CANCUN, MEXICO - A prominent privacy activist says that leading software vendors, and the U.S. government are failing the public when it comes to Internet privacy, and that big changes are needed to prevent consumers from criminals, advertisers and government spies.

CANCUN--For people who follow the developments in the security and research communities, it's easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are bad there, you may not want to look at what's happening in the ICS and SCADA communities. It's getting ugly early.

CANCUN, MEXICO -- A panel of top law enforcement officers in charge of cyber criminal investigations reveals that the guys with the white hats face an uphill climb if they want to take down cyber criminal kingpins, with outdated laws and processes on the one hand, and an increasingly skeptical and privacy-conscious public on the other.

After a couple of years of seeing headlines announcing a steady stream of pieces of malware and trojaned apps appearing the Android Market, Google finally has taken steps to find and remove malicious apps from the market automatically. The company has unveiled a service called Bouncer that scans apps and looks for known malware as well as potentially malicious behavior.

CANCUN--Facebook is a lot of things, and one of the things that it's become of late is a fertile green field for attackers and scammers of all stripes. The Koobface worm is perhaps the most famous threat to hit the network, but the more mundane ones, such as scammers generating fake profiles automatically to spread spam and malicious URLs are becoming more and more prevalent, researchers say.

CANCUN--The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software--especially after deployment--has reached the point that it's now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking to exploit bugs.

Apple has released a massive set of patches for a wide range of security vulnerabilities in a number of its products and components, including OSX Lion and QuickTime. The patches, which are rolled up in OS X 10.7.3, fix a slew of serious bugs, many of which can be used to execute remote code on vulnerable machines.

Verisign, the Internet security company responsible for management of the .COM domain, told federal regulators that it was the victim of several successful attacks in 2010, but that those incidents were not reported to the company's management until September, 2011. The news was first reported by Reuters.

Threatpost's exclusive interview with Ralph Langner continues, as our conversation shifts from  the legacy of the Stuxnet worm to larger issues facing the critical infrastructure sector including mounting attacks, tensions between vendors and security researchers over responsible disclosure, and what's needed to secure critical infrastructure and industrial control systems.  

A new report finds that the 'bad guys' are winning, and that most nations are ill-prepared for crippling cyber attacks.