Microsoft's out-of-band patch of the recent IE zero-day bug is out, amid fresh reports of attacks exploiting the vulnerability. (Enterprises in the defense, financial, governmental, and energy sectors are reported to be the current targets.) The patch also extends, as an exception to policy, to Windows XP. Ars Technica harrumphs that this is a bad idea ("there will always be one more emergency") but XP clingers will be at least temporarily grateful. US and UK CERTs, who've previously advised everyone to avoid IE until it's fixed, now advise all to patch.
Heartbleed seems to have fallen short of frightening ordinary users to change passwords, the management and remembering of which ordinary users find difficult enough. In what may count as an interesting case of active defense, some security researchers exploit Heartbleed to access black market chat spaces where cyber criminals conduct much of their R&D.
Researchers find that attackers can exploit a "Covert Redirect" vulnerability in the OAuth 2.0 and OpenID to steal personal information and redirect browsing to malicious sites.
Tech in Asia translates and summarizes an interview with a Chinese hacker. His views on the importance of hacking games to the criminal underground are particularly interesting.
Eugene Kaspersky again tells everyone that cyber terrorism is inevitable. Other analysts describe cyber espionage as a tool of state security agencies (with one calling Russian and Chinese services the "Bonnie and Clyde" of cyber space).
A US-German summit is underway: intelligence policy is under discussion.
US court challenges to surveillance mount.