Summary: Security failures in the news

● Germans devise attacks on Windows BitLocker (also see [1, 2])

German researchers have devised five methods that determined attackers can use to bypass hard-drive encryption in recent versions of Microsoft operating systems.

● Man loses fight against firm that suffered data breach

A Missouri man has lost his legal battle against an online prescription processor that suffered a security breach that exposed highly sensitive subscriber information.

John Amburgy alleged that Express Scripts was negligent because it failed to adequately safeguard customer data, including names, dates of birth, social security numbers, and prescription drug histories. He argued that the breach in October 2008 that exposed an unknown number of subscribers' details put him at risk of identity theft for which he was entitled to compensation.

● Thanksgiving Webcam Promo Leads to Malware

The US$10 webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was.

A week later, she's worried and upset because a CD that came with the camera contained a Web link that apparently infected her PC with fake antivirus software.

● Clientless SSL VPN Products Open Web Browser Security Hole

US-CERT has issued a warning about impacting dozens of clientless SSL VPN products it says can be exploited to break Web browser security.