As Red October finishes rolling up its command-and-control infrastructure, security engineers discuss the technical elements of attack attribution, why attribution is so difficult, and whether it's even worthwhile.
DDOS campaigns mounted through botnets will continue to give banks headaches, and here's another headache, not confined to banks: "Distributed Spam Distraction"—a heavy influx of spam messages—can serve as cover for online theft.
Oracles recent Java patches have included some third-party toolbars, industry observers note with disapproval. A phishing campaign is using bogus DocuSign messages to target enterprises through their employees.
Cyberwarzone discusses Blue Coat and Fin Fisher, and what they mean for online anonymity. Mega (Megaupload rebranded and repurposed as a storage service) scrambles to fix vulnerabilities.
FaceWash offers university students a way of cleaning up their social media history before they hit the job market. ReVuln is developing a hot-patching service for SCADA systems.
DARPA's "Plan X" sponsors research into targeted attack analysis. Google recently hired Ray Kurzweil, who in an interview says he'll focus on computers' natural language capabilities. Natural language is also of interest to password crackers: researchers at Carnegie Mellon and MIT introduce grammar-recognition into a cracking tool they've added to John the Ripper.
Dawson College's expulsion of Ahmed Al-Khabaz shows the cultural gap that persists between the academic and industrial worlds. Dawson expelled the student (who understood himself as a white hat hacker) for "unprofessional conduct," yet Al-Khabaz is now sought-after by companies who value his skills (and apparently agree he's a white hat).