Wednesday 27 May 2009

NHS had 140 security breaches for the first four months of 2009

http://www.independent.co.uk/news/uk/politics/nhs-loses-thousands-of-medical-records-1690398.html

Tuesday 26 May 2009

IIS 6 privilege elevation using WebDAV

Disable WebDAV for the moment:

http://www.microsoft.com/technet/security/advisory/971492.mspx

We truly never learn!

Laptop left in boot of car overnight in Edinburgh contained information about thousands of soldiers...
http://news.scotsman.com/scotland/Army39s-stolen--laptop-sparks.5283785.jp

I use a Mac so I'm ok

Java vulnerability on Mac is still not patched 6 months on:
http://www.theregister.co.uk/2009/05/19/unpatched_apple_vulnerability/

It sounds like it is being actively exploited. The mitigation is to disable the browser's Java applets as well as the "Open safe files after downloading" setting in Safari.

What took them so long to get infected?

The U.S. Marshals Service, a division of the Department of Justice, recently got crippled by Neeris. The virus was first discovered on 12th September 2007. The service was running anti malware, but that had not been updated for three years, and Windows patches had not been applied either.
http://www.networkworld.com/news/2009/052109-marshall-malware.html?hpg1=bn