FireEye, which knows a thing or two about PLA cyber operations, backs the US indictment of Chinese cyber operators: among other indicators, the attackers' operational routine is entirely consistent with the rhythms of the Shanghai office workers exposed in APT 1. Vice News offers an interesting rundown of the episode's implications (read past the headline: "MIDLIFE" is a mechanically punning acronym). The US shows no inclination to back down from this confrontation with China as the two countries swap (so far relatively mild) trade and diplomatic jabs.
The eBay data breach has widespread effect, with some 145 million records exposed, and appears likely to join the Target breach in security folklore. Observers criticize the company's handling of customer notification, the ease or lack thereof of password resets, and the phishing capers the notification seems to have spawned. Questions about encryption are also raised, and eBay hastens to reassure customers that their passwords were also protected by "proprietary hashing and salting technology."
Long-known Internet Explorer 8 vulnerabilities remain open. Microsoft says it's working on a patch (but no release date is given). Do patch where fixes are available: a closed Word vulnerability is still being exploited in the wild.
Apple patches Safari with version 7.0.4. PayPal fixes a merchant account-hijacking bug. SourceForge undertakes a preventive, proactive password reset.
In industry news, Thales may be eying acquisition of Alcatel-Lucent's cyber business.
Legislation restricting bulk collection passes the US House to cold reviews.
A redacted report on Snowden's ("staggering," "grave") leaks is declassified.