Retailers and security product vendors continue to stop up Heartbleed holes (the security vendors, including Symantec, McAfee, and Kaspersky, are running ahead of the retailers). Some users report that Heartbleed mitigation seems to be "making the Internet run slower," but slower browsing is to be expected as sites upgrade security. Exploitation of the vulnerability for denial-of-service purposes seems possible but (in general) too difficult to be worthwhile when much easier DDoS methods are ready to hand.
Canadian police make the first Heartbleed arrest: an Ontario nineteen-year-old is collared for his (alleged) role in the Canadian Revenue Agency hack. Media note familiar tension between law enforcement and disclosure: the Royal Canadian Mounted Police apparently asked that the breach not be disclosed until their investigation had made further progress. (Another obstacle to disclosure is simple unwillingness to bear bad news: Ponemon says 60% of enterprise security types would hesitate to inform the boss.)
German researchers demonstrate a worrisome proof-of-concept exploitation of Samsung's fingerprint login, troubling because of its integration with PayPal. Another biometric modality, face recognition, is in the news because of masked pro-Russian insurgents (or Russian troops?) in Ukraine and the US FBI's burgeoning face-recognition database.
The iBanking mobile bot infests Facebook. An Android Adobe Reader vulnerability is found. Starbucks-themed emails distribute a rootkit-capable Zeus variant.
Runway Girl points out the difficulty of "hacking an airliner."
Energy and financial sectors continue to increase cyber security investments.
India wants to "internationalize" the Internet into the "Equinet"—really a call for greater national control.