Talk
Melissa Hathaway, who recently resigned her post having decided not to take up the role of cyber security czar, urged the private and public sectors to work together while key noting at ArcSight's user conference, Protect '09.
India's Intelligence Bureau has asked the Ministry of Communications and Information Technology to block VoIP calls until it can figure out how to track them.
The Internet Engineering Task Force has released a set of guidelines for the remediation of bot activity in ISP networks.
Tools
An Android version of Tor, the anonymity network technology, has been introduced. Let's hope that it lasts longer than the cross-site scripting protection introduced into Chrome, Google's secure browser - which hackers claim to have already broken.
Microsoft has continued its efforts to help developers secure their work by distributing a free fuzzer tool. It has also made available a binary analyser product to help lockdown code.
Techniques
Bot nets have used various techniques for command and control, including IRC and peer-to-peer communications. Now, Symantec researcher Gavin O. Gorman has found a backdoor Trojan that uses Google groups to distribute commands.
Research from Trend Micro found that bot software tends to linger around on infected machines for an average of 300 days, rather than the approximate infection period of six weeks previously assumed.
Trials
Miami resident Albert Gonzalez pleaded guilty to fraud, identity theft, and other charges relating to major US retail hacks, including TJX, BJ's Wholesale Club, OfficeMax, and Barnes & Noble.
Brian Keith Montgomery, a Federal government employee, has been arrested for using passwords obtained legitimately for other tasks to access data about a terrorism investigation being conducted by the FBI and the US army.
Two men are to be put on trial for allegedly carrying out a denial of service attack on ISP ThePlanet. Thomas James Frederick Smith and David Anthony Edwards supposedly crafted the DDoS using machines infected by their own bot net software, called Nettick.
Traps
The New York Times had to warn readers that their computers may have been infected with the virus, following the appearance of an unauthorised advertisement on its site touting scareware.
Significantly, TippingPoint argues that some web programmers are deliberately coding SQL injection as a "feature" in some online applications. An online advertising company was using such a feature to distribute reports to its partners, say reports.
More than half of all users of the Firefox browser were running an unsafe version of Adobe Flash player, according to statistics collected by Mozilla.