Twitter's WikiLeaks Subpoena, Government Talk of Online Identity Lead Security News

A recap of the past week's security news features another twist on the WikiLeaks controversy, compromised iTunes accounts being sold online and the push for a trusted identity ecosystem for the Web.

The first week of 2011 was a busy one in IT security news.

It was a week that saw an acquisition by Dell, talk of trusted online identities and reports of a subpoena for Twitter.

The Twitter subpoena came to light at the end of the week when it was revealed a federal judge had ordered the microblogging service to turn over records for several people tied to WikiLeaks. The subpoena seeks records on WikiLeaks founder Julian Assange, U.S. Army intelligence analyst Bradley Manning, Dutch hacker Rop Gonggrijp, computer programmer Jacob Appelbaum and Icelandic parliament member Birgitta J??nsd??ttir.

According to the subpoena, the U.S. Department of Justice is after records going back to Nov. 1, 2009, that are "relevant and material to an ongoing criminal investigation"-including IP addresses, session times and other data.

"WikiLeaks strongly condemns this harassment of individuals by the U.S. government," WikiLeaks said in a statement relayed to Reuters by WikiLeaks attorney Mark Stephens.

Meanwhile, the White House issued a memo outlining how federal agencies and departments should conduct internal information security assessments. According to the memo, departments or agencies handling classified information have to complete their initial review by Jan. 28.

As the battle between WikiLeaks and the United States goes on, the federal government also made news during the week when it established a new office in the U.S. Department of Commerce to coordinate government efforts to spur the creation of a trusted online identity ecosystem. The responsibility for leading the drive to establish that ecosystem, however, rests with the tech industry, Commerce Secretary Gary Locke said.

"The president's goal is to foster an identity ecosystem where Internet users can use strong, interoperable credentials from public- and private-sector providers to authenticate themselves online for a whole host of transactions," Locke told an audience at a forum at the Stanford Institute for Economic Policy Research at Stanford University Jan. 7.

On the subject of identity, news broke that some 50,000 compromised Apple iTunes accounts were available for sale on a popular Chinese online store. According to the Global Times, thousands of such accounts have been sold during the past several months. It was not clear if user account credentials were phished, stolen through malware or if the accounts were established using stolen credit cards.

There were also reports that some paid apps in Apple's Mac App Store for the Mac OS X do not properly validate App Store receipts, making it possible to get those programs for free. This could open the door to pirated copies of apps being booby-trapped with malware to infect users, Sophos Senior Security Adviser Chester Wisniewski warned.

Since malware operations are often profit-driven, attackers are required to find ways to launder money and turn stolen data into cash. In a conversation with security experts, eWEEK took a look at how money mules are recruited and managed.

On the vendor side of things, Dell announced plans Jan. 4 to acquire managed security service provider SecureWorks for an undisclosed sum. The move would expand Dell's IT services portfolio, and could also fit into the company's cloud strategy, analysts said.

In other news, Microsoft announced it is releasing fixes Jan. 11 for three Windows security bugs as part of this month's Patch Tuesday. A number of other bugs-including an Internet Explorer vulnerability the company issued an advisory on in December-that have made the news in the past few weeks are not slated to be patched in the update.