Top 10 Stories

New York Times: Julia Roberts’s smile is insured. So are Heidi Klum’s legs, Daniel Craig’s body and Jennifer Lopez’s derrière. But the fastest-growing niche in the industry today is cyber insurance. Specialized policies to protect against online attacks are offered by about 50 carriers, including big names like the American International Group, Chubb and Ace. As data breaches have become a reality of the business world, more companies are buying policies; demand increased 21 percent...

Business Week: That’s the main message from former U.S. intelligence officials, who in a report today outlined scenarios for how $445 billion a year in trade theft due to computer hackers will worsen. They warned that financial companies, retailers and energy companies are at risk from thieves who are becoming more sophisticated at pilfering data from their servers.  

Softpedia: A new phishing scam is targeting Netflix users by telling them that their accounts were canceled due to a payment issue. The purpose of the scam is gathering credit card information from unsuspecting users. The message received by users is rather brief and only states that “there was a problem processing your credit card,” and asks people to update the information to keep the account active; a typical phishing scheme.

Techcrunch: It’s 2014. Do you know where your security is? On Tuesday, Google published a full account of the current state of encryption in email, revealing that some leading providers like Comcast and France’s Orange encrypted nearly none of the email that approached its servers. The news this week seemed to confirm many of our worst fears about the state of security on the Internet (as it does most weeks). In China, this week marked the...

Arstechnica: The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking. The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other...

Threatpost: On the anniversary of the first news reports on NSA surveillance, Microsoft general counsel Brad Smith seized the opportunity to draw a line in the sand with the U.S. government. Smith challenged the government curtail surveillance because it’s hurting business and impaling privacy and civil liberties.

The Register: Microsoft is planning to deliver seven bulletins next week in its scheduled monthly update. The company has posted its advanced notification for the upcoming Patch Tuesday security release, which it said will consist of two critical bulletins and five others rated as important. The company has posted its advanced notification for the upcoming Patch Tuesday security release, which it said will consist of two critical bulletins and five others rated as important.

Arstechnica: A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet's most widely used method for encrypting traffic traveling between end users and servers. The TLS bypass exploits work only when traffic is sent or received by a server running OpenSSL 1.0.1 and 1.0.2-beta1, maintainers of the open-source library...

Krebs on Security: The Internet of Things is coming….to a highway sign near you? In the latest reminder that much of our nation’s “critical infrastructure” is held together with the Internet equivalent of spit and glue, authorities in several U.S. states are reporting that a hacker has once again broken into and defaced electronic road signs over highways in several U.S. states. Earlier this week, news media in North Carolina reported that at least three highway...

Washington Post: As the intelligence community continues its assessment of the damage caused by Edward Snowden’s leaks of secret programs, Director of National Intelligence James Clapper says it appears the impact may be less than once feared because “it doesn’t look like he took as much” as first thought.   “We’re still investigating, but we think that a lot of what he looked at, he couldn’t pull down,” Clapper said in a rare interview at...