Digital certificates are being revoked at very high rates in response to the Heartbleed vulnerability, and that's exacting a toll on certificate-authority bandwidth. CloudFlare offers a preliminary look at costs associated with the bug. Mandiant reports successful exploitation of Heartbleed in the wild to circumvent VPN multi-factor authentication.
The scramble to find and close the vulnerability yields predictably spotty results, with early tool versions producing false negatives. But toolmakers (notably Nmap) update their products rapidly in response to feedback from independent testers. Tor is inspecting its entry and exit relays and has already blacklisted hundreds found vulnerable to Heartbleed.
An IOActive study reports big security issues with satellite communications networks: software weaknesses are said to place military operations and flight safety at risk.
A survey of security executives at RSA finds them interested in designing security around rigorously understood business risk.
Zurich Insurance and the Atlantic Council release a study of the "global interconnections of cyber risk," which should disabuse businesses of any lingering faith in legacy perimeter defenses.
George Mason University's Mercatus Center publishes a critical study of "rigid" US Government cyber policy that, the report claims, will make the Internet less robust and more vulnerable.
Germany-based Lavaboom offers a new secure email service whose marketing language, at least, is interesting for its post-Snowden sensibility.
A dark net search engine, "Grams," launches. It's accessible only through Tor (don't use it for evil).
Bugcrowd seeks to crowd-fund an OpenSSL audit.
Northrop Grumman urges cyber security legislation on the US Congress.