Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
QuickTime leak allows trojans to be injected
http://www.heise-online.co.uk/security/QuickTime-leak-allows-trojans-to-be-injected–/news/110640
Oracle Database Susceptible To Rare Attack
http://www.informationweek.com/news/software/database_apps/showArticle.jhtml?articleID=207402692
Multiple flaws found in HP Software Update tool
http://www.zdnetasia.com/news/security/0,39044215,62040763,00.htm
PATCHES
Microsoft postpones Service Pack updates
http://www.heise.de/english/newsticker/news/107248
COMPUTER VIRUSES, WORMS & TROJANS
Storm worm botnet turns into April shower
http://www.theregister.co.uk/2008/05/01/storm_worm_breakup/
EXPLOITS & ACTIVE ATTACKS
Plasma TV components applied to password cracking
http://www.theregister.co.uk/2008/04/30/fpga_hacking/
Whitehats tackle The Great Botnet Dilemma
http://www.theregister.co.uk/2008/04/29/kraken_botnet_infiltrated/
GOVERNMENT SECURITY ISSUES
Bush administration’s email snafu explained?
http://www.heise-online.co.uk/security/Bush-administration-s-email-snafu-explained–/news/110645
Experts struggle with cybersecurity agenda
http://www.gcn.com/online/vol1_no1/46189-1.html
Government data breaches have eroded public trust
http://www.zdnetasia.com/news/security/0,39044215,62040859,00.htm
http://www.silicon.com/research/specialreports/datalockdown/0,3800014480,39210529,00.htm
National fraud reporting centre to arrive next year
http://management.silicon.com/government/0,39024677,39208911,00.htm
Audit: NJ lacks computer security for personal Medicaid data
http://www.newsday.com/news/local/wire/newjersey/ny-bc-nj–medicaid-computer0501may01,0,7802356.story
SPAM, PHISHING & ONLINE SCAMS
ISC shutters services of more than 4300 Chinese open e-mail relays
http://www.zdnetasia.com/news/security/0,39044215,62040801,00.htm
Brazen scammer claims to be fraud squad head
http://www.smh.com.au/news/technology/brazen-scammer-claims-to-be-fraud-squad-head/2008/04/30/1209234929531.html
For 30 years now, you’ve been getting spam
http://news.smh.com.au/for-30-years-now-youve-been-getting-spam/20080502-2a3j.html
http://www.theregister.co.uk/2008/05/01/spam_30
Identity Thieves Sharpen Their Act
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10507218
PIRACY & COPYRIGHT
Charity advice on music downloads
http://news.bbc.co.uk/2/hi/technology/7375621.stm
DATALOSS/INFORMATION SECURITY BREACHES
London mayoral candidate web sites open to XSS
http://www.heise-online.co.uk/security/London-mayoral-candidate-web-sites-open-to-XSS–/news/110648
http://www.theregister.co.uk/2008/05/01/london_mayor_security_gaffes/
Anti-Israel hackers deface central bank site
http://www.theregister.co.uk/2008/04/30/bank_of_israel_hacking/
Every Italian’s tax bill published online
http://www.theregister.co.uk/2008/05/01/italy_publishes_tax_details/
http://www.guardian.co.uk/world/2008/may/01/italy
88,000 patients at risk after computer theft
http://www.silive.com/news/advance/index.ssf?/base/news/1209644107324690.xml&coll=1
Laptop containing VT personal information stolen
http://www.wsls.com/sls/news/local/new_river_valley/article/laptop_containing_vt_personal_information_stolen/10189/
Security breach affects hundreds in Andover
http://www.sunjournal.com/story/263391-3/RiverValley/Security_breach_affects_hundreds_in_Andover/
Missing laptop raises fear of identity theft
http://www.theworldlink.com/articles/2008/04/24/news/doc4810bce97af34074884341.txt
US radio websites in Eastern Europe hit by cyberattack: bosses
http://news.smh.com.au/us-radio-websites-in-eastern-europe-hit-by-cyberattack-bosses/20080429-295u.html
ARRESTS, SENTENCING & CONVICTIONS
Private Eyes Jailed for Industrial Espionage Involving Spyware
http://www.idm.net.au/story.asp?id=9528
http://www.scmagazine.com/uk/news/article/806261/israeli-private-investigators-guilty-spyware-case/
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/
Man gets prison after hundreds of thousands of spam e-mails
http://news.smh.com.au/man-gets-prison-after-hundreds-of-thousands-of-spam-emails/20080430-29ek.html
US warez sitemaster jailed for 30 months
http://www.theregister.co.uk/2008/05/01/warez_sitemaster_jailed/
Nigerian duped gullible NASA employee
http://www.theregister.co.uk/2008/04/30/nasa_employee_419_victim/
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Lords propose to criminalise information disclosure
http://www.heise-online.co.uk/security/Lords-propose-to-criminalise-information-disclosure–/news/110641
http://management.silicon.com/government/0,39024677,39208916,00.htm
Federal breach notification stuck in Congress
http://searchcio-midmarket.techtarget.com/news/article/0,289142,sid183_gci1309396,00.html
DATA PRIVACY & PROTECTION
Identity ‘at risk’ on Facebook
http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm
600 HMRC workers caught snooping
http://www.silicon.com/publicsector/0,3800010403,39211282,00.htm
http://www.epolitix.com/EN/News/200805/b15c19b5-454d-41f3-9583-dc9a0f8157c4.htm
How many staff has HMRC caught snooping on records?
http://www.theregister.co.uk/2008/05/01/hmrc_discipline_numbers/
REPORTS & RESEARCH
Inner workings of Kraken botnet analysed
http://www.heise-online.co.uk/security/Inner-workings-of-Kraken-botnet-analysed–/news/110644
COMMENTARY
EU Commission says payment fraud moving to the internet
http://www.scmagazine.com/uk/news/article/806253/eu-commission-says-payment-fraud-moving-internet/
Estonia’s cyberattacks: Lessons learned, a year on
http://news.zdnet.co.uk/security/0,1000000189,39408158,00.htm
STUDIES AND SURVEYS
Global security software revenue to hit US$10.5B
http://www.zdnetasia.com/news/security/0,39044215,62040592,00.htm
http://software.silicon.com/security/0,39024655,39208908,00.htm
MISC
Hackers warn high street chains
http://news.bbc.co.uk/2/hi/technology/7366995.stm
Defcon competition: modifying viruses to bypass scanners
http://www.heise.de/english/newsticker/news/107236
http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html
Declassified NSA Document Reveals the Secret History of TEMPEST
http://blog.wired.com/27bstroke6/2008/04/nsa-releases-se.html
Rogue trader lands job in computer security
http://www.news.com/8301-10789_3-9931402-57.html
Social networking applications can pose security risks
http://news.smh.com.au/social-networking-applications-can-pose-security-risks/20080428-28xa.html
McAfee ‘Hacker Safe’ cert sheds more cred
http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/
The darker side of Webmail
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9078638&intsrc=hm_ts_head
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
