Not All QSAs Are Created Equal: What You Should Know Before You Buy   26 Jun 2008 13:00 GMT
(Source: VeriSign) The Payment Card Industry Data Security Standard (PCI DSS) requires an annual assessment of security systems and procedures, which must be performed by a QSA and is designed to verify that an entity is complying with all requirements of the PCI DSS. Many companies equate passing the assessment with actually being in compliance. However, recent security breaches highlight the danger of this assumption. True compliance and sound security are part of an ongoing commitment best serviced by QSAs with expertise in security as a whole. This whitepaper helps choose the best QSA for the annual assessment by highlighting key differentiators among QSAs and QSA vendors.

Source: Computerworld

Researchers warn of IE6 zero-day bug   26 Jun 2008 13:00 GMT
An unpatched cross-site scripting flaw in Microsoft's Internet Explorer 6 could be used by hackers to capture keystrokes and steal other information, according to security researchers.

Source: Computerworld

Russian hackers planning attacks against Baltic countries and Ukraine   26 Jun 2008 03:58 GMT
Recent Tweets on Twitter are pointing to grumblings in the blogosphere around suspicion of a planned attack against Baltic countries and the Ukraine.  An article posted at The Baltic Course describes the planned attacks, as originally reported by Estonian television channel ETV24:  Recently, there have been multiple appeals in Russian Internet forums, calling for...
Source: ZDNet

Global warming is a security issue say American spies   26 Jun 2008 02:38 GMT
Sixteen American spy agencies combined their intelligence to report to the nation on global warming...as a security threat. To everyone's great surpise the spies found that our future is perilous...and we need continuied spying...to forestall governments toppling, more terrorist attacks by folks driven to violence by hunger, etc. etc....
Source: ZDNet

Lack of RFID standards leads to media panic   25 Jun 2008 14:46 GMT
There is no standard that will tell hospitals what frequencies the tags are using. Thus they can't tell when the frequencies being used by the tags might interfere with other gear. by Dana Blankenhorn
Source: ZDNet

Yahoo swats serious cross-site scripting bug   25 Jun 2008 13:39 GMT
Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users. The flaw, which was patched by Yahoo on June 13,  opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information. ...
Source: ZDNet

Avaya, Cisco and Nortel face VoIP vulnerabilities   25 Jun 2008 13:00 GMT
Patches expected for issues that affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops.

Source: Computerworld

Cleaning Chinese malware sites a 'bigger challenge' than in U.S., says researcher   25 Jun 2008 13:00 GMT
More than half the sites that spread malicious code are hosted on Chinese networks, and getting such sites cleaned up is much harder in China than in the U.S., Stopbadware.org said today.

Source: Computerworld

Insurer offers mobile health records   25 Jun 2008 13:00 GMT
The mobile phone as mobile computer now has the added dimension of being a secure storage device for personal health records, with a rollout of an application by Blue Cross in Pennsylvania.

Source: Computerworld

Another Trojan hits Mac OS X   25 Jun 2008 12:35 GMT
From a Slashdot article posted by "kdawson", written by "Don't Believe in Imaginary Property":  "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by...
Source: ZDNet