Major Vulnerabilities / Miscellaneous
2018 – Meltdown / Spectre
05-05-2021: New Spectre attack once again sends Intel and AMD scrambling for a fix. [Ars Technica] [Schneier]
18-03-2021: Exploiting Spectre over the Internet. [Schneier]
11-06-2020: Another Intel speculative execution vulnerability. [Schneier] [Ars Technica] [ZDNet]
10-03-2020: Security flaw detected in AMD CPUs going back to 2011. [ExtremeTech]
06-03-2020: A major new Intel processor flaw could defeat encryption and DRM protections. [The Verge] [ExtremeTech] [HEXUS] [ExtremeTech]
13-11-2019: Intel fixes CPU security flaw it said was patched in May. [Engadget]
12-11-2019: New Spectre-related CPU flaw tops Intel’s latest critical security fixes. [ExtremeTech]
07-08-2019: SWAPGS attack: The Spectre-like flaw affecting Intel CPUs. [Graham Cluley]
20-05-2019: Intel performance hit 5x harder than AMD after Spectre, Meltdown patches. [ExtremeTech]
15-05-2019: New speculative execution bug leaks data from Intel chips’ internal buffers. [Ars Technica] [Schneier] [Stuff]
06-03-2019: Researchers reveal SPOILER Intel CPU vulnerability. [Hexus] [HardOCP]
27-02-2019: Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware. [The Register]
18-02-2019: Data-spewing Spectre chip flaws can't be killed by software alone. [The Register]
03-01-2019: The elite Intel team still fighting Meltdown and Spectre. [Wired]
07-12-2018: Boffins demo Speculator tool for sniffing out data-leaking CPU holes. [The Register]
19-11-2018: Spectre patches whack Intel performance hard with Linux 4.20 kernel. [ExtremeTech]
14-11-2018: Spectre, Meltdown researchers unveil 7 more speculative execution attacks. [Ars Technica] [The Register] [Schneier] [HardOCP] [ZDNet]
31-10-2018: Spectre and Meltdown patches responsible for some Nvidia driver slowdown claims. [HardOCP] [YouTube]
23-10-2018: Future Windows 10 update will soften the blow of Spectre patches. [Engadget]
22-10-2018: New Google patch reduces Spectre performance impact to ‘noise'. [ExtremeTech]
21-08-2018: Intel details Cascade Lake, hardware mitigations for Meltdown, Spectre. [ExtremeTech] [HardOCP] [AnandTech]
14-08-2018: Intel discloses another set of processor vulnerabilities. [Engadget]
26-07-2018: NetSpectre -- a remote Spectre attack without attacker-controlled code on the victim. [HardOCP] [PDF] [The Register] [Ars Technica]
23-07-2018: Spectre rises from the dead to bite Intel in the return stack buffer. [The Register]
15-07-2018: New Spectre 1.1 and Spectre 1.2 CPU flaws disclosed. [HardOCP] [BleepingComputer]
12-07-2018: Google Chrome prevents sites from launching Spectre-like attacks. [Engadget] [Android Police] [ExtremeTech] [The Verge] [The Register] [HardOCP] [Google Security] [Ars Technica] [ExtremeTech]
10-07-2018: Another data-leaking Spectre CPU flaw. [The Register] [Ars Technica] [HardOCP]
16-06-2018: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix. [The Register]
21-05-2018: Intel details fourth Spectre-style CPU security flaw. [Engadget] [Wired] [HardOCP] [Schneier] [The Verge] [ExtremeTech] [Android Police] [HardOCP] [Neowin]
20-05-2018: New Spectre attack can even reveal firmware secrets. [HardOCP] [ZDNet]
09-05-2018: Second wave of Spectre-like CPU security flaws won't be fixed for a while. [The Register]
03-05-2018: Spectre next generation is coming whether we like it or not. [HardOCP] [heise.de] [The Register] [ExtremeTech] [BBC News]
04-04-2018: Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed. [The Register] [HardOCP] [Intel PDF] [ExtremeTech] [The Register] [HardOCP] [PCWorld] [The Verge] [Ars Technica]
29-03-2018: Intel CPU 'BranchScope' vulnerabilities detailed. [Hexus]
28-03-2018: Microsoft's Windows 7 Meltdown fixes from January, February made PCs more insecure. [The Register] [HardOCP] [Bleeping Computer] [THG] [ExtremeTech] [The Register]
26-03-2018: We need to go deeper: Meltdown and Spectre flaws will force security further down the stack. [The Register]
18-03-2018: Meltdown, Spectre, and the cost of unchecked innovation. [Wired]
15-03-2018: Microsoft offers $250,000 bounty to prevent the next Meltdown and Spectre CPU flaws. [The Verge]
15-03-2018: Intel redesigned its 8th-gen processors to patch ‘Meltdown’ flaws. [Engagdget]
09-03-2018: Intel issues Spectre and Meltdown microcode updates for Sandy and Ivy. [HardOCP] [Intel PDF] [ExtremeTech] [Ars Technica]
07-03-2018: Six lessons from the CPU meltdown. [EETimes]
01-03-2018: Microsoft issues Skylake Spectre microcode fixes out through Windows Update. [The Register] [HardOCP] [ZDNet]
28-02-2018: Three things to know about Meltdown and Spectre patches. [DC Knowledge]
28-02-2018: Intel gives Broadwells and Haswells their Meltdown medicine. [The Register] [Hexus] [Ars Technica]
23-02-2018: Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it. [The Register] [THG] [ExtremeTech]
21-02-2018: Four class-action CPU flaw lawsuits filed against AMD. [The Register] [THG]
21-02-2018: New Spectre/Meltdown variants. [Schneier]
21-02-2018: Spectre, Meltdown, and flexible scaleout. [Russ White] [Gestalt IT]
20-02-2018: Intel completes Spectre fix for Skylake, Kaby Lake, Coffee Lake CPUs. [THG] [The Register] [The Verge] [Ars Technica] [ExtremeTech]
16-02-2018: 32 lawsuits filed against Intel over Spectre and Meltdown flaws. [Ars Technica] [Hexus]
14-02-2018: Microsoft’s compiler-level Spectre fix shows how hard this problem will be to solve. [Ars Technica]
14-02-2018: Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits. [The Register] [HardOCP]
14-02-2018: Meltdown-and-Spectre-detector comes to Windows Analytics. [The Register]
09-02-2018: VMware sticks finger in Meltdown/Spectre dike for virtual appliances. [The Register]
08-02-2018: Intel releases new Spectre microcode update for Skylake. [Ars Technica] [Engadget] [THG]
07-02-2018: Meltdown, Spectre create data center dilemma. [Network Computing]
05-02-2018: Learn more about how Spectre and Meltdown work. [HardOCP] [Jon Masters: Twitter, PDF]
01-02-2018: Hundreds of Meltdown, Spectre malware samples found in the wild. [THG] [HardOCP] [Mozilla]
29-01-2018: You can't ignore Spectre. [The Register]
29-01-2018: Intel alerted Chinese cloud giants 'before US govt' about CPU bugs. [The Register] [ExtremeTech]
29-01-2018: How Spectre and Meltdown impact data center storage. [Network Computing]
26-01-2018: Intel Meltdown and Spectre-proof CPUs to launch this year. [Hexus] [ExtremeTech] [Ars Technica] [Engadget]
26-01-2018: The effects of the Spectre and Meltdown vulernabilities. [Schneier]
25-01-2018: Do Spectre, Meltdown Mean the Death of Moore’s Law? [ExtremeTech]
23-01-2018: Spectre, Meltdown hit on-prem Windows servers hardest. [DC Knowledge]
22-01-2018: Meltdown/Spectre week three: world still in trouble. [The Register]
18-01-2018: Meltdown, Spectre forcing Intel reboots. [EETimes] [THG] [The Verge] [Ars Technica]
17-01-2018: InSpectre Meltdown and Spectre check tool released by GRC. [Hexus] [HardOCP] [GRC]
16-01-2018: A Congressman has new questions for chipmakers about Meltdown and Spectre response. [The Verge] [Engadget]
15-01-2018: Spectre and Meltdown patches causing trouble as realistic attacks get closer. [Ars Technica] [Lifehacker]
15-01-2018: Now Meltdown patches are making industrial control systems lurch. [The Register]
15-01-2018: Meltdown and its networking equivalents. [ipSpace]
15-01-2018: Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes. [The Register]
14-01-2018: Meltdown and Spectre flaws loomed large over CES. [Engadget]
12-01-2018: Should SANs be patched to fix the Spectre and Meltdown bugs? [The Register]
12-01-2018: Researchers found another major security flaw in Intel CPUs. [ExtremeTech]
12-01-2018: Motherboard vendors release BIOS updates for Spectre. [THG]
12-01-2018: Google explains Meltdown, Spectre fix impact on cloud services. [THG] [ExtremeTech]
12-01-2018: Intel’s Meltdown fix freaked out some Broadwells, Haswells. [The Register] [HardOCP] [Intel] [The Verge] [Wired]
22-01-2018: Intel Issuing Updates for Meltdown, Spectre Reboot Problem on Older Platforms. [ExtremeTech] [Engadget]
23-01-2018: Intel says it has identified patch issues causing reboots. [Hexus]
23-01-2018: Don't use Intel's latest Spectre patch. [Lifehacker]
24-01-2018: Fallout from rushed patching for Meltdown, Spectre. [Network Computing]
28-01-2018: Microsoft works weekends to kill Intel's shoddy Spectre patch. [The Register] [HardOCP] [BleepingComputer] [The Verge] [Ars Technica] [Engadget] [ExtremeTech]
12-01-2018: Intel's response to chip meltdown deepens rift with Microsoft. [DC Knowledge]
11-01-2018: Keeping Spectre secret. [The Verge]
11-01-2018: Intel releases Meltdown, Spectre patch benchmarks. [THG] [The Verge] [Wired] [Ars Technica]
11-01-2018: Meltdown and Spectre repeat hard security lessons. [EETimes]
10-01-2018: Nvidia patches drivers against Meltdown And Spectre. [THG]
10-01-2018: Intel needs to come clean about Meltdown and Spectre. [The Verge]
10-01-2018: What is speculative execution? [ExtremeTech]
09-01-2018: Not vulnerable -- Intel Itanium and Secure64 Source T. [Secure64]
09-01-2018: Microsoft reveals how Spectre updates can slow your PC down. [The Verge] [HardOCP] [Microsoft] [THG] [Hexus]
09-01-2018: Should Spectre, Meltdown Be the Death Knell for the x86 Standard? [ExtremeTech]
09-01-2018: Microsoft's Meltdown and Spectre security update bricks some AMD-powered PCs. [Graham Cluley] [ExtremeTech]
09-01-2018: Freezing machines halt chip bug patch. [BBC News]
09-01-2018: Intel will patch all recent chips by the end of January. [Engadget]
09-01-2018: IBM melts down fixing Meltdown as processes and patches stutter. [The Register] [The Register] [HardOCP]
09-01-2018: Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads. [Graham Cluley] [PocketNow] [NZ Herald]
09-01-2018: Meltdown, Spectre bug patch slowdown gets real. [The Register]
07-01-2018: How so many researchers found a 20-year-old chip flaw at the same time. [Wired]
05-01-2018: Answering your questions about Meltdown and Spectre. [Google Blog]
05-01-2018: Intel faces multiple lawsuits over chip security vulnerabilities. [Engadget] [The Register] [Ars Technica]
05-01-2018: Here’s what Intel, Apple, Microsoft, others are doing about it. [Ars Technica]
05-01-2018: Tech titans downplay Meltdown and Spectre patches' performance hits. [THG]
05-01-2018: Vendors rush to issue security updates for Meltdown and Spectre flaws. [Network Computing]
05-01-2018: The latest news on two major CPU security bugs. [The Verge]
05-01-2018: Intel: CPU patch has minimal impact in the real-world. [Hexus]
05-01-2018: Cisco to release patches for Meltdown, Spectre CPU vulnerabilities. [The Register]
05-01-2018: All Macs, iPhones and iPads affected by Meltdown and Spectre. [BBC News] [HardOCP] [Apple]
05-01-2018: Meltdown CPU fixes are here -- Spectre flaws will haunt tech industry for years. [The Register]
05-01-2018: How to protect yourself from Meltdown and Spectre. [Lifehacker] [The Verge]
04-01-2018: The CPU catastrophe will hit hardest in the cloud. [The Verge]
04-01-2018: Meltdown and Spectre can be exploited through your browser. [THG]
04-01-2018: Intel issues Meltdown and Spectre patches for newer CPUs. [THG]
04-01-2018: Microsoft patches Windows. [The Register] [The Verge]
04-01-2018: Chip hacks: How much is your device at risk? [BBC News]
04-01-2018: Meltdown and Spectre: How chip hacks work. [BBC News] [THG] [ExtremeTech] [HardOCP] [THG]
04-01-2018: What’s behind the Intel design flaw forcing numerous patches? [Ars Technica]
03-01-2018: Intel says memory security issue extends beyond its own chips. [Engadget]
03-01-2018: A critical Intel flaw breaks basic security for most computers. [Wired]
03-01-2018: Intel’s processors have a security bug and the fix could slow down PCs. [The Verge] [HardOCP] [Intel]
03-01-2018: Meltdown and Spectre: every modern processor has unfixable security flaws. [Ars Technica] [Wired] [Schneier] [The Verge] [NZ Herald] [HardOCP] [ExtremeTech] [Engadget] [Krebs] [Schneier] [Computerphile] [TechBlog] [Stuff] [DC Knowledge] [NZ Herald]
2017 – Petya
22-08-2018: The untold story of NotPetya, the most devastating cyberattack in history. [Wired] [Schneier]
16-02-2018: UK, US Governments Attribute NotPetya Attack To Russian Military. [THG] [Wired] [ITPNZ]
17-01-2018: Remember the NotPetya cyberattack? [HardOCP] [Washington Post]
11-08-2017: Ukrainian man cuffed on suspicion of distributing NotPetya. [The Register]
18-07-2017: Petya cyber-attack still disrupting firms weeks later. [BBC News]
12-07-2017: Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack. [BitDefender]
07-07-2017: Backdoored automatic updates amplify NotPetya's destruction. [THG] [Wired]
07-07-2017: Petya ransomware maker releases master key for file decryption. [THG] [HardOCP] [Graham Cluley]
07-07-2017: Largest advertising company in the world still wincing after NotPetya. [The Register]
07-07-2017: Petya victim given hope by researchers. [BBC News]
06-07-2017: NotPetya ransomware hackers want 100 Bitcoins for decryption keys. [ExtremeTech]
05-07-2017: Petya ransomware authors demand $250,000 in first public statement since the attack. [The Verge] [BBC News]
05-07-2017: Ukraine authorities raid MeDoc in NotPetya investigation. [The Register] [Gizmodo] [Ars Technica]
03-07-2017: Ukranian company that spread Petya could face criminal charges for vulnerability. [The Verge]
03-07-2017: US-CERT issues 'Petya' alert, as ransomware attacks go mainstream. [THG]
03-07-2017: The Office: Life after a virus. [BBC News]
02-07-2017: NATO could be forced to respond to the Petya attack. [The Verge] [Gizmodo]
02-07-2017: Ukraine security service: Russia behind cyber-attack. [BBC News] [The Register]
01-07-2017: How shipping giant Maersk dealt with a malware meltdown. [Wired]
01-07-2017: The hot new cyberattack that's sweeping the nation. [Engadget]
01-07-2017: NotPetya developers may have obtained NSA exploits weeks before their public leak. [Ars Technica]
01-07-2017: Hacker behind massive ransomware attack has no access to emails from victims who paid. [NZ Herald]
30-06-2017: Latest ransomware techniques show need for layered security. [PacketU] [Voxy]
30-06-2017: Wiper Malware in global attack actually destroys data. [DC Knowledge]
30-06-2017: NotPetya cyber attack's intention may have been malware installation in Ukraine. [Stuff]
30-06-2017: Europol, FBI, UK's NCA to help Ukraine. [The Register]
29-06-2017: Janus resurfaces, wants to help with NotPetya. [The Register] [Gizmodo]
29-06-2017: How artificial intelligence is taking on ransomware. [Stuff]
29-06-2017: Cyberattack clogs world port systems and major networks. [Stuff]
28-06-2017: US hit by cyberattack that targeted Ukraine and Russia. [Engadget] [NZ Herald] [Voxy]
28-06-2017: Petya ransomware: everything we know about the massive cyber attack. [The Verge] [Voxy]
28-06-2017: The Petya ransomware is starting to look like a cyberattack in disguise. [The Verge] [THG]
28-06-2017: Petya massive ransomware outbreak was something much worse. [Ars Technica] [The Verge] [Wired]
29-06-2017: Recent 'NotPetya' attacks might not be ransomware at all. [Engadget]
28-06-2017: Cyberattacks disrupt Chernobyl’s automatic monitoring system. [ExtremeTech]
28-06-2017: There is a killswitch for NotPetya. [HardOCP] [Amith Serper]
28-06-2017: Petya ransomware: everything we know about the massive cyber attack. [The Verge] [HardOCP]
28-06-2017: Tax software blamed for cyber-attack spread. [BBC News]
28-06-2017: Everything you need to know about the PetyaWrap. [The Register]
28-06-2017: Global cyber attack: Windows computers must be updated, officials say. [NZ Herald]
28-06-2017: How to protect your computer against the latest ransomware attack. [Stuff]
28-06-2017: No reports yet of Petya ransomware hitting NZ. [Stuff] [Geekzone]
27-06-2017: Latest ransomware hackers didn't make WannaCry's mistakes. [Wired]
27-06-2017: Today's global ransomware attack weaponized software updates. [The Verge]
27-06-2017: It’s already too late for today’s ransomware victims to pay up and save their computers. [The Verge] [Gizmodo]
27-06-2017: PetyaWrap: a new ransomware outbreak similar to WCry is shutting down computers worldwide. [Ars Technica] [BBC News] [Stuff] [Graham Cluley] [DC Knowledge] [The Register] [ExtremeTech] [The Verge] [Wired] [Engadget] [Gizmodo] [Krebs] [DC Knowledge] [NZ Herald]
2017 – WannaCry
18-02-2021: US charges North Koreans in relation to WannaCry cyber attacks. [Graham Cluley]
03-02-2020: WannaCry ransomware attack on NHS could have triggered NATO reaction. [The Register]
28-12-2018: WannaCry is still active in 100,000s of computers. [HardOCP] [Bleeping Computer]
12-10-2018: It is 2018 and the NHS is still counting the cost of WannaCry. [The Register]
09-09-2018: How US authorities tracked down the North Korean hacker behind WannaCry. [HardOCP] [ZDNet]
28-03-2018: Boeing production plant hit with WannaCry ransomware attack. [The Verge] [The Register] [Engadget]
19-12-2017: US and UK blame North Korea for WannaCry. [BBC News] [Engadget] [The Verge] [NZ Herald] [Stuff] [Graham Cluley] [The Register] [HardOCP] [NPR] [Wired] [Ars Technica]
31-10-2017: North Korea calls UK WannaCry accusations 'wicked'. [BBC News]
03-08-2017: WannaCry ransomware bitcoins move from online wallets. [BBC News] [THG] [The Register] [Ars Technica] [Gizmodo]
04-08-2017: Wannacry money laundering attempt thwarted. [BBC News]
05-08-2017: Researchers say WannaCry operator moved bitcoins to “untraceable” Monero. [Ars Technica]
10-07-2017: Surfer who saved world from WannaCry attack ready for next wave. [Stuff]
08-07-2017: The only way to stop another WannaCry is with regulations. [Engadget]
08-07-2017: The next WannaCry cyber attack could cost insurers $3.4 billion. [NZ Herald]
05-07-2017: UK Parliament launches inquiry into NHS WannaCrypt outbreak. [The Register]
22-06-2017: WannaCry ransomware infects Australian traffic cameras, human error blamed. [Graham Cluley] [BBC News] [Graham Cluley] [The Register] [The Verge]
21-06-2017: Honda shuts down factory after finding NSA-derived Wcry in its networks. [Ars Technica] [Engadget] [ExtremeTech]
20-06-2017: 5.5 million devices operating with WannaCry port open. [DC Knowledge]
14-06-2017: NSA believes North Korea was responsible for WannaCry ransomware attacks. [The Verge] [BBC News] [THG] [BBC News] [Schneier]
12-06-2017: NHS ransomware cyber-security hero: I was panicking. [BBC News]
02-06-2017: WannaCry and vulnerabilities. [Schneier] [Russ White]
01-06-2017: Crapness of WannaCrypt coding offers hope for ransomware victims. [The Register]
31-05-2017: If you think WannaCry was huge, wait for EternalRocks. [DC Knowledge]
31-05-2017: WannaCry theory points to currency manipulation. [HardOCP]
30-05-2017: Windows XP computers were mostly immune to WannaCry. [The Verge] [The Register] [Graham Cluley]
30-05-2017: Ransomware realities: In your normal life, strangers don't extort you - but here you are. [The Register]
30-05-2017: WannaCry exposed healthcare's ills. [EETimes]
29-05-2017: WannaLaugh? WannaCrypt ported to Commodore, Cisco, Nintendo and Tesla. [The Register]
26-05-2017: WannaCrypt ransomware note likely written by Google Translate-using Chinese speakers. [The Register] [BBC News] [Gizmodo]
25-05-2017: Wormable WannaCry type vulnerability for Linux & Unix with Samba. [HardOCP]
25-05-2017: Ransomware and IoT. [Schneier]
25-05-2017: Russian postal service 'hit by WannaCry'. [BBC News]
25-05-2017: Android app store is full of useless, unwanted anti-WannaCry apps. [Graham Cluley]
25-05-2017: Ransomware hits Australian hospitals after botched patch. [The Register]
24-05-2017: Reading list: WannaCry and ransomware. [Russ White] [CircleID] [EFF] [CSA]
23-05-2017: The future of ransomware. [Schneier] [Russ White]
23-05-2017: US politicians think companies should be allowed to 'hack back' after WannaCry. [Graham Cluley]
23-05-2017: There’s new evidence tying WCry ransomware worm to prolific hacking group. [Ars Technica]
23-05-2017: WannaCry: Ransomware attacks show strong links to Lazarus group. [Voxy]
23-05-2017: Ransomware cyber-attacks impact growing on NZ. [Voxy]
22-05-2017: 7 NSA hack tool wielding follow-up worm oozes onto scene. [The Register]
22-05-2017: Samsung working with South Korean government to increase protection against WannaCry. [Sammobile]
20-05-2017: Windows 7, not XP, was the reason last week’s WCry worm spread so widely. [Ars Technica] [BBC News] [HardOCP] [ITnews]
20-05-2017: More people infected by recent WCry worm can unlock PCs without paying ransom. [Ars Technica]
20-05-2017: WannaCry: Everything you still need to know. [The Register]
19-05-2017: Hackers are trying to reignite WannaCry with non-stop botnet attacks. [Wired] [Gizmodo]
19-05-2017: Almost all WannaCry victims were running Windows 7. [The Verge]
19-05-2017: WannaCrypt makes an easy case for Linux. [HardOCP] [TechRepublic]
19-05-2017: WannaCrypt: Roots, reasons and why scramble patching won't save you now. [The Register]
19-05-2017: Crooks use WannaCrypt hysteria as hook for BT-branded phishing emails. [The Register]
19-05-2017: WannaCry ransomware. [Schneier]
19-05-2017: There's an easy fix for WannaCry, if you haven't rebooted yet. [Engadget] [The Register] [HardOCP]
18-05-2017: WannaCry lessons. [BBC News]
18-05-2017: High-profile extortion hacks aren't paying off. [Wired]
18-05-2017: Windows XP PCs infected by WCry can be decrypted without paying ransom. [Ars Technica] [Wired]
18-05-2017: WannaCry - Who's to blame? [Graham Cluley]
18-05-2017: Azure users told they're not WannaCrypt-proof. [The Register]
17-05-2017: After WannaCry, a new bill would force the NSA to justify its hacking tools. [The Verge] [Engadget]
17-05-2017: The NSA’s leaked Windows hack caused more damage than just WannaCry. [The Verge]
17-05-2017: Significant number of devices continue to expose Windows SMB on port 445. [The Register]
17-05-2017: Ransomware fear-flinger Uiwix fails to light. [The Register]
17-05-2017: Cisco warns: Some products might have WannaCrypt vuln. [The Register]
17-05-2017: Cryptocurrency-mining malware has been using WannaCry's NSA exploit for weeks. [Graham Cluley] [The Register] [HardOCP] [Proofpoint] [Engadget]
17-05-2017: Symantec blocks 22 million attempted WannaCry ransomware attacks globally. [Geekzone] [Voxy]
17-05-2017: WannaCry ransomware victims told not to pay up by Cert NZ. [Stuff]
16-07-2017: Why governments won't let go of secret software bugs. [Wired]
16-05-2017: WannaCry and the malware hall of fame. [BBC News]
16-05-2017: Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry. [Ars Technica]
16-05-2017: Pirated Windows led to WannaCry's spread in China and Russia. [Engadget]
16-05-2017: Embarrassed companies hit by ransomware pay up, and keep it quiet. [Stuff]
15-05-2017: InternetNZ: WannaCry provides important lessons for cyber security. [Voxy]
15-05-2017: China staggering under WannaCrypt outbreak. [The Register]
15-05-2017: Wana Decrypt0r (WannaCry Ransomware) - Computerphile. [YouTube]
15-05-2017: The 'WannaCry' ransomware is a stark reminder of a broken system. [Engadget]
15-05-2017: The WannaCry ransomware hackers made some real amateur mistakes. [Wired]
15-05-2017: The WannaCry ransomware has mysterious ties to North Korea. [The Verge] [Ars Technica] [Wired] [Stuff] [Engadget] [The Register] [HardOCP] [CIO]
16-05-2017: Did North Korea write WannaCry? [Schneier] [NYT]
17-05-2017: Expert finds more possible North Korea links to cyberattack. [NZ Herald] [Stuff]
22-05-2017: North Korea denies link to WannaCry ransomware attack. [Graham Cluley]
22-05-2017: North Korean cyberwar capabilities. [Schneier] [Reuters] [NZ Herald] [Stuff]
23-05-2017: More evidence for WannaCry 'link' to North Korean hackers. [BBC News]
15-05-2017: WannaCry ransomware ransonworm. [HardOCP]
15-05-2017: WannaCry ransomware small impact to US infrastructure. [HardOCP] [Reuters]
15-05-2017: Why don't they just update? [HardOCP]
15-05-2017: WannaCry evolves to Uiwix ransomworm. [HardOCP] [The Register]
15-05-2017: WannaCrypt outbreak contained as hunt for masterminds kicks in. [BBC News] [NZ Herald]
15-05-2017: Watch what happens when ransomware hits. [BBC News]
15-05-2017: WannaCry ransomware cyber-attacks slow but fears remain. [BBC News]
15-05-2017: Global manhunt for WannaCry creators. [BBC News]
15-05-2017: Global cyberattack: Phone scammer warning for NZ. [NZ Herald]
15-05-2017: Ransomware cyber-attack: Who has been hardest hit? [BBC News]
15-05-2017: Should you pay the WannaCry ransom? [BBC News]
15-05-2017: Microsoft blasts spy agencies for hoarding security exploits. [Engadget] [BBC News] [The Register] [Ars Technica] [Graham Cluley] [THG]
15-05-2017: Is Microsoft to blame for the largest ransomware attacks in internet history? [The Verge]
15-05-2017: Microsoft attempts to shift blame onto NSA. [EtherealMind]
16-05-2017: Microsoft faulted over ransomware while shifting blame to NSA. [DC Knowledge]
15-05-2017: WannaCry Ransomware: all the updates on the cyberattack. [The Verge] [Stuff]
15-05-2017: Experts brace for unstoppable ransomware. [Stuff]
15-05-2017: Cyberattack hits at least 200,000 victims in 150 countries. [Stuff] [The Verge] [NZ Herald]
15-05-2017: New Zealand should be on alert as borders mean nothing for cyber-attackers. [Stuff]
14-05-2017: 'WannaCry' ransomware evolves despite attempts to kill it. [Engadget]
14-05-2017: Cyber-attack: Firms 'must patch before Monday morning'. [BBC News] [NZ Herald] [Gizmodo]
14-05-2017: Europol: ransomware cyber-attack threat escalating. [BBC News]
14-05-2017: Renault and Nissan plants hit by massive ransomware attack. [Jalopnik] [The Verge]
14-05-2017: Next cyber-attack could be imminent, warn experts. [BBC News]
14-05-2017: Kiwis warned not to click strange link to avoid global cyber-attack. [NZ Herald]
14-05-2017: Businesses should batten down cyber-security hatches amidst ransom hacks. [Stuff]
14-05-2017: Malware attack: How to protect yourself online. [BBC News]
14-05-2017: New Zealand upping digital security after 'massive' worldwide cyberattack. [Stuff]
13-05-2017: Ransomware problems blamed on legacy apps and patch problems. [THG]
13-05-2017: Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far. [Krebs] [Gizmodo] [HardOCP]
17-05-2017: WCry ransomware worm’s Bitcoin take tops $70k as its spread continues. [Ars Technica]
13-05-2017: Microsoft Issues WanaCrypt Patch for Windows 8, XP. [Krebs] [Ars Technica] [The Verge] [THG] [ExtremeTech]
14-05-2017: If you still use Windows XP, prepare for the worst. [Wired]
15-05-2017: Security minister says XP issue a 'red herring'. [BBC News]
16-05-2017: Microsoft's WinXP fix was built in February. [The Register]
21-06-2017: Is continuing to patch WinXP a mistake? [Schneier]
13-05-2017: Cyber-attack: Europol says it was unprecedented in scale. [BBC News]
13-05-2017: Global cyber-attack: Security blogger halts ransomware 'by accident'. [BBC News] [Stuff] [HardOCP] [Gizmodo] [The Verge] [NZ Herald] [Wired] [ExtremeTech] [Ars Technica]
13-05-2017: How to avoid a cyber attack: Malware and ransomware explained. [Stuff] [Stuff] [Lifehacker] [Stuff]
13-05-2017: Today's massive ransomware attack was mostly preventable - here's how to avoid it. [Gizmodo]
13-05-2017: Global cyberattack: NZ's spy agency strengthening security. [NZ Herald]
13-05-2017: NHS cyber-attack: 'The next step for organised crime'. [BBC News] [Hexus] [Gizmodo]
14-05-2017: 'It's life and death to us': how the cyber attack could have cost patients lives. [NZ Herald]
14-05-2017: NHS cyber-attack: More ransomware cases 'likely on Monday'. [BBC News]
15-05-2017: NHS cyber-attack: No 'second spike' but disruption continues. [BBC News]
18-05-2017: Great Ormond Street children's hospital still offline after WannaCrypt omnishambles. [The Register]
23-05-2017: Kiwi solution helps NHS weather ransomware attacks. [Voxy]
25-05-2017: NHS Digital stopped short of advising against paying off WannaCrypt. [The Register]
29-06-2017: NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability. [The Register]
12-07-2017: WannaCry prompts promise of extra cash towards NHS security. [The Register]
28-08-2017: WannaCrypt NHS victim Lanarkshire infected by malware again. [The Register] [BBC News] [Graham Cluley]
27-10-2017: 'Basic IT security' could have prevented UK NHS WannaCry attack. [Engadget]
12-05-2017: An NSA-derived ransomware worm is shutting down computers worldwide. [Ars Technica] [The Register]
12-05-2017: 74 countries hit by NSA-powered WannaCrypt ransomware backdoor. [The Register] [Ars Technica] [DC Knowledge] [Stuff] [NZ Herald] [HardOCP] [ExtremeTech] [THG] [Wired] [Engadget] [Gizmodo]
2017 – CIA Leak
09-05-2017: Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models. [Ars Technica]
14-04-2017: The new CIA head hates WikiLeaks - when convenient. [Engadget]
10-04-2017: Fourth WikiLeaks CIA attack tool dump. [Schneier] [WikiLeaks]
08-04-2017: WikiLeaks just dropped the CIA’s secret how-to for infecting Windows. [Ars Technica] [Engadget] [HardOCP] [THG]
03-04-2017: Wikileaks releases code that could unmask CIA hacking operations. [Ars Technica] [BBC News]
31-03-2017: WikiLeaks exposes CIA anti-forensics tool that makes the US seem fluent in enemy tongues. [The Register]
24-03-2017: Second WikiLeaks dump of CIA documents. [Schneier] [WikiLeaks]
23-03-2017: CIA agents can install software on Apple Macs, iPhones. [The Register] [ExtremeTech] [The Verge] [Wired] [Ars Technica] [Engadget]
24-03-2017: Apple claims iOS and Mac exploits are outdated. [HardOCP] [Hot Hardware] [Graham Cluley]
19-03-2017: Cisco reports bug disclosed in Wikileaks' Vault 7 CIA dump. [The Register] [Ars Technica] [THG] [HardOCP] [Cisco] [ExtremeTech] [DC Knowledge] [EtherealMind]
14-03-2017: Convicted CIA leaker John Kiriakou's got some opinions about WikiLeaks. [Wired]
13-03-2017: WikiLeaks pings Microsoft after promise to share CIA tools. [The Register]
13-03-2017: The CIA WikiLeaks dump tells us that encryption works. [HardOCP] [AP]
13-03-2017: Comments on the WikiLeaks CIA Vault #7. [Russ White] [Errata Security]
12-03-2017: Why WikiLeaks revelations prove it's time for me to stick duct tape over the camera on my laptop. [Stuff]
09-03-2017: Does WikiLeaks CIA dump suggest cybersecurity is largely futile? [DC Knowledge]
09-03-2017: Security flaws 'undiscovered for years'. [BBC News]
09-03-2017: Wikileaks is offering tech firms CIA files first. [BBC News] [Krebs] [NZ Herald] [The Register] [Graham Cluley]
21-03-2017: WikiLeaks not disclosing CIA-hoarded vulnerabilities to companies. [Schneier]
09-03-2017: FBI and CIA launch criminal investigation into 'malware leaks'. [BBC News]
09-03-2017: CIA responds to WikiLeaks with an extra long 'no comment'. [Engadget]
08-03-2017: How the CIA's hacking hoard makes everyone less secure. [Wired]
08-03-2017: The CIA leak exposes tech's vulnerable future. [Wired]
08-03-2017: CIA hacks smartphones to work around encrypted communications. [THG]
08-03-2017: The CIA may be hacking cars, as well as phones and TVs. [ExtremeTech]
08-03-2017: Cisco equipment Comprehsively Pwned by US Government. [EtherealMind] [LinkedIn Blog --> Archive] [Cisco Blog]
08-03-2017: CIA hacking dossier leak reignites debate over vulnerability disclosure. [The Register]
08-03-2017: More on the CIA document leak. [Schneier]
08-03-2017: Apple, Samsung and Microsoft react to Wikileaks' CIA dump. [BBC News]
08-03-2017: CIA hacking tools: Should we be worried? [BBC News]
08-03-2017: The CIA exploit list in full: The good, the bad, and the very ugly. [The Register]
07-03-2017: WikiLeaks CIA dump gives Russian hacking deniers the perfect ammo. [Wired]
07-03-2017: After NSA hacking exposé, CIA staffers asked where Equation Group went wrong. [Ars Technica]
07-03-2017: CIA hacking code names. [Gizmodo]
07-03-2017: Don't let WikiLeaks scare you off Signal and other encrypted chat apps. [Wired]
07-03-2017: How the CIA can hack your phone, PC and TV. [Wired]
07-03-2017: The CIA is hacking Samsung Smart TVs. [The Verge] [Graham Cluley] [SamMobile] [HardOCP] [HotHardware]
07-03-2017: WikiLeaks publishes trove of CIA hacking tools. [Ars Technica] [HardOCP] [WikiLeaks] [Wired] [Gizmodo] [Krebs] [Graham Cluley]
2015 – Mirai / Dyn IoT DDoS
16-01-2024: The story of the Mirai botnet. [Schneier] [Wired]
23-11-2023: Zero-day flaws see routers and cameras co-opted into Mirai botnet. [The Register] [Ars Technica]
10-10-2023: Mirai reloads exploit arsenal as botnet embarks on another expansion drive. [The Register]
02-05-2023: CISA warns that Mirai botnet is exploiting unpatched TP-Link routers. [The Register] [Graham Cluley]
04-08-2020: Mirai botnet exploit weaponized to attack IoT devices via F5 appliances. [EtherealMind] [Trend Micro]
10-04-2019: New variants of Mirai botnet detected, targeting more IoT devices. [Ars Technica] [Network Computing]
18-03-2019: New variant of Mirai takes aim at a new crop of IoT devices. [Ars Technica] [The Register]
11-10-2018: In the two years since Dyn went dark, what have we learned? Not much, it appears. [The Register]
18-09-2018: Mirai botnet creators praised for helping FBI, won’t serve prison time. [Ars Technica] [Wired] [Krebs] [Graham Cluley] [The Register] [Engadget]
08-02-2017: Mirai Inside of an IoT Botnet. [NANOG YouTube]
13-01-2017: Dyn, Bind, and DNS strategy. [Secure64]
14-12-2016: The economic model of Mirai. [Russ White] [Arbor Networks]
08-11-2016: Lessons from the Dyn DDOS attack. [Schneier]
07-11-2016: Largest DDoS attack ever pulled off by bored teens? [HardOCP] [Vice]
04-11-2016: Dyn, BIND and DNS strategy. [Secure64]
01-11-2016: New, more-powerful IoT botnet infects 3,500 devices in 5 days. [Ars Technica]
31-10-2016: A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet. [The Register]
31-10-2016: Could a ‘good worm’ save the Internet of Things from the Mirai botnet? [Graham Cluley]
27-10-2016: DDos on Dyn used malicious TCP, UDP traffic. [Network Computing]
26-10-2016: Blocking attacks from the Incredibly Insecure Internet of Things (IIIoT). [Secure64]
26-10-2016: Mirai botnet DDoSed 167 Dyn data centers globally. [DC Knowledge]
25-10-2016: The new age of IoT-based DDoS attacks. [Network Computing]
25-10-2016: What MSPs should learn from the Dyn Internet attack. [DC Knowledge]
25-10-2016: Dyn DDoS attack sheds new light on the growing IoT problem. [ReadWriteWeb]
24-10-2016: Dyn’s DDoS reveals IoT weak points. [Russ White] [TheNewStack]
24-10-2016: Hacktivist crew claims it launched last week's DDoS mega-attack. [The Register]
24-10-2016: Recalls may become the norm for IoT devices if security doesn’t improve significantly. [THG]
24-10-2016: Post-Mirai, how to better protect your IoT devices. [Graham Cluley]
24-10-2016: For rent: An IoT botnet to take down much of the internet. [Graham Cluley]
24-10-2016: Was Friday’s DDoS attack part of a troubling trend? [DC Knowledge] [HardOCP] [Boston Herald]
24-10-2016: IoT device maker vows product recall, legal action against Western accusers. [Krebs] [Graham Cluley] [Engadget]
24-10-2016: Chinese firm says its cameras were used to take down Internet. [DC Knowledge]
22-10-2016: What is DNS, and why does it make the Internet break? [Gizmodo]
22-10-2016: Today's brutal DDoS attack is the beginning of a bleak future. [Gizmodo]
22-10-2016: Watch America's Internet get wiped out by a massive DDoS attack. [Gizmodo]
22-10-2016: DNS devastation: Top websites whacked offline as Dyn dies again. [The Register] [THG] [Ars Technica] [Engadget] [Gizmodo]
21-10-2016: Some notes on today’s DDoS. [Russ White] [Errata Security]
21-10-2016: Hacked cameras, DVRs powered today’s massive Internet outage. [Russ White] [Krebs]
21-10-2016: US investigating Friday's internet blackout as 'criminal act'. [Engdaget] [Gizmodo]
21-10-2016: What we know about Friday's massive east coast Internet outage. [Wired] [ReadWriteWeb]
21-10-2016: DDoS attack against DNS provider knocks major sites offline. [Graham Cluley] [Krebs] [DC Knowledge] [Network Computing] [BBC News] [Stuff] [NZ Herald] [Gizmodo] [Schneier] [The Register] [HardOCP] [Dyn Status] [ExtremeTech] [Ars Technica] [Engadget] [Engadget]
2015 – Apple vs FBI
14-04-2021: Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone. [The Verge] [Engadget] [Washington Post] [The Register] [Schneier]
16-04-2019: The time Tim Cook stood his ground against the FBI. [Wired]
28-03-2018: FBI didn’t fully know its own capabilities during showdown with Apple. [Ars Technica] [Engadget]
27-03-2018: Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? [The Register]
01-10-2017: FBI won’t have to reveal details on iPhone hacking tool. [The Verge] [Ars Technica] [Engadget] [HardOCP] [MacRumors]
08-05-2017: FBI paid $900,000 to unlock San Bernardino iPhone. [Engadget] [Gizmodo]
17-10-2016: How one researcher cracked iPhone 5c. [EE Times]
06-10-2016: The FBI wants to crack another dead terrorist's locked iPhone. [Wired] [The Register] [Engadget]
16-09-2016: FBI sued by news organizations for info on iPhone hack. [HardOCP] [The Verge] [Engadget]
16-09-2016: The FBI missed a trick to hack the San Bernardino iPhone. [Engadget]
17-09-2016: Who did the FBI pay to get into the San Bernardino attacker’s iPhone? [Ars Technica]
19-09-2016: FBI overpaid $999,900 to crack San Bernardino iPhone 5c password. [The Register] [BBC News] [Graham Cluley]
26-09-2016: FBI iPhone hacker says it can crack any phone. [HardOCP] [BBC News]
15-09-2016: How the FBI could have hacked the San Bernardino shooter's iPhone. [Wired] [Schneier]
29-05-2016: Apple hires crypto guru amidst battles with the Feds. [Wired]
29-04-2016: The FBI will be able to use the San Bernardino hack again. [Gizmodo]
29-04-2016: FBI paid less than previously reported for iPhone hack. [PocketNow] [Wired]
26-04-2016: The FBI won't say how its iPhone hack works. [Engadget] [Stuff]
22-04-2016: Wozniak: Apple were right over FBI privacy case. [BBC News]
21-04-2016: FBI paid at least $1.3M for zero-day to get into San Bernardino iPhone. [Ars Technica] [The Register] [Wired] [Engadget] [Gizmodo] [BBC News] [Graham Cluley] [HardOCP] [Reuters]
19-04-2016: Apple complies with greater proportion of US data demands. [BBC News]
15-04-2016: FBI’s iPhone-hack victory may be coming back to haunt it in other court battles with Apple. [PocketNow] [WSJ]
14-04-2016: FBI reportedly finds nothing of ‘real significance’ on decrypted iPhone 5c. [PocketNow] [CBS News] [The Register] [HardOCP] [cNet]
14-04-2016: FBI can't tell Apple how it unlocked the San Bernardino iPhone. [Engadget] [Gizmodo]
13-04-2016: FBI paid “gray hats” for zero-day exploit that unlocked seized iPhone. [Ars Technica] [Engadget] [NZ Herald] [Gizmodo] [Stuff] [HardOCP] [Washington Post] [PocketNow]
11-04-2016: FBI’s “outside party” suspected to be cracking iPhone 6. [PocketNow]
08-04-2016: Recently unsealed court docs reveal more Apple resistance to unlock orders. [PocketNow] [Reuters] [Engadget]
08-04-2016: The Feds are still trying to force Apple to help unlock iPhones. [Gizmodo]
08-04-2016: Apple won’t demand to learn how FBI cracked terror suspect’s phone. [Ars Technica] [NZ Herald]
06-04-2016: FBI’s iPhone hack limited to the iPhone 5c, earlier devices. [ExtremeTech] [PocketNow] [NZ Herald]
06-04-2016: The FBI is briefing senators on how it cracked the iPhone's passcode. [Engadget] [PocketNow]
07-04-2016: FBI bought 'a tool' to crack the San Bernardino iPhone. [Engadget] [The Register]
03-04-2016: Apple to publicize fix to FBI decryption method that is likely to leak. [PocketNow] [Reuters] [Reuters]
03-04-2016: FBI trick for breaking into iPhone likely to leak. [HardOCP] [Reuters]
01-04-2016: Inside the little-known firm said to be helping the FBI crack iPhones. [Stuff]
30-03-2016: The Apple-FBI battle is over, but the new crypto wars have just begun. [Wired]
30-03-2016: Feds used 1789 law to force Apple, Google to unlock phones 63 times. [Ars Technica] [Gizmodo] [The Register]
30-03-2016: The FBI lost this round against Apple – but it aims to win the war. [The Register]
29-03-2016: The Apple vs DoJ encryption battle is far from over. [Engadget]
29-03-2016: US says it would use “court system” again to defeat encryption. [Ars Technica]
29-03-2016: Cracked iPhone: Should you be worried? [BBC News] [NZ Herald] [Stuff]
28-03-2016: FBI break through seized iPhone, stand down in legal battle with Apple. [Ars Technica] [Engadget] [The Register] [PocketNow] [NZ Herald] [Wired] [BBC News] [Stuff] [Graham Cluley] [EE Times] [DC Knowledge] [ExtremeTech] [THG]
28-03-2016: Apple likely can’t force FBI to disclose how it got data from seized iPhone. [Ars Technica] [PocketNow]
29-03-2016: Apple issues surprisingly vague statement in reaction to the FBI’s iPhone 5c hack. [PocketNow] [The Verge]
25-03-2016: To fight the FBI, Apple ditched secrecy for openness. [Wired]
25-03-2016: FBI crack method in San Bernardino iPhone may help in Brooklyn. [PocketNow]
25-03-2016: Apple designing its own servers to avoid snooping. [Ars Technica] [HardOCP] [The Daily Beast]
25-03-2016: FBI director says fight with Apple about terrorism, not setting precedent. [Ars Technica]
25-03-2016: And now Apple is going to stop the FBI getting into iCloud data too. [Graham Cluley]
22-03-2016: Tor Project works on anti-FBI defenses amid iOS row with Apple. [The Register]
22-03-2016: Today's Apple-FBI Hearing Has Been Delayed. [Gizmodo] [THG]
22-03-2016: Apple's FBI row is only just beginning. [BBC News]
21-03-2016: FBI backs down against Apple: Feds may be able to crack iPhone without help. [The Register] [BBC News] [Ars Technica] [Engadget] [Gizmodo] [Wired] [Stuff] [Graham Cluley]
22-03-2016: Apple wants to know how the FBI will hack its phone. [Engadget] [HardOCP] [Schneier]
22-03-2016: Four theories about how the FBI is cracking the San Bernardino shooter's iPhone. [Gizmodo]
23-03-2016: Israeli mobile forensics firm helping FBI unlock seized iPhone. [Ars Technica] [PocketNow] [The Register] [HardOCP] [Reuters] [Engadget] [Gizmodo]
23-03-2016: iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage. [Ars Technica]
21-03-2016: Apple-FBI scrap started when iOS 8 was shared with the Feds. [Gizmodo] [Bloomberg]
21-03-2016: Apple defends crypto fight against government during launch event. [Ars Technica]
18-03-2016: Long before the Apple-FBI battle, Lavabit sounded a warning. [Wired]
18-03-2016: Sources claim government goes after source code on a regular basis. [ExtremeTech]
18-03-2016: Apple engineers might quit company before agreeing to unlock the iPhone. [ExtremeTech]
17-03-2016: Apple encryption engineers have options if FBI order passes muster. [PocketNow] [NYT]
17-03-2016: How Apple helped crack iPhones like clockwork. [NZ Herald]
16-03-2016: FBI v. Apple is a security and privacy issue. What about civil rights? [Ars Technica]
15-03-2016: Apple lambasts the FBI for not asking the NSA to help hack that iPhone. [Wired] [Wired]
14-03-2016: The gloves are off: FBI argues it can force Apple to turn over iPhone source code. [ExtremeTech] [Schneier]
14-03-2016: Former cyber czar says NSA could crack the San Bernadino shooter’s phone. [Ars Technica] [The Register]
14-03-2016: Breaking the encryption deadlock. [NZ Herald]
12-03-2016: Florida sheriff pledges to arrest CEO Tim Cook if Apple resists crypto cooperation. [Ars Technica]
11-03-2016: New documents solve a few mysteries in the Apple-FBI saga. [Wired]
11-03-2016: Obama weighs in on Apple v. FBI: “You can’t take an absolutist view". [Ars Technica] [Engadget] [Gizmodo] [The Register] [HardOCP] [TWH YouTube] [DC Knowledge]
11-03-2016: Apple: FBI could force us to turn on iPhone cameras for spying. [PetaPixel]
10-03-2016: Feds fire back on San Bernardino iPhone, noting that Apple has accommodated China. [Ars Technica] [Gizmodo] [PocketNow] [HardOCP] [THG]
10-03-2016: Apple: FBI's Filing Is a 'Cheap Shot' Meant to 'Vilify Apple'. [Gizmodo] [9to5Mac]
10-03-2016: What's next? FBI telling us to turn iPhones into pocket spy bugs? It'll happen, says Apple exec. [The Register]
09-03-2016: Wh Apple is taking a strong stand for itself - and for all of us. [DC Journal]
09-03-2016: More people side with Apple in San Bernardino iPhone case. [PocketNow] [WSJ]
09-03-2016: There are ways the FBI can crack the iPhone PIN without Apple doing it for them. [Ars Technica] [PocketNow]
08-03-2016: FBI says NY judge went too far in ruling the FBI went too far in forcing Apple to unlock iPhone. [The Register]
08-03-2016: Steve Wozniak's take on Apple versus the FBI. [Gizmodo]
08-03-2016: Why even Apple's mortal enemies are on its side. [Stuff]
07-03-2016: San Bernardino Police Chief now calls for iPhone unlocking to eliminate third shooter theory. [PocketNow] [NY Post]
07-03-2016: Apple VP says FBI's order makes everyone less secure. [Engadget] [The Register]
04-03-2016: Apple-FBI a poor test case. [EE Times]
04-03-2016: Chertoff says forcing Apple to unlock iPhone equivalent to building a biological weapon. [ExtremeTech]
04-03-2016: How the FBI will lose its iPhone fight, thanks to 'West Coast Law'. [The Register]
04-03-2016: The Golden Key: FBI vs Apple iPhone. [Computerphile]
03-03-2016: An incomplete list of things the Federal Government should stop using thanks to Apple. [Gizmodo]
03-03-2016: Top iPhone hackers ask court to protect Apple from the FBI. [Wired]
03-03-2016: Twitter, Reddit and more file brief to support Apple vs the FBI. [Engadget] [Wired]
03-03-2016: How the FBI versus Apple could make 1984 a reality. [Gizmodo]
02-03-2016: How the FBI’s fight with Apple could change the future of smartphone security. [Lifehacker]
01-03-2016: FBI is asking courts to legalize crypto backdoors because Congress won’t. [Ars Technica] [The Register] [Wired] [Engadget]
01-03-2016: Congressman: FBI is exploiting tTragedy to push its encryption agenda. [Gizmodo]
01-03-2016: Gartner to FBI: Stop bullying Apple and the tech industry. [The Register]
29-02-2016: Apple prevails in forced iPhone unlock case in New York court. [Ars Technica] [PocketNow] [The Intercept] [Stuff] [Engadget] [Wired] [BBC News] [The Register] [THG]
29-02-2016: Attorney General hopes Apple will comply with court order. [HardOCP] [Reuters]
29-02-2016: Google, Facebook and other powerful tech firms filing briefs to support Apple. [NZ Herald] [Stuff]
26-02-2016: Police chief: There’s a “reasonably good chance” not much is on seized iPhone. [Ars Technica]
25-02-2016: Here’s how Apple would build crypto-cracking software for the FBI. [Ars Technica]
25-02-2016: CIA director: it's the media's fault that terrorists are so good at encryption. [Gizmodo] [The Register]
25-02-2016: The craziest line in Apple's motion to throw out the iPhone case. [Gizmodo]
25-02-2016: Apple and FBI to testify at Congressional encryption hearing. [Engadget]
25-02-2016: Apple to FBI: you can’t force us to hack the San Bernardino iPhone. [Wired]
25-02-2016: Apple may use a First Amendment defense in that FBI case - and it just might work. [Wired] [The Register]
25-02-2016: If Apple aids terrorists and the FBI is Big Brother… whom do we support? [Ars Technica]
25-02-2016: Apple tells court it would have to create “GovtOS” to comply with ruling. [Ars Technica] [PocketNow] [9to5Mac] [Engadget]
25-02-2016: FBI director admits Apple encryption case could set legal precedent. [HardOCP] [The Guardian] [NZ Herald]
25-02-2016: Microsoft voices its support for Apple. [PocketNow] [Bloomberg] [Engadget]
25-02-2016: If the FBI thinks iPhones are hard to crack now, wait until Apple further upgrades security. [PocketNow] [NYT]
25-02-2016: Apple, FBI talks need engineers. [EETimes]
25-02-2016: 'Hard questions' in Apple phone row. [BBC News]
24-02-2016: Tim Cook: An iPhone master key would be the 'software equivalent of cancer'. [Gizmodo]
24-02-2016: Tim Cook: Unlocking terrorist's iPhone would be 'bad for America'. [Engdaget] [BBC News] [Gizmodo]
24-02-2016: The Apple-FBI fight isn’t about privacy vs. security. [Wired]
24-02-2016: How Apple could be punished for defying the FBI. [HardOCP] [FastCompany]
24-02-2016: Apple fans don't actually care about the whole FBI iPhone thing. [Gizmodo]
24-02-2016: Apple reveals other FBI demands for iPhone unlocking around US. [Stuff]
24-02-2016: Americans back FBI, not Apple in iPhone case. [NZ Herald]
23-02-2016: Apple fans take iPhone unlock protest to FBI HQ. [The Register]
23-02-2016: iPhone unlocking case about setting a precedent, despite what the FBI says. [THG]
23-02-2016: Bill Gates denies iPhone crack demand would set precedent. [The Register] [Engadget] [Gizmodo] [PocketNow] [HardOCP] [Bloomberg] [Stuff]
23-02-2016: Bill Gates is really upset that you all thought he was on the Feds' side. [The Register]
23-02-2016: Only losers in the iPhone backdoor saga. [NZ Herald]
23-02-2016: Latest in Apple v FBI public squabble over iPhone 'precedent'. [The Register]
22-02-2016: How the FBI could use acid and lasers to access data stored on seized iPhone. [Ars Technica]
22-02-2016: Zuckerberg supports Apple in fight with FBI over iPhone privacy. [Wired]
22-02-2016: The lowdown on the Apple-FBI showdown. [Krebs]
22-02-2016: FBI chief 'not trying to set precedent' with shooter's iPhone. [Engadget] [Gizmodo]
22-02-2016: The natural outcome of the encryption wars in the U.S. [HardOCP] [Daniel Miessler]
22-02-2016: Decrypting an iPhone for the FBI. [Schneier]
21-02-2016: The San Bernardino iPhone: FBI dismisses iCloud siphoning as victims side against Apple. [PocketNow]
21-02-2016: If FBI busts into seized iPhone, it could get non-iCloud data, like Telegram chats. [Ars Technica]
21-02-2016: Apple vs. FBI: should Apple be required to unlock a terrorist’s iPhone? [PocketNow]
20-02-2016: Senate intel chief backs off on bill criminalizing refusal to aid decryption. [Ars Technica]
19-02-2016: Feds say Apple's stand against the FBI is just a PR stunt. [Gizmodo] [ExtremeTech]
19-02-2016: DoJ files motion to force Apple to hack iPhone in San Bernardino case. [Wired] [Ars Technica] [Engadget]
19-02-2016: Apple says the government bungled its chance to get that iPhone’s data. [Wired] [Ars Technica] [Gizmodo]
19-02-2016: San Bernardino County calls the FBI liars over terrorist's iCloud account. [Gizmodo]
21-02-2016: FBI confirms it screwed up and reset shooter’s iCloud password. [HardOCP] [Business Insider] [The Register]
19-02-2016: Apple hires free-speech lawyers as Justice Department moves to force Apple’s compliance. [PocketNow] [CNBC] [Reuters]
18-02-2016: Encryption isn’t at stake, the FBI knows Apple already has the desired key. [Ars Technica]
18-02-2016: Apple’s FBI battle is complicated - here’s what’s really going on. [Wired] [Engadget] [NZ Herald]
18-02-2016: Apple vs. the FBI may not be a war Apple can win. [HardOCP] [ZDNet]
18-02-2016: McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV. [Ars Technica] [HardOCP] [Business Insider] [BBC News]
19-02-2016: Good luck John McAfee, socially engineering a corpse. [Graham Cluley]
07-03-2016: John McAfee lied about being able to hack iPhone. [HardOCP] [DailyDot]
10-03-2016: John McAfee tells Ars he’s fighting a lonely battle, but he’s not lying. [Ars Technica]
18-02-2016: Apple vs the FBI - a plain English guide. [BBC News]
18-02-2016: Apple vs FBI: what would you do? [EETimes]
18-02-2016: Google CEO: FBI's request of Apple could set a 'troubling precedent'. [Engadget] [Gizmodo] [ExtremeTech]
18-02-2016: Why the FBI forcing Apple to break into an iPhone is a big deal. [Stuff] [Gizmodo] [NZ Herald]
17-02-2016: Why Tim Cook is right to call court-ordered iPhone hack a “backdoor". [Ars Technica]
17-02-2016: Tim Cook: FBI backdoor order is 'chilling' and 'dangerous'. [Engadget]
17-02-2016: Apple/FBI/encryption Q&A. [The Register]
17-02-2016: FBI iPhone unlock order reaction: Trump, Rubio say no to Apple. EFF and Twitter say yes. [The Register]
14-03-2016: Donald Trump drops Apple boycott, John Oliver perfectly summarizes encryption controversy. [PocketNow]
17-02-2016: Apple and the FBI: intended and unintended consequences of an iPhone backdoor. [THG]
17-02-2016: Why Apple is fighting back. [ReadWriteWeb]
17-02-2016: Apple will fight US gov’t over court-ordered iPhone backdoor. [Ars Technica] [PocketNow] [BBC News] [Stuff] [Wired] [Gizmodo] [ExtremeTech]
16-02-2016: Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone. [Ars Technica] [Stuff] [NZ Herald] [Schneier]
2015 – Shellshock
03-10-2016: Shellshock two years on – has your company forgotten about it? [BitDefender]
15-12-2014: Worm exploits nasty Shellshock bug to commandeer network storage systems. [Ars Technica]
28-10-2014: Shellshock over SMTP attacks mean you can now ignore your email. [The Register]
16-10-2014: Ghost in the (Bourne Again) Shell: fallout of Shellshock far from over. [Ars Technica]
07-10-2014: Yahoo hacked using Shellshock flaw. [Stuff] [The Register] [The Independent] [NZ Herald] [DC Knowledge]
07-10-2014: Yahoo denies Shellshock hack, blames breach on copycat code. [ReadWriteWeb]
08-10-2014: Yahoo told to “pull your pants up” after Shellshock hack claims. [Graham Cluley]
08-10-2014: FBI pays visit to researcher who revealed Yahoo hack. [Wired]
03-10-2014: Bored hackers flick Shellshock button to OFF as payloads shrink. [The Register]
02-10-2014: Everything you need to know about the Shellshock bug. [ReadWriteWeb]
02-10-2014: What Shellshock has done so far. [ReadWriteWeb]
01-10-2014: Shellshock attacks could already top 1 Billion. [HardOCP] [SecurityWeek]
01-10-2014: Shellshock fixes beget another round of patches as attacks mount. [Ars Technica]
30-09-2014: Inside Shellshock: how hackers are using it to exploit systems. [CloudFlare]
30-09-2014: OpenVPN open to pre-auth Bash Shellshock bug . [The Register]
30-09-2014: New security flaws render Shellshock patch ineffective. [ReadWriteWeb]
29-09-2014: Shellshock makes Heartbleed look insignificant. [ZDNet]
29-09-2014: Fortune 1000 outfits Bash out batches of patches. [The Register]
29-09-2014: Shellshock: 'Larger scale attack' on its way, warn securo-bods. [The Register]
29-09-2014: The Internet is broken, and Shellshock is just the start of our woes. [Wired] [Stuff]
28-09-2014: The Shellshock command security flaw isn't really fixed yet. [Engadget]
27-09-2014: FireEye observes significant amount of malicious traffic leveraging Shellshock bug in Bash, suspects this is a dry run before a potentially larger-scale attack. [FireEye]
27-09-2014: The man who found the web's 'most dangerous' bug. [Stuff]
27-09-2014: Still more vulnerabilities in bash? Shellshock becomes whack-a-mole. [Ars Technica]
27-09-2014: Oracle shell-shocked by Bash bug. [The Register]
25-09-2014: The Internet braces for the crazy Shellshock worm. [Wired]
25-09-2014: Bash bug: Shellshocked yet? You will be ... when this goes WORM. [The Register]
25-09-2014: First attacks using 'shellshock' Bash bug discovered. [ZDNet] [Ars Technica] [Wired]
25-09-2014: The Shellshock Bash bug – what is it, and are your computers vulnerable? [Graham Cluley] [Schneier] [Krebs] [Gizmodo] [The Register] [Errata Security] [Engadget] [DC Knowledge] [NYT] [NZ Herald]
2015 – Hacking Team
07-07-2017: Hacking Team is back. [Engadget]
13-04-2017: Callisto Group snoopers wreak havoc with leaked HackingTeam spyware. [The Register]
17-04-2016: This hacker's account of how he infiltrated Hacking Team says a lot about digital security. [Gizmodo] [Pastebin] [Ars Technica] [Schneier]
07-04-2016: Hacked spyware firm Hacking Team dealt a further blow. [Graham Cluley] [The Register]
29-02-2016: Largely undetected Mac malware suggests disgraced HackingTeam has returned. [Ars Technica] [Engadget]
30-10-2015: Hacking Team offers encryption breaking tools to law enforcement. [Engadget]
27-07-2015: Hacking Team's purchasing of zero-day vulnerabilities. [Schneier] [tsyrklevich]
24-07-2015: Hacking Team leak shows how secretive zero-day exploit sales work. [Wired]
23-07-2015: Advanced spyware for Android now available to script kiddies everywhere. [Ars Technica] [THG] [The Register]
23-07-2015: Hacking Team may not have had a backdoor, but it could kill client installs. [Ars Technica]
22-07-2015: Security tool bod's hell: People think I wrote code for Hacking Team! [The Register]
22-07-2015: Hacking Team: it’s not us who’ve actually sinned. [The Register]
21-07-2015: Researcher takes umbrage after finding his code in Hacking Team malware. [Ars Technica]
21-07-2015: Hacking Team goes to war against former employees, suspects some helped hackers. [Ars Technica] [HardOCP]
20-07-2015: How was Hacking Team hacked? [Graham Cluley]
20-07-2015: The Hacking Team Android malware app that waltzed past Google Play’s security checks. [Graham Cluley]
20-07-2015: Hacking Team hackers questioned over Hacking Team hack. [The Register]
18-07-2015: Hacking Team apparently violated EU rules in sale of spyware to Russian agency. [Ars Technica]
17-07-2015: Hacking Team’s evil Android app had code to bypass Google Play screening. [Ars Technica]
14-07-2015: I worked at Hacking Team, my emails were leaked, and I’m OK with that. [Gizmodo]
14-07-2015: Hacking Team broke Bitcoin secrecy by targeting crucial wallet file. [Ars Technica]
14-07-2015: Hacking Team spyware rootkit: Even a new hard drive wouldn't get rid of it. [The Register]
14-07-2015: Hacking Team touts new spyware suite, calls leaks now “obsolete”. [Ars Technica] [The Register]
13-07-2015: Hacking Team used spammer tricks to resurrect spy network. [Krebs]
12-07-2015: Hacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own. [Ars Technica]
12-07-2015: Hacking Team chief: 'We're the GOOD GUYS fighting crims and rooting out lone wolves'. [The Register]
10-07-2015: Now you can explore Hacking Team's world of selling spyware. [Engadget]
10-07-2015: Hacking Team shows the world how not to stockpile exploits. [Wired]
10-07-2015: How a Russian hacker made $45,000 selling a 0-day Flash exploit to Hacking Team. [Ars Technica]
09-07-2015: How spyware peddler Hacking Team was publicly dismantled. [Engadget]
09-07-2015: Hacking Team's email archive - now searchable online. [Graham Cluley]
09-07-2015: Days after Hacking Team breach, nobody fired, no customers lost. [Ars Technica]
09-07-2015: Despite Hacking Team’s poor opsec, CEO came from early days of PGP. [Ars Technica]
08-07-2015: Hacking Team's lame excuse for selling digital weapons to Sudan. [Gizmodo]
08-07-2015: Hacking Team exploit is in the wild. [The Register]
07-07-2015: Massive leak reveals Hacking Team’s most private moments in messy detail. [Ars Technica]
07-07-2015: Hacking Team tells government customers to stop using its spyware, following hack. [Graham Cluley] [The Register] [Schneier] [Motherboard]
06-07-2015: Lesson #1 from the Hacking Team hack: Choose strong passwords. [Graham Cluley]
06-07-2015: Hacking Team breach shows a global spying firm run amok. [Wired] [Gizmodo] [ExtremeTech]
06-07-2015: The FBI spent $775K on Hacking Team’s spy tools since 2011. [Wired]
06-07-2015: Hacking Team hacked. [Graham Cluley] [BBC News] [Schneier] [HardOCP] [ZDNet] [Ars Technica] [Stuff]
2014 – Heartbleed
13-06-2017: Heartbleed still hurting hard. [Graham Cluley]
01-02-2017: Heartbleed remains unpatched on thousands of servers. [DC Knowledge]
23-01-2017: Heartbleed is not dead - and isn't likely to be any time soon. [Graham Cluley]
15-09-2015: Heartbleed is far from dead. 200,000+ vulnerable devices on the internet. [Graham Cluley] [The Register]
08-04-2015: Most top corporates still Heartbleeding over the internet. [The Register]
10-11-2014: Sysadmins disposed of Heartbleed certs, but forgot to flush. [The Register]
10-10-2014: How an engineer uncovered Heartbleed. [Stuff]
30-09-2014: The weird way the Heartbleed bug made the web more secure. [Wired]
28-08-2014: Months later, Heartbleed hack still a threat. [Stuff] [Ars Technica]
20-08-2014: Heartbleed blamed for Chinese theft of 4.5 million health records. [Engadget] [Graham Cluley]
23-07-2014: Google banks on its own tech to protect Chrome users from another Heartbleed. [Engadget] [Ars Technica] [The Register]
24-06-2014: Heartbleed: hundreds of thousands vulnerable. [Stuff]
22-06-2014: More than half of Heartbleed-vulnerable servers are still exposed. [Gizmodo]
10-06-2014: After Heartbleed, we're overreacting to bugs that aren't a big deal. [Wired]
05-06-2014: Heartbleed redux: another gaping wound in web encryption uncovered. [Wired] [Gizmodo] [Android Police] [Stuff] [The Register] [Ars Technica] [Engadget] [BBC News] [BGR] [Lumension]
05-06-2014: Thanks for nothing OpenSSL, cries stonewalled De Raadt, [The Register]
04-06-2014: The human side of Heartbleed. [Schneier]
03-06-2014: Heartbleed happened – what you can do to stay proactive. [DC Knowledge]
02-06-2014: Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks. [Ars Technica]
21-05-2014: Heartbleed showed us how shockingly lazy people are with their passwords. [BGR]
09-05-2014: Heartbleed clean-up leaves thousands of servers vulnerable. [HardOCP] [ZDNet] [BGR]
09-05-2014: Sysadmins adding Heartbleed to servers. [The Register]
08-05-2014: 300k servers vulnerable to Heartbleed one month later. [Errata Security]
05-05-2014: How to bypass the threat from Heartbleed. [Stuff]
30-04-2014: Google Chrome protection for Heartbleed-hacked sites called “completely broken”. [Ars Technica]
29-04-2014: Why the NSA might not say anything about the next ‘Heartbleed’. [BGR]
28-04-2014: It's crazy what can be hacked thanks to Heartbleed. [Wired]
28-04-2014: Exterminating Heartbleed: how to clear it out of your data center. [ReadWriteWeb]
28-04-2014: The team in charge of OpenSSL: two guys named Steve. [Gizmodo]
28-04-2014: How I used Heartbleed to steal a site’s private crypto key. [Ars Technica]
25-04-2014: Post-Heartbleed: what should you be doing about passwords? [Graham Cluley]
24-04-2014: Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL. [Ars Technica] [The Register] [Trusted Reviews] [Wired]
23-04-2014: Life after Heartbleed: ‘The Internet will never be 100% safe’. [BGR]
23-04-2014: Developers: Heartbleed-affected OpenSSL code is beyond repair. [Gizmodo]
22-04-2014: Apple mends a Heartbleed security bug in its latest WiFi routers. [Engadget]
22-04-2014: Dan Geer on Heartbleed and software monocultures. [Schneier] [LawFare]
22-04-2014: Fixing OpenSSL's Heartbleed flaw will take months, warns Secunia. [The Register]
22-04-2014: How Heartbleed transformed HTTPS security into the stuff of absurdist theater. [Ars Technica]
19-04-2014: Heartbleed maliciously exploited to hack network with multifactor authentication. [Ars Technica]
18-04-2014: The Open Source Initiative hopes public awareness is Heartbleed's 'silver lining'. [Engadget]
18-04-2014: How Apple dodged the Heartbleed bullet. [AppleInsider]
18-04-2014: Now there’s an easy way to flag sites vulnerable to Heartbleed. [Ars Technica] [Netcraft]
17-04-2014: OpenSSL Heartbleed bug sniff tools are 'buggy'. [The Register]
17-04-2014: Nasty Heartbleed bug exposes OpenVPN private keys too. [Ars Technica]
16-04-2014: Not even Tor can keep you safe from Heartbleed. [BGR]
17-04-2014: Heartbleed shrinks Tor by an eighth. [The Register] [Engadget] [Ars Technica]
16-04-2014: This reader mocked Heartbleed, posted his passwords online -- guess what happened next. [HardOCP] [Washington Post]
16-04-2014: Heartbleed hack case sees first arrest in Canada. [BBC News] [HardOCP] [Reuters] [Ars Technica] [Graham Cluley] [Engadget]
16-04-2014: Heartbleed's network effect. [Network Computing]
17-04-2014: Heartbleed bug sends bandwidth costs skyrocketing. [Wired]
15-04-2014: Why you should expect your favorite websites to crash over the next few weeks. [BGR]
15-04-2014: Heartbleed disclosure timeline: who knew what and when. [SMH]
15-04-2014: Hardware giant LaCie acknowledges year-long credit card breach. [Krebs]
15-04-2014: Here are all the passwords you need to change right now because of Heartbleed. [BGR]
15-04-2014: Google knew about Heartbleed for around a month and never told anyone. [BGR]
15-04-2014: Akamai scoffs humble pie: Heartbleed defence crumbles, new SSL keys for customers. [The Register]
15-04-2014: After Heartbleed, why forward secrecy is more important than ever. [ReadWriteWeb]
15-04-2014: Heartbleed fallout may 'slow' browsing speeds. [BBC News]
15-04-2014: Vicious Heartbleed bug bites millions of Android phones, other devices. [Ars Technica] [Graham Cluley] [BGR]
14-04-2014: The NSA issues its own suggestions for avoiding lost Heartbleed data. [Engadget] [BGR]
14-04-2014: Heartbleed SSL bug, DNS and the perils of a monoculture. [Secure64]
14-04-2014: Seven Heartbleed myths debunked. [ReadWriteWeb]
14-04-2014: How the Heartbleed bug reveals a flaw in online security. [NZ Herald]
14-04-2014: Heartbleed exploit, patch, both released. [The Register]
13-04-2014: It’s not a fun week to work at OpenSSL. [Ars Technica]
12-04-2014: What is Heartbleed anyway? [Engadget]
12-04-2014: Tech companies could force NSA reform if they wanted to. Why haven't they? [BoingBoing]
12-04-2014: Heartbleed developer explains OpenSSL mistake that put web at risk. [Ars Technica]
11-04-2014: Answering the critical question: can you get private SSL keys using Heartbleed? [CloudFlare]
12-04-2014: Private crypto keys are accessible to Heartbleed hackers, new data shows. [Ars Technica] [CloudFlare] [Engadget] [Graham Cluley]
11-04-2014: Reaction on “Heartbleed”: working together to mitigate cybersecurity vulnerabilities. [DHS] [BBC News]
11-04-2014: More on Heartbleed. [Schneier]
11-04-2014: NSA exploited Heartbleed to siphon passwords for two years. [Wired] [GottaBeMobile] [ReadWriteWeb] [HardOCP] [Bloomberg] [BGR] [Engadget] [Gizmodo] [HotForSecurity] [ExtremeTech]
11-04-2014: NSA denies it knew about and used Heartbleed encryption flaw for two years. [The Register] [Twitter] [Ars Technica] [BBC News]
12-04-2014: The NSA's Heartbleed problem is the problem with the NSA. [The Guardian]
13-04-2014: Obama lets NSA exploit some Internet flaws, officials say. [NYT] [Engadget] [