Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Asterisk mauled by buffer overflow bug
http://www.channelregister.co.uk/2008/03/20/ip_pbx_vulns/Firefox update fixes critical security vulnerabilities
http://www.heise-online.co.uk/security/Firefox-update-fixes-critical-security-vulnerabilities–/news/110405
http://www.theregister.co.uk/2008/03/27/firefox_security_flaws_update/Novell fixes bug in eDirectory
http://www.heise-online.co.uk/security/Novell-fixes-bug-in-eDirectory–/news/110404
PATCHES
Windows users prompted for Safari install as part of update
http://www.scmagazine.com/uk/news/article/795526/windows-users-prompted-safari-install-part-update/Cisco unleashes IOS patches
http://www.theregister.co.uk/2008/03/27/cisco_patches/Apple patches AirPort
http://www.heise-online.co.uk/security/Apple-patches-AirPort–/news/110373
COMPUTER VIRUSES, WORMS & TROJANS
MBR Rootkit mutates
http://www.heise-online.co.uk/security/MBR-Rootkit-mutates–/news/110392
EXPLOITS & ACTIVE ATTACKS
Trojan attack on pro-Tibet groups
http://www.heise-online.co.uk/security/Trojan-attack-on-pro-Tibet-groups–/news/110391
http://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/Hackers attack Euro 2008 ticket website
http://www.vnunet.com/vnunet/news/2212892/hackers-attack-football-ticketPro-Tibet Groups Targeted In Cyberspace
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905235Microsoft Confirms Jet DB Flaw, MS Word Attacks
http://www.eweek.com/c/a/Security/Microsoft-Confirms-Jet-DB-Flaw-MS-Word-Attacks/
http://www.heise.de/english/newsticker/news/105488
GOVERNMENT SECURITY ISSUES
China Denies Claims It Might Bug Beijing Hotel During Olympics
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206906000UK govt pledges to take e-crime seriously
http://www.zdnetasia.com/news/security/0,39044215,62039412,00.htmOutsourced passports netting govt. profits, risking national security
http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080326/NATION/840186493/1001DWP extends staff criminal record checks
http://www.theregister.co.uk/2008/03/27/dwp_extends_crb_checks/VA has made progress in data security
http://www.fcw.com/online/news/152027-1.htmlTIGTA: IRS needs to better monitor security compliance
http://www.fcw.com/online/news/151988-1.htmlIG: Energy’s Web sites lack security
http://www.fcw.com/online/news/151957-1.htmlWhite House picks tech entrepreneur for security post
http://www.news.com/8301-10784_3-9899047-7.htmlFBI Opens Probe of China-Based Hackers
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/20/AR2008032003193.htmlGovernment Computers Face Anti-Espionage Restrictions
http://www.themoscowtimes.com/stories/2008/03/21/014.html
SPAM, PHISHING & ONLINE SCAMS
ORDB anti-spam blacklist lists everything
http://www.heise.de/english/newsticker/news/105612Enraged AT&T spam filter eats legitimate mail
http://www.theregister.co.uk/2008/03/24/aggressive_att_spam_filters/Spammers exploit email meeting invitations
http://www.vnunet.com/vnunet/news/2212916/spammers-inviting-targetsBeijing investigates spam attack
http://news.bbc.co.uk/2/hi/business/7311242.stm
PIRACY & COPYRIGHT
Google in trouble over data security
http://www.vnunet.com/vnunet/news/2212713/google-trouble-security
http://www.crn.com.au/News/72716,google-in-trouble-over-data-security.aspxUK record industry in illegal file-sharing crackdown
http://www.silicon.com/research/specialreports/datalockdown/0,3800014480,39170492,00.htmFile Sharers Get Help Spotting ISP Moves
http://news.smh.com.au/file-sharers-get-help-spotting-isp-moves/20080327-21sj.htmlCompanies Use Scans to Track Employees
http://news.smh.com.au/companies-use-scans-to-track-employees/20080327-21ru.htmlFlying spy robots keep an eye on crime
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10500269Blu-Ray Copy Protection Breached
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905416
http://www.electronista.com/articles/08/03/20/bd.protection.cracked/
DATALOSS/INFORMATION SECURITY BREACHES
Millions of Russians’ Personal Data Posted on Free Website
http://www.darkreading.com/document.asp?doc_id=149321&print=truePatient Records Exposed Through Government Laptop Theft
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905656Facebook Privacy Glitch Revealed Private Paris Hilton Pictures
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905630
http://ap.google.com/article/ALeqM5ijANq3fmx9AZNNrf7Q1PwCN1cKUAD8VK51UG1
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3617360.ece
http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/
http://www.vnunet.com/vnunet/news/2212863/facebook-security-blunderHannaford data breach offers twists from prior attacks
http://news.smh.com.au/hannaford-data-breach-offers-twists-from-prior-attacks/20080318-201z.htmlFBI looks into hacking of US Darfur activists’ systems, apparently from China
http://news.smh.com.au/fbi-looks-into-hacking-of-us-darfur-activists-systems-apparently-from-china/20080321-20t0.htmlSneaky state employees may have inadvertantly exposed info to hackers
http://www.news-press.com/apps/pbcs.dll/article?AID=/20080324/NEWS01/80324038/1075Laptop with personal info. reported stolen
http://media.www.bgnews.com/media/storage/paper883/news/2008/03/27/Campus/Laptop.With.Personal.Info.Reported.Stolen-3287049.shtmlIdentity breach affects hospital
http://www.whittierdailynews.com/news/ci_8710866Lost computer data prompts firm to notify 3,500
http://www.baltimoresun.com/news/local/bal-data0326,0,5806005.storyPrivacy breach: Russians exposed on internet
http://www.russiatoday.ru/news/news/22642Hacker grabs personal info at Daum
http://joongangdaily.joins.com/article/view.asp?aid=2887903Patient data exposed online
http://www.baltimoresun.com/news/health/bal-te.md.dental26mar26,0,4823354.storyStolen PC had Agilent workers’ personal data
http://www.mercurynews.com/peninsula/ci_8660115?nclick_check=1&forced=trueLaptop with info on heart patients stolen from federal researcher
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9071278
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html
http://www.cnn.com/2008/US/03/25/stolen.laptop/index.html
http://federaltimes.com/index.php?S=3442638Obama, Clinton, McCain Passport Breaches Expose Human, Not Tech Weakness
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905232State says disk with Social Security numbers is missing
http://www.wpri.com/Global/story.asp?S=8051471
ARRESTS, SENTENCING & CONVICTIONS
Engineer Gets 24 Year Sentence For Trying To Steal Navy Secrets
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905727Money lust lands hacker gang jail time
http://www.shanghaidaily.com/sp/article/2008/200803/20080325/article_353399.htmSpyware ‘scammer’ sued over PC pop-up invasion
http://www.channelregister.co.uk/2008/03/26/spyware_purveyor_sued/Former San Jose intern pleads guilty in hacking case
http://www.mercurynews.com/ci_8709142?nclick_check=1Man sentenced for theft of drive with 1 million bank records
http://computerworld.com.my/ShowPage.aspx?pagetype=2&articleid=7930&pubid=4&issueid=131Officer fined for breaking data rules
http://www.journallive.co.uk/north-east-news/todays-news/2008/03/26/officer-fined-for-breaking-data-rules-61634-20673800/Bogus security software vendor lands in US court
http://www.heise-online.co.uk/security/Bogus-security-software-vendor-lands-in-US-court–/news/110407
http://www.vnunet.com/vnunet/news/2212776/man-accused-bogus-security
http://www.consumeraffairs.com/news04/2008/03/wa_spyware.htmlFired MedPro Consultant Indicted For Spam, Disrupting Business
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905115Accused Broward County student linked to more hacking
http://www.sun-sentinel.com/news/local/broward/sfl-flbhacker0322sbmar23,0,5212103.story
COURT CASES AND LEGAL ISSUES
Chinese Government Aims To Tame Hackers
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905971
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Supermarket Breach Calls PCI Compliance Into Question
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904986
DATA PRIVACY & PROTECTION
Plea to ban employers trawling Facebook
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3613896.ece
http://www.pcpro.co.uk/news/180999/childrens-group-demands-employer-facebook-ban.htmlICO queries Heathrow T5’s huge fingerprint scam scan
http://www.theregister.co.uk/2008/03/24/ico_queries_t5_fingerprinting/The Guardian ditches Phorm
http://www.theregister.co.uk/2008/03/26/guardian_phorm_uturn/Indian Blackberry network given 15 days to allow government snooping or shut down
http://www.engadget.com/2008/03/25/indian-blackberry-network-given-15-days-to-allow-government-snoo/
REPORTS & RESEARCH
NIST unveils tool to foil attacks via DNS
http://www.gcn.com/online/vol1_no1/46004-1.htmlIntel Researching New Approach to Laptop Security
http://www.darkreading.com/document.asp?doc_id=149076&print=trueAudit reaffirms need for more IT staff at OU
http://www.athensmessenger.com/main.asp?SectionID=1&SubSectionID=273&ArticleID=9229
COMMENTARY
Mozilla CEO blasts Apple for putting security of the internet at risk
http://www.channelregister.co.uk/2008/03/24/mozilla_and_the_apple_itunes_update/Outsourcing security tasks brings controversy
http://www.networkworld.com/news/2008/032008-outsourcing-security.html
STUDIES AND SURVEYS
WhiteHat: 90% of Sites Still Vulnerable
http://www.darkreading.com/document.asp?doc_id=149213&print=true
http://www.scmagazine.com/uk/news/article/795155/websites-riddled-vulnerabilities-whitehat-study/US largest source of bad bots
http://www.smh.com.au/news/security/us-largest-source-of-bad-bots/2008/03/24/1206207011879.htmlUK firms at risk from the ‘enemy within’
http://www.vnunet.com/vnunet/news/2212914/uk-firms-risk-enemy-withinEnterprises urged to plug IM security holes
http://www.vnunet.com/vnunet/news/2212630/enterprises-urged-plug-im
DISASTER RECOVERY & BUSINESS CONTINUITY
Mini-Y2K fears over daylight saving change
http://www.smh.com.au/news/technology/miniy2k-fears/2008/03/27/1206207268565.html
MISC
Of laptops and US border searches
http://www.theregister.co.uk/2008/03/24/us_border_control_laptop_searches/US Firms Brace for Cyber War
http://www.darkreading.com/document.asp?doc_id=148929&print=true
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
About the Author: bhimport
