Twitter bans SEA hacktivists, and the Syrian Electronic Army vows retaliation. Other loosely affiliated hackers make low-grade hits on Australian and New Zealand sites, targets-of-opportunity in a campaign against nations deemed insufficiently enthusiastic for Bashir Assad. Other cybervandalism appears in the Philippines and South Asia.
BlackHat has wrapped up. Some of the more interesting vulnerability demonstrations include an exploit that bypasses SSL encryption on HTTS-protected sites, the use of Javascript and timing attacks to steal browser information, methods of bypassing file-based sandboxes, simulation of a "catastrophic" SCADA attack, and vulnerabilities in oil platform infrastructure. (Industrial control system threats are beyond proof-of-concept: a honeypot's results show that water infrastructure SCADA systems are indeed being probed.)
Other attack techniques in the air today include "stepping stone" infected sites as a route to desirable targets, creative backdoors, and analysis-resistant malware used in Bitcoin mining.
Government surveillance remains in the news, as VPN vulnerability to snooping is reported. Concerns about extensive cooperation with NSA surveillance rise in New Zealand and the United Kingdom; South African media wonder about their country's policies. The US Congress seems poised to restrict some NSA programs.
Cloud providers concerned about their business, post-Snowden, consider "no-knowledge" offerings. A new startup offers the services-for-hire of bug-bounty winners.
UCLA researchers' "jigsaw" approach to software encryption draws more attention. At BlackHat, panelists warn that the industry-standard RSA algorithm will soon be broken, and that new cryptographic approaches are badly needed.
Google's new Moto-X phone may prove an interesting case study of security design.