Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
AV Still Weak on Rootkit Detection, Fixing Infections
http://www.darkreading.com/document.asp?doc_id=148266&print=trueWindows Home Server Bug Won’t Be Fixed Until June
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903032
http://www.heise.de/english/newsticker/news/104982Possible vulnerability in TrueCrypt 5.1
http://www.heise-online.co.uk/security/Possible-vulnerability-in-TrueCrypt-5-1–/news/110308BlackBerry servers ripe for the hacking
http://www.techworld.com/security/news/index.cfm?newsID=11663Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say
http://www.popularmechanics.com/technology/industry/4253628.htmlRealPlayer vulnerable in Internet Explorer
http://www.zdnetasia.com/news/security/0,39044215,62038863,00.htmInsecure by design: Cisco product shipped with backdoor
http://www.heise-online.co.uk/security/Insecure-by-design-Cisco-product-shipped-with-backdoor–/news/110320Virtualization’s secret security threats
http://www.infoworld.com/article/08/03/13/11NF-virt-security_1.htmlSecurity Card Chip Can Be Hacked
http://news.smh.com.au/security-card-chip-can-be-hacked/20080313-1z2o.html
http://www.linuxworld.com.au/index.php/id;1618903200;fp;2;fpid;1Unpatched RealPayer bug paves way for drive-by downloads
http://www.theregister.co.uk/2008/03/12/realplayer_bug/Pacemakers Vulnerable To Hacking
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903321
http://www.heise.de/english/newsticker/news/104983
http://news.smh.com.au/pacemakers-at-danger-from-hackers-study/20080313-1z24.html
http://www.theregister.co.uk/2008/03/12/heart_monitor_hacking/
PATCHES
Microsoft Updates Office 2008 For Mac With Critical Fixes
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903062Microsoft Patch Tuesday Fixes A Dozen Office Flaws
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903046
http://www.zdnetasia.com/news/security/0,39044215,62038864,00.htm
http://www.scmagazine.com/uk/news/article/790218/microsoft-patches-excel-zero-day-bug-three-fixes/
http://www.theregister.co.uk/2008/03/12/march_patch_tuesday/
http://www.vnunet.com/vnunet/news/2211791/office-fixes-dominate-monthlyCisco sets dates for IOS patch releases
http://www.scmagazine.com/uk/news/article/790167/cisco-sets-dates-ios-patch-releases/Cisco patches holes in Secure Access Control Server
http://www.heise-online.co.uk/security/Cisco-patches-holes-in-Secure-Access-Control-Server–/news/110312
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903346Adobe goes on patching spree
http://www.heise-online.co.uk/security/Adobe-goes-on-patching-spree–/news/110310
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903346
COMPUTER VIRUSES, WORMS & TROJANS
Olympic trojan beats Microsoft to Excel patch
http://www.zdnetasia.com/news/security/0,39044215,62038852,00.htm
EXPLOITS & ACTIVE ATTACKS
Rent-a-bot gang rises from the DDoS ashes
http://www.channelregister.co.uk/2008/03/13/loadscc_rises_again/Mac security site littered with malware
http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/Hackers claim iPhone 2.0 breakthrough
http://www.zdnetasia.com/news/security/0,39044215,62038909,00.htmExploit code created for hole in RealPlayer
http://www.scmagazine.com/uk/news/article/790194/exploit-code-created-hole-realplayer/BBC iPlayer targeted by hackers
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3546963.eceThieving Third-Party Gmail App Highlights Google Security Worries
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206902839
http://www.zdnetasia.com/news/security/0,39044215,62038812,00.htm
GOVERNMENT SECURITY ISSUES
NSA Pushes ‘Labeled’ Access Control for NFS
http://www.darkreading.com/document.asp?doc_id=148360&print=true
http://www.gcn.com/online/vol1_no1/45944-1.htmlPolice e-crime funding set for green light?
http://software.silicon.com/security/0,39024655,39170345,00.htmPolice and UK Plc call for a national e-crime unit
http://software.silicon.com/security/0,39024655,39170344,00.htmUS military concerned about increasing cyber attacks
http://www.heise-online.co.uk/security/US-military-concerned-about-increasing-cyber-attacks–/news/110307
http://www.ft.com/cms/s/0/258b5638-efd9-11dc-8a17-0000779fd2ac.htmlNova, PPG test readiness for cyber war
http://www.post-gazette.com/pg/08072/864263-28.stmCyberexercise shows need for better training to avoid major network failures
http://www.govexec.com/story_page.cfm?articleid=39524
SPAM, PHISHING & ONLINE SCAMS
Spam Takes a Vacation
http://www.darkreading.com/document.asp?doc_id=148157&print=true
http://www.theregister.co.uk/2008/03/11/global_spam_trends/Measures sought against VoIP spam
http://www.heise.de/english/newsticker/news/104928
PIRACY & COPYRIGHT
Publishers Phase Out Piracy Protection on Audio Books
http://www.nytimes.com/2008/03/03/business/media/03audiobook.html?_r=1&oref=sloginBBC calls DRM cops on iPlayer download party
http://www.theregister.co.uk/2008/03/13/iplayer_iphone_drm_loophole_closed/
DATALOSS/INFORMATION SECURITY BREACHES
HealthNow data goes missing as laptop vanishes
http://www.buffalonews.com/145/story/296415.htmlMTV Breach Underscores Company’s Need For DLP
http://www.crn.com/security/206902848MoD admits to losing 11,000 ID cards
http://www.silicon.com/publicsector/0,3800010403,39170355,00.htmHarvard Says Hacker Broke Into System
http://news.smh.com.au/harvard-says-hacker-broke-into-system/20080314-1zbg.htmlCounselling Service admits breach of trust after releasing over 300 emails
http://www.nouse.co.uk/2008/03/13/counselling-service-admits-breach-of-trust-after-releasing-over-300-emails/print/Amerindian Center warns about security breach
http://www.greenbaypressgazette.com/apps/pbcs.dll/article?AID=/20080313/GPG0101/803130643/1207/GPGnewsPolice suffer memory loss
http://www.thecomet.net/content/comet/news/story.aspx?brand=CMTOnline&category=News&tBrand=herts24&tCategory=newscomnew&itemid=WEED13%20Mar%202008%2010%3A22%3A10%3A867Harvard grad students hit in computer intrusion
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9068221&intsrc=hm_listThousands hit by breaches of data
http://news.bbc.co.uk/2/hi/uk_news/scotland/7290981.stmMoD confirms data of 63,000 recruits at risk
http://www.theherald.co.uk/news/news/display.var.2111679.0.MoD_confirms_data_of_63_000_recruits_at_risk.php40,000 names, Social Security numbers on stolen computer
http://www.ocregister.com/news/computer-fullerton-stolen-1996864-detectives-kingRecovered computer held information on employees
http://www.modbee.com/local/story/235943.htmlLost PEIA tape still not found
http://media.www.marshallparthenon.com/media/storage/paper534/news/2008/03/11/News/Lost-Peia.Tape.Still.Not.Found-3262181.shtmlOklahoma County Clerk’s records reveal social security numbers
http://www.tulsatoday.com/newsdesk/index.php?option=com_content&task=view&id=1485&Itemid=2Trend Micro’s web site infected
http://www.heise-online.co.uk/security/Trend-Micro-s-web-site-infected–/news/110319
http://www.theregister.co.uk/2008/03/13/trend_micro_website_infected/
http://news.zdnet.co.uk/security/0,1000000189,39366046,00.htmLaptop with patient information stolen from University Health Care
http://www.ksl.com/?nid=148&sid=2849851
ARRESTS, SENTENCING & CONVICTIONS
LSDigital drops federal botnet confession
http://www.theregister.co.uk/2008/03/14/bot_herder_cops_plea/
DATA PRIVACY & PROTECTION
Virtual demos over net censorship
http://news.bbc.co.uk/2/hi/in_depth/7292130.stm
http://www.heise.de/english/newsticker/news/104866Germany and US to share fingerprint, DNA databases
http://www.zdnetasia.com/news/security/0,39044215,62038849,00.htmLobby group condemns big four labels’ attack on Eircom
http://www.siliconrepublic.com/news/news.nv?storyid=single10502Syria expands “iron censorship” over Internet
http://today.reuters.co.uk/news/newsArticle.aspx?type=internetNews&storyID=2008-03-13T193521Z_01_L1383536_RTRIDST_0_OUKIN-UK-SYRIA-INTERNET.XMLOpen Rights Group questions Phorm
http://news.bbc.co.uk/2/hi/technology/7291637.stm
http://www.vnunet.com/vnunet/news/2211959/open-rights-group-raisesEU and US reach deal on travel security negotiations
http://euobserver.com/9/25828
REPORTS & RESEARCH
Card fraud up by a quarter to £535m
http://www.silicon.com/retailandleisure/0,3800011842,39170334,00.htm
http://www.vnunet.com/vnunet/news/2211943/online-banking-fraud-decline
http://www.vnunet.com/computing/news/2211782/card-fraud-abroad-soarsSecurity certification needs to be strengthened
http://www.vnunet.com/computing/news/2211785/security-certification-needsCompliance to drive archiving technology growth
http://www.siliconrepublic.com/news/news.nv?storyid=single10498Foreign losses jack UK plastic fraud up to £535.2m
http://www.theregister.co.uk/2008/03/12/card_fraud_latest_apacs/Cyber-attack launched from 10,000 web pages
http://www.vnunet.com/vnunet/news/2211936/cyber-attack-launched-web-pages
http://security.blogs.techtarget.com/2008/03/13/mcafee-discovers-10000-malware-laced-sites/
COMMENTARY
Analysts call for secure Facebook access for workers
http://www.theregister.co.uk/2008/03/13/gartner_facebook_secure_business/Corporate espionage: Not if, but when
http://resources.zdnet.co.uk/articles/features/0,1000002000,39365959,00.htmMake vendors liable for exploits
http://www.theregister.co.uk/2008/03/10/security_economics/Your next high-tech gadget may come bundled with an extra _ a virus
http://news.smh.com.au/your-next-hightech-gadget-may-come-bundled-with-an-extra–a-virus/20080314-1zde.html
STUDIES AND SURVEYS
‘Risky’ remote workers fuel security spending
http://www.zdnetasia.com/news/security/0,39044215,62038883,00.htm
http://software.silicon.com/security/0,39024655,39170328,00.htm
http://www.vnunet.com/vnunet/news/2211857/security-budgets-riseBanks more trustworthy than government over data security
http://www.vnunet.com/computing/news/2211996/banks-trustworthy-governmentOnline services create security headache for airlines
http://www.zdnetasia.com/news/security/0,39044215,62038854,00.htmSecurity skills top IT chiefs’ wish-lists
http://software.silicon.com/security/0,39024655,39170362,00.htm
MISC
SOA-based system compels security overhaul at hotel chain
http://www.networkworld.com/news/2008/031208-soa-security-starwood.htmlChinese ‘hacker’ denies CNN report
http://www.china.org.cn/china/national/2008-03/11/content_12264393.htmBanking industry teams up with fraud police
http://www.vnunet.com/computing/news/2211651/banking-industry-welcomes-fraudRussian serfs paid $3 a day to break CAPTCHAs
http://www.theregister.co.uk/2008/03/14/captcha_serfs/Convicted cybercrook stands for election in the Ukraine
http://www.theregister.co.uk/2008/03/14/hackers_form_ukrainian_political_party/
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
