Editor's News

Microsoft released nine patches last night to cover two critically rated vulnerabilities.   On its monthly patch Tuesday, it addressed 37 common vulnerabilities and exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). It recommended focusing on the critical patches first.   The first is MS14-043 that fixes a vulnerability in Windows Media Centre, which could allow Remote Code Execution.   Russ Ernst, director of product management at Lumension, said: “MS14-043...

Despite there being 654 prosecutions over six years for obtaining or disclosing data, there were only three prosecutions for serious offences. According to a Freedom of Information Act (FOIA) request by Cordery, the Crown Prosecution Service confirmed that they had prosecuted for three data protection offences: obtaining or disclosing personal data or the information contained in personal data; procuring the disclosure to another person of the information contained in personal data; and selling personal data....

Londoners suffer more thefts of electronic devices than anywhere else in the UK.   According to a Freedom of Information request, of 290,651 thefts involving computer equipment reported by police forces across the entire UK, 42 per cent were reported by the Metropolitan Police. The total number of thefts of electronic devices such as computers, smartphones and tablets, which could store sensitive personal information, accounted for 34 per cent of thefts in London, compared to...

More protection is needed for activists, journalists and whistle-blowers.   Speaking at the Def Con conference, Electronic Frontier Foundation members Kirk Opsahl, Eva Galperin, Yan Zhu, Mark Jaycox and Nate Cardozo claimed that security is broken on the intelligence side, and whistle-blowers now have to go through the system and individuals, and they warn managers who do not listen. “You also cannot go to congressional committees as the system is broken, and there are no...

Information security lobbying group and research collective “I am the Cavalry” has issued an open letter to the automotive industry informing them of software failings in cars.   The open letter calls for better car safety and for collaboration with the automotive industry specifically on  five key capabilities that create a baseline for safety relating to the computer systems in cars: Safety by Design and development of automotive computer systems with security in mind; Third-Party Collaboration...

Be fearful of your smartphone as it is spying on you.   In a second surprise talk in Las Vegas last week, security veteran John McAfee spoke at the Def Con conference warning users to be wary of their smartphones. McAfee said smartphones are spying on American consumers who don’t bother to read user agreements, and asked for a show of hands of every delegate who had read the permissions for applications; less than one per...

We need pervasive encryption as the public key infrastructure (PKI) is generally “a bad idea” and something we should move away from.   According to cryptographer Phil Zimmermann, we need a new form of pervasive encryption and we need to create pervasive crypto and cause a legislative environment to push back and make a change. Speaking at the Def Con event in Las Vegas, Zimmermann said that the crypto wars were won in the 1990s...

Lawyers must take steps to protect sensitive paperwork, following a series of cases which have seen files lost or accidentally made public.   According to the Information Commissioner's Office, there have been 15 complaints about solicitors and barristers in the last three months, and commissioner Christopher Graham reminded lawyers of their responsibilities to keep personal information secure under data protection rules.   He told the Telegraph: “The number of breaches reported by barristers and solicitors...

Websites which run on the Wordpress content management system are at risk of being fully controlled by hackers.   According to Sucuri, the vulnerability affects Custom Contacts Form, a plugin with more than 621,000 downloads. The company claimed that this would allow an attacker to take unauthorised control of a victim’s website without requiring any sort of privileges or accounts beforehand.   It said: “Those familiar with WordPress know that all of the table names and...

Microsoft will release nine patches next week, two of which will be rated as critical.   These Updates will be for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows and Internet Explorer. The two critical bulletins and one of the others, rated as important, allow for Remote Code Execution (RCE).   Wolfgang Kandek, CTO of Qualys, said: “The most critical patch is bulletin #1 which affects all versions of Internet Explorer (IE), all the way from...