Lenovo continues bandaging its Superfish self-inflicted wound, but customer fears of vulnerability to man-in-the-middle attacks grow. (Komodia, whose SSL Digester is a key component of the much-reviled Superfish adware, coincidentally or not reports suffering a denial-of-service attack.) Facebook researchers find "more than a dozen" apps that use the questionable Komodia library.
Superfish is unfortunately not the only SSL-breaking piece of adware out there. PrivDog's standalone version (as opposed to the extension bundled with Comodo Internet Security) is also reported to expose users to man-in-the-middle attacks. Threatpost calls PrivDog "arguably worse than Superfish."
Reported SIM card hacks affecting Gemalto remain troubling (although Gemalto tells customers its investigation shows the cards remain safe to use). Other alleged intelligence service hacks prompt reconsideration of firmware vulnerabilities — Wired has a rundown.
Lizard Squad is back, still flacking its DDoS-for-hire service, this time through a DNS-poisoning attack on Google's Vietnam service. The attack is apparently a marketing stunt for Lizard Stresser, but one doubts it will draw many customers from the white-hat world Lizard Squad says it aspires to reach. This crew, which few analysts think contains many (any) Professor Moriaritys or Lex Luthors, continues poking at Sony and Microsoft, which causes some to wonder why large, well-resourced organizations continue to be troubled by Lizard Squad.
Industry inspects US Presidential cyber security initiatives with a hopeful but skeptical eye.
NSA Director Rogers describes his agency's views on privacy, security, deterrence, and international cyber norms (and engages in a free and frank exchange with Yahoo's CISO).