After weak encryption was found in Google email, US-CERT warns that Domain Keys Identified Mail (DKIM) email is vulnerable to spoofing. Google, Microsoft, and Yahoo report they've remediated their DKIM vulnerabilities.
CheckPoint suggests Iran might not be the only actor behind the Izz ad-Din al-Qassam Cyber Fighters' "Operation Ababil," but most observers (especially in the US) continue to attribute the anti-banking campaign to the Islamic Republic. DDoS attacks use open DNS resolvers to "amplify" their attacks, which places affected organizations under serious stress.
Ordinary cyber criminals have not been idle. "Operation High Roller" attacked file transfer systems serving wealthy banking customers, an Ohio hospital suffers a data breach, and a phishing campaign exploits Twitter users. Law firms and corporate counsels find that e-discovery exposes them to identity theft.
Gartner tells its corporate audience it needs to "play offense" on cyber. As the US Congress looks for ways to finesse budget sequestration, insiders suggest that the days of a blank check for security are over. Lockheed Martin, Intel, AMD, Honeywell, and RSA found the Cyber Security Research Alliance, a not-for-profit devoted to attacking cyber "grand challenges."
Britain's GCHQ hopes to certify IA experts. The US Army pushes for more cyber offensive capability and offers Foreign Policy a look inside the 780th Military Intelligence Brigade. Australia prepares a major defense policy statement addressing cyber operations. Huawei looks for Australian friends in its ongoing espionage squabble with the US: the Chinese telecom manufacturer offers the Australian government full access to its source code.