Below is a round up of news stories relating to information security that we have collated from the past few days.  For ease of use we have categorised the stories under the most appropriate headings.  If there are other stories that may be of interest please let us know via the comments feature.

VULNERABILITIES

QuickTime leak allows trojans to be injected
http://www.heise-online.co.uk/security/QuickTime-leak-allows-trojans-to-be-injected–/news/110640

Oracle Database Susceptible To Rare Attack
http://www.informationweek.com/news/software/database_apps/showArticle.jhtml?articleID=207402692

Multiple flaws found in HP Software Update tool
http://www.zdnetasia.com/news/security/0,39044215,62040763,00.htm

PATCHES

Microsoft postpones Service Pack updates
http://www.heise.de/english/newsticker/news/107248

COMPUTER VIRUSES, WORMS & TROJANS

Storm worm botnet turns into April shower
http://www.theregister.co.uk/2008/05/01/storm_worm_breakup/ 

EXPLOITS & ACTIVE ATTACKS

Plasma TV components applied to password cracking
http://www.theregister.co.uk/2008/04/30/fpga_hacking/

Whitehats tackle The Great Botnet Dilemma
http://www.theregister.co.uk/2008/04/29/kraken_botnet_infiltrated/ 

GOVERNMENT SECURITY ISSUES

Bush administration’s email snafu explained?
http://www.heise-online.co.uk/security/Bush-administration-s-email-snafu-explained–/news/110645

Experts struggle with cybersecurity agenda
http://www.gcn.com/online/vol1_no1/46189-1.html 

Government data breaches have eroded public trust
http://www.zdnetasia.com/news/security/0,39044215,62040859,00.htm
http://www.silicon.com/research/specialreports/datalockdown/0,3800014480,39210529,00.htm

National fraud reporting centre to arrive next year
http://management.silicon.com/government/0,39024677,39208911,00.htm

Audit: NJ lacks computer security for personal Medicaid data
http://www.newsday.com/news/local/wire/newjersey/ny-bc-nj–medicaid-computer0501may01,0,7802356.story

SPAM, PHISHING & ONLINE SCAMS

ISC shutters services of more than 4300 Chinese open e-mail relays
http://www.zdnetasia.com/news/security/0,39044215,62040801,00.htm

Brazen scammer claims to be fraud squad head
http://www.smh.com.au/news/technology/brazen-scammer-claims-to-be-fraud-squad-head/2008/04/30/1209234929531.html

For 30 years now, you’ve been getting spam
http://news.smh.com.au/for-30-years-now-youve-been-getting-spam/20080502-2a3j.html
http://www.theregister.co.uk/2008/05/01/spam_30

Identity Thieves Sharpen Their Act
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10507218

PIRACY & COPYRIGHT

Charity advice on music downloads
http://news.bbc.co.uk/2/hi/technology/7375621.stm

DATALOSS/INFORMATION SECURITY BREACHES

London mayoral candidate web sites open to XSS
http://www.heise-online.co.uk/security/London-mayoral-candidate-web-sites-open-to-XSS–/news/110648
http://www.theregister.co.uk/2008/05/01/london_mayor_security_gaffes/

Anti-Israel hackers deface central bank site
http://www.theregister.co.uk/2008/04/30/bank_of_israel_hacking/

Every Italian’s tax bill published online
http://www.theregister.co.uk/2008/05/01/italy_publishes_tax_details/
http://www.guardian.co.uk/world/2008/may/01/italy

88,000 patients at risk after computer theft
http://www.silive.com/news/advance/index.ssf?/base/news/1209644107324690.xml&coll=1

Laptop containing VT personal information stolen
http://www.wsls.com/sls/news/local/new_river_valley/article/laptop_containing_vt_personal_information_stolen/10189/

Security breach affects hundreds in Andover
http://www.sunjournal.com/story/263391-3/RiverValley/Security_breach_affects_hundreds_in_Andover/

Missing laptop raises fear of identity theft
http://www.theworldlink.com/articles/2008/04/24/news/doc4810bce97af34074884341.txt

US radio websites in Eastern Europe hit by cyberattack: bosses
http://news.smh.com.au/us-radio-websites-in-eastern-europe-hit-by-cyberattack-bosses/20080429-295u.html

ARRESTS, SENTENCING & CONVICTIONS

Private Eyes Jailed for Industrial Espionage Involving Spyware
http://www.idm.net.au/story.asp?id=9528
http://www.scmagazine.com/uk/news/article/806261/israeli-private-investigators-guilty-spyware-case/
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/

Man gets prison after hundreds of thousands of spam e-mails
http://news.smh.com.au/man-gets-prison-after-hundreds-of-thousands-of-spam-emails/20080430-29ek.html

US warez sitemaster jailed for 30 months
http://www.theregister.co.uk/2008/05/01/warez_sitemaster_jailed/

Nigerian duped gullible NASA employee
http://www.theregister.co.uk/2008/04/30/nasa_employee_419_victim/

INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES

Lords propose to criminalise information disclosure
http://www.heise-online.co.uk/security/Lords-propose-to-criminalise-information-disclosure–/news/110641
http://management.silicon.com/government/0,39024677,39208916,00.htm

Federal breach notification stuck in Congress
http://searchcio-midmarket.techtarget.com/news/article/0,289142,sid183_gci1309396,00.html

DATA PRIVACY & PROTECTION

Identity ‘at risk’ on Facebook
http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm

600 HMRC workers caught snooping
http://www.silicon.com/publicsector/0,3800010403,39211282,00.htm
http://www.epolitix.com/EN/News/200805/b15c19b5-454d-41f3-9583-dc9a0f8157c4.htm

How many staff has HMRC caught snooping on records?
http://www.theregister.co.uk/2008/05/01/hmrc_discipline_numbers/

REPORTS & RESEARCH

Inner workings of Kraken botnet analysed
http://www.heise-online.co.uk/security/Inner-workings-of-Kraken-botnet-analysed–/news/110644

COMMENTARY

EU Commission says payment fraud moving to the internet
http://www.scmagazine.com/uk/news/article/806253/eu-commission-says-payment-fraud-moving-internet/

Estonia’s cyberattacks: Lessons learned, a year on
http://news.zdnet.co.uk/security/0,1000000189,39408158,00.htm 

STUDIES AND SURVEYS

Global security software revenue to hit US$10.5B
http://www.zdnetasia.com/news/security/0,39044215,62040592,00.htm
http://software.silicon.com/security/0,39024655,39208908,00.htm

MISC

Hackers warn high street chains
http://news.bbc.co.uk/2/hi/technology/7366995.stm

Defcon competition: modifying viruses to bypass scanners
http://www.heise.de/english/newsticker/news/107236
http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html

Declassified NSA Document Reveals the Secret History of TEMPEST
http://blog.wired.com/27bstroke6/2008/04/nsa-releases-se.html

Rogue trader lands job in computer security
http://www.news.com/8301-10789_3-9931402-57.html

Social networking applications can pose security risks
http://news.smh.com.au/social-networking-applications-can-pose-security-risks/20080428-28xa.html

McAfee ‘Hacker Safe’ cert sheds more cred
http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/

The darker side of Webmail
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9078638&intsrc=hm_ts_head

Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.

About the Author: bhimport

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*