Stories by: Robert Vamosi

Your personal data is out there. Every thought you tap out on Twitter, every status update you post on Facebook, and even the last credit card purchase you made is accessible via the Internet.

You're in a restaurant, enjoying a deep conversation. Peripherally, you see the waiter take your credit card and return a few minutes with a slip for you to sign. You think nothing of it until a few hours later when you receive a call from your bank: Someone is racking up serious debt on your credit card, mostly for electronics purchases. Is it you?

In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook's controversial Instant Personalization feature. The exploit ran on Yelp, one of the three sites that Facebook had selected to test Instant Personalization. Deglin was able to obtain not only Facebook profile information shared with Yelp but also the e-mail addresses for that profile's Facebook friends--a potential gold mine for marketers and spammers alike.

Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

This past January, the health organisation Kaiser Permanente reported a theft of an external hard drive from an em­­ployee's car. The hard drive contained data on about 15,500 Northern California patients, including their full names, medical record numbers, and, in some cases, gender, dates of birth, and other info on treatment and care received at Kaiser (but not patients' social security numbers or financial data).

Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.

As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.

At the Black Hat security conference on Wednesday, former Google VP of Engineering Douglas Merrill gave the opening keynote presentation, and it wasn't a traditional security industry talk. The takeaway: Let users dictate enterprise security needs.

In June, the world watched as tweets from the streets of Tehran flooded Twitter. Frequent Twitter users--and people who hadn't even heard of the microblogging service--were suddenly and simultaneously witnessing its potential.

Writing in the latest issue of Virus Bulletin (registration required), two Symantec researchers report what they believe is the first evidence of a major botnet consisting of compromised Macs.