Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Are you ready, one year to complete SSL/early TLS migration https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
• How to simplify (reduce) PCI compliance using P2PE, NESA, or E2EE solutions https://controlgap.com/blog/understanding-encryption-and-pci-compliance/
• New PCI PTS PIN guidance: Cryptographic Key Blocks Information Supplement  https://www.pcisecuritystandards.org/documents/CryptographicKeyBlocksInformationSupplementJune2017.pdf
• Krebs on skimmers https://krebsonsecurity.com/2017/06/so-you-think-you-can-spot-a-skimmer/
• Visa about to demo B2B blockchain http://www.pymnts.com/news/b2b-payments/2017/visa-ready-for-blockchain-b2b-payments-demo/
• MasterCard's 2-BIN range now in full effect, non-compliance fines may be coming https://www.linkedin.com/pulse/gas-stations-credit-processing-being-shut-down-derrick-hess-cpp

Breaches / Leaks

• Microsoft Shared Source Kit including: Windows 10 and Server 2016  builds and internals leaked online https://www.theregister.co.uk/2017/06/23/windows10leak/

Lawful Access / Back-doors / Regulations

• Why Stronger Patents Act will hurt US business and innovation https://www.eff.org/deeplinks/2017/06/how-the-stronger-patents-act-would-send-innovation-overseas
• Australia now pushing Five Eyes on encryption backdoors https://www.theregister.co.uk/2017/06/26/australiangovtpromisestopushfiveeyesnationstobreakencryption/
• Controversial extraterritorial net censorship ruling by Canadian Supreme Court https://www.eff.org/deeplinks/2017/06/top-canadian-court-permits-worldwide-internet-censorship
• Challenge to UK mass surveillance law https://www.theregister.co.uk/2017/06/30/libertygetsgreenlighttochallengesnoopers_charter/

Bugs

• Another remote execution bug in the Microsoft malware protection engine https://threatpost.com/another-rce-vulnerability-patched-in-microsoft-malware-protection-engine/126536/
• Cisco & Spotify ship private keys in apps, misc bugs, new quantum crypto research, deprecating TLS 1.0, and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue29ciscoandspotifyshipprivatekeysin_applications.html

Privacy

• Krebs looks at dealing with annoying Robocalls https://krebsonsecurity.com/2017/06/got-robocalled-dont-get-mad-get-busy/
• Google will end email content scanning https://epic.org/2017/06/google-to-end-email-content-sc.html
• EFF asks Supreme Court to review warrantless real-time cell phone tracking https://www.eff.org/press/releases/eff-supreme-court-no-real-time-cell-phone-tracking-without-warrant
• Websites grabbing data even if you don't hit submit may be illegal https://www.schneier.com/blog/archives/2017/06/websites_grabbi.html
• AMT vulnerability in industrial control systems https://threatpost.com/siemens-patches-critical-intel-amt-flaw-in-industrial-products/126652/

Hacking / Malware / Cybercrime

• Petya is another EternalBlue based ransomware https://threatpost.com/second-global-ransomware-outbreak-under-way/126549/ and https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
• Petya may just have been malicious malware posing as randsomware https://www.theguardian.com/technology/2017/jun/28/notpetya-ransomware-attack-ukraine-russia
• FBI reports on US cyberfraud losses https://krebsonsecurity.com/2017/06/fbi-extortion-ceo-fraud-among-top-online-fraud-complaints-in-2016/
• UK Parliament accounts under siege http://www.databreachtoday.com/british-parliament-targeted-by-brute-force-email-hackers-a-10049

Other Security / Risk

• A look back on the DAO Ethereum Blockchain hack/hard fork and discussion https://www.schneier.com/blog/archives/2017/06/articleonthe_.html
• Breaking AES keys on an ARM by power consumption monitoring https://www.theregister.co.uk/2017/06/23/aes256cracked50seconds200kit/
• Internet fargility and costs https://www.theregister.co.uk/2017/06/13/markpescecolumn/
• Closed vs. open source crypto debate http://blog.erratasec.com/2017/06/a-kindly-lesson-for-you-non-techies.html
• UK electric grid cyberrisk https://www.theguardian.com/technology/2017/jun/25/uk-electricity-grid-cyber-attack-risk-energy-industry
• Security by Obscurity and FAA rules https://www.schneier.com/blog/archives/2017/06/thefaais_argu.html
• Encrypted Content-Encoding for HTTP, basically IETF proposal for HTTPS at rest https://www.theregister.co.uk/2017/06/27/mozillaengineerspotsagapinwebsecurityreachesforthepatchkit/
• Microsoft ripped for dishing really terrible crypto advice on TechNet https://medium.com/@bob_parks1/how-not-to-encrypt-a-file-courtesy-of-microsoft-bfadf2b0273d for this https://support.microsoft.com/en-us/help/307010/how-to-encrypt-and-decrypt-a-file-by-using-visual-c
• Within 48 hours Microsoft pulled the linked article but left its cousin at https://support.microsoft.com/en-us/help/301070/how-to-encrypt-and-decrypt-a-file-by-using-visual-basic-.net-or-visual
• FBI interviews US employees of Kaspersky Labs https://www.theregister.co.uk/2017/06/28/kasperskylabusstaffquestionedbyfbi/
• Ed Felton discusses claims in EU's $2.7B Google fine https://freedom-to-tinker.com/2017/06/28/european-authorities-fine-google-for-search-tactics/

Off-Topic

• The best image yet of the surface of the star Betelgeuse a red supergiant  and one of the 5 closest supernova candidates to us  https://www.universetoday.com/136220/amazing-new-views-betelgeuse-courtesy-alma/ and http://www.syfy.com/syfywire/betelgeuse-is-lumpy-except-not-really and a collection of (older) Betelgeuse images and facts http://mangsbatpage.433rd.com/2009/01/betelgeuse-betelgeuse-betelgeuse.html