Opera users should upgrade their browser software following the discovery of multiple security bugs.…

Analysis The organised tampering of PIN entry devices to commit credit card fraud, which led to arrests in Birmingham last week, has been linked to a breach in an Asda store on the outskirts of Portsmouth.…

If you’re heading into this show, pop by and say hello at the Securus Global stand. Security 2008 has been Australia’s premier security (non-IT) event and is now in its 23rd year. This year for the first time, they are including a Data Security Village - acknowledging that there is convergence and cross over between the traditional security and IT security growing. I’ve had the chance to work with the conference organisers behind the scenes and it looks like being a great event with over 4000 people expected to attend.

Registration for the exhibition is free so if you’re in town, well worth attending.

Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites.…

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.…

Three Massachusetts Institute of Technology undergraduates are once again free to publicly discuss gaping security holes in the Boston subway system after a federal judge refused to renew a gag order requested by transportation officials.…

The majority of servers supporting the Fedora Linux distribution were back online on Tuesday following a mystery disruption.…

A printing mix-up resulted in thousands of Goldfish credit card customers receiving other people's bills.…

Police are questioning a man following the murder of a senior Vodafone UK executive on Saturday.…

Security and storage giant Symantec has agreed to buy specialist Australian-based anti-spyware firm PC Tools. Terms of the deal were undisclosed in Monday's announcement.…

Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.…

Zango affiliates are offering gateway access to pirated films, including the Hollywood blockbuster The Dark Knight, in a bid to induce users into accepting adware.…

Cisco has plugged a buffer overflow flaw involving its popular WebEx online meeting client.…

With in-laws up there, I must admit to having a soft-spot for North Queenslanders. There’s been books written about them and regularly, they’ll come up with some beauties. Great start to another week:

Mount Isa Mayor invites “ugly women” - giving them a chance to find a bloke!
http://www.townsvillebulletin.com.au/article/2008/08/16/15499_news.html

Now we stumbled upon this one by chance. The section on what “ladies” should wear is a classic:
http://www.cairnsdining.com/xmasparty-etiquette.html

There should be a whole blog dedicated to North Queesland stories!

Yes, some are still paid to teach us the problems:

http://www.cpni.gov.uk/Products/technicalnotes/3677.aspx

Thank you! 2008?

GlobalSign has revoked the digital certificate of a rogue security application, which acquired the veneer of respectability by parading the credentials while trying to scam users.…

A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.…

This week's Patch Tuesday update was nearly as difficult to digest as a Michael Phelp's breakfast. It contained 11 bulletins covering 26 underlying vulnerabilities, the most in two years.…

The two Chinese Newcastle University graduates murdered last weekend could be linked to a complex web betting scam, Northumbrian Police believe.…

Analysis The UK Home Office has introduced procedures to handle encrypted personal data from external partners. However, guidelines on how the new Home Office Central Cryptography service will work raise concerns about possible shortcomings with the service which, while a big improvement, falls below best practice in sectors such as banking.…

A federal judge has refused to strike down an order gagging three Massachusetts Institute of Technology undergraduates from discussing gaping security holes in electronic payment systems used by Boston's transit agency.…

Security researchers claim to have uncovered evidence pointing to a link between Russian state-run businesses and cyber-attacks against Georgia.…

Popular BitTorrent client µTorrent has quietly patched a vulnerability that created a means for hackers to load malware onto the PCs of file-sharers simply by persuading them to open a poisoned Torrent.…

A Connecticut man was sentenced to seven years in prison on Wednesday for masterminding a phishing scam targeting AOL members.…

Hundreds of Mac users have been snared in a phishing scam that coincided with the glitches in the roll-out Apple's MobileMe service.…

On Sunday morning, security consultant Alan Shimel woke to discover that his personal blog, which is frequented by countless peers and reporters, was pointing to a website featuring explicit gay porn. Equally disturbing, he found someone had cracked open his Yahoo! Mail account and aired sensitive documents he filed with the Internal Revenue Service.…

Analysis UK police arrests of a gang reckoned to have tampered with Chip and PIN entry devices to harvest PIN numbers and cardholder details have sparked calls to revamp the security of devices.…

Sophisticated cybercrooks have developed a technique for tampering with the PIN Entry Devices on Chip-and-PIN readers to steal users' card details and PINs.…

Critical vulnerabilities in Microsoft Office star in the latest edition of Microsoft's Patch Tuesday updates.…

Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be.…

Unless I’ve missed something and it’s certainly not in section “51. Data Breach Notification” of this 2600 plus page Australian Law Reform Commission document, we’re still lacking some fundamental basics to any data breach notification law being successful.

As it currently sits and is proposed, the organisations that stand to be impacted the most are the ones that probably have the better Information Security and Privacy policies in place.

In basic terms, if you’ve got good practices and controls in place, you’re more likely to detect a breach and/or disclosure of private and confidential information. Thus, you will have to openly disclose. No need to drill down into the potential business and reputational implications to the organisation.

If your practices and controls around information protection are weak, you’re probably clueless as to whether a breach has occured so what you don’t know doesn’t get reported. Practice the 3 monkeys approach to Information Security and proposed data breach disclosure laws will have little impact upon you.

These laws will never be succesful without supporting legislation/regulation around basic and minimum security practices and controls. See previous post on this topic:

Regulation does not need to be considered bad. See discussion on regulation here.

We can debate whether high-level statements of requirements in the Privacy Act will cut it, but in my opinion, they won’t……they haven’t so far, so what would change things now?

Colchester University Hospital has sacked one of its managers over the theft of his work laptop, which contained unencrypted patient records.…

Websites carrying news of the Olympic games have been targeted in a new wave of SQL injection attacks. Vulnerabilities in sites including New Delhi Television Limited's NDTV.com have been booby-trapped with exploits designed to install malware onto users' computers.…

Large swaths of the internet remain at risk from a potentially crippling vulnerability in the net's address lookup system even after installing emergency patches, a researcher has warned.…

Updated A lone researcher claims to have discovered a raft of security issues with Nokia's mid-range handsets, allowing him to remotely install malicious applications with unprecedented capabilities - but he's asking for €20,000 for the details.…

Conflict between Georgia and Russia on the ground has been accompanied by the relaunch of cyber-attacks against Georgian government websites.…

Intel has fixed a pair of flaws in its chips ahead of a planned demonstration of remote attacks on them by security researcher Kris Kaspersky.…

Defcon A federal judge on Saturday gagged three Massachusetts Institute of Technology undergraduates from publicly presenting research at Defcon demonstrating gaping holes in the electronic payment systems of one of the nation's biggest transit agencies.…

Defcon A well-known researcher specializing in website security has strongly criticized safety on Google, arguing the world's biggest search engine needlessly puts its millions of users at risk.…

US prosecutors involved in the long-running fight to extradite the British Pentagon hacker Gary McKinnon have defended their dogged pursuit of the UFO hunter.…