Compliance, Privacy and Security News As It Happens, Every 30 Minutes - Regular Global News on Compliance and Privacy

Cyber spies have planted Java- and Flash-exploiting malware on websites focused on human rights, defense, and foreign policy.

Over the last two weeks, the Shadowserver Foundation, a nonprofit group that tracks Internet threats, has discovered several such compromised Web sites that download the malware through visitors' browsers. The malware, which exploits known flaws in Adobe Flash and Java, is aimed at Mac and Windows systems.

I love offering opinions that generate comment after comment about how dumb I am, as my post "Why you don't need a firewall" has achieved. Little do these detractors know that my family and classmates said much meaner things as I was growing up, so it's like water sliding off a duck's back. I appreciate most of the comments -- because many were valid.

Some commenters, for example, guessed that I might have been exaggerating the tone of the article for effect. Mea culpa!

I love Facebook. I also hate it. And sometimes I'm indifferent, but not often.

As the big IPO day looms closer, lots of folks are taking a second look at this thing that started out as kind of a goofy diversion for college kids and has grown into the beast with 900 million heads.

Firewalls need to go away. I'm just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.

Computer firewalls have been with us since the 1980s. Even early on it was pretty clear that they didn't really work; if they did, we would have defeated malicious hackers and malware a long time ago. But at least back in the day there was a decent reason to need them.

Apple on Monday issued its first security-related update for OS X 10.5, or Leopard, in nearly a year, to disable long-outdated versions of Adobe's Flash Player.

Security Update 2012-003 does not patch any known vulnerabilities, but is instead a Leopard-specific version of what Apple released last week for OS X 10.6, or Snow Leopard, and the newer OS X 10.7, better known as Lion.

Nearly nine in 10 executives and employees are using their personal smartphones or tablets for business and about half are doing so without the permission of their companies, a new study shows.

Making the situation even more precarious, less than half of the more than 4,000 mobile device users surveyed by Juniper Networks in the U.S., U.K., Germany, China and Japan took even the most basic precautions in using mobile applications.

Facebook says it intends to make further changes to its privacy policy in order to respond to an audit by the Irish government, but privacy advocates saw the move as an inadequate attempt to quell privacy concerns prior to Facebook's planned initial public offering.

After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn't going to patch critical bugs in older versions of its software, Adobe has reversed course.

The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.

Government is up to its neck in tech. From IRS computers calculating taxes to computerized parking meter systems all the way to modern weapons systems, government at every level is utterly tangled up in computing.

Facebook has started to roll out a new file-sharing capability -- and Dropbox shouldn't be the only worried party. The addition of a low-security file-sharing tool to the world's most popular social networking site could open a world of security pain on businesses and home users alike.

Apple yesterday patched 36 vulnerabilities in Mac OS X, most of them critical, plugging a hole that revealed passwords used to encrypt folders with an older version of FileVault.

Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in February.

Booby-trapped RTF documents are one of the most common types of malicious Microsoft Office files that are used to infect computers with advanced persistent threats (APTs), according to security researchers from Trend Micro.

"Taking data from exploit documents gathered last April, we can see that the most exploited MS Office software is MS Word," said Trend Micro senior threat researcher Ryan Flores, in a blog post on Wednesday.

If the cloud is to become a viable platform for the enterprise, security is critical.

Twitter is investigating an apparent data breach that resulted in more than 50,000 user names and passwords being posted to the Internet. The data was posted across five pages (one, two, three, four, five) on Pastebin, a favorite site for hackers to post their ill-gotten gains.

The PHP Group released PHP 5.4.3 and PHP 5.3.13 on Tuesday to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

"The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311)," the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function.

RIM's upcoming BlackBerry 10 operating system is intended to be as secure, if not more so, than the OS running on RIM's current crop of BlackBerry devices. Mobile security could become a major selling point for the new platform, for enterprises, carriers, and users alike.

A security error in OS X 10.7.3 exposes passwords on systems with support for the pre-Lion FileVault home-directory encryption feature. This security flaw, apparently created when Apple left debugging code in the 10.7.3 update, is only triggered with Lion systems in which legacy support for the original FileVault is retained and when logging in with such an account.

Is the BYOD craze going to bring a revival of NAC, the policy-based network-access control that was hyped a decade ago but didn't end up widely adopted for endpoint security?

Java's direct responsibility in the recent Mac Flashback Trojan attacks have many calling for Java's retirement, including InfoWorld's own Woody Leonhard.