Recent ISIS-sympathizing hacks of North American government and business sites indeed prove to be low-skilled skidwork, but that really doesn't matter, Credit Union Times argues: the targets' defenses were low-skill, too. The defacements have been, functionally, information operations, whether centrally directed or not. Social media, of course, remain the principal platforms for ISIS information operations: the US Director of Central Intelligence laments their potential to "amplify terrorism."
December's cyber attacks against a South Korean nuclear power operator bore the marks of anti-nuclear hacktivism, but Seoul says no, it's determined they were the work of North Korea. (Pyongyang of course denounces this conclusion as "nonsense," "provocation," etc.)
KrebsOnSecurity outlines the predictable criminal response to increased paycard security measures: evasion tools like AntiDetect.
Microsoft warns of an "improperly issued" certificate for Windows Live. The certificate authority has pulled it, and Microsoft has updated its Certificate Trust List accordingly.
Analysts look at the grey market for vulnerabilities, and the growing black market for "laundered" data, stolen data rinsed to appear legitimately acquired.
As Microsoft and others complete the good work of Superfish cleanup, a Carnegie-Mellon CERT researcher draws lessons about the risks of SSL inspection.
OpenSSL will be patched Thursday for an as yet undisclosed (but "severe") vulnerability.
In industry news, Raytheon is said to be in talks to acquire Websense. Seeking Alpha thinks Vasco acquisition bait.
Privacy advocates give the US Senate Intelligence Committee's positive vote on a cyber information sharing bill decidedly mixed reviews. Senators Carper and Burr defend the measure.