A week in security: McAfee's update blunder

McAfee's security update backfired as users' systems crashed

It's been a bad week for Microsoft and McAfee, both of which suffered patch-related woes. Elsewhere, VeriSign's iDefense managed services arm warned of a major black market trade in compromised social networking accounts, while Veracode and ValidSoft released tools which could help security bosses mitigate growing threats.

First up, the European Commission has outlined plans for a security and criminal justice system overhaul known as the Stockholm Programme. The system will be deployed between 2010 and 2014, and will include stronger regulations on data protection and increased penalties for identity thieves.

Microsoft was forced to take down a security patch for Windows 2000 Server amid reports that the fix was not properly patching vulnerabilities in the Windows Media Services component. The company is working on an update for the MS10-025 patch, released last week as part of the monthly Patch Tuesday package.

McAfee, meanwhile, was forced to apologise after a recent update caused widespread system crashes on Windows XP SP3 systems. Cyber criminals leaped on the incident, using blackhat search engine optimisation techniques to trick users searching for information on the update to click on infected links.

Several reports this week highlighted increasing threat levels. VeriSign's iDefense managed security services arm warned of "exponential" growth in demand for black market data stolen from social networking sites, as criminals internationalise their campaigns.

The company uncovered evidence of one particular black market forum user, known as 'kirllos', who claimed to be selling 1.5 million compromised accounts in bulk quantities.