newspaper.jpgBelow is a round up of news stories relating to information security that we have collated from the past few days.  For ease of use we have categorised the stories under the most appropriate headings.  If there are other stories that may be of interest please let us know via the comments feature.

 

VULNERABILITIES

Asterisk mauled by buffer overflow bug
http://www.channelregister.co.uk/2008/03/20/ip_pbx_vulns/

Firefox update fixes critical security vulnerabilities
http://www.heise-online.co.uk/security/Firefox-update-fixes-critical-security-vulnerabilities–/news/110405
http://www.theregister.co.uk/2008/03/27/firefox_security_flaws_update/

Novell fixes bug in eDirectory
http://www.heise-online.co.uk/security/Novell-fixes-bug-in-eDirectory–/news/110404

PATCHES

Windows users prompted for Safari install as part of update
http://www.scmagazine.com/uk/news/article/795526/windows-users-prompted-safari-install-part-update/

Cisco unleashes IOS patches
http://www.theregister.co.uk/2008/03/27/cisco_patches/

Apple patches AirPort
http://www.heise-online.co.uk/security/Apple-patches-AirPort–/news/110373

COMPUTER VIRUSES, WORMS & TROJANS

MBR Rootkit mutates
http://www.heise-online.co.uk/security/MBR-Rootkit-mutates–/news/110392

EXPLOITS & ACTIVE ATTACKS

Trojan attack on pro-Tibet groups
http://www.heise-online.co.uk/security/Trojan-attack-on-pro-Tibet-groups–/news/110391
http://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/

Hackers attack Euro 2008 ticket website
http://www.vnunet.com/vnunet/news/2212892/hackers-attack-football-ticket

Pro-Tibet Groups Targeted In Cyberspace
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905235

Microsoft Confirms Jet DB Flaw, MS Word Attacks
http://www.eweek.com/c/a/Security/Microsoft-Confirms-Jet-DB-Flaw-MS-Word-Attacks/
http://www.heise.de/english/newsticker/news/105488

GOVERNMENT SECURITY ISSUES

China Denies Claims It Might Bug Beijing Hotel During Olympics
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206906000

UK govt pledges to take e-crime seriously
http://www.zdnetasia.com/news/security/0,39044215,62039412,00.htm

Outsourced passports netting govt. profits, risking national security
http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080326/NATION/840186493/1001

DWP extends staff criminal record checks
http://www.theregister.co.uk/2008/03/27/dwp_extends_crb_checks/

VA has made progress in data security
http://www.fcw.com/online/news/152027-1.html

TIGTA: IRS needs to better monitor security compliance
http://www.fcw.com/online/news/151988-1.html

IG: Energy’s Web sites lack security
http://www.fcw.com/online/news/151957-1.html

White House picks tech entrepreneur for security post
http://www.news.com/8301-10784_3-9899047-7.html

FBI Opens Probe of China-Based Hackers
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/20/AR2008032003193.html

Government Computers Face Anti-Espionage Restrictions
http://www.themoscowtimes.com/stories/2008/03/21/014.html

SPAM, PHISHING & ONLINE SCAMS

ORDB anti-spam blacklist lists everything
http://www.heise.de/english/newsticker/news/105612

Enraged AT&T spam filter eats legitimate mail
http://www.theregister.co.uk/2008/03/24/aggressive_att_spam_filters/

Spammers exploit email meeting invitations
http://www.vnunet.com/vnunet/news/2212916/spammers-inviting-targets

Beijing investigates spam attack
http://news.bbc.co.uk/2/hi/business/7311242.stm

PIRACY & COPYRIGHT

Google in trouble over data security
http://www.vnunet.com/vnunet/news/2212713/google-trouble-security
http://www.crn.com.au/News/72716,google-in-trouble-over-data-security.aspx

UK record industry in illegal file-sharing crackdown
http://www.silicon.com/research/specialreports/datalockdown/0,3800014480,39170492,00.htm

File Sharers Get Help Spotting ISP Moves
http://news.smh.com.au/file-sharers-get-help-spotting-isp-moves/20080327-21sj.html

Companies Use Scans to Track Employees
http://news.smh.com.au/companies-use-scans-to-track-employees/20080327-21ru.html

Flying spy robots keep an eye on crime
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10500269

Blu-Ray Copy Protection Breached
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905416
http://www.electronista.com/articles/08/03/20/bd.protection.cracked/

DATALOSS/INFORMATION SECURITY BREACHES

Millions of Russians’ Personal Data Posted on Free Website
http://www.darkreading.com/document.asp?doc_id=149321&print=true

Patient Records Exposed Through Government Laptop Theft
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905656

Facebook Privacy Glitch Revealed Private Paris Hilton Pictures
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905630
http://ap.google.com/article/ALeqM5ijANq3fmx9AZNNrf7Q1PwCN1cKUAD8VK51UG1
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3617360.ece
http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/
http://www.vnunet.com/vnunet/news/2212863/facebook-security-blunder

Hannaford data breach offers twists from prior attacks
http://news.smh.com.au/hannaford-data-breach-offers-twists-from-prior-attacks/20080318-201z.html

FBI looks into hacking of US Darfur activists’ systems, apparently from China
http://news.smh.com.au/fbi-looks-into-hacking-of-us-darfur-activists-systems-apparently-from-china/20080321-20t0.html

Sneaky state employees may have inadvertantly exposed info to hackers
http://www.news-press.com/apps/pbcs.dll/article?AID=/20080324/NEWS01/80324038/1075

Laptop with personal info. reported stolen
http://media.www.bgnews.com/media/storage/paper883/news/2008/03/27/Campus/Laptop.With.Personal.Info.Reported.Stolen-3287049.shtml

Identity breach affects hospital
http://www.whittierdailynews.com/news/ci_8710866

Lost computer data prompts firm to notify 3,500
http://www.baltimoresun.com/news/local/bal-data0326,0,5806005.story

Privacy breach: Russians exposed on internet
http://www.russiatoday.ru/news/news/22642

Hacker grabs personal info at Daum
http://joongangdaily.joins.com/article/view.asp?aid=2887903

Patient data exposed online
http://www.baltimoresun.com/news/health/bal-te.md.dental26mar26,0,4823354.story

Stolen PC had Agilent workers’ personal data
http://www.mercurynews.com/peninsula/ci_8660115?nclick_check=1&forced=true

Laptop with info on heart patients stolen from federal researcher
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9071278
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html
http://www.cnn.com/2008/US/03/25/stolen.laptop/index.html
http://federaltimes.com/index.php?S=3442638

Obama, Clinton, McCain Passport Breaches Expose Human, Not Tech Weakness
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905232

State says disk with Social Security numbers is missing
http://www.wpri.com/Global/story.asp?S=8051471

ARRESTS, SENTENCING & CONVICTIONS

Engineer Gets 24 Year Sentence For Trying To Steal Navy Secrets
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905727

Money lust lands hacker gang jail time
http://www.shanghaidaily.com/sp/article/2008/200803/20080325/article_353399.htm

Spyware ‘scammer’ sued over PC pop-up invasion
http://www.channelregister.co.uk/2008/03/26/spyware_purveyor_sued/

Former San Jose intern pleads guilty in hacking case
http://www.mercurynews.com/ci_8709142?nclick_check=1

Man sentenced for theft of drive with 1 million bank records
http://computerworld.com.my/ShowPage.aspx?pagetype=2&articleid=7930&pubid=4&issueid=131

Officer fined for breaking data rules
http://www.journallive.co.uk/north-east-news/todays-news/2008/03/26/officer-fined-for-breaking-data-rules-61634-20673800/

Bogus security software vendor lands in US court
http://www.heise-online.co.uk/security/Bogus-security-software-vendor-lands-in-US-court–/news/110407
http://www.vnunet.com/vnunet/news/2212776/man-accused-bogus-security
http://www.consumeraffairs.com/news04/2008/03/wa_spyware.html

Fired MedPro Consultant Indicted For Spam, Disrupting Business
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905115

Accused Broward County student linked to more hacking
http://www.sun-sentinel.com/news/local/broward/sfl-flbhacker0322sbmar23,0,5212103.story

COURT CASES AND LEGAL ISSUES

Chinese Government Aims To Tame Hackers
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206905971

INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES

Supermarket Breach Calls PCI Compliance Into Question
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904986

DATA PRIVACY & PROTECTION

Plea to ban employers trawling Facebook
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3613896.ece
http://www.pcpro.co.uk/news/180999/childrens-group-demands-employer-facebook-ban.html

ICO queries Heathrow T5’s huge fingerprint scam scan
http://www.theregister.co.uk/2008/03/24/ico_queries_t5_fingerprinting/

The Guardian ditches Phorm
http://www.theregister.co.uk/2008/03/26/guardian_phorm_uturn/

Indian Blackberry network given 15 days to allow government snooping or shut down
http://www.engadget.com/2008/03/25/indian-blackberry-network-given-15-days-to-allow-government-snoo/

REPORTS & RESEARCH

NIST unveils tool to foil attacks via DNS
http://www.gcn.com/online/vol1_no1/46004-1.html

Intel Researching New Approach to Laptop Security
http://www.darkreading.com/document.asp?doc_id=149076&print=true

Audit reaffirms need for more IT staff at OU
http://www.athensmessenger.com/main.asp?SectionID=1&SubSectionID=273&ArticleID=9229

COMMENTARY

Mozilla CEO blasts Apple for putting security of the internet at risk
http://www.channelregister.co.uk/2008/03/24/mozilla_and_the_apple_itunes_update/

Outsourcing security tasks brings controversy
http://www.networkworld.com/news/2008/032008-outsourcing-security.html

STUDIES AND SURVEYS

WhiteHat: 90% of Sites Still Vulnerable
http://www.darkreading.com/document.asp?doc_id=149213&print=true
http://www.scmagazine.com/uk/news/article/795155/websites-riddled-vulnerabilities-whitehat-study/

US largest source of bad bots
http://www.smh.com.au/news/security/us-largest-source-of-bad-bots/2008/03/24/1206207011879.html

UK firms at risk from the ‘enemy within’
http://www.vnunet.com/vnunet/news/2212914/uk-firms-risk-enemy-within

Enterprises urged to plug IM security holes
http://www.vnunet.com/vnunet/news/2212630/enterprises-urged-plug-im

DISASTER RECOVERY & BUSINESS CONTINUITY

Mini-Y2K fears over daylight saving change
http://www.smh.com.au/news/technology/miniy2k-fears/2008/03/27/1206207268565.html

MISC

Of laptops and US border searches
http://www.theregister.co.uk/2008/03/24/us_border_control_laptop_searches/

US Firms Brace for Cyber War
http://www.darkreading.com/document.asp?doc_id=148929&print=true

Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.

About the Author: bhimport

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.