newspaper.jpgBelow is a round up of news stories relating to information security that we have collated from the past few days.  For ease of use we have categorised the stories under the most appropriate headings.  If there are other stories that may be of interest please let us know via the comments feature.

VULNERABILITIES

Virtualization Has A Security Blind Spot
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207602800

Hackers present new rootkit techniques
http://www.heise.de/english/newsticker/news/108057

Cross-site scripting hole in Paypal casts doubt on EV-SSL
http://www.heise-online.co.uk/security/Cross-site-scripting-hole-in-Paypal-casts-doubt-on-EV-SSL–/news/110759
http://www.theregister.co.uk/2008/05/16/paypal_page_succumbs_to_xss/

Security hole in Internet Explorer allows attackers to execute arbitrary programs
http://www.heise-online.co.uk/security/Security-hole-in-Internet-Explorer-allows-attackers-to-execute-arbitrary-programs–/news/110752

Vulnerability in software used by power plants http://www.zdnetasia.com/news/security/0,39044215,62041472,00.htm

Code can be injected into IBM’s Lotus Domino
http://www.heise-online.co.uk/security/Code-can-be-injected-into-IBM-s-Lotus-Domino–/news/11078

Foxit Reader executes injected code
http://www.heise-online.co.uk/security/Foxit-Reader-executes-injected-code–/news/110773

Phlashing attack thrashes embedded systems
http://www.theregister.co.uk/2008/05/21/phlashing/

EXPLOITS & ACTIVE ATTACKS

Security expert warns of ‘token kidnapping’ threat http://www.zdnetasia.com/news/security/0,39044215,62041594,00.htm

Vendor warns of ‘Chinese’ Web site attacks http://www.zdnetasia.com/news/security/0,39044215,62041540,00.htm
http://www.theregister.co.uk/2008/05/21/china_sql_injection_attack/

COMPUTER VIRUSES, WORMS & TROJANS

Hacker writes rootkit for Cisco’s routers
http://www.infoworld.com/article/08/05/14/Hacker-writes-rootkit-for-Ciscos-routers_1.html
http://www.scmagazine.com/uk/news/article/809870/cisco-ios-rootkit-revealed-london-conference/
http://www.theregister.co.uk/2008/05/15/router_rootkit/

Zango dismisses Storm Worm conspiracy theory http://www.theregister.co.uk/2008/05/19/zango_dismisses_storm_worm_conspiracy_theory/

GOVERNMENT SECURITY ISSUES

Pentagon seeks advice on classified systems
http://www.gcn.com/online/vol1_no1/46264-1.html

No new money for FBI’s crime squads
http://seattlepi.nwsource.com/local/363631_fbiterror19.html

Home Office backs down over e-crime plans
http://www.scmagazineuk.com/Home-Office-backs-down-over-e-crime-plans/article/110392/

NHS to encrypt 700,000 devices
http://www.scmagazineuk.com/NHS-to-encrypt-700000-devices/article/110345/

Government lines up central database of phone and internet records http://www.scmagazineuk.com/Government-lines-up-central-database-of-phone-and-internet-records/article/110337/
http://www.smh.com.au/news/technology/big-brothers-vault-for-all-net-use-calls-and-emails/2008/05/20/1211182838534.html

SOCA defends e-crime record as minister admits gap http://www.theregister.co.uk/2008/05/21/soca_cybercrime/

DHS to monitor access to IT systems
http://www.washingtontechnology.com/online/1_1/32835-1.html

SPAM, PHISHING & ONLINE SCAMS

Spam domains use small number of registrars
http://www.heise.de/english/newsticker/news/108233

Pondlife earthquake scammers go mobile
http://www.theregister.co.uk/2008/05/20/china_earthquake_scam/

Storm spam floods inboxes again
http://www.vnunet.com/vnunet/news/2217252/storm-surges-back

PIRACY & COPYRIGHT

Piracy cost Peruvian computer-software companies US$75 million (euro48 million) in 2007
http://news.smh.com.au/technology/piracy-cost-peruvian-computersoftware-companies-us75-million-euro48-million-in-2007-20080522-2h24.html

BSA dubs Manchester second worst for piracy http://www.channelregister.co.uk/2008/05/19/bsa_manchester_software_piracy_federation/

DATALOSS/INFORMATION SECURITY BREACHES

Confidential health records lost
http://news.bbc.co.uk/2/hi/uk_news/england/hampshire/7410119.stm

Glitch opens Bebo users’ private details to others
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501833&objectid=10511780

Tories show they’re ready for government…
http://www.theregister.co.uk/2008/05/22/tories_email_voter_records/

People’s customers’ data lost
http://www.connpost.com/breakingnews/ci_9334823

OKC buyer finds sensitive information on server
http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253

LendingTree LLC Sued Over Customer Information Data Breach
http://money.cnn.com/news/newsfeeds/articles/djf500/200805201751DOWJONESDJONLINE000740_FORTUNE5.htm

Bank: Breach affected accounts
http://www.unionleader.com/article.aspx?headline=Bank%3A+Breach+affected+accounts&articleId=635cf69d-dce2-4817-8974-602d1d47ba5f

Laptop holding information of 8,000 Spring students stolen
http://www.chron.com/disp/story.mpl/metropolitan/5786308.html

Pa. Student Accused Of ‘Hacking’ School System
http://cbs3.com/topstories/data.theft.computer.2.725949.html

1 million euro stolen in bank card fraud
http://www.independent.ie/breaking-news/national-news/1-million-euro-stolen-in-bank-card-fraud-1379228.html

Hacker invades Sunrise firm’s computer
http://www.miamiherald.com/481/story/535311.html

Employee data breached at U of L president’s office
http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20080516/NEWS01/80516030/1008

Theft Of Laptop Imperils School Employees’ Data
http://www.dnronline.com/news_details.php?AID=16845&CHID=1

ARRESTS, SENTENCING & CONVICTIONS

Spain arrests ‘prolific’ hackers
http://news.bbc.co.uk/2/hi/europe/7406260.stm
http://www.heise-online.co.uk/security/Teenage-web-site-vandals-arrested–/news/110760
http://www.timesonline.co.uk/tol/news/world/europe/article3952836.ece
http://www.theregister.co.uk/2008/05/19/defacement_crew_cuffed/

Japan uses copyright conviction to crack down on student who allegedly spread computer virus
http://news.smh.com.au/technology/japan-uses-copyright-conviction-to-crack-down-on-student-who-allegedly-spread-computer-virus-20080516-2f0y.html

Interpol says Colombia did not tamper with files on seized rebel computers
http://news.smh.com.au/technology/interpol-says-colombia-did-not-tamper-with-files-on-seized-rebel-computers-20080516-2etm.html

Hacker shuts down government computers’
http://www.news.com.au/technology/story/0,25642,23707457-5014111,00.html

Police Nab Suspected Hacker of Korean Bank
http://english.chosun.com/w21data/html/news/200805/200805160012.html

Japanese P2P Virus Writer Convicted, Escapes Jail
http://www.govtech.com/gt/323943?topic=117671

Outback hack suspect denied bail
http://www.theregister.co.uk/2008/05/16/nt_hack_suspect_denied_bail/

Swiss high court upholds conviction of two Muslims for terror Websites
http://news.smh.com.au/technology/swiss-high-court-upholds-conviction-of-two-muslims-for-terror-web-sites-20080522-2gyz.html

COURT CASES AND LEGAL ISSUES

Google map service could face EU lawsuits
http://euobserver.com/9/26154

Warrantless access to UK ISP customer activity records imminent
http://www.heise-online.co.uk/security/Warrantless-access-to-UK-ISP-customer-activity-records-imminent–/news/110755

ID theft protection firm sued
http://www.wvgazette.com/News/200805172662

Legal experts wary of MySpace hacking charges
http://www.theregister.co.uk/2008/05/17/myspace_hacking_charges_analysis/

INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES

Google under fire again for handing user info to police
http://www.theregister.co.uk/2008/05/19/google_india_gandhi/

Retailers struggle to meet PCI deadline
http://www.vnunet.com/vnunet/news/2216939/retailers-struggling-pci-deadline

DATA PRIVACY & PROTECTION

Criticism for ‘UK database’ plan
http://news.bbc.co.uk/2/hi/technology/7410885.stm

Google questioned over privacy practices
http://today.reuters.co.uk/news/articlenews.aspx?type=internetNews&storyID=2008-05-22T045600Z_01_N21425396_RTRIDST_0_OUKIN-UK-TONI-GOOGLE-PRIVACY-CONGRESS.XML&archived=False

Google defends privacy policy after Google Health launch
http://www.scmagazineuk.com/Google-defends-privacy-policy-after-Google- -Health-launch/article/110332/
http://www.smh.com.au/news/biztech/this-wont-hurt-a-bit-google-health-launches/2008/05/20/1211182764406.html

Iran launches fresh crackdown on websites: report
http://news.smh.com.au/technology/iran-launches-fresh-crackdown-on-websites-report-20080520-2giq.html 

Thai government threatens to shut down 29 websites
http://news.smh.com.au/technology/thai-government-threatens-to-shut-down-29-websites-20080520-2gcc.html

Retailers fingerprint plans prompt privacy concerns
http://www.vnunet.com/computing/news/2217184/retailers-fingerprint-plans-4017151

Charter’s Web Tracking Plan Scrutinized
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800708

Shops track customers via mobile phone
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3945496.ece

REPORTS & RESEARCH

Cyber-users pour scorn on firm’s NZ hack-attack study
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10511706

Quality and security of open source software improving
http://www.siliconrepublic.com/news/news.nv?storyid=single11072
http://www.theregister.co.uk/2008/05/21/open_source_audit/

COMMENTARY

Fallout from the OpenSSL debacle
http://www.heise.de/english/newsticker/news/108058

Hackers to concentrate on moving targets
http://www.itweek.co.uk/itweek/features/2216974/hackers-concentrate-moving-4001798

Companies must take heed of the insider threat
http://www.zdnetasia.com/news/security/0,39044215,62041535,00.htm

Experts warn of cyberterrorism threat
http://news.smh.com.au/technology/experts-warn-of-cyberterrorism-threat-20080522-2gzl.html

 STUDIES AND SURVEYS

Brits more fearful of ID fraud
http://www.theregister.co.uk/2008/05/19/ofcom_media_survey/

DISASTER RECOVERY & BUSINESS CONTINUITY

Crazy Rasberry Ants Menace Electronics In Houston
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800439
http://www.vnunet.com/vnunet/news/2216754/texan-computers-hit-ant-attack

MISC

Passport cards called security vulnerability
http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080516/NATION/662238118/1001

Yahoo fights to hide ’embarrassing documents’
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10510728

Auditor gets diminishing returns from data matching
http://www.theregister.co.uk/2008/05/19/audit_fraud_down/

BAE chief exec, director detained at US airports
http://www.theregister.co.uk/2008/05/19/bae_ceo_step_this_way_please_sir/

Apple rapped for Safari download policy
http://www.scmagazine.com/uk/news/article/810147/apple-rapped-safari-download-policy/

Victims turn vigilante in hunt for eBay conmen
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3944813.ece

Employers loosen rules on camera phones
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9086798

Global group to provide cyberattack early warnings
http://www.zdnetasia.com/news/security/0,39044215,62041609,00.htm

Awareness of data theft puts pressure on IT workers
http://www.siliconrepublic.com/news/news.nv?storyid=single11077

Expert disects Estonian cyber-war
http://www.vnunet.com/vnunet/news/2217276/expert-reflects-cyber-war

Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.

About the Author: bhimport

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*