InfoWorld Security

& lt;!--paging_filter-- & gt; & lt;p & gt;A & quot;worrying number & quot; of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, & lt;a href= & quot;http://nakedsecurity.sophos.com/2012/02/03/us-attacks-iran-and-saudi-arabia-malware-spreads-via-facebook-status-updates/ & quot; & gt;security firm Sophos said Friday & lt;/a & gt;. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;A & quot;worrying number & quot; of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, & lt;a href= & quot;http://nakedsecurity.sophos.com/2012/02/03/us-attacks-iran-and-saudi-arabia-malware-spreads-via-facebook-status-updates/ & quot; & gt;security firm Sophos said Friday & lt;/a & gt;. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;The PHP Group & lt;a href= & quot;http://www.php.net/archive/2012.php#id2012-02-02-1 & quot; target= & quot;_blank & quot; & gt;released PHP 5.3.10 & lt;/a & gt; on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform. & lt;/p & gt; & lt;p & gt;The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;The PHP Group & lt;a href= & quot;http://www.php.net/archive/2012.php#id2012-02-02-1 & quot; target= & quot;_blank & quot; & gt;released PHP 5.3.10 & lt;/a & gt; on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform. & lt;/p & gt; & lt;p & gt;The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Google does not plan to delay its new privacy policy despite calls from Europe & #039;s data protection watchdog. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Google does not plan to delay its new privacy policy despite calls from Europe & #039;s data protection watchdog. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Data routinely gathered in Web logs -- IP address, cookie ID, operating system, browser type, user-agent strings -- can threaten online privacy because they can be used to identify the activity of individual machines, & lt;a href= & quot;http://www.networkworld.com/subnets/microsoft/ & quot; target= & quot;_blank & quot; & gt;Microsoft & lt;/a & gt; researchers say. & lt;/p & gt; & lt;p & gt;At the same time, analysis of such data when anonymized can help detect malicious activity and so improve overall Internet & lt;a href= & quot;http://www.networkworld.com/topics/security.html & quot; target= & quot;_blank & quot; & gt;security & lt;/a & gt;, they add. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Data routinely gathered in Web logs -- IP address, cookie ID, operating system, browser type, user-agent strings -- can threaten online privacy because they can be used to identify the activity of individual machines, & lt;a href= & quot;http://www.networkworld.com/subnets/microsoft/ & quot; target= & quot;_blank & quot; & gt;Microsoft & lt;/a & gt; researchers say. & lt;/p & gt; & lt;p & gt;At the same time, analysis of such data when anonymized can help detect malicious activity and so improve overall Internet & lt;a href= & quot;http://www.networkworld.com/topics/security.html & quot; target= & quot;_blank & quot; & gt;security & lt;/a & gt;, they add. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Researchers from security vendor Symantec & lt;a href= & quot;http://www.symantec.com/connect/blogs/server-side-polymorphic-android-applications & quot; target= & quot;_blank & quot; & gt;have identified & lt;/a & gt; a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection. & lt;/p & gt; & lt;p & gt;This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Researchers from security vendor Symantec & lt;a href= & quot;http://www.symantec.com/connect/blogs/server-side-polymorphic-android-applications & quot; target= & quot;_blank & quot; & gt;have identified & lt;/a & gt; a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection. & lt;/p & gt; & lt;p & gt;This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Apple this week patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012 & #039;s first security update. & lt;/p & gt; & lt;p & gt;Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in mid-October 2011. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Apple this week patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012 & #039;s first security update. & lt;/p & gt; & lt;p & gt;Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in mid-October 2011. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;In an effort to improve security in its Android Market, Google has been using a service providing automated scanning of applications submitted to the mobile application store, Google revealed on Thursday afternoon. & lt;/p & gt; & lt;p & gt;Code-named Bouncer, the service scans the market for potentially malicious software without disrupting the user experience or requiring developers to submit to an application approval process, said & lt;a href= & quot;http://googlemobile.blogspot.com/2012/02/android-and-security.html & quot; target= & quot;_blank & quot; & gt;Hiroshi Lockheimer, vice of engineering for Android, in a blog post & lt;/a & gt;: & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;In an effort to improve security in its Android Market, Google has been using a service providing automated scanning of applications submitted to the mobile application store, Google revealed on Thursday afternoon. & lt;/p & gt; & lt;p & gt;Code-named Bouncer, the service scans the market for potentially malicious software without disrupting the user experience or requiring developers to submit to an application approval process, said & lt;a href= & quot;http://googlemobile.blogspot.com/2012/02/android-and-security.html & quot; target= & quot;_blank & quot; & gt;Hiroshi Lockheimer, vice of engineering for Android, in a blog post & lt;/a & gt;: & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Companies and home users whose computers or routers are infected by the DNSChanger Trojan risk being unable to access the Web come March 8, 2012, when the FBI unplugs the legitimate DNS servers it set up to replace the rogue DNS servers that were forwardi & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Companies and home users whose computers or routers are infected by the DNSChanger Trojan risk being unable to access the Web come March 8, 2012, when the FBI unplugs the legitimate DNS servers it set up to replace the rogue DNS servers that were forwardi & lt;/p & gt;

& lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg & quot; alt= & quot;VeriSign hacked several times, won & #039;t reveal the details & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;In October 2011, Internet infrastructure firm VeriSign released its usual quarterly report. Buried in the 50-page filing to the SEC was the revelation that the company had been breached multiple times the previous year. & lt;/p & gt;

& lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg & quot; alt= & quot;VeriSign hacked several times, won & #039;t reveal the details & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;In October 2011, Internet infrastructure firm VeriSign released its usual quarterly report. Buried in the 50-page filing to the SEC was the revelation that the company had been breached multiple times the previous year. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt; & lt;a href= & quot;http://www.networkworld.com/subnets/microsoft/ & quot; target= & quot;_blank & quot; & gt;Microsoft & lt;/a & gt; researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt; & lt;a href= & quot;http://www.networkworld.com/subnets/microsoft/ & quot; target= & quot;_blank & quot; & gt;Microsoft & lt;/a & gt; researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking. & lt;/p & gt;