Sino-American ties are strained by evidence of a massive Chinese cyber espionage campaign against US media outlets and other companies (among which utilities are curiously overrepresented). China's government categorically denies it all, but few observers are buying their protestations of innocence. (Wall Street Journal and New York Times editorial pages, rarely ideological bedfellows, read like Hearst and Pulitzer circa 1898.) Mandiant, whose investigation fingered the People's Liberation Army, stands by its report, and says (with commendable swagger) it expects retaliation. (CyberWire will follow Mandiant's fortunes with interest and best wishes.)
Lessons from this much-discussed imbroglio include the value of open sources (Anonymous rants and incautious Chinese operators' social media presence among them) and a corollary reminder not to mistake information's cost with its value. There's also a question: US-Chinese cyber conflict doesn't seem entirely like a war (the two countries remain close trading partners, even as the US Administration considers legal retaliation for Chinese hacking) but it isn't remotely an alliance, either. So what is it, and how can beneficial trade persist without unacceptable security risk?
McAfee researchers find a polymorphic autorun worm that evades detection through VM-awareness and advanced obfuscation.
Apple fixes its recently exploited Java vulnerability, Oracle issues another security patch, and Mozilla addresses PDF vulnerabilities. Adobe's promised patches have yet to appear.
US budget cuts are scheduled to hit next week. The US Navy says major (ACAT 1) programs are at risk (but the Navy's cyber chief sees a silver lining and expects austerity to bring innovation).