Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Security hole in Adobe’s Flash Basic, Professional and CS3
http://www.heise-online.co.uk/security/Security-hole-in-Adobe-s-Flash-Basic-Professional-and-CS3–/news/110370F-Secure warns of archive protocol danger
http://www.zdnetasia.com/news/security/0,39044215,62039144,00.htmCritical bugs bite Kerberos
http://www.channelregister.co.uk/2008/03/20/kerberos_vulns/
PATCHES
Windows Vista Service Pack 1 ready for Download
http://www.heise.de/english/newsticker/news/105350Windows Vista SP1 Wreaks Havoc On Some PCs, Users Complain
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904736Apple Releases Jumbo Security Update
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904729
http://www.zdnetasia.com/news/security/0,39044215,62039107,00.htm
http://www.theregister.co.uk/2008/03/19/monster_apple_patch_batch/Microsoft delivers updated Excel patch
http://www.heise-online.co.uk/security/Microsoft-delivers-updated-Excel-patch–/news/110372
EXPLOITS & ACTIVE ATTACKS
iFrame attacks: Blame your Web admin guy
http://www.zdnetasia.com/news/security/0,39044215,62039039,00.htmPro-Tibet groups bombarded with abusive calls, viruses
http://news.smh.com.au/protibet-groups-bombarded-with-abusive-calls-viruses/20080319-20gr.html
GOVERNMENT SECURITY ISSUES
State agency moves to plug USB flash drive security gap
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9069038UK pumps funds into espionage tech
http://www.zdnetasia.com/news/security/0,39044215,62039143,00.htmGovernment’s plans for cyber-crime ‘half-baked’
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3590336.ece
http://www.vnunet.com/computing/news/2212365/national-security-strategy
PIRACY & COPYRIGHT
Crackdown on illegal downloaders
http://www.smh.com.au/news/security/crackdown-on-illegal-downloaders/2008/03/20/1205602537856.htmlApple Said to Weigh Unlimited Music Deal
http://news.smh.com.au/apple-said-to-weigh-unlimited-music-deal/20080320-20k7.html
DATALOSS/INFORMATION SECURITY BREACHES
German government says 500 computers were lost or stolen in three years
http://www.cnbc.com/id/23722559/for/cnbc
http://www.forbes.com/markets/feeds/afx/2008/03/20/afx4797356.htmlHannaford, Security Industry Hunt for Cause of Massive Breach
http://www.darkreading.com/document.asp?doc_id=148730&print=true
http://www.news.com/8301-10789_3-9898417-57.html
http://news.smh.com.au/supermarket-data-breach-still-unsolved/20080318-201z.htmlHannaford hit with class action suit in data breach
http://www.seacoastonline.com/apps/pbcs.dll/article?AID=/20080319/NEWS/80319033/-1/NEWS19&sfad=1States website put bank details at risk
http://www.thisisguernsey.com/2008/03/18/states-website-put-bank-details-at-risk/Credit details stolen in Carshalton internet fraud
http://www.wimbledonguardian.co.uk/news/suttonnews/display.var.2132014.0.credit_details_stolen_in_carshalton_internet_fraud.phpMissing laptop had BlueCross customer info
http://wnyt.com/article/stories/S382822.shtml?cat=300DSL Reports back up after DDoS attack
http://www.theregister.co.uk/2008/03/19/dslreports_under_ddos_attack/Pennsylvania officials bail after voter reg site springs a leak
http://www.theregister.co.uk/2008/03/19/voter_reg_site_springs_a_leak/
ARRESTS, SENTENCING & CONVICTIONS
Feds Get Guilty Plea From Operation Bot Roast
http://www.darkreading.com/document.asp?doc_id=148801&print=trueMan admits creating Web virus, spreading via copyright footage
http://www.yomiuri.co.jp/dy/national/20080319TDY02306.htm
http://www.theregister.co.uk/2008/03/19/winny_trojan_vxer_trial/
http://www.vnunet.com/vnunet/news/2212354/japanese-man-admits-unleashingHacker Pleads Guilty to Computer Fraud
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/20/AR2008032001412_pf.htmlIndictment charges 2 men with hacking into Evesham company’s Web site
http://www.phillyburbs.com/pb-dyn/news/112-03182008-1505477.htmlBritish lord and three others accused of bid to steal £220m from Japanese bank
http://www.dailymail.co.uk/pages/live/articles/showbiz/showbiznews.html?in_article_id=534031Identity theft brings 51-month prison sentence
http://seattlepi.nwsource.com/local/355301_idtheft18.html
http://news.smh.com.au/seattle-man-who-used-filesharing-software-to-steal-identities-gets-more-than-4-years/20080318-203x.html
http://www.smh.com.au/news/web/man-jailed-for-filesharing-theft/2008/03/18/1205602361081.html
http://www.theregister.co.uk/2008/03/18/p2p_highwayman_jailed/Man Charged With Stealing VA Hospital Computers
http://www.theindychannel.com/news/15633679/detail.html
COURT CASES AND LEGAL ISSUES
Constitutional Court Unplugs Data Law
http://www.spiegel.de/international/germany/0,1518,542398,00.html
http://www.earthtimes.org/articles/show/193390,top-german-court-partially-blocks-police-use-of-phone-data.html
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
FTC Deal Suggests Enterprises Could Be Liable for Poor Security
http://www.darkreading.com/document.asp?doc_id=148572&print=true
DATA PRIVACY & PROTECTION
Phorm needs ‘better protection’
http://news.bbc.co.uk/2/hi/technology/7303426.stmFacebook Adds Privacy Controls, Plans Chat Feature
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904510
http://www.siliconrepublic.com/news/news.nv?storyid=single10548
http://www.smh.com.au/news/web/facebook-adds-privacy-features/2008/03/19/1205602443381.html
http://www.theregister.co.uk/2008/03/18/hannaford_data_breach/Privacy reforms to cause industry shake-up
http://www.cio.com.au/index.php/id;242271242British police build a database of portrait photos for facial recognition
http://www.heise.de/english/newsticker/news/105352UCLA hospital bans cellphones, laptops
http://www.latimes.com/news/local/orange/la-me-ucla18mar18,1,2660676.story
REPORTS & RESEARCH
RSA sees increase in fast-flux botnets
http://www.zdnetasia.com/news/security/0,39044215,62039095,00.htmIP leaks fuelling interest in encryption and monitoring
http://www.siliconrepublic.com/news/news.nv?storyid=single10558Spyware authors offer dollars for downloads
http://www.vnunet.com/vnunet/news/2212403/spyware-authors-offer-dollersSensitive data left on second-hand government computers: report
http://www.thewest.com.au/default.aspx?MenuID=77&ContentID=63847
COMMENTARY
Vietnam faces loose network security, data protection
http://news.xinhuanet.com/english/2008-03/19/content_7821316.htmPolice chief: Cyber crime is everywhere
http://software.silicon.com/security/0,39024655,39170393,00.htm
STUDIES AND SURVEYS
Blunders prompt more care of data
http://news.bbc.co.uk/2/hi/business/7304455.stm
http://www.silicon.com/research/specialreports/datalockdown/0,3800014480,39170433,00.htmFirms’ biometric records are ‘insecure’
http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=8058
MISC
Sun Solaris to adopt NSA security model
http://www.gcn.com/online/vol1_no1/45980-1.htmlColombian rebels deny Venezuelan funding
http://news.smh.com.au/colombian-rebels-deny-venezuelan-funding/20080320-20n2.htmlAnglophone cybercops team up to fight fraud
http://www.theregister.co.uk/2008/03/20/international_cybercrime_rescue/So what’s the easiest box to hack – Vista, Ubuntu or OS X?
http://www.theregister.co.uk/2008/03/19/pwn2own_contest_returns/
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
