We hear much about the importance of information sharing, and two stories today illustrate the challenges that surround it. First, ICS-CERT releases more information on the recent attack on a US public utility's industrial control systems. The affected systems were apparently exposed to the Internet with inadequate firewalling. Utilities have so far enjoyed the sort of immunity vintage equipment can confer upon an operation—much of its plant dates to pre-Internet days—but immunity-through-obsolescence (questionably desirable anyway) is temporary.
Second, eBay confirms that it has suffered a data breach (and some journalists question the effectiveness of the company's disclosure of the breach to its customers). The compromised database held customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth.
Anonymous may have been involved in another happy fizzle: reports suggest the hacktivist collective tried and failed to conduct a denial-of-service attack against the .mil domain.
The Sino-American cyber espionage squabble continues to Chinese outrage as US prosecutors hang tough. Observers find it significant that the indictment is directed against specific natural persons, not a unit of the PLA—what former FBI Director Mueller calls "the warm bodies behind the keyboards." The tu quoque issue China raises, however, appears to have legs, as journalists revisit alleged US spying on Brazil's Petrobras.
In industry news, Cisco is buying ThreatGRID to complement last year's acquisition of Sourcefire.
US surveillance reforms advance through Congress to tepid industry reviews.
Weev, for some reason, thinks he deserves compensation for time in prison.