A protest nominally organized by Anonymous — #OpC51 — took down a number of Canadian federal websites yesterday. The denial-of-service attack was intended to register opposition to that country's anti-terror legislation.
Duqu 2.0 remains under analysis. The incident prompts consideration of the ease with which false flags can be planted, and the attendant challenges of attribution.
ISIS continues to enjoy a propaganda advantage in the information war it's waging with the rest of the world. That advantage is difficult to characterize (Foreign Policy contents itself with "je ne sais quoi") but whatever it is, an effective counter narrative will require real, tangible content, not, as a former ambassador bitterly puts it, "magic social media or public diplomacy pixie dust."
The US OPM breach expands, and has now reached the personal information of Congressional staffers. Outrage expands, too, and most of it's directed against US Government IT security as implemented by the Office of Personnel Management. Former NSA (and CIA) director Michael Hayden states his opinion plainly: don't get mad at the Chinese services — those services were pursuing an entirely "legitimate foreign intelligence target." The OPM affair prompts some lessons to be drawn, best practices to be recommended.
Researchers demonstrate (and name) a new vulnerability in OS X and iOS, "Cored" or "Xara," affecting Keychain credential management.
Symantec warns of a new password recovery scan.
Tor Browser has been upgraded. Drupal addresses multiple security issues.
Australia and the US independently pursue regional cyber cooperation.
The FBI's still looking at the St. Louis Cardinals.