Each and every day, we write about the latest IT security news - and often our connection to the story ends right after we hit “Publish” in our CMS.

However, this week, the SC Magazine editorial team - as well as the hundreds of other employees of our publishing parent, Haymarket Media - are witnessing firsthand how potentially serious cyberthreats can be.

That’s because so far this week, we have received two separate emails from IT, one warning about a virus outbreak believed to be emanating from Facebook and MySpace, the other about the wicked Internet Explorer zero-day.

As a result, IT has recommended users browse the web on Firefox only until Microsoft issues a patch. (Considering the extent of this exploit, the fix might come before next month’s regularly scheduled security update).

OK, no big deal, I use Firefox anyway because I find it’s more stable on my work PC.

But it was the other email that is really going to hit home. IT has blocked access to Facebook and MySpace until our London offices contain the problem.

If you just heard a scream, it was me.

Now, one would think that because I write about this stuff, I might be more understanding to defense strategies that must be applied to remediate malware occurrences. After all, I knew exactly what IT was referring to in those emails.

But nope, I’m in serious withdrawal. Need my Facebook. (To bosses reading this: I only log onto Facebook while eating lunch. I swear).

Oh, well. IT has assured me that access to the popular social-networking sites should be returned to the good graces of our whitelist in short order.

And I always have my web-enabled cell phone if the urge gets really overwhelming.

This had to tick off a lot of people: I read this week that convicted New Zealand bot herder Owen Thor Walker, 19, did not receive any jail time for his lead role in a major botnet operation that involved at least eight Americans.

Instead, a judge gave him a fine, despite Walker admitting to running a botnet that compromised upward of a million computers. (By comparison, Robert Alan Soloway, who was charged in a similar FBI investigation, received a 47-month prison sentence).

Authorities in New Zealand defended the judge’s decision by saying:

“The worst thing that society could have done was put him in jail, where his mind would have been corrupted,” Maarten Kleintjes, head of e-crime at the New Zealand Police, said during an interview on New Zealand’s 60 Minutes show, according to an IDG News Service story.

While that may have been true, this type of mentality absolutely diminishes what law enforcement across the world is trying to do to stem the pervasiveness of botnets.

If cybercriminals know they’ll get off the hook because they are too smart to go to jail, then — I’ll just take a wild stab at this one — they’re going to keep doing it until they get caught.

Now, by all accounts, Walker may be far gifted than most crooks associated with botnets. And, according to the story, he’s currently working on the right side of the law, with a software company.

But still, this certainly sends the wrong message and only works to deter what is needed: A cooperative effort among back-end providers, ISPs, enterprises, law enforcement and end-users to eliminate bots and all they’re capable of, namely spam, DDoS attacks and information stealing.

If you do the crime, expect to do the time. Even if that means trading in your laptop for prison garb at the door.

** What is up with Apple’s flip-flop on its support note that recommended Mac users install anti-virus software?

First, Cupertino says users should deploy AV, then the company removes the note, calling it “old and inaccurate.”

My money is on this: Lots of media outlets picked up the story of Apple quietly encouraging users to install AV. That surprised the computing giant. They didn’t want potential customers to start thinking that Macs weren’t as safe as they have been made out to be.

So Apple, sensing a possible impact on its computer sales, decided the best way out of the problem was to remove the document and pretend like it was never there to begin with.

But with the sales of Macs rising and more malware writers taking notice, Apple will have to do something other than roll over and play dead the next time the conversation of AV comes up.

Something, soon, will have to give. Communication will be key.

*** All of us here at SC Magazine are counting down the minutes - literally, just check out the home page - until our inaugural, two-day SC World Congress kicks off next week at the Javits Convention Center in New York.

So far, the response has been great. Since this is our first event of this kind, there is certainly an air of anxiousness and tension, but considering our strong speaker list, we are confident the show will be a huge success.

It promises to be quite the event, with the goal of providing attendees with as much practical advice as they can carry out of the conference center doors.

If you can’t join us, please follow along with the latest news, photos and videos at SCMagazineUS.com.

In an era of shameless self promotion, it’s time to be shameless. SC Magazine is planning a conference, called the SC World Congress, that will bring to the New York area a roster of security luminaries that will, it is hoped, enhance the conversation on ways and means to address security threats.

I cannot add or detract from what the marketing folks have done here. It is for me, rather, to be dedicated here to the unfinished work of getting the word out in an informal way, adding to the effort thus far so nobly advanced.

Ooops, sorry to have injected the Gettysburg address into this discussion, but keep the date in December open.

Among the speakers we have scheduled are:

Rich Baich, principal for security and privacy, Deloitte and Touche. Rich has led multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Baich is former CISO at ChoicePoint where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee and the FBI. In 2005, Baich authored “Winning as a CISO,” a security executive leadership guidebook.

Steve Collins, director, Text 100 Public Relations. Steve Collins is a director at Text 100 Public Relations, a global PR consultancy. Steve manages the Text 100 North American Security Sector Team. Security clients represented by Steve and his team include Cisco, Corillian, the PCI Security Standards Council, IBM Tivoli, Bit9, Raytheon, and Websense. The team has more than 30 years of combined security experience in facets of security technology ranging from aviation security, biometrics, email filtering, encryption, homeland security, ID theft prevention, PKI, network security, spyware protection virus control and Web filtering technology.

Paul DeGraaff, chief security officer, American International Group. Paul DeGraaff is globally responsible for AIG’s Information Security Program. Paul has received several security awards, such as an award from The Secure Software Foundation at the 2005 RSA Show for leadership in secure software development, from Archer Technology for technology innovation in 2005 and Vanguard Integrity Professionals at their 2002 conference for contributions to the security community.

John Iannarelli, supervisory special agent, FBI. Supervisory Special Agent (SSA) John G. Iannarelli entered on duty with the Bureau in April of 1995. In recognition of his investigative work, SSA Iannarelli has received the FBI Director’s Distinguished Service Award. He is now at the Phoenix Division, where he currently serves as the supervisor of the Cyber squad, overseeing all Cyber investigations for the state of Arizona. Iannarelli is also an attorney admitted to the practice of law in California, Maryland and the District of Columbia.

Dan Lohrmann, chief security officer, State of Michigan. With the help of a mere 29 employees, Dan Lohrmann is responsible for safeguarding 19 state agencies, which equates to some 55,000 employees and their desktops, as well as the public at large. He has spent some 13 and a half years in the intelligence community, working much of that time with the National Security Agency (NSA). He graduated from Valparaiso University with a Bachelor of Science in Computer Science.

Winn Schwartau, founder, SCIPP International. Winn Schwartau thinks asymmetrically; some would say “Out of the Box”. If it’s originality in thought, writing, presentations or training, call Winn. He balances his time between writing, lecturing, teaching and building corporate and national security-awareness programs and consulting on cyber-conflict and Infowar to multinational organizations and governments worldwide. In addition to being called, “The Civilian Architect of Information Warfare,” he is one of the country’s most sought leading experts on information security, infrastructure protection and electronic privacy.

Neil Warner, chief information security officer, Go Daddy. Neil is responsible for the Go Daddy’s IT Security, Business Continuity, SSL Registration Authority, Spam/Abuse, IT Audit, Product Quality Assurance and IT Operation organizations. Before joining Go Daddy, Neil served as Director of Technology/Security for NDC Health, a health care information provider. Prior to that, Neil supervised computer operations and administration at Motorola Computer Group. Neil is a Certified Information System Security Professional and a Certified Business Continuity Professional.

Plan to attend and say hello.

You weren’t the only one who thought significant data breaches seem to be happening every day.

We did too.

With that in mind, SC Magazine is proud to announce the launch of its newest addition to the blogosphere, The Breach Blog, a chronicle of the latest data breaches to appear on front pages, TV screens and news websites across the country.

If a considerable amount of personal information is reported stolen, lost or hacked, readers can get the raw facts here, at The Breach Blog.

We have a new blog to brag about – one sure to catch the eyes of IT security professionals, researchers, C-level executives and vendors.

It’s the SC Magazine Labs Blog, and it’s the soapbox of Peter Stephenson, SC Magazine’s technology editor, and his staff.

It’s no secret that SC Magazine’s product reviews are the most highly regarded in the industry. Don’t believe us; see for yourself. Go to an IT security trade show, and you can’t miss high-scoring vendors proudly displaying SC Magazine product reviews at their booths.

So check out the SC Labs Blog – it’s the next best thing to being in the lab yourself.

Click here for the SC Labs Blog.

Welcome to SC Magazine’s News Team Blog

Every day, the reporters and editors of SC Magazine give you their views on what’s hot – from the journalist’s perspective – in information security.

If there’s a buzz about a new cyberthreat, trend, malware or vulnerability in SC Magazine’s newsroom, you’ll hear about it here first – from the reporters who spend their day monitoring IT security.

Enjoy!