakers to consider data-breach disclosure law
http://www.kentucky.com/101/story/322280.html
DATA PRIVACY & PROTECTION
European privacy advocates to issue report in April
http://www.iht.com/articles/2008/02/20/business/google.php
REPORTS & RESEARCH
Google reports ever more search results leading to infected web pages
http://www.heise-online.co.uk/security/Google-reports-ever-more-search-results-leading-to-infected-web-pages–/news/110153
http://www.zdnetasia.com/news/security/0,39044215,62037972,00.htmPhone viruses to spread as telecom, computer worlds merge, say experts
http://news.smh.com.au/phone-viruses-to-spread-as-telecom-computer-worlds-merge-say-experts/20080217-1smi.htmlHackers step up website attacks
http://www.vnunet.com/vnunet/news/2210040/hackers-step-website-attacksID Fraud Risk On The Increase
http://news.sky.com/skynews/article/0,,91221-1306223,00.htmlRussian hosting network running a protection racket, researcher says
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9063418
STUDIES AND SURVEYS
Security experts doubt UK can tackle e-crime
http://www.vnunet.com/computing/news/2210124/security-experts-doubt-uk-3836800
http://www.vnunet.com/computing/news/2209871/security-professionals-call
SECURITY AWARENESS
B4USurf imparts safe use of Internet to youths
http://www.zdnetasia.com/news/security/0,39044215,62037965,00.htm
DISASTER RECOVERY & BUSINESS CONTINUITY
Flirting with disaster
http://www.financialweek.com/apps/pbcs.dll/article?AID=/20080215/REG/886415246Saboteurs may have cut Mideast telecom cables: UN agency
http://news.smh.com.au/saboteurs-may-have-cut-mideast-telecom-cables-un-agency/20080219-1sv3.html
MISC
Self-destruct laptops foil thieves
http://www.vnunet.com/vnunet/news/2209973/laptops-set-self-destruct
http://news.sky.com/skynews/article/0,,91221-1306101,00.html
http://www.pcadvisor.co.uk/blogs/index.cfm?blogid=4&entryid=1665
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
About the Author: bhimport
