daily online news

To help educate internet users about the potential dangers of the online world, security firm McAfee has created a free 10-step internet safety plan.

Available through the McAfee Advice Center, the ebook is broken into separate sections each aimed at providing safety guidelines for various age groups and experience levels, including kids, teens, parents, teachers and community groups.

In conjunction with the guidelines, there is also a quiz aimed at that challenges teens' knowledge of online risks and their ability to stay safe from spyware, spam, scams and identity theft.

"The days when people went online only to gather information and send email have changed," said Todd Gebhart, senior vice president and general manager of Consumer, Mobile and Small Business for McAfee.

"Cyberspace is an exciting environment full of opportunity, but it is also increasingly risky, with numerous threats emerging daily. Parents need to be on guard whenever their children venture online, so we've developed some simple steps to help ensure that young people's online experiences are safe and pleasant."

According to recent research, teens and kids are known to engage in risky online behaviour. For example, while 51 per cent of teens have downloaded music, the search term 'digital music' often leads to drive-by download sites that can populate a computer with spyware, viruses and exploits without users' knowledge. In addition, 45 per cent of young people said someone they've never met in person has asked them for personal information online.

The guidelines also include a section on how to save chat session logs, block users, report intruders and it provides recommendations for age-appropriate browsers and search engines, among other tips.

McAfee hopes that its new ebook will help families work together to set boundaries and create a list of rules to follow.

Apple on Tuesday released its second security update of the year--and it's a big one.

Known as APPLE-SA-2008-03-18 Security Update 2008-002, it contains more than 40 specific fixes for versions of Mac OS X. The most significant updates include Apache, ClamAV, Emacs, OpenSSH, PHP, and X11. To get the update, go to the Software Update pane in System Preferences, or Apple's Software Downloads Web site. The update "is recommended for all users and improves the security of Mac OS X," according to the Apple Downloads page.

Also on Tuesday, Apple released version 3.1 of its Safari browser for both Mac and Windows users. The release includes new features as well as security fixes, most of which address cross-site scripting flaws.

AFP Client--afp:// URL
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses an afp:// URL vulnerability in CVE-2007-4680. A remote attacker may be able to cause a certificate to appear trusted. According to Apple, "multiple stack buffer overflow issues exist in AFP Client's handling of afp:// URLs. By enticing a user to connect to a malicious AFP Server, an attacker may cause an unexpected application termination or arbitrary code execution."

AFP Server--Cross-realm authentication
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a cross-realm authentication vulnerability in CVE-2008-0045. Apple says: "An implementation issue exists in AFP Server's check of Kerberos principal realm names. This may allow unauthorized connections to the server, when cross-realm authentication with AFP Server is used. This update addresses the issue by through improved checks of Kerberos principal realm names. This issue does not affect systems running Mac OS X v10.5 or later." Apple also says that this issue has been addressed within Mac OS X v10.5 or later. Apple credits Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm, Sweden for reporting this issue.

Apache--1
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.2. The update addresses Apache 1.3.33 and 1.3.39 vulnerabilities in CVE-2005-3352, CVE-2006-3747, CVE-2007-3847, CVE-2007-5000, CVE-2007-6388.. Apple says "Apache is updated to version 1.3.41 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the Apache web site at http://httpd.apache.org For Mac OS X v10.5, Apache version 1.3.x is only shipped on Server configurations. mod_ssl is also updated from version 2.8.24 to 2.8.31 to match the upgraded Apache; no security fixes are included in the update."

Apache--2
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.2 and addresses various Apache 2.2.6 vulnerabilities in CVE-2007-5000, CVE-2007-6203, CVE-2007-6388, CVE-2007-6421, CVE-2008-0005. Apple says "Apache is updated to version 2.2.8 to address several vulnerabilities, the most serious of which may lead to cross-site scripting."

AppKit--NSDocument API
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a NSDocument API vulnerability in CVE-2008-0048. Apple says " A stack buffer overflow exists in the NSDocument API's handling of file names. On most file systems, this issue is not exploitable. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X v10.5 or later."

AppKit--NSApplication
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a NSApplication vulnerability in CVE-2008-0049. Apple says "By sending maliciously crafted messages to privileged applications in the same bootstrap namespace, a local user may cause arbitrary code execution with the privileges of the target application. This update addresses the issue by removing the mach port in question and using another method to synchronize. This issue does not affect systems running Mac OS X v10.5 or later."

AppKit--Multiple integer overflow
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a Multiple integer overflow vulnerability in CVE-2008-0057. Apple says " By causing a maliciously formatted serialized property list to be parsed, an attacker could trigger a heap-based buffer overflow which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of serialized input. This issue does not affect systems running Mac OS X v10.5 or later.

AppKit--network printer
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The addresses a vulnerability in CVE-2008-0997. Apple says "by enticing a user to query a network printer, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of PPD files. This issue does not affect systems running Mac OS X v10.5 or later."

Application Firewall (German)
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.2. The update addresses a vulnerability in CVE-2008-0046. Apple says " the "Set access for specific services and applications" radio button of the Application Firewall preference pane was translated into German as "Zugriff auf bestimmte Dienste und Programme festlegen", which is "Set access to specific services and applications". This might lead a user to believe that the listed services were the only ones that would be permitted to accept incoming connections. This update addresses the issue by changing the German text to semantically match the English text. This issue does not affect systems prior to Mac OS X v10.5.

CFNetwork
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.2 and addresses the frame navigation policy vulnerability in CVE-2008-0050. Apple says "a malicious HTTPS proxy server may return arbitrary data to CFNetwork in a 502 Bad Gateway error. A malicious proxy server could use this to spoof secure websites. This update addresses the issue by returning an error on any proxy error, instead of returning the proxy-supplied data. This issue is already addressed in systems running Mac OS X v10.5.2."

ClamAV--1
This patch affects users of Mac OS X Server v10.5.2. The update addresses vulnerabilities in CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-5759, CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2008-0318, CVE-2008-0728. Apple says "multiple vulnerabilities exist in ClamAV 0.90.3 provided with Mac OS X Server v10.5 systems, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to ClamAV 0.92.1."

ClamAV--2
This patch affects users of Mac OS X Server v10.4.11. The update addresses vulnerability in CVE-2006-6481, CVE-2007-1745, CVE-2007-1997, CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-0897, CVE-2007-0898, CVE-2008-0318, CVE-2008-0728. Apple says "multiple vulnerabilities exist in ClamAV 0.88.5 provided with Mac OS X Server v10.4.11, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to ClamAV 0.92.1."

CoreServices
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses the vulnerability in CVE-2008-0052. Apple says: "Files with names ending in ".ief" can be automatically opened in AppleWorks if Safari's "Open 'Safe' files" preference is enabled. This is not the intended behavior and could lead to security policy violations. This update addresses the issue by removing ".ief" from the list of safe file types. This issue only affects systems prior to Mac OS X v10.5 with AppleWorks installed."

CUPS
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a vulnerability in CVE-2008-0596. Apple says "by sending a large number of requests to add and remove shared printers, an attacker may be able to cause a denial of service. This issue can not result in arbitrary code execution. This update addresses the issue through improved memory management. This issue does not affect systems prior to Mac OS X v10.5."

CUPS
This patch only affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0047. According to Apple "a heap buffer overflow exists in the CUPS interface's processing of search expressions. If printer sharing is enabled, a remote attacker may be able to cause an unexpected application termination or arbitrary code execution with system privileges. If printer sharing is not enabled, a local user may be able to gain system privileges. This update addresses the issue by performing additional bounds checking. This issue does not affect systems prior to Mac OS X v10.5." Apple credits the regenrecht working with the VeriSign iDefense VCP for reporting this vulnerability.

CUPS
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0053, and CVE-2008-0882.. Apple says "multiple input validation issues exist in CUPS, the most serious of which may lead to arbitrary code execution with system privileges. This update addresses the issues by updating to CUPS 1.3.6. These issues do not affect systems prior to Mac OS X v10.5.."

curl
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11 and addresses a vulnerability in CVE-2005-4077. Apple says " A one byte buffer overflow exists in curl 7.13.1. By enticing a user to run curl with a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by updating curl to version 7.16.3. Crash Reporter was updated to match the curl changes. This issue does not affect systems running Mac OS X v10.5 or later."

Emacs
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a format string vulnerability in CVE-2007-6109. Apple says "A stack buffer overflow exists in Emacs' format function. By exploiting vulnerable Emacs Lisp which allows an attacker to provide a format string containing a large precision value, an attacker may cause an unexpected application termination or possibly arbitrary code execution."

Emacs
This patch affects users of Mac OS X v10.4.11 and Mac OS X v10.5.2. The update addresses a safe mode checks vulnerability in CVE-2007-5795. Apple says "a logic error in Emacs' hack-local-variable function allows any local variable to be set, even if 'enable-local-variables' is set to :safe. By enticing a user to load a file containing a maliciously crafted local variables declaration, a local user may cause an unauthorized modification of Emacs Lisp variables leading to arbitrary code execution. This issue has been fixed through improved :safe mode checks.

file
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a vulnerability in CVE-2008-1004. Affected users may find that requesting to unblock a website leads to information disclosure. Apple says "an integer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X v10.5 or later." Apple credits Colin Percival of the FreeBSD for reporting this issue.

Foundation--1
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11. The addresses a NSSelectorFromString API vulnerability in CVE-2008-0054. Apple says "an input validation issue exists in the NSSelectorFromString API. Passing it a malformed selector name may result in the return of an unexpected selector, which could lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation on the selector name. This issue does not affect systems running Mac OS X v10.5 or later."

Foundation--2
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11. The update addresses the NSFileManager vulnerability in CVE-2008-0055. Apple says "when performing a recursive file copying operation, NSFileManager creates directories as world-writable, and only later restricts the permissions. This creates a race condition during which a local user can manipulate the directory and interfere in subsequent operations. This may lead to a privilege escalation to that of the application using the API. This update addresses the issue by creating directories with restrictive permissions. This issue does not affect systems running Mac OS X v10.5 or later."

Foundation--3
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.2 and addresses the NSFileManager API vulnerability in CVE-2008-0056. Apple says "a long pathname with an unexpected structure can expose a stack buffer overflow vulnerability in NSFileManager. Presenting a specially crafted path to a program using NSFileManager could lead to the execution of arbitrary code. This update addresses the issue by ensuring a properly sized destination buffer. This issue does not affect systems running Mac OS X v10.5 or later."

Foundation--4
This patch affects users of Mac OS X v10.4.11 and Mac OS X v10.5.2. The update addresses a vulnerability in CVE-2008-0058. Apple says "a thread race condition exists in NSURLConnection's cache management, which can cause a deallocated object to receive messages. Triggering this issue may lead to a denial of service, or arbitrary code execution with the privileges of Safari or another program using NSURLConnection." Apple credits Daniel Jalkut of Red Sweater Software for reporting this vulnerability.

Foundation--5
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11. The update addresses a race condition vulnerability in CVE-2008-0059. Apple says " A race condition exists in NSXML. By enticing a user to process an XML file in an application which uses NSXML, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improvements to the error handling logic of NSXML. This issue does not affect systems running Mac OS X v10.5 or later.."

Help Viewer
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0060. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Apple says "A malicious help:topic_list URL may insert arbitrary HTML or JavaScript into the generated topic list page, which may redirect to a Help Viewer help:runscript link that runs Applescript." Apple credits Brian Mastenbrook for reporting this vulnerability.

Image Raw
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0987. Apple says "a stack based buffer overflow exists in the handling of Adobe Digital Negative (DNG) image files. By enticing a user to open a maliciously crafted image file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of DNG image files. This issue does not affect systems prior to Mac OS X v10.5." Apple credits Clint Ruoho of Laconic Security for reporting this vulnerability.

Kerberos
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.2. The update addresses the vulnerabilities in CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, and CVE-2008-0063. Apple says " Multiple memory corruption issues exist in MIT Kerberos 5, which may lead to an unexpected application termination or arbitrary code execution with system privileges. CVE-2008-0063 do not affect systems running Mac OS X v10.5 or later. CVE-2007-5901 does not affect systems prior to Mac OS X v10.4."

libc
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a vulnerability in CVE-2008-0988. A remote attacker may be able to cause a certificate to appear trusted. According to Apple "An off by one issue exists in Libsystem's strnstr(3) implementation. Applications that use the strnstr API can read one byte beyond the limit specified by the user, which may lead to an unexpected application termination. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X v10.5 or later." Apple credits Mike Ash of Rogue Amoeba Software for reporting this vulnerability.

mDNSResponder
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0989. Apple says "a format string issue exists in mDNSResponderHelper. By setting the local hostname to a maliciously crafted string, a local user could cause a denial of service or arbitrary code execution with the privileges of mDNSResponderHelper. This update addresses the issue by using a static format string. This issue does not affect systems prior to Mac OS X v10.5."

notifyd
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11 and addresses a vulnerability in CVE-2008-0990. Apple says " notifyd accepts Mach port death notifications without verifying that they come from the kernel. If a local user sends fake Mach port death notifications to notifyd, applications that use the notify(3) API to register for notifications may never receive the notifications. This update addresses the issue by only accepting Mach port death notifications from the kernel. This issue does not affect systems running Mac OS X v10.5 or later."

OpenSSH
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2007-4752. Apple says "OpenSSH forwards a trusted X11 cookie when it cannot create an untrusted one. This may allow a remote attacker to gain elevated privileges. This update addresses the issue by updating OpenSSH to version 4.7."

pax archive utility
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0992. Apple says "the pax command line tool does not check a length in its input before using it as an array index, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by checking the index. This issue does not affect systems prior to Mac OS X v10.5."

PHP
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerabilities in CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887. Apple says " PHP is updated to version 5.2.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution."

PHP
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.2. The addresses a vulnerability in CVE-2007-3378 and CVE-2007-3799. Apple says "PHP is updated to version 4.4.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution."

Podcast Producer
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0993. Apple says "the Podcast Capture application provides passwords to a subtask through the arguments, potentially exposing the passwords to other local users. This update corrects the issue by providing passwords to the subtask through a pipe. This issue does not affect systems prior to Mac OS X v10.5." Apple credits Maximilian Reiss of Chair for Applied Software Engineering, TUM for reporting this issue.

Preview
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2008-0994. Apple says "when Preview saves a PDF file with encryption, it uses 40-bit RC4. This encryption algorithm may be broken with significant but readily available computing power. A person with access to the file may apply a brute-force technique to view it. This update enhances the encryption to 128-bit RC4."

Printing
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0995. Apple says " Printing to a PDF file and setting an 'open' password uses 40-bit RC4. This encryption algorithm may be broken with significant but readily available computing power. A person with access to the file may apply a brute-force technique to view it. This update enhances the encryption to 128-bit RC4. This issue does not affect systems prior to Mac OS X v10.5."

Printing
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0996. Apple says " An information disclosure issue exists in the handling of authenticated print queues. When starting a job on an authenticated print queue, the credentials used for authentication may be saved to disk. This update addresses the issue by removing user credentials from printing presets before saving them to disk. This issue does not affect systems prior to Mac OS X v10.5."

System Configuration
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0998. Apple says " The privileged tool NetCfgTool uses distributed objects to communicate with untrusted client programs on the local machine. By sending a maliciously crafted message, a local user can bypass the authorization step and may cause arbitrary code execution with the privileges of the privileged program.

UDF
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0999. Apple says " A null pointer dereference issue exists in the handling of Universal Disc Format (UDF) file systems. By enticing a user to open a maliciously crafted disk image, an attacker may cause an unexpected system shutdown. This update addresses the issue through improved validation of UDF file systems. This issue does not affect systems prior to Mac OS X v10.5." Apple credits to Paul Wagland of Redwood Software, and Wayne Linder of Iomega for reporting this vulnerability.


X11
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2008-1000. Apple says " A path traversal issue exists in the Mac OS X v10.5 Server Wiki Server. Attackers with access to edit wiki content may upload files that leverage this issue to place content wherever the wiki server can write, which may lead to arbitrary code execution with the privileges of the wiki server. This update addresses the issue through improved file name handling. This issue does not affect systems prior to Mac OS X v10.5. Apple credits to Rodrigo Carvalho, from the Core Security Consulting Services (CSC) team of CORE Security Technologies for reporting this vulnerability.

X11
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11 and addresses the vulnerabilities in CVE-2007-4568 and CVE-2007-4990. Apple says "multiple vulnerabilities exist in X11 X Font Server (XFS) 1.0.4, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 1.0.5."

X11
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2006-3334, CVE-2006-5793, CVE-2007-2445, CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, and CVE-2007-5269. Apple says " The PNG reference library (libpng) is updated to version 1.2.24 tp address several vulnerabilities, the most serious of which may lead to a remote denial of service or arbitrary code execution.

X11
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2007-5958, CVE-2008-0006, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429. Apple says " Numerous vulnerabilities in the X11 server allow execution of arbitrary code with the privileges of the user running the X11 server if the attacker can authenticate to the X11 server. This is a security vulnerability only if the X11 server is configured to not require authentication, which Apple does not recommend."

A Seattle man who admitted using file-sharing programs to pinch personal information on 50 people as part of an ID theft scam has been jailed for four years.

Gregory Kopiloff, 35, pleaded guilty to mail fraud, computer hacking and aggravated identity theft offences at a hearing before the US District Court in Seattle in November. As part of a plea bargaining agreement, prosecutors dropped a second aggravated ID theft rap, an offence punishable on conviction by a mandatory two years behind bars in addition to any other sentence a convict might face.

Kopiloff used the P2P file-sharing program LimeWire to download tax and credit reports, bank statements and student financial aid applications unwisely offered up for sharing from the PCs of his victims. He also used conventional dumpster diving and mail theft techniques to build profiles of his marks.

The crook used this data to obtain credit and debit cards under false names before running a $73,000 bill in fraudulent web purchases.

At a sentencing hearing on Monday, US District Judge James Robart jailed Kopiloff for four years and three months, to be followed by three years on probation. Kopiloff was also ordered to pay $70,000 in compensation to his victims.

The judge called Kopiloff "a highwayman in the virtual world," AP reports. "People were traveling by and he was able to seize their assets, their personal identity," he added

These spy sunglasses may look more Maxwell Smart than James Bond, but the built-in 1.3-megapixel camera might be worth the fashion sacrifice for extended stakeouts.

ThinkGeek's spy-cam shades come with an RF remote control, so any aspiring secret agent can snap a few shots of his subject without ever having to take his hands out of his pockets. And while waiting, he can also listen to this favorite tracks through the built-in earbuds.

Back at HQ, the images can be downloaded through a USB 2.0 port and the lithium-ion battery recharged for another 9 hours of shooting. One potential drawback is that there's only 1GB of internal memory with no expansion card slots, so you might have to take more trips back to the computer--which could prove inconvenient on an extended shoot. But they do have UV400 polarized lenses, perfect for extended tanning.

A total of 188 global banking brands were targeted by phishing attacks during February – the highest figure for six months.

Online fraudsters targeted 20 financial organisations that had never previously experienced attacks, according to security specialist RSA.

A change of tactics is helping malicious emails to evade spam filters, said RSA. By directing attacks through URLs with tiny variations, phishers are able to make their messages "unfamiliar" to filtering applications.

UK banks were the second-most phished instituitions for the 13th consecutive month, receiving 12 per cent of the attacks. US organisations received the most attacks overall, with 59 per cent of detected activities.

Defacement archive Zone-h has put its very existence to the vote.

The security site picked up the baton after previous defacement archive Alldas packed up shop. It currently hosts about 2.6 million defacements after six years chronicling the activities of hackers.

According to Zone-h, its work has allowed it to understand trends in computer security such as the move towards web application attacks. Zone-h also claims (with some justification) to have been among the first to report on the rise of politically-motivated hacking from the Muslim world and the decrease of defacement attacks originating from Brazil, as hackers from the South American country moved onto profit-making cybercrime activities.

Much of the news written about the defacement scene focuses on whether Windows or Linux servers are getting hit, but Zone-h reckons this debate has become irrelevant.

On the downside, many defacers have started to use Zone-h as an informal ranking board. It is also hard work to maintain and the sometime target of ill-feeling from those whose foibles have been disclosed in public, as well as the occasional target of denial of service attacks.

So the site has decided to run a poll on whether it ought to continue mirroring defacements. The vote is currently running 70-30 against continuing Zone-h, at least according to raw voting statistics.

The vote is swinging in the opposite direction to the sentiments expressed by those leaving comments on a post about the poll - raising the possibility that a voting botnet is in play, writes Zone-h founder Roberto Preatoni in an addendum to the article on the vote here.

Even if Zone-h does decide to call it quits, other sites will probably come along to pick up where it left off. It's a dirty job, but someone is likely to come in and plug the gap - as happened when Safemode, Attrition, and Alldas quit the defacement archive scene in years past.

BT, Talk Talk and Virgin have all signed up to use Phorm, which targets adverts to users based on web habits.

Fipr believes Phorm contravenes the Regulation of Investigatory Powers Act 2000 (Ripa), which protects users from unlawful interception of information.

Phorm and BT have said the technology does not breach any UK laws.

The debate over the deployment of Phorm, legal or otherwise, is based on the interpretation of Ripa.

Fipr has written an open letter to the Information Commissioner Richard Thomas in which it argues that Phorm must not only seek the consent of web users but also of website operators.

Phorm's system works by "trawling" websites visited by users and then matches keywords from the content of the page to a profile.

Users are then targeted with adverts that are more tailored to their interests on websites that have signed up to Phorm's technology.

'Basic principle'

Nicholas Bohm, general counsel at Fipr, said: "The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle within the legislation, and it cannot be lightly ignored or treated as a technicality."

Richard Clayton, treasurer at Fipr, said: "The Phorm system is highly intrusive; it's like the Post Office opening all my letters to see what I'm interested in, merely so that I can be sent a better class of junk mail.

"Not surprisingly, when you look closely, this activity turns out to be illegal.

"We hope that the Information Commissioner will take careful note of our analysis when he expresses his opinion upon the scheme."

A spokesman for BT told BBC News: "Provided the customer has consented, we consider that there will generally be an implied consent from website owners.

"Secure and password-protection content will not be scanned, profiled or stored."

Kent Ertugrul, chief executive, of Phorm, said the company was "very, very comforable" that the firm was not breaching any laws.

'Web crawling'

"With regards to a website that is published openly and fairly, we are not breaching any laws in using information that is published on it," he said.

He said websites which discouraged web crawling from search engines would not be subject to Phorm's tools.

"We are willing for our view to be tested in law," said Mr Ertugrul.

In its open letter Fipr pointed out that many websites required registration, and only made their content available to specific people.

It added that many websites or particular pages within a website were part of the "unconnected web" and that their existence was only made known to a small number of trusted people.

Phorm has argued that its system gives users more privacy because they are able to opt out of the technology.

"Phorm has an on-off switch and does not store any personal data at all," said Mr Ertugrul.

ALERTED BY Ohio's Secretary of State, Jennifer Brunner, Franklin County election officials have ordered the Ohio Bureau of Criminal Identification and Investigation to seize as an official crime scene some 15 touch-screen voting machines that had produced improbable results in a state-wide 2006 election.

In addition, a bogus Homeland Security Alert that led to 2004 general election vote counting shenanigans in a key southwestern Ohio county is under renewed investigation. It is well documented and widely believed that numerous election "irregularities" orchestrated by J. Kenneth Blackwell, Ohio's former Secretary of State, succeeded in stealing Ohio's 20 electoral votes for George W. Bush in 2004, delivering to him an undeserved, catastrophic second term as President ['allegedly', adds our legal department].

When Brunner voted in 2006, she noticed that the voting machine displayed " candidate withdrawn" where the name of Jay Perez, a candidate for Franklin County Municipal Judge, might have appeared. Her husband, voting nearby, told her that Perez's name did appear on the voting machine that he had used.

Perez had withdrawn because he didn't want to become a spoiler for a fellow Democratic candidate, but the fact that his name did appear on some voting machines might have helped the Republican David Tyack prevail. Some of the touch-screen voting machines manufactured by Election Systems & Software (ES&S) apparently left Perez's name in the race while other machines did not.

Ohio Attorney General Mark Dann is conducting an investigation of the seized ES&S voting machines, but Brunner fears that the state might never find out what happened. In an interview, she told the Columbus Dispatch, "This is a huge problem. There is great concern that not every voter has the same ballot."

Brunner has said that she is banning poll workers from taking easily hacked, programmable touch-screen voting machines home with them overnight prior to election day, a practice quaintly termed "sleepovers" by election personnel.

The ES&S touch-screen voting machines have been mishandled in other ways.

Franklin County elections staff failed to perform mandated tests on each voting machine in 2006, instead testing just one machine at random in each precinct.

Also, a Board of Elections programmer had turned off the audit logs on the seized voting machines in April 2007, thus preventing state investigators from reconstructing software changes. Dennis White, new Franklin County Board of Elections Director, said that an ES&S employee told the Board programmer how to disable the audit logs, supposedly to speed programming. Brunner said that other voting machine vendors told her that "You're never supposed to tell [a client] how to do that."

A Democrat who succeeded Republican J. Kenneth Blackwell as Secretary of State, Brunner has also promised to move the entire state to voting on paper ballots, a change that many Republican dominated Boards of Elections are stubbornly resisting. She has so far succeeded in forcing Boards of Elections chairs to resign in Cleveland and Columbus, two of the state's largest cities.

Franklin County Board of Elections Director Matt Damschroder was removed prior to Ohio's 2008 primary election. He had previously been suspended for a month without pay for accepting a $10,000 Republican campaign contribution check from a voting machine salesman at his office.

The check was delivered on the day Ohio's electronic voting machine contracts were opened for bidding. Damschroder had been the chair of the Franklin County Republican Party and was the state's leading opponent of paper balloting until he was forced out.

If Brunner is successful in shifting Ohio to paper ballot voting, she realises that poll workers will need additional training. When she requested a paper ballot to vote in the March 4 primary, an inadequately trained poll worker handed her a provisional ballot instead. Two of her staff were also given the wrong ballots.

Elsewhere, a suspiciously convenient and phony Homeland Security Alert during the 2004 election is coming under renewed scrutiny in Warren County.

The Cincinnati Enquirer has reported that a so-called "casual conversation" between a "friendly" FBI agent and the county emergency services director might have led to the phony Homeland Security Alert that gave the Warren County Board of Elections an excuse to lock down its counting of votes, out of sight of the public and the media, during the 2004 election.

The Board declared the emergency and then moved the county's ballots from the publicly designated vote tabulation centre to a unauthorised warehouse nearby where it barred the public and media from observing the vote counting.

Warren County outside Cincinnati delivered 72 per cent of the official vote count to Bush, far beyond expectations. Along with the neighbouring Butler and Clermont counties, Warren County handed George W. Bush a combined lead of 140,000 popular votes.

That was more than the 119,000 vote margin by which Bush allegedly won the Ohio election, its 20 electoral votes and another term in the White House