itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."

Trailrunner7 writes "After years of saying that the company didn't need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws. Microsoft security officials say that the program has been a long time in development, and the factor that made this the right time to launch is the recent rise of vulnerability brokers. Up until quite recently, most of the researchers who found bugs in Microsoft products reported them directly to the company. That's no longer the case. The system that Microsoft is kicking off on June 26 will pay researchers $100,000 for a new exploit technique that is capable of bypassing the latest existing mitigations in the newest version of Windows."

msm1267 writes "Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user's device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user's Internet connection. Andreas Kurtz, Felix Freiling and Daniel Metz published a paper (PDF) that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system's complex programming layers."

First time accepted submitter dougkfresh writes "Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins." It does seem that Wordpress continues to be a particularly perilous piece of software to run. When popularity and unsafe languages collide.

alphadogg writes "Start-up Cumulus Networks this week has emerged with a Linux network operating system designed for programmable data centers like the ones Google and Facebook are building. The company's Cumulus Linux OS operating system includes IPv4 and IPv6 routing, plus data center and network orchestration hooks. Much like OpenFlow for independent, software-defined control of network forwarding, Cumulus Linux is intended to run on commodity network hardware and bring Open Source extensibility to high capacity data centers. The head of the company used to work for Cisco and Google." The distribution is based on Debian and ported to several router platforms. They claim to release most of their code Open Source, but there are at least a few proprietary bits for interfacing to the routing hardware itself.

An anonymous reader writes "As reported earlier on Slashdot it appeared the license covering the MySQL man pages was changed from the GPL to something less good. However, as speculated, this appears to be a bug." The build system was grabbing the wrong files, oops. The fix should be coming shortly: "Once the fixes have been made to the build system, we will rebuild the latest 5.1, 5.5, 5.6 releases plus the latest 5.7 milestone and make those available publicly asap."