Top 10 Stories

  The Register: Ten days ago IBM issued ”A Letter to Our Clients About Government Access to Data” that, as we reported, swore on all that is good and holy that it did not hand over data to the NSA and would never do such a thing. But the letter did not satisfy security commentator Bruce Schneier who's penned an open letter of his own to Big Blue.  

Arstechnica: Back in January, after receiving the recommendations of the panel he formed to examine the National Security Agency’s surveillance programs, President Barack Obama said he wanted to end the NSA’s mass collection of Americans’ phone call records—without crippling its ability to conduct surveillance. The President gave the Justice Department and the Office of the Director of National Intelligence until March 28 to come up with a plan to make it happen. That date wasn’t...

  CSO: Three years before Australia banned Huawei from bidding for the National Broadband Network (NBN), the US National Security Agency (NSA) burrowed into the company’s networks to steal email and product source code, according to reports published on Saturday. The networking giant was hacked by the NSA as part of “Shotgiant”, an operation that by 2009 had given the agency more information on the company than it knew what to do with, according to...

Arstechnica: On Saturday, the New York Times published an article based on slides obtained from former NSA contractor Edward Snowden as well as interviews with anonymous intelligence officials that alleged the NSA had broken into the servers of Chinese telecom giant Huawei. There, the spy agency obtained sensitive information about the company's routers and switches that served to link its customers to its network. The NSA also monitored the communications of Huawei's executives, theNYT reports. The US has long...

  CNN Money: The company's ability -- and willingness -- to take such an approach became apparent this week. Microsoft admitted in federal court documents that it forced its way into a blogger's Hotmail account to track down and stop a potentially catastrophic leak of sensitive software. The company says its decision is justified. From the company's point of view, desperate times call for desperate measures. "In this case, we took extraordinary actions based on the specific...

ZDNet: On the whole, mobile operating systems seem to be pretty secure, but new bugs uncovered in Google's mobile platform shows how every Android-powered device – more than a billion devices in all – are vulnerable to malware thanks to privilege escalation issues. Researchers from Indiana University and Microsoft published a paper that describes a new class of Android vulnerabilities called Pileup flaws. Pileup, which is short forprivilege escalation through updating, increases the permissions offered...

The Hacker News: Facebook just released a new programming language called 'HACK', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking. When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming...

Computerworld - A new entry in the cash-for-bugs business, the Internet Bug Bounty, recently paid out its first $10,000 rewards. And on Friday, one of the researchers who judges bug report entries issued a plea to other security experts to join the hunt for flaws in Adobe's Flash Player, the media player notorious for its vulnerability volume and frequent patching.  

  Beckershospitalreview.com:  Valley View Hospital suffered a data breach when hackers introduced a virus into the hospital's computer system that took screenshots of 5,400 patients' personal records. From Sept. 11, 2013, to Jan. 23 of this year, the virus collected patient data by taking screenshots of patients' records and storing the information in hidden, encrypted files within the hospital's system, according to a Denver Post report.  

Krebs on Security: The California Department of Motor Vehicles appears to have suffered a wide-ranging credit card data breach involving online payments for DMV-related services, according to banks in California and elsewhere that received alerts this week about compromised cards that all had been previously used online at the California DMV. The alert, sent privately by MasterCard to financial institutions this week, did not name the breached entity but said the organization in question experienced a “card-not-present” breach — industry...