From the report:

"Reports of the death of K T Ligesh, 32, come in the wake of the exploitation of a critical vulnerability in HyperVM, a virtualization application made by LXLabs, to wipe out data on 100,000 sites hosted by the UK web hosting firm VAserv."

"Security researchers at Milw0rm warn that the Kloxo (formerly Lxadmin) web hosting platform from LxLabs contains 24 security vulnerabilities and exploits. The flaws include SQL injection vulnerabilities and flaws that create a way for hackers to gain file access to files hosted on a vulnerable system."

"Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use."

"For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information – resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security – creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.

This paper discusses the challenges faced by organizations of all sizes – across all industries – and presents a security as a service (SaaS) approach to simplify and automate the convergence of security and compliance."

"The Internet Architecture Board (IAB), the central committee of the Internet Engineering Task Force (IETF, a standards organisation), is calling for a simple system for signing the DNS root zone, and for the interest groups of the Internet Corporation for Assigned Names and Numbers (ICANN) to be given a say in a number of operational questions. That would give the ICANN community an influence on, say, the continuous rollover of keys for signing the root zone. The IAB makes these requests in its feedback to a Notice of Inquiry from the US National Telecommunications and Information Agency (NTIA). It also calls for caution: "Care should be taken that DNSSEC deployment remains about data, integrity, and authenticity, and not about control." "

"Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft's Windows operating system, an analysis that some other security companies disputed Friday.

The attacks spotted by Symantec target a flaw in the Windows Server Service that Microsoft says could be exploited to create a self-copying worm attack. Late last month, Microsoft took the unusual step of rushing out an emergency patch for the bug after it saw a small number of online attacks that took advantage of it."

NSA releases the Tokeneer project to the open source community.  An exerpt:

"The development of highly secure, low defect software will be dramatically helped by the release of the Tokeneer research project to the open source community by the US National Security Agency (NSA).  The unprecedented release of the project into the open source community aims to demonstrate how highly secure software can be developed cost-effectively, improving industrial practice and providing a starting point for teaching and academic research."

Google recently released a new fully open source browser, Chrome. This new browser borrows some ideas from other developers such as tabbed browsing while introducing new features such as: application shortcuts, crash control, and incognito.

Competition is always beneficial to building more robust applications, and Google is taking the approach of building security within.

It appears it may have come up quite a bit short as multiple advisories have been released. It should be noted that this application is still beta.

For more information please visit here.

Kim Zetter from Wired.com writes:

"Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy.  The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness."

Source

"According to the document, the author, Daniel Cuthbert, "heads up Corsaire's Security Training and has over nine years of industry experience. During this time he has focused on Security Assessment for some of the world's largest consultancies and financial, telecommunication and media institutions."

The 57 page document can be downloaded as a PDF file. It includes references for hardening Leopard, open firmware, Apple's firewall, the file system, and network services."