Weekly brief February 22, 2009

Backupify, a service that backs up a variety of cloud-based accounts including Facebook, Twitter, and Wordpress blogs, is taking registrations.

The Department of Defense is taking a stricter approach to security among its suppliers. It issued a memo, outlining an industrial board cybersecurity executive commitee. It will also co-ordinate oversight of industry cybersecurity activities.

According to the Prague Daily Monitor, Czech security experts have uncovered a network of infected devices that enable users to be wiretapped. Modems featured heavily among the devices, which were tapped using an Italian server. That server has now been disconnected, but others are popping up.

Google continues to battle problems with its Buzz service. It fixed a cross-site scripting flaw that enabled attackers to take control of users' accounts.

Identity theft continues to be a huge problem, but at least people are getting caught. The Office of Inadequate Security blog reports that two men have been convicted of identity theft. Robert Sacks and Diego Hernandez were nailed on 42 counts. They were the final defendants in a 17-strong bank fraud ring. In a separate case, Robert Thompson, who led a large identity theft and bribery scheme, was sentenced to 309 years in prison in Louisiana. He used more than 61 individuals' and organizations' personal information to steal from their bank accounts and to obtain credit.

However, not all the culprits are being caught. Roughly 50 credit union members in Windsor, Ontario – including the organization's CEO – were victims of fraudulent cash withdrawals from ATMs. Their cards were compromised by bogus debit card readers that sent their information to storage devices via Bluetooth.

Mozilla addressed five security vulnerabilities – three of them critical – with the 3.5.8 and 3.0.18 releases of its Firefox browser. However, Russian researcher Evgeny Legerov released attack code exploiting a critical vulnerability in 3.5.7 that he said hasn't been tackled by Mozilla with its updates

What’s Hot on Infosecurity Magazine?