The US Patriot Act did indeed expire yesterday afternoon, and with it the US Government's controversial program of bulk metadata collection. Successor legislation continues to be debated in Congress. DCI Brennan foretells problems should the blackout continue. On Sunday Hacktivists opposed to Government electronic monitoring redirected thousands of websites associated with Congress to pages protesting mass surveillance. (Other hacktivists, these in Germany, are reported to have installed devices to record random conversations in public places, saying they'll stop taping "when the NSA [and presumably the BND] does.")
Reports of abortive US attempts to disable North Korea's nuclear weapons program with a Stuxnet variant surfaced last week, along with a defector's breathless account of DPRK "city-killing" hackers. The campaign against North Korean nuclear R&D (targeting the same kind of Siemens PLCs Iran used) fell short through inability to introduce attack code into target systems (less physically accessible than Iran's). Observers of North Korean "city-killer" claims note that (1) no cities have actually been killed, however much Kim may wish their death, and (2) power grid vulnerabilities nevertheless need to be addressed, but the FUD's unhelpful.
Lack of standards is seen as a threat to Android security.
Firmware vulnerabilities are found in older Macs.
Darmstadt researchers find that poor login implementation exposed millions of credentials.
Researchers say Hola — recently found exposing users to botnet enrollment — also has serious zero-day bugs in its VPN software.
Wasennaar still worries the cyber industry.
Welcome to the world: Recorded Future introduces a new cyber news service.
A note to our readers: the CyberWire will be in Northern Virginia this Wednesday, reporting from TechExpo's DC Metro Cyber Security Summit.