Security

Overly broad U.S. government surveillance is breaking down trust on the Internet in ways that could hurt users everywhere and make it harder to launch new kinds of services, tech executives told a U.S. senator pushing for reforms.

Revelations about National Security Agency (NSA) monitoring are leading foreign governments to consider erecting barriers against the global Internet and requiring their citizens' data be stored in the same country, according to Sen. Ron Wyden, a Democrat from Oregon, and tech leaders who joined him at a roundtable in Palo Alto, California.

Computer code that can turn almost any device that connects via USB into a cyber-attack platform has been shared online. Computer security researchers wrote the code following the discovery of the USB flaw earlier this year.

The pair made the code public in an attempt to force electronics firms to improve defences against attack by USB.

Jonathan Hall was trying to help the internet. Earlier this week, the 29-year-old hacker and security consultant revealed that someone had broken into machines running inside several widely used internet services, including Yahoo, WinZip, and Lycos. But he may have gone too far.

The U.S. National Security Agency takes multiple steps to protect the privacy of the information it collects about U.S. residents under a secretive surveillance program, according to a report from the agency's privacy office.

Surveillance under presidential Executive Order 12333, which dates back to 1981, generally sets the ground rules for the NSA's overseas surveillance. It allows the agency to keep the content of U.S. citizens' communications if they are collected "incidentally" while the agency is targeting overseas communications.

The publishing world may finally be facing its “rootkit scandal.” Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well.

On Monday, KrebsOnSecurity notified MBIA Inc. — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search.

VISA's new token service aims to provide consumers a simple, fraud-free digital payment experience. It's a worthy goal, but one that may prove to be more aspirational than functional.

Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure.

What do you need in order to withdraw cash from an ATM? First, you need to have a debit or credit card, which acts as a key to your bank account. Second, you must know the PIN code associated with the card; otherwise, the bank wouldn’t approve the transaction. Finally, you need to have some money in your account that you can withdraw. However, hackers do things differently: they don’t need cards, PIN codes or bank accounts to get money. In reality, all they need is an ATM with some cash in it and a special piece of software.

Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.