Payment card security standard under fire

Security experts have criticised the new Payment Card Industry Data Security Standard, describing it as ineffective and immature, reports Computing.co.uk.

Alan Calder, chief executive at consultancy firm IT Governance, argued that many firms are still flouting the standard and escaping fines despite the deadline for compliance passing years ago.

"On the one hand, it is an exciting global standard, but penalties for non-compliance are still not clear," he explained. "It is not clear that the acquiring banks will levy big fines on companies [because the customer] may decide to go and bank somewhere else."

Web sites used for e-mail, banking, e-commerce and other sensitive applications just got even less secure with the release of a tool that siphons users' authentication credentials - even when they are sent through supposedly secure channels, says The Register.

Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim's browser into turning over the authentication cookies used to gain access to user account sections of a Web site.

Unlike an attack method known as sidejacking, it works with vulnerable Web sites even when a user's browsing session is encrypted from start to finish using the secure sockets layer protocol.

Facebook's facelift will become permanent for all its 100 million users, like it or not, reports The BBC.

Since unveiling the makeover seven weeks ago, Facebook had given users the freedom to stay with the old design or switch to the new one.

Now everyone will be forced to change despite groups forming on Facebook to protest the move. "It's pretty lame they couldn't let us keep the old design alongside the new one," said student Scott Sanders.

Google's Chrome browser has run into more privacy complaints and the search giant is moving to ease complaints about its Google Suggest feature used in Chrome and other products, says News Factor.

Unveiled in late August, Google Suggest helps users formulate more precise queries that yield more accurate results.

So instead of just "hotels in Florida", the technology will ask a "Did you mean?" question that encourages you to select a more specific query, such as "hotels in Miami, Florida" or "hotels in the Florida Keys".