News You Can Use

Major security sites hit by cross-site scripting bugs: Physicians, heal thyselves! A security watchdog reports that three of the best-known security companies have collectively left over two-dozen cross-site scripting vulnerabilities flapping in the breeze. And the “Hacker Safe” designation is no guarantor of safety, either.

U.S. Accuses Chinese Of Hacking Government Computers: Chinese officials deny accusations that the attacks appeared to be from China, maintaining that the developing nation doesn’t have the technology to penetrate the U.S. government’s cyber defenses.

Hacker gets 41 months for running rogue botnet: Robert Matthew Bentley of Florida must also pay $65,000 in restitution for installing a botnet on Newell Rubbermaid’s corporate network.

Experts: Spyware legislation needs more work: In the grand tradition of federal legislation-naming, the Counter Spy Act appears to leave a lot of room for spying.

New version of fixes critical bug: has released a patch for its eponymous software suite, targeting a heap-overflow vulnerability.

Most data breaches discovered too late, study says: An examination of the finding of 500 forensics investigations involving around 230 million records reveals some ugly truths about corporate responses to network data breaches.

Microsoft’s CardSpace attacked by researchers: Identity theft predates the Internet, and if even the best-laid plans for combating it are destined to go astray, there’s bound to be crime aplenty ahead. According to researchers who have examined Microsoft’s CardSpace system, that particular plan diminishes risk — but could never eliminate it.

Thieves steal tapes holding 2.2M billing records: The University of Utah Hospitals & Clinics said that tapes containing billing records of 2.2 million patients were stolen from the car of a third-party courier.

Apple Repairs Five QuickTime Flaws: Apple issued Five QuickTime updates plugging security holes which fix memory corruption flows, buffer stack overflow vulnerabilities, and URL file handling issues.

Mac bug forces Mozilla to Firefox 3.0 RC3

Microsoft patches 10 bugs in Windows, IE and Bluetooth: Microsoft on Tuesday released seven security updates to patch 10 vulnerabilities — four of them “critical” — in Windows and Internet Explorer. It also disabled a third-party ActiveX control bundled with Logitech hardware, including keyboards and mice.

Safari ‘carpet bomb’ attack code released: Critical flaws in Windows versions of Safari and Internet Explorer proved irresistible to a hacker who has posted attack code that can exploit them. Apple holds fast in its refusal to patch the Safari flaw, but Microsoft may be moving toward a fix.

Hacker’ pleads guilty to attacking anti-phishing group: A California man who attempted to hide his laptop in the yard when the cops came calling, has hacked his way to a two-year sentence.

3 top ISPs to block access to sources of child porn: Three of the largest Internet service providers have agreed to block access to sources of child pornography.

The best ways to protect your identity online: Here’s how to protect yourself on social networking sites and other places where cyber-crooks are searching for victims who may provide too much information.

E-discovery blunder leads to loss of attorney-client privilege

Microsoft To Patch Three Critical Flaws: Microsoft plans to announce repairs for vulnerabilities affecting Internet Explorer, DirectX and Bluetooth.

Opinion: Breach laws fail to protect anyone: They haven’t met their stated goals, says Bart Lazar, and they are costly to comply with.