This month the PCI-SSC released an Information Supplement providing guidance for compliance with the DSS in virtualized and cloud environments. Great news for anyone with virtualization within their cardholder data environment (CHDE), or who has been considering it.

On March 18, 2011, we blogged about a breach at RSA regarding the disclosure of unspecified sensitive materials related to SecurID. At the time, little information was made available as to the extent of the breach, the exact information that was compromised, or how it would affect RSA's customers.

Certificate Authorities and their security incidents (such as DigiNote) are big in the press. What is the problem and what are possible solutions?

On Tuesday of this week, Facebook announced significant changes to their profile controls and sharing options. The roll out of these changes begins today, August 25th. You'll find an excellent summary of the changes by Jason over on our Safe and Savvy blog.

Meanwhile, we've been busy digging into the details and reading between the lines.

Diginotar is a Dutch Certificate Authority. They sell SSL certificates.

Somehow, somebody managed to get a rogue SSL certificate from them on July 10th, 2011. This certificate was issued for domain name .google.com.

We don't see that many Internet worms these days. It's mostly just bots and trojans. But we just found a new Internet worm, and it's spreading in the wild. The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven't seen before: RDP.

RDP stands for Remote Desktop Protocol. Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.

RSA was hacked in March. This was one of the biggest hacks in history.

As we expected in our original blog post, it did not take long for the controversial TV program to disappear from CCTV 7's website.

The documentary program "Military Technology: Internet Storm is Coming" is still listed on Channel 7's index page:

But when you follow the link, you get nothing:

Let's compare the major computer operating systems at the moment. We have Windows XP, Windows Vista and Windows 7. We have various Linux distributions. And we have Mac OS X.

Of these, obviously Windows XP has the weakest security, by far.

And Windows XP has the biggest market share, too. Globally close to half of all computers still run XP.

And today, Windows XP is ten years old.

China is often blamed for launching online attacks, but the evidence is almost always circumstantial. Many of the targeted espionage trojans seem to come from China, but we can't actually prove it.

However, some new evidence has just surfaced.

On 17th of July, a military documentary program titled "Military Technology: Internet Storm is Coming" was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv.cn).