Facebook, Microsoft, U.S. Data Breach Legislation Lead Week's Security News

Renewed concern about the privacy of information posted on Facebook along with Microsoft's fight against the Kelihos botnet and federal data breach legislation led the week's IT security developments.

Facebook dominatedthe privacy conversation this past week, as the social networking site rolled out a slew of new interface changes, including a real-time news ticker and Timeline information-sharing interface.

Users complained about having their every move publicized to people they don't know. Security experts warned that Timeline could be exploited by cyber-criminals to harvest personal details and use them in spear-phishing attacks. The amount of information people post on social networking sites is worrisome, and Timeline encourages even moreover-sharing, the experts warn.

The United States government was also busy during the past week, as the Homeland Security and Commerce departments issued a request for proposal to Internet service providers and other members of the industry to come up with techniques that can be used to proactively detect when customers areinfected with botnet malware. The proposal would hinge on enlisting ISPs in the fight to shut down botnet traffic within networks.

Three majordata breach bills have been approved by the Senate Judiciary Committee. However, the vote fell entirely along party lines, in a sign of how challenging the actual passage of the bill is likely to be. While the bills from Sens. Dianne Feinstein, D-Calif., Richard Blumenthal, D-Conn., and Chairman Patrick Leahy, D-Vt., are ready to move to the next step, there are a handful of cyber-security and online privacy bills that are still working through their respective committees, including the ones sponsored by Sen. Jay Rockefeller, D.-W.Va., and John Kerry, D-Mass. Once all the bills have left committee, they will need to be reconciled and consolidated into a single bill before moving to the Senate floor for debate and vote.

TheDepartment of Defense said it is planning to extend the six-month pilot program for the government to share threat intelligence and cyber-security techniques with the private sector until at least November. There is a possibility the program, which will be expanded to include more private companies and organizations, will be extended indefinitely. The goal is to give the industry access to threat information and analysis it otherwise might not have.

Microsoft handed over all the information it had collected while investigating the gang behind the Rustock botnet to the FBI this week. The company's Digital Crimes Unit wrapped up work on that operation just in time to announce that a U.S. District Court judge had issued restraining orders allowing Microsoft and VeriSign to shut down 21 domains that are associated with theKelihos botnet.

Kelihos is a much smaller botnet than many of the others currently in existence, but it shares enough code and characteristics with the now-defunct Waledac network that many security researchers refer to Kelihos as "Waledac 2.0." Richard Boscovich, Microsoft's senior attorney with the Digital Crimes Unit, said the team targeted Kelihos before it could become a bigger threat.

In an amusing "oops" moment of the week, Microsoft's latest update to itsSecurity Essentials malware scanning tool identified Google's Chrome Web browser as malware and removed it from user machines. Microsoft has fixed the problem and released the new version, which accepts that the competing Web browser is legitimate.