Top 10 Stories

The Register: The dangers of writing passwords down on paper were laid bare in the Japanese airport of Haneda this week after a member of staff managed to lose a note containing key security codes ahead of US president Barack Obama’s arrival today. The unlucky Skymark Airlines employee dropped the memo – which contained a list of the codes – on the departure lobby floor on Sunday afternoon, a transport ministry official told AFP.

Insurance News: Millions of consumers have had their personal information stolen by computer hackers, and security experts report foreign cyberattacks on military, business and governmental databases.So it probably shouldn't come as huge surprise that security at the nation's power companies could be breached by hacking. What is surprising is how easy it was.  

  Adding to a list of high profile targets that includes Comcast, NullCrew released on Sunday evidence it added a major "people finder" data broker, the UN's aviation regulation and security arm, the University of Virginia, Telco Systems and others to its growing catalog of those it has hacked and humiliated. The hackers of NullCrew claim in its Pastebin (e-zine) called "FTS Zine 5" that it also broke into Ukraine's science center, where they claim to have discovered...

  BBC: A leading sports file-sharing site has shut down after a UK police force threatened its operators with jail. The Sports Torrent Network had offered links to European football matches, US National Hockey League games, Formula 1 races and sports-related documentaries, among other content. Torrentfreak reported TSTN had about 20,000 members, making it "possibly the largest site of its type".  

Veracode: For years, security experts and thought leaders have railed against the concept of “security through obscurity” – the notion that you can keep vulnerable software secure just by preventing others from understanding how it works. Corporate executives worried about relying on open source operating systems and software like the Linux operating system – whose underlying source code was managed by volunteers and there for the whole world to see.  

  Infosecurity: The Heartbleed flaw in OpenSSL is continuing to leave gaping holes in the security perimeter for organizations worldwide, including within industrial control systems. It turns out that certain Siemens and Innominate ISC products are vulnerable to this latest threat. Heartbleed is a flaw the OpenSSL implementation of the transport layer security/datagram transport layer security (TLS/DTLS) heartbeat functionality that could disclose private/encrypted information to an attacker.  

IT News: Americans with accounts on US President Barack Obama's health insurance enrollment website have had their passwords reset to guard against the "Heartbleed" bug, acccording to a message posted on the site on Saturday. The warning marks the latest fallout from the widespread security bug, which surfaced this month and allows hackers to steal data online without a trace. Companies from Amazon to Google have been forced to take steps to protect against Heartbleed.  

The Hacker News: Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the “Heartbleed” security vulnerability in OpenSSL running in the client’s SSL VPN concentrator to remotely access active sessions of an organization's internal network.  

SC Magazine: While there is no significant difference between the number of security vulnerabilities found, on average, in widely used programming languages, like .Net, Java and ASP, the number of days it takes to make fixes can differ noticeably, a WhiteHat Security report reveals. The 2014 Website Security Statistics Report found that cross-site scripting (XSS) was the top vulnerability found in all languages, except .Net. That programming language was primarily plagued with information leakage, last year's number one...

  BBC: Taxpayers' personal data could be shared with private firms under plans drawn up by Revenue & Customs (HMRC). If given the go-ahead it would allow HMRC to release anonymous tax data to third parties including companies, researchers and public bodies. But former Conservative minister David Davis told the Guardian the plans were "borderline insane".