Instant messaging apps whose traffic is encrypted and short-lived are increasingly the preferred communication tools of the Islamic state. Some (most?) terrorist comms remain accessible, as witnessed by Belgian authorities' ability to roll up a jihadist cell (with technical US support) from WhatsApp intercepts, but law enforcement worries nonetheless. Policy battles over encryption continue.
The Washington Post reports on people in Syria conducting, at great personal risk, counter-ISIS information activism.
The TV5Monde hack returns to the news as an object lesson in the difficulties of attribution. What had been seen as Islamist hacktivism is now viewed as a possible Russian false-flag operation.
There's little dispute the need for greater encryption in government websites. The US Administration has told Federal agencies they've got to have HTTPS-only for their public-facing websites by the last day of 2016. (What about non-public-facing sites, some wonder?) Industry and Congressional commentary on Federal security measures is scathing, with the Einstein security system getting no love even from its advocates. "They'll tell me," says Vectra CEO Sheth, "'We have 10-year-old technology. We are going through a review period. Maybe in nine months we'll get around to upgrading our firewall.'" There's also a general sense that the full impact of the OPM breach has yet to be understood.
Criminals behind the Vawtrak banking malware have begun obscuring their command-and-control in Tor2Web.
Patch Tuesday fixes are out and receiving customary scrutiny.
Companies continue to whistle past the graveyard: more than a third don't carry any cyber insurance at all.