More notes attributing Wikileaks' Saudi cables to Iranian hackers.
ISIS online recruiting prompts a sad but instructive case study of retail information operations.
Effects of the US OPM (Office of Personnel Management) hack continue to spread. The Daily Beast offers an account of what was lost (a bit too lurid — security investigations aren't, as one might conclude from the story, detailed, book-length compendia of shocking personal confessions — but nevertheless sobering). Observers see the episode as the most serious instance of widespread US Federal negligence with respect to security (the Guardian points out the IRS personnel can use "password" as their password). The Federal CIO's security "sprint" gets generally positive reviews (Passcode, for example, sees signs that one positive effect will be tighter management of privileged accounts), but that CIO's defense of OPM leaders' security record finds fewer takers: Federal workers want a Presidential task force appointed to clean up the breach, and calls for the firing of OPM's Director and CIO get louder in Congress.
Energy sector executives express a high degree of confidence in their companies' ability to detect and swiftly contain cyber attacks. Research by Dell and Inteller, however, on the frequency of SCADA attacks and the black-market trade in SCADA credentials might give one pause.
Researcher Paul Moore offers a cautionary example of homographic phishing: using bogus urls typographically indistinguishable from genuine ones: IIoyd'sbank (bad) versus lloyd'sbank (good). The first uses uppercase "i," the second "l."
The Department of Homeland Security offers interesting advice on cyber insurance.