Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday.

An attacker could exploit a weakness in the way iPhones handle SMS messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.

Revamped privacy settings are coming soon to Facebook.

The social network's privacy controls had reached the point where they were distributed across six separate pages and 40 different settings, according to a conference call the company held on Wednesday.

The computer security industry historically borrows military defence concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook.

Not so at Google's Postini email security service provider unit. Instead, computerised systems monitor three billion messages per day that flow in and out of customer systems and pass through Postini's thousands of machines in datacentres around the US and in Europe before hitting the internet. The Postini system is highly automated, distributed and scalable, characteristic of all of Google's operations.

It's almost security conference season in Las Vegas and with one month to go, a presentation has been pulled from Black Hat and Defcon.

Juniper Networks says it pulled a talk about a flaw in ATM software that one of its researchers was scheduled to give at the security conferences, after the ATM vendor complained.

The government has been slammed over its decision to press ahead with the national ID card scheme following Home Secretary Alan Johnson's announcement that carrying an ID card will never be compulsory for British citizens.

Plans to make ID cards compulsory for airside workers and pilots have also been dropped this week by the Home Office with trials planned for Manchester and London City airports both scrapped.

The government is turning co-ordination of its IT security training over to the information assurance arm of British intelligence agency GCHQ.

In the past, all government IT security training has been the charge of the Cabinet Office, through the office of the Central Sponsor for Information Assurance (CSIA). However, GCHQ said on Tuesday that its National Technical Authority for Information Assurance arm, known as CESG, will take on the role of co-ordinating the training effort.

Levels of fraud have fallen at online payment provider PayPal thanks to cybercrime detection and prevention technologies.

Fraudulent transactions accounted for 0.28 per cent of the value of all payments using PayPal in 2008, down from 0.3 per cent in 2007, according to Garreth Griffith, head of risk management for PayPal UK.

The UK's new cyber security strategy will make a particular effort to engage small and medium-sized enterprises, according to a government-funded security group involved in introducing the initiative.

The large organisations that make up the critical national infrastructure already have good flows of security information between them, Tony Dyhouse, director of the Cyber Security Knowledge Transfer Network, said on Friday. Now smaller UK businesses need to be taking part in the knowledge transfer, he said.

Keeping watch over employees' online activities can be a slippery slope, says Naked CIO. Here's the right way to do it.

I often get asked whether or not it is best to implement a strict, penal environment in the office for email and internet monitoring.

World wide web inventor Sir Tim Berners-Lee has published advice as to how more government data can be made available online.

In a paper on Thursday, Berners-Lee said the government should "start with low-hanging fruit", by publishing raw data.

The UK government has announced that it is to form a cyber security agency, one of whose functions will be to develop a cyber attack capability.

The Office of Cyber Security (OCS), dedicated to protecting Britain's IT infrastructure, will be created in line with a model proposed - and in part practised by - the US, the Cabinet Office said on Thursday.

Does the UK's new mobile phone directory go far enough to protect your privacy? Lawyer Ruth Hoy weighs in.

Last week's launch of the UK's first mobile phone directory, which claims to be able to connect anyone to more than 16 million mobile users for a small charge, was always bound to ignite contention around privacy.

Kevin Mitnick, one of the most famous computer hackers, talks to CNET News about his days on the dark side and why he's now one of the good guys.

One of the first computer hackers ever prosecuted, Kevin Mitnick was labelled a "computer terrorist" after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell and Motorola.

IT security has been neglected due to the economic downturn, according to security experts.

Bruce Schneier, BT's chief security technology officer, told a European Network and Information Security Agency (Enisa) event on Friday that organisations are struggling to keep on top of workloads that have increased due to layoffs.

Intel, Oracle, BT and a number of other high-profile IT companies have backed the launch on Wednesday of the Kantara Initiative, which aims to bring greater harmony to identity management.

The project, which has been in the making for a year, is dedicated to examining ways of improving interoperability between different identity technologies and standards. It also intends to address topics such as privacy, which can be sidelined by purely technical discussions, according to Kantara.

Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on Tuesday as it phases out its Live OneCare suite in favour of a simpler free consumer security offering.

Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the US, Brazil and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year.

Apple has patched nearly four dozen security holes in the iPhone and iPod Touch with its iPhone OS 3.0 release, made available on Wednesday.

The 46 flaws could allow an attacker to bypass security restrictions, shut down an application, disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, or take over the device, Apple said in an advisory.

Researchers at security firm Finjan said on Wednesday that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam.

The Golden Cash network, dubbed "Your money-making machine" on its homepage, sells access to botnets comprised of thousands of compromised PCs to cyber criminals for custom malware spreading jobs, according to issue two of the Cybercrime Intelligence Report for 2009.

More than three dozen security and privacy advocates and researchers are asking Google to offer better data protection for users of Gmail and other Google apps, and Google said on Tuesday it is considering doing that, if it doesn't slow down the apps too much.

Users can set Gmail to encrypt session data by default to protect it from being sniffed over the network. However, Google doesn't offer the ability to encrypt potentially sensitive data created in other Google apps like Docs or Calendar by default, which means the communications could be stolen or snooped on by someone using a packet sniffer on public internet connections, such as open wireless networks, according to the letter addressed to Google chief executive Eric Schmidt and signed by a who's who of 38 experts in the security industry.

The Apple iPhone may have got a makeover last week but it's not enough to convince CIOs the device has a place in business.

In the latest silicon.com CIO Jury, IT chiefs were asked whether they're planning to offer Apple's touchscreen device as part of their range of corporate mobile phones - and the vast majority of IT chiefs said they are not.

Though there are plenty of tools to help businesses shore up data, the lack of policy standards makes the task more difficult than it should be, says Quocirca's Bob Tarzey.

The UK's MPs may rue the day a disk listing details of their expenses was leaked to the Daily Telegraph from the House of Commons Fees Office earlier this year, but they were going to be made public at some point anyway, courtesy of the UK's Freedom of Information Act which the MPs themselves passed in to law in 2000.

They're here - sort of. Twitter has launched the early beta phase of its "verified accounts" programme, a background-check for celebrities and other prominent users of the service to weed out impersonators and fake accounts. If they pass the test, they get a graphic "badge" much like a PayPal verified account's.

"We're starting with well-known accounts that have had problems with impersonation or identity confusion," an explanation from Twitter read. "We may verify more accounts in the future but because of the cost and time required, we're only testing this feature with a small set of folks for the time being. As the test progresses we may be able to expand this test to more accounts over the next several months."

Gordon Brown is bringing in the inventor of the web, Sir Tim Berners-Lee, to help open up government data.

Brown made the announcement in Prime Minister's Questions on Wednesday, during a speech on constitutional reform.

CIOs spend countless hours listening to suppliers pitch their technology, so silicon.com decided to make the process a lot more entertaining by putting the vendors on the spot. Welcome to 60-Second Pitch.

Suppliers have just one minute to pitch their product or service to a panel of current and former heads of IT, who then have the opportunity to quiz the vendor before giving the technology a green or red light - just for fun, of course.

Microsoft has released 10 security updates fixing a record number of Patch Tuesday holes, including one for a critical hole in Internet Explorer 8 that was exploited as part of a hacking contest at CanSecWest conference in March.

The bulletin addresses 31 vulnerabilities. A Microsoft spokesman said: "It's the most since Microsoft started releasing updates on a regular schedule of the second Tuesday of every month in October 2003."

Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the US Homeland Security Advisory Council (HSAC).

The HSAC members will provide recommendations and advice directly to secretary of Homeland Security, Janet Napolitano.

Microsoft will release 10 security updates on Patch Tuesday next week, including critical patches for holes in Windows, Internet Explorer, Word, Office and Excel.

In addition, Adobe said it will provide security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday in its first quarterly security update for its popular software for creating and reading PDF files. The critical update will be detailed on Adobe's security bulletin site.

Microsoft has tweaked the search filters on its new Bing search engine following criticism that its smart motion video feature allowed web surfers to watch porn without visiting adult websites.

The company announced the change in a blog post Thursday, as it also defended its approach to adult content in search results as a "more conservative approach than others in the industry".

Police are in talks with companies about deploying a tool to detect evidence of illegal activity on PCs, aiming for it to be as easy to use as a breathalyser.

Officers in the Association of Chief Police Officers' (Acpo) e-crime group are looking into commercial devices that can search text, pictures and computer code on a hard disk for material of interest.

More than a year after appearing on the statute books, the info watchdog's power to fine is not yet operational. Lawyer Grant Campbell urges those involved not to lose momentum.

Data losses have provided the UK press with an ongoing stream of stories for more than 18 months now.

RIM has warned of critical bugs in its BlackBerry Enterprise Server and BlackBerry Professional Software that could be used to shut down a server or execute malicious code.

The bugs are the latest to affect the PDF distiller component of the BlackBerry Attachment Service. The PDF distiller has been hit by three similar bugs in recent months, all of a serious nature, RIM said in an advisory.

President Obama on Friday said the US government is "not as prepared" as it should be to respond to disruptions caused by computer or internet attacks and announced that a new cyber security co-ordinator position would be created inside the White House staff.

The still-to-be-named co-ordinator will oversee a new bureaucracy tasked with digital infrastructure protection, which had previously been handled by the Department of Homeland Security. "We will ensure that these networks are secure, trustworthy and resilient," Obama said. "We will deter, prevent, detect and defend against attacks and recover quickly from any disruptions or damage."

David Lister has held senior IT roles at Boots, Reuters and RBS. He talks to Nick Heath about why he left RBS and how he will meet the challenges ahead as group CIO for National Grid.

Wherever David Lister goes, change almost always follows.

HSBC is fighting financial fraud by overhauling its approach to transaction monitoring and examining how emerging technologies could improve security.

The bank is looking to bring all of its fraud detection systems onto a single platform, its head of group fraud risk at HSBC, Derek Wylde, told silicon.com.

The Information Commissioner's Office is putting pressure on the NHS to improve data security at its facilities, following a string of breaches.

In the past six months, the privacy watchdog has taken action against 14 Department of Health organisations that have exposed private data, a spokesperson for the ICO said on Tuesday.

Adobe said on Wednesday it will release quarterly security updates to coincide with Microsoft's Patch Tuesday as part of a new approach to product security for Adobe Reader and Acrobat.

The security updates will be delivered on a second Tuesday once a quarter, beginning this summer, Brad Arkin, director of product security and privacy, wrote in a blog post. Microsoft's Patch Tuesday updates are issued monthly on the second Tuesday.

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.

In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)".

Google's privacy counsel Peter Fleischer has said people "will get used" to Street View.

Last month, villagers in the Buckinghamshire town of Broughton surrounded a Street View car and forced it to leave, the Times reported. The villagers were worried that their houses may be targeted, following a spate of burglaries in the area.

The police cannot deal with the amount of information generated by CCTV cameras, according to the director of information for the Association of Chief Police Officers (Acpo).

Ian Readhead, director of information for the Acpo Criminal Records Office, said last week that police were being overwhelmed by the volume of such data, and that one of his major concerns was that police did not have the capability to track a car in real-time using the Automatic Number Plate Recognition System (ANPR).

The Serious Organised Crime Agency (Soca) has revealed some of its crime fighting successes over the last year.

Soca's annual report, published yesterday, details a year of fighting e-crime, from leading the UK operation to shut down the online forum DarkMarket and hunting the gang who tried to electronically transfer more than £229m from a London-based bank.