Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Virtualization Has A Security Blind Spot
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207602800
Hackers present new rootkit techniques
http://www.heise.de/english/newsticker/news/108057
Cross-site scripting hole in Paypal casts doubt on EV-SSL
http://www.heise-online.co.uk/security/Cross-site-scripting-hole-in-Paypal-casts-doubt-on-EV-SSL–/news/110759
http://www.theregister.co.uk/2008/05/16/paypal_page_succumbs_to_xss/
Security hole in Internet Explorer allows attackers to execute arbitrary programs
http://www.heise-online.co.uk/security/Security-hole-in-Internet-Explorer-allows-attackers-to-execute-arbitrary-programs–/news/110752
Vulnerability in software used by power plants http://www.zdnetasia.com/news/security/0,39044215,62041472,00.htm
Code can be injected into IBM’s Lotus Domino
http://www.heise-online.co.uk/security/Code-can-be-injected-into-IBM-s-Lotus-Domino–/news/11078
Foxit Reader executes injected code
http://www.heise-online.co.uk/security/Foxit-Reader-executes-injected-code–/news/110773
Phlashing attack thrashes embedded systems
http://www.theregister.co.uk/2008/05/21/phlashing/
EXPLOITS & ACTIVE ATTACKS
Security expert warns of ‘token kidnapping’ threat http://www.zdnetasia.com/news/security/0,39044215,62041594,00.htm
Vendor warns of ‘Chinese’ Web site attacks http://www.zdnetasia.com/news/security/0,39044215,62041540,00.htm
http://www.theregister.co.uk/2008/05/21/china_sql_injection_attack/
COMPUTER VIRUSES, WORMS & TROJANS
Hacker writes rootkit for Cisco’s routers
http://www.infoworld.com/article/08/05/14/Hacker-writes-rootkit-for-Ciscos-routers_1.html
http://www.scmagazine.com/uk/news/article/809870/cisco-ios-rootkit-revealed-london-conference/
http://www.theregister.co.uk/2008/05/15/router_rootkit/
Zango dismisses Storm Worm conspiracy theory http://www.theregister.co.uk/2008/05/19/zango_dismisses_storm_worm_conspiracy_theory/
GOVERNMENT SECURITY ISSUES
Pentagon seeks advice on classified systems
http://www.gcn.com/online/vol1_no1/46264-1.html
No new money for FBI’s crime squads
http://seattlepi.nwsource.com/local/363631_fbiterror19.html
Home Office backs down over e-crime plans
http://www.scmagazineuk.com/Home-Office-backs-down-over-e-crime-plans/article/110392/
NHS to encrypt 700,000 devices
http://www.scmagazineuk.com/NHS-to-encrypt-700000-devices/article/110345/
Government lines up central database of phone and internet records http://www.scmagazineuk.com/Government-lines-up-central-database-of-phone-and-internet-records/article/110337/
http://www.smh.com.au/news/technology/big-brothers-vault-for-all-net-use-calls-and-emails/2008/05/20/1211182838534.html
SOCA defends e-crime record as minister admits gap http://www.theregister.co.uk/2008/05/21/soca_cybercrime/
DHS to monitor access to IT systems
http://www.washingtontechnology.com/online/1_1/32835-1.html
SPAM, PHISHING & ONLINE SCAMS
Spam domains use small number of registrars
http://www.heise.de/english/newsticker/news/108233
Pondlife earthquake scammers go mobile
http://www.theregister.co.uk/2008/05/20/china_earthquake_scam/
Storm spam floods inboxes again
http://www.vnunet.com/vnunet/news/2217252/storm-surges-back
PIRACY & COPYRIGHT
Piracy cost Peruvian computer-software companies US$75 million (euro48 million) in 2007
http://news.smh.com.au/technology/piracy-cost-peruvian-computersoftware-companies-us75-million-euro48-million-in-2007-20080522-2h24.html
BSA dubs Manchester second worst for piracy http://www.channelregister.co.uk/2008/05/19/bsa_manchester_software_piracy_federation/
DATALOSS/INFORMATION SECURITY BREACHES
Confidential health records lost
http://news.bbc.co.uk/2/hi/uk_news/england/hampshire/7410119.stm
Glitch opens Bebo users’ private details to others
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501833&objectid=10511780
Tories show they’re ready for government…
http://www.theregister.co.uk/2008/05/22/tories_email_voter_records/
People’s customers’ data lost
http://www.connpost.com/breakingnews/ci_9334823
OKC buyer finds sensitive information on server
http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253
LendingTree LLC Sued Over Customer Information Data Breach
http://money.cnn.com/news/newsfeeds/articles/djf500/200805201751DOWJONESDJONLINE000740_FORTUNE5.htm
Bank: Breach affected accounts
http://www.unionleader.com/article.aspx?headline=Bank%3A+Breach+affected+accounts&articleId=635cf69d-dce2-4817-8974-602d1d47ba5f
Laptop holding information of 8,000 Spring students stolen
http://www.chron.com/disp/story.mpl/metropolitan/5786308.html
Pa. Student Accused Of ‘Hacking’ School System
http://cbs3.com/topstories/data.theft.computer.2.725949.html
1 million euro stolen in bank card fraud
http://www.independent.ie/breaking-news/national-news/1-million-euro-stolen-in-bank-card-fraud-1379228.html
Hacker invades Sunrise firm’s computer
http://www.miamiherald.com/481/story/535311.html
Employee data breached at U of L president’s office
http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20080516/NEWS01/80516030/1008
Theft Of Laptop Imperils School Employees’ Data
http://www.dnronline.com/news_details.php?AID=16845&CHID=1
ARRESTS, SENTENCING & CONVICTIONS
Spain arrests ‘prolific’ hackers
http://news.bbc.co.uk/2/hi/europe/7406260.stm
http://www.heise-online.co.uk/security/Teenage-web-site-vandals-arrested–/news/110760
http://www.timesonline.co.uk/tol/news/world/europe/article3952836.ece
http://www.theregister.co.uk/2008/05/19/defacement_crew_cuffed/
Japan uses copyright conviction to crack down on student who allegedly spread computer virus
http://news.smh.com.au/technology/japan-uses-copyright-conviction-to-crack-down-on-student-who-allegedly-spread-computer-virus-20080516-2f0y.html
Interpol says Colombia did not tamper with files on seized rebel computers
http://news.smh.com.au/technology/interpol-says-colombia-did-not-tamper-with-files-on-seized-rebel-computers-20080516-2etm.html
Hacker shuts down government computers’
http://www.news.com.au/technology/story/0,25642,23707457-5014111,00.html
Police Nab Suspected Hacker of Korean Bank
http://english.chosun.com/w21data/html/news/200805/200805160012.html
Japanese P2P Virus Writer Convicted, Escapes Jail
http://www.govtech.com/gt/323943?topic=117671
Outback hack suspect denied bail
http://www.theregister.co.uk/2008/05/16/nt_hack_suspect_denied_bail/
Swiss high court upholds conviction of two Muslims for terror Websites
http://news.smh.com.au/technology/swiss-high-court-upholds-conviction-of-two-muslims-for-terror-web-sites-20080522-2gyz.html
COURT CASES AND LEGAL ISSUES
Google map service could face EU lawsuits
http://euobserver.com/9/26154
Warrantless access to UK ISP customer activity records imminent
http://www.heise-online.co.uk/security/Warrantless-access-to-UK-ISP-customer-activity-records-imminent–/news/110755
ID theft protection firm sued
http://www.wvgazette.com/News/200805172662
Legal experts wary of MySpace hacking charges
http://www.theregister.co.uk/2008/05/17/myspace_hacking_charges_analysis/
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Google under fire again for handing user info to police
http://www.theregister.co.uk/2008/05/19/google_india_gandhi/
Retailers struggle to meet PCI deadline
http://www.vnunet.com/vnunet/news/2216939/retailers-struggling-pci-deadline
DATA PRIVACY & PROTECTION
Criticism for ‘UK database’ plan
http://news.bbc.co.uk/2/hi/technology/7410885.stm
Google questioned over privacy practices
http://today.reuters.co.uk/news/articlenews.aspx?type=internetNews&storyID=2008-05-22T045600Z_01_N21425396_RTRIDST_0_OUKIN-UK-TONI-GOOGLE-PRIVACY-CONGRESS.XML&archived=False
Google defends privacy policy after Google Health launch
http://www.scmagazineuk.com/Google-defends-privacy-policy-after-Google- -Health-launch/article/110332/
http://www.smh.com.au/news/biztech/this-wont-hurt-a-bit-google-health-launches/2008/05/20/1211182764406.html
Iran launches fresh crackdown on websites: report
http://news.smh.com.au/technology/iran-launches-fresh-crackdown-on-websites-report-20080520-2giq.html
Thai government threatens to shut down 29 websites
http://news.smh.com.au/technology/thai-government-threatens-to-shut-down-29-websites-20080520-2gcc.html
Retailers fingerprint plans prompt privacy concerns
http://www.vnunet.com/computing/news/2217184/retailers-fingerprint-plans-4017151
Charter’s Web Tracking Plan Scrutinized
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800708
Shops track customers via mobile phone
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3945496.ece
REPORTS & RESEARCH
Cyber-users pour scorn on firm’s NZ hack-attack study
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10511706
Quality and security of open source software improving
http://www.siliconrepublic.com/news/news.nv?storyid=single11072
http://www.theregister.co.uk/2008/05/21/open_source_audit/
COMMENTARY
Fallout from the OpenSSL debacle
http://www.heise.de/english/newsticker/news/108058
Hackers to concentrate on moving targets
http://www.itweek.co.uk/itweek/features/2216974/hackers-concentrate-moving-4001798
Companies must take heed of the insider threat
http://www.zdnetasia.com/news/security/0,39044215,62041535,00.htm
Experts warn of cyberterrorism threat
http://news.smh.com.au/technology/experts-warn-of-cyberterrorism-threat-20080522-2gzl.html
STUDIES AND SURVEYS
Brits more fearful of ID fraud
http://www.theregister.co.uk/2008/05/19/ofcom_media_survey/
DISASTER RECOVERY & BUSINESS CONTINUITY
Crazy Rasberry Ants Menace Electronics In Houston
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207800439
http://www.vnunet.com/vnunet/news/2216754/texan-computers-hit-ant-attack
MISC
Passport cards called security vulnerability
http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080516/NATION/662238118/1001
Yahoo fights to hide ’embarrassing documents’
http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10510728
Auditor gets diminishing returns from data matching
http://www.theregister.co.uk/2008/05/19/audit_fraud_down/
BAE chief exec, director detained at US airports
http://www.theregister.co.uk/2008/05/19/bae_ceo_step_this_way_please_sir/
Apple rapped for Safari download policy
http://www.scmagazine.com/uk/news/article/810147/apple-rapped-safari-download-policy/
Victims turn vigilante in hunt for eBay conmen
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3944813.ece
Employers loosen rules on camera phones
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9086798
Global group to provide cyberattack early warnings
http://www.zdnetasia.com/news/security/0,39044215,62041609,00.htm
Awareness of data theft puts pressure on IT workers
http://www.siliconrepublic.com/news/news.nv?storyid=single11077
Expert disects Estonian cyber-war
http://www.vnunet.com/vnunet/news/2217276/expert-reflects-cyber-war
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
About the Author: bhimport
