iPhone flaw
Whitehat researchers discovered the iPhone's first security vulnerability — a flaw that allows remote exploitation by attackers.
A team of attackers at Baltimore-based Independent Security Evaluators released general details about a buffer overflow flaw that could permit malware writers to inject malicious code to steal personal info from a user's phone.




The U.S. Department of Energy
(DOE) imposed a $3.3 million fine against the current and former operators of the Los Alamos National Laboratory following an incident last year in which a subcontractor's employee stole classified documents on a USB drive.

The DOE penalized the University of California, which managed the lab until May 2006, $3 million, and fined the new manager, Los Alamos National Security, $300,000.

 


In a study authorized by California's secretary of state, researchers from the University of California discovered information and physical security flaws in the products of three electronic voting vendors.

Two penetration testing teams examined systems from Diebold, Hart InterCivic and Sequoia, reporting that the systems are not secure enough to fend off hackers or physical tampering.

Researchers were confident that the tests would have revealed more flaws had they gone on longer.




The FBI, working with Chinese authorities, busted a crime syndicate that was peddling hundreds of millions of dollars in software from Microsoft and Symantec.

The joint operation, codenamed “Summer Solstice” and conducted with help from the China's Ministry of Public Security, uncovered $7 million in assets and $500 million in pirated software.




The number of compromised consumer records sold to a data broker by a former Certegy Check Services employee was revealed to be 8.5 million — six million more than first disclosed.

Fidelity National Information Services, a division of Certegy, disclosed in a filing with
the U.S. Securities and Exchange Commission, that more affected records may be found.




A federal contractor said it mistakenly placed thousands of military households at risk for ID theft when it sent personal info (PI) over the web through an unencrypted channel.

SAIC, a San Diego-based vendor, said that the PI of about 580,000 military personnel and their family members was placed online while being processed.




Mozilla and Microsoft played the blame game over browser vulnerabilities, as Mozilla initially pointed the finger at Redmond for a URL handling flaw in Firefox that can be exploited when a user has that program and Internet Explorer installed.

Mozilla eventually backtracked from demands that Microsoft patch the flaw in Internet Explorer, and admitted that the issue exists primarily in Firefox.




USB encryption vendor Kingston Technology suffered a data breach, as it disclosed that thieves infiltrated a company computer two years ago and accessed 27,000 customer credit card files.
The $3.7 billion company, which launched USB drives with hardware-based encryption in March 2006, specializes in memory modules.




A run of the storm worm, first seen in January, comprised the largest virus attack in two years, according to Postini. The company said that the attack generated 120 million messages in about a week.

The attack was named for the deadly European wind storms that occurred in January. Early attacks arrived with video EXE files with storm-related headings, such as “230 dead as storm batters Europe.”