The Upload: Your tech news briefing for Wednesday, March 11

Most retailers don't meet card security standards... CDS inventor moves into bitcoin... HP embraces open hardware... and more tech news

A chip-enabled credit card, inserted into a store's reader.

A chip-enabled credit card, inserted into a store's reader.

Four out of five retailers don't meet payment card security standards

It's no surprise that so many data breaches involve the disclosure of credit card numbers: 80 percent of retailers failed to meet the Payment Card Industry Data Security Standard (PCI DSS) in a Verizon survey of 5,000 businesses worldwide, Reuters reports. In all the data breaches that Verizon studied, the company involved was not compliant at the time of the incident.

The inventor of credit default swaps is new CEO of bitcoin trading company

Amid the scandals and implosions of various first generation bitcoin exchanges, players with deeper financial industry backgrounds are moving onto the scene. The latest is Blythe Masters, who pioneered credit derivatives at JP Morgan and who, the Wall Street Journal reports, will be chief executive of trading platform Digital Asset Holdings. Given how the financial industry took the credit default swaps she invented and ran with them right into the 2008 global crisis, it's notable that she told the newspaper, "we can ultimately restore confidence and trust in financial markets and I believe this type of technology can move us in that direction."

HP embraces open hardware platform

Hewlett-Packard has rolled out new low-cost Cloudline servers that break from proprietary technology to use the standard specs defined by the Facebook-backed Open Compute Project. The new servers, to be built in partnership with Chinese manufacturing powerhouse Foxconn, will give HP an offering to compete with the white box offerings popular for cloud computing data centers.

Facebook shares its network switch with the world

In more OCP news, a network switch used by Facebook in its data centers will be available from Taiwanese maker Accton Technologies. Facebook is also developing a system with four single-socket servers, code-named Yosemite. Cisco and Juniper were among the other new OCP members announced Tuesday.

Top-of-the-line Apple Watch expected to play well in China

Wonder who is going to pay $17,000 the for the priciest Apple Watch? Analysts expect that price will be no object to status-seekers in China's luxury market, one of the first locations to receive the device when it goes on sale on April 24. "The gold edition of the Apple Watch is likely to do well in China, where the well-heeled market will grab the available units as a status symbol to own one," said IDC's Kenneth Liew.

Controversial phone scanning tech was a joint CIA-DOJ project

Technology used within the US to locate individuals' phones by mimicking a cell-phone tower from an airplane was jointly developed by the CIA, which is supposed to be limited to overseas spying, and the US Department of Justice, the Wall Street Journal revealed on Tuesday. That makes the program doubly controversial: Not only is it a potential violation of the privacy rights of innocent parties whose phone locations are caught up in the scan, but the WSJ also says that some in law-enforcement "are concerned the aerial surveillance of cellphone signals inappropriately mixes traditional police work with the tactics and technology of overseas spy work that is constrained by fewer rules."

Using Facebook login? This tool will hack your account

A security researcher who is frustrated that Facebook won't fix a flaw in its sign-on for third-party sites has released a tool that lets hackers generate URLs that can hijack accounts. Reconnect takes advantage of a cross-site request forgery issue in Facebook Login. Egor Homakov, a researcher with security firm Sakurity, disclosed the issue on his personal blog more than a year ago, after Facebook declined to fix it, but now he's raising the stakes by releasing the tool.

Chillax Windows users: Microsoft has fixed the FREAK vulnerability in the OS

As part of its monthly Patch Tuesday round of software fixes, Microsoft tackled the FREAK vulnerability in Windows. FREAK, which stands for "Factoring attack on RSA-EXPORT Keys," was discovered last week and is a vulnerability in SSL/TLS that could let bad guys pull off "man in the middle" attacks and intercept secure network communications. It isn't specific to Windows, but the OS was definitely a major vector for exploiting the flaw.

Watch now

Solar Impulse 2 started a round-the-world journey this week; here's video of the plane as it took off.

One last thing

Markus Persson's Minecraft is seen as this generation's Lego, but what's happened to him since he sold his company to Microsoft? Forbes profiles a billionaire at loose ends.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplesecurityDigital Asset HoldingsMicrosofthardware systemsinternetHewlett-PackardFacebook

More about AcctonAppleCiscoDepartment of JusticeDOJFacebookFoxconnHPImpulseinventorJP MorganJuniperMicrosoftMorganRSATechnologyUS Department of JusticeVerizonWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by IDG News Service staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place