Congratulations to Cynthia Irvine, Jerome Saltzer, Ron Ross, Steve Lipner, and Susan Landau on being honored by the National Cybersecurity Hall of Fame for their numerous contributions to computer security research, policy, and practice.

Summary: The US and Europe have several data-sharing agreements in place. Recently, a European court ruled that one of them gives US authorities nearly unfettered access to the private data of Europeans using online services, such as Facebook. This violates European privacy laws. The decision cannot be appealed. The response by European data providers and Internet companies is being weighed.

Summary: A Kosovo citizen is accused of using hacking techniques to compile a database of personal information regarding over 1000 members of the US military and other government segments. The information may have been share with an Islamic State member for the purpose of attacking these people. The information was obtained from an online retail service.

Summary: GridSecCon, held by the North American Electric Reliability Corporation, featured a talk by a Homeland Security official. The overall message was that the US power grid, while short on security, is high on obscurity, making it difficult to use generic methods to attack it. The bad news is that it is constantly under attack.

Summary: In October the US and China announced a agreement to stop hacking commercial sites in order to steal intellectual property. The US compandy Crowdstrike says that hacks against pharmaceutical companies have continued unabated. They call the perpetrator group "Deep Panda". Perhaps the ballyhooed agreement has no teeth. [We note that pandas are vegetarian].

Summary: Apple has been dealing with a spate of privacy encroaching apps, and in some cases, the app developers were unaware of the behavior. As a result, Apple has banned a large number of apps. An SDK that was widely used surreptiously stole user info and uploaded it to a server. In another case, encrypted communication was revealed without authorization.

Summary: The US Senate has approved its version of a controversial cybersecurity bill. The bill is meant to make it easier for US companies to share attack information with the US government, and vice versa. The details of that sharing have raised questions, as has the overall premise that it will improve cybersecurity.

Summary: Researchers Marjan Ghazvininejad and Kevin Knight of the University of Southern California have come up with a combination of art and psychology that might lead to a revolution in memorable passwords. It is difficult to create a password that sticks in a person's mind because memory, at least without extensive training, is limited and unreliable. A good password has to be fairly long to have enough entropy to survive random guessing by an opponent. Rhymes, though, have long been recognized as aids to memorization. The recently published paper by the researchers shows that doggerel can be used as a secret password.

Summary: A group of IT specialists is available to help ISIS followers who need help with staying under the radar of law enforcement. Some of the most frequently fielded questions seem related to the sort of privacy preserving practices that any Internet user might want. Most are about security communication using encrypted services.