Below is a round up of news stories relating to information security that we have collated from the past few days. For ease of use we have categorised the stories under the most appropriate headings. If there are other stories that may be of interest please let us know via the comments feature.
VULNERABILITIES
Password weak link in Apple’s Keychain
http://www.zdnetasia.com/news/security/0,39044215,62038325,00.htmSecurity experts warn of potential malicious AIR code
http://www.zdnetasia.com/news/security/0,39044215,62038215,00.htmVMware security bug exposed
http://www.zdnetasia.com/news/security/0,39044215,62038163,00.htm
http://www.theregister.co.uk/2008/02/25/vmware_critical_vuln/
http://news.zdnet.co.uk/security/0,1000000189,39341144,00.htm?r=2
PATCHES
VMware Moves To Counter Virtual Machine Security Threat
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206900669
http://www.scmagazine.com/uk/news/article/787543/vmware-releases-api-simplifies-securing-vitalized-environments/Firefox 3 final beta to be released in March
http://news.zdnet.co.uk/security/0,1000000189,39352913,00.htm?r=2Symantec closes holes in Backup Exec for Windows Server
http://www.heise-online.co.uk/security/news/print/110203
COMPUTER VIRUSES, WORMS & TROJANS
Another worm burrows through Orkut
http://www.heise-online.co.uk/security/Another-worm-burrows-through-Orkut–/news/110220
http://www.scmagazine.com/uk/news/article/786824/googles-orkut-hit-self-propagating-trojan/
http://www.theregister.co.uk/2008/02/29/orkut_worm_reloaded/Malware removes rival rootkits
http://www.channelregister.co.uk/2008/02/28/rootkit_wars/InfoJack Trojan burrows into Windows CE machines
http://www.theregister.co.uk/2008/02/27/infojack_trojan/
EXPLOITS & ACTIVE ATTACKS
Mac OS X: Undetected malware and plain text passwords
http://www.heise-online.co.uk/security/Mac-OS-X-Undetected-malware-and–plain-text-passwords–/news/110215‘Safe’ websites stealing info
http://www.news.com.au/story/0,23599,23297473-2,00.htmlHackers claim they broke key security code
http://www.registerbee.com/servlet/Satellite?pagename=DRB/MGArticle/DRB_BasicArticle&c=MGArticle&cid=1173354796772Link hack redirects MySpace visitors to phishing site
http://www.scmagazine.com/uk/news/article/786778/link-hack-redirects-myspace-visitors-phishing-site/Underground tools foil generic virus detection
http://www.theregister.co.uk/2008/03/03/underground_malware_testing/Bitlocker hack is easily prevented, Microsoft says
http://www.channelregister.co.uk/2008/02/27/bitlocker_hack_prevention/Encryption firms speak up on DRam attack
http://www.vnunet.com/vnunet/news/2210836/encryption-firms-speak-dram
GOVERNMENT SECURITY ISSUES
US seeks terrorists in web worlds
http://news.bbc.co.uk/2/hi/technology/7274377.stmEU extends net safety programme
http://news.bbc.co.uk/2/hi/technology/7270790.stm
http://news.smh.com.au/eu-to-spend-euro55-million-on-initiatives-to-make-internet-safe-for-children/20080228-1vct.htmlAussie govt hunts outsourcer for e-threat warnings
http://www.zdnetasia.com/news/security/0,39044215,62038170,00.htmEU-wide security project proposed
http://www.computing.co.uk/computing/news/2210541/european-knowledge-storeDHS gives itself a ‘C’ for cybersecurity
http://www.govexec.com/story_page.cfm?articleid=39393Cyber Storm II stirring
http://www.fcw.com/online/news/151806-1.htmlDH seeks tougher sanctions for security breaches
http://www.e-health-insider.com/news/3516/dh_seeks_tougher_sanctions_for_security_breachesPatient database open to access by non-qualified NHS staff
http://www.computerweekly.com/Articles/2008/03/03/229636/patient-database-open-to-access-by-non-qualified-nhs.htm
SPAM, PHISHING & ONLINE SCAMS
Six botnets responsible for nearly all spam
http://www.heise-online.co.uk/security/Six-botnets-responsible-for-nearly-all-spam–/news/110219
http://www.theregister.co.uk/2008/02/29/botnet_spam_deluge/Phishers clean up at online casinos
http://www.theregister.co.uk/2008/02/28/casino_phishing/Phishing attacks escalate sharply
http://www.zdnetasia.com/news/security/0,39044215,62038425,00.htm
DATALOSS/INFORMATION SECURITY BREACHES
Brazil’s oil data mystery cracked
http://www.chron.com/disp/story.mpl/business/5580547.htmlWheat trader for MF Global loses $141.5 million in unauthorized trading
http://www.iht.com/articles/2008/02/29/business/29trader.phpHackers penetrate police email accounts
http://www.thelocal.se/10170/20080229/HP leaks personal data on Web site
http://search.japantimes.co.jp/mail/nb20080301n3.htmlArsenal fan site hacked
http://www.webuser.co.uk/news/news.php?id=195374
http://www.theregister.co.uk/2008/02/29/gooner_malware_assault/Dutch tax office deletes 730,000 tax returns
http://www.theregister.co.uk/2008/02/29/sorry_we_lost_your_tax_return/Computer Sweden: Swedish Officials’ Passwords Revealed by Hacker
http://www2.csoonline.com/blog_view.html?CID=33588Hackers attack MySpace and Facebook
http://www.vnunet.com/vnunet/news/2210932/buffer-overflow-hacks-target
ARRESTS, SENTENCING & CONVICTIONS
“Bot herder” AKILL appears in court
http://www.heise-online.co.uk/security/Bot-herder-AKILL-appears-in-court–/news/110213
http://www.smh.com.au/news/security/bail-for-alleged-spybot-leader/2008/02/29/1204226977398.html
http://www.theregister.co.uk/2008/02/29/nz_botmaster_latest/
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10495528Spurned internet-dater faces jail for spreading nude pics
http://www.timesonline.co.uk/tol/news/uk/article3447080.eceProlific spammer’s felony conviction upheld
http://www.msnbc.msn.com/id/23411441/
http://news.smh.com.au/prolific-spammers-conviction-upheld/20080301-1w04.html
http://www.vnunet.com/vnunet/news/2210969/spammer-loses-free-speechHK celeb’s nude pics lead to more arrests (+photos)
http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10495612Spam King trial set to start next month
http://www.computingsa.co.za/article.aspx?id=717503
FEDERAL PLEAS HEARD IN EASTERN DISTRICT OF TEXAS
http://www.ntxe-news.com/artman/publish/article_44139.shtml2 get prison terms in ID theft from clinic patients
http://www.chron.com/disp/story.mpl/headline/metro/5583753.htmlNine arrested as B.C. identity-theft ring busted
http://www.canada.com/calgaryherald/news/story.html?id=fd7c7860-462d-474d-ae2c-ec74a24740a3
COURT CASES AND LEGAL ISSUES
Legal aid for whistle-blower site
http://news.bbc.co.uk/2/hi/technology/7268581.stmLawyer admits computer breach
http://sundaygazettemail.com/News/200803010561US judge restores Wikileaks website
http://news.smh.com.au/us-judge-restores-wikileaks-website/20080302-1w76.html
INDUSTRY STANDARDS, COMPLIANCE & REGULATORY ISSUES
Software company says it can still resell Microsoft licences
http://www.channelregister.co.uk/2008/02/29/microsoft_licence_resale/
DATA PRIVACY & PROTECTION
EU guidelines on RFID aim to protect privacy
http://news.zdnet.co.uk/security/0,1000000189,39336502,00.htm?r=2In a State of surveillance
http://www.siliconrepublic.com/news/news.nv?storyid=single10383German court allows limited Internet surveillance
http://news.smh.com.au/german-court-allows-limited-internet-surveillance/20080228-1vdt.html
REPORTS & RESEARCH
Healthcare organizations feeling cyberattacks growing
http://www.networkworld.com/news/2008/022708-healthcare-cyberattacks.htmlIT governance rising up the agenda
http://www.vnunet.com/vnunet/news/2210908/third-companies-implementingMalware writers team up for virus testing
http://www.vnunet.com/vnunet/news/2210835/malware-writers-team-virusVirus authors ‘pack’ malware to avoid detection
http://www.vnunet.com/vnunet/news/2210837/virus-authors-pack-malwareData breaches cost an average business £1.4m
http://news.zdnet.co.uk/security/0,1000000189,39341215,00.htm?r=2
COMMENTARY
Extra staff needed to boost bank IT security
http://www.vnunet.com/vnunet/news/2210961/extra-staff-needed-boost-bank
STUDIES AND SURVEYS
Internet shoppers clueless on Web security
http://www.zdnetasia.com/news/security/0,39044215,62038211,00.htmSurvey shows IT security employees in demand, but skills lack
http://www.scmagazine.com/uk/news/article/787540/survey-shows-security–employees-demand-skills-lack/Surfers not confident with online security
http://www.vnunet.com/vnunet/news/2210842/european-surfers-confident
DISASTER RECOVERY & BUSINESS CONTINUITY
LinkedIn networking site suffers hourlong outage related to big upgrade
http://news.smh.com.au/linkedin-networking-site-suffers-hourlong-outage-related-to-big-upgrade/20080301-1w0u.htmlGlitch blocks some users’ access to Microsoft’s Hotmail
http://news.smh.com.au/glitch-blocks-some-users-access-to-microsofts-hotmail/20080227-1v4v.html
Stories courtesy of the following sources, RTE, The Irish Independent, SiliconRepublic.com, ZDNet, The Register, Pogowasright.org, Heise Magazine, BBC, SC Magazine, VNUNET, Sydney Morning Herald, New Zealand Herald, EU Observer, The Times & the Web Hacking Incidents Database.
