From Dark Reading

At Black Hat Europe, presenters show how filters designed to prevent cross-site scripting can be used to launch those very attacks

The good news is that Microsoft's Internet Explorer 8 browser offers a new set of filters designed to prevent some cross-site scripting (XSS) attacks. The bad news is that those same filters could be used to enable XSS attacks.

From Ars Technica

We've all seen the studies trumpeting massive losses to the US economy from piracy. One famous figure, used literally for decades by rightsholders and the government, said that 750,000 jobs and up to $250 billion a year could be lost in the US economy thanks to IP infringement. A couple years ago, we thoroughly debunked that figure. For years, Business Software Alliance reports on software piracy assumed that each illicit copy was a lost sale. And the MPAA's own commissioned study on movie piracy turned out to overstate collegiate downloading by a factor of three.

From Information week

No agency has fully met the requirements of the Federal Desktop Core Configuration, established as baseline security for government workstations three years ago.

Federal agencies have not fully adopted secure desktop configuration standards mandated by the Office of Management and Budget (OMB) three years ago, leaving desktops less secure than they ought to be, a recent General Accountability Office (GAO) report found.

From Dark Reading

Class-action suit seeks $20 million as well as answers about company's involvement
Customers of Countrywide Financial have filed a class-action lawsuit over the 2008 data breach that enabled company insiders to steal and sell their personal information.

From DarkReading

But there are still 6.5 million machines infected, and worm continues to spread

After over a year of waiting for the sleeping giant Conficker botnet to come to life, some security researchers are now starting to think it may just be dead rather than dormant: they say the original creators of the Conficker botnet appear to have abandoned ship, leaving the worm to merely spread on its own via unpatched Windows machines.

From Ars Technica

The people who uncovered GhostNet, an extensive cyber espionage network that targeted the Tibetan exile community, are back with a sequel. Starting with an infected machine that was uncovered during that investigation, an international team of researchers has uncovered a completely separate network that primarily targeted the Indian government, and uncovered some classified documents that had been obtained by the hackers. By reconstructing the network, the team was able to trace things back to the hacking community in Chengdu, China.

From PC World

Google, China Play Game of Cat and MouseGoogle's January threat to go toe-to-toe with one of the world's most powerful countries left it with virtually no option but to stop censoring its search results in China and face the consequences, analysts said.

Late last month, Google stopped censoring results, and a week later it found that China had apparently blocked some access to its Internet sites for a short period.

From Computer World

Ten days after Google snubbed Chinese government censors by moving its search engine there to Hong Kong, its Web search service remains unblocked in China. But the move could yet cost Google substantial business, and already offering services to Chinese users from outside of the country has proved an imperfect counter to government censorship.

"I'm not surprised that it hasn't been blocked," said Duncan Clark, chairman of technology consultancy BDA. "Both sides probably don't want the thing to rumble on in any high-profile way."

From DarkReading

Active attacks exploiting zero-day bug were underway against IE6, IE7, and patch addresses other vulnerabilities in IE8
Microsoft today released an emergency, or out-of-band, patch for 10 vulnerabilities in Internet Explorer.