Welcome to our first issue of This Week's [in]Security.  We've collected and grouped together a selection of this week's news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• The PCI SSC needs help to update cloud guidance https://www.pcisecuritystandards.org/getinvolved/specialinterest_groups
• No we’re not weird for doing this https://krebsonsecurity.com/2017/03/why-i-always-tug-on-the-atm/
• (Older article) RSPA blog on QIR’s http://www.gorspa.org/visas-qir-mandate-dont-ask-dont-tell/

Breaches

• Breach level index http://breachlevelindex.com/ and an article on it https://www.theregister.co.uk/2017/03/28/breach_bonanza/
• Hong Kong loses 3.7M voter records http://www.databreachtoday.com/hong-kong-loses-37-million-voter-registration-records-a-9802
• Big Mac jobs hack attack http://www.theglobeandmail.com/report-on-business/mcdonalds-canada-says-careers-website-hacked/article34520589/
• FBI warns of anonymous FTP http://www.databreachtoday.com/fbi-warns-healthcare-entities-threats-to-ftp-servers-a-9800
• Google warns users of government backed hacking attempts https://security.googleblog.com/2017/03/reassuring-our-users-about-government.html
• Some nation state actors not even trying to conceal themselves https://www.theregister.co.uk/2017/03/30/kremlinbackedapt28doesnthideits_attacks/

Lawful Access / Back-doors

• UK calls for government back-doors after Westminster Bridge attack http://www.databreachtoday.com/british-home-secretary-demands-backdoored-communications-a-9796
• Tech firms say not so fast https://www.theregister.co.uk/2017/03/27/whatsappcryptorow/
• How to start a lawful access policy discussion https://freedom-to-tinker.com/2017/03/27/how-to-analyze-an-encryption-access-proposal/
• Implications of how lawful access might work https://freedom-to-tinker.com/2017/03/29/questions-for-the-fbi-on-encryption-mandates/
• EU set to require lawful access https://www.theregister.co.uk/2017/03/30/ecpushencryption_backdoors/

Bugs

• Unpatchable and help for the unpatchable https://www.theregister.co.uk/2017/03/31/microsoftwontpatchserver2003/
• Another big Lastpass security bug https://www.theregister.co.uk/2017/03/27/lastpassconfirmsmajor_flaw/
• Miele dishwasher IoT directory traversal bug https://www.theregister.co.uk/2017/03/26/mielejoinsinternetofsthallof_shame/
• More on iPhone malware https://www.theregister.co.uk/2017/03/27/mobile_threats/
• New application layer Mirai DDoS https://www.theregister.co.uk/2017/03/29/mirai_variant/
• Call for FCC to act on SS7 telephony flaws https://www.theregister.co.uk/2017/03/30/fccmustactonss7/

Privacy

• FCC conflicted over Cyber https://www.theregister.co.uk/2017/03/10/fccunderfireforditching_cybersecurity/
• FCC privacy protections about to be removed http://www.databreachtoday.com/fcc-privacy-rule-presidential-signature-away-from-being-axed-a-9801
• Krebs on FCC privacy implications https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/
• Schneier on this issue https://www.schneier.com/blog/archives/2017/03/congress_remove.html

Other Security

• New Fiesty Duck: Google spanks Symantec, new TLS 1.3 draft, new DNS feature to show approved CA’s, TLS interception devices , post-quantum crypto techniques, changing the Open SSL license and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue26googleplanstodistrustallcurrentsymantec_certificates.html
• FBI InfoGuard’s lost TLD https://www.theregister.co.uk/2017/03/27/infragard_typosquatting/
• Designing hacking contests https://googleprojectzero.blogspot.ca/2017/03/project-zero-prize-conclusion.html
• On finding balance in automating incident response https://www.schneier.com/blog/archives/2017/03/security_orches.html
• Israeli police set to (finally) charge vDOS operators https://krebsonsecurity.com/2017/03/alleged-vdos-owners-poised-to-stand-trial/
• iOS 10.3 and new encrypting file system out https://www.theregister.co.uk/2017/03/28/applefilesystem_debuts/
• Proposal for protecting privacy in searches via FSS https://www.theregister.co.uk/2017/03/28/functionsecretsharing/
• What’s behind the TSA laptop ban https://www.schneier.com/blog/archives/2017/03/thetsasselect.html
• UK/EU security a Brexit bargaining chip http://www.databreachtoday.com/brexit-blues-uk-threatens-to-cancel-security-cooperation-a-9806

Off-Topic

• Mission to Titan? http://www.universetoday.com/134677/what-about-a-mission-to-titan/
• A different type of solar power to extract hydrogen http://www.universetoday.com/134633/german-largest-artificial-sun-generate-climate-friendly-fuel/
• Super massive black-holes dance http://www.universetoday.com/133511/watch-stars-orbit-milky-ways-supermassive-black-hole/