Top 10 Stories

The Register: A report from the Rand Corporation suggests the increasing market for software vulnerabilities that can be sold legitimately is tempting the most 1337 hackers and crackers to go legit, rather than suffer the vagaries of the black market in code and credentials. "There's an economic seesaw in the market," Michael Callahan, VP of security products at Juniper Networks, told The Register. "At a point it becomes more attractive to sell on the legitimate market...

Spiegel: Documents show that Britain's GCHQ intelligence service infiltrated German Internet firms and America's NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation? The headquarters of Stellar, a company based in the town of Hürth near Cologne, are visible from a distance. Seventy-five white antennas dominate the landscape. The biggest are 16 meters...

  The Hacker News: The Distributed Denial of Service attack has become more sophisticated and complex and therefore has become one of the favorite weapon for the cyber criminals to temporarily suspend the services of any host connected to the Internet and till now nearly every big site had been a victim of this attack, from WordPress to online game websites. According to the new report released by a US based security solutions provider Incapsula, DDOS...

Register: The cleverest clogs of MIT have squared up to the NSA after claiming to have developed a PRISM-proof encryption system. Dubbed Mylar, the spook-bane allows devs to build web applications which are protected from attackers, even if they have access to the server that stores the software. Its creators were upset that anyone who had access to a server, be they "an attacker, a curious administrator, or a government", were able to run riot through...

The Register: DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites. More than a quarter of all botnets are located in either India, China and Iran. The study, by DDoS mitigation firm Incapsula, ranks the US as number five in the list of “Top 10” attacking countries.  

Malwarebytes: A fake PayPal email, addressed “Dear PayPal”, with an attachment to fill in? What could possibly go wrong? The form asks for: Email address, full name, PayPal password, DOB, billing address / town, county, postcode, home phone, credit / debit card number, expiry date, security code and sort code. Of course, you shouldn’t fill this in or hit the “Send” button – just delete the attachment and send the mail to the spam folder.

BBC: A UK industry regulator has called for the law to be changed to require pornography sites to carry out age checks before granting access. Video-on-demand watchdog Atvod said the government must act to protect children from seeing graphic adult material. Video-on-demand watchdog Atvod said the government must act to protect children from seeing graphic adult material. It said credit and debit card operators would be forbidden from processing payments from British customers to sites that did...

BBC: Turkey has moved to block access to YouTube, a day after a court ordered the suspension of a ban on Twitter, which PM Recep Tayyip Erdogan backed. The telecoms authority (TIB) said it had taken an "administrative measure" against the site but another report suggests that talks are under way. The telecoms authority (TIB) said it had taken an "administrative measure" against the site but another report suggests that talks are under way.

  Data Breaches: Gallagher & Kennedy has served the Maricopa County Community College District with another notice of class-action claims on behalf of approximately 2.5 million students, parents and others whose private, confidential information was compromised in a massive data breach. Gallagher & Kennedy has served the Maricopa County Community College District with another notice of class-action claims on behalf of approximately 2.5 million students, parents and others whose private, confidential information was compromised in...

Net Security: Some newer variants of the Gameover Zeus Trojan, which is exceptionally good at using complex web injections to perform Man-in-the-Browser (MITB) attacks and gain additional information about the victims to be used for bypassing multi-factor authentication mechanisms and effecting social engineering attacks, has been spotted targeting users of popular employment websites. They initially focused on CareerBuilder.com (largest employment website in the US), but now also on Monster.com (one of the largest in the world).