The US Office of Personnel Management was the target of two phases an apparently successful attack in 2015 to retrieve sensitive information from its databases. The Office's inspector general had issued a report in November of 2014 damning the poor security and even recommending shutting down some systems because they were so vulnerable. The intrusion into the Office's databases was attributed to non-governemental Chinese hackers who might be sharing information with the Chinese government. The attack might have been orchestrated by the same group that infiltrated health care providers.

Ed.: one might wonder why the cross-border surveillance program did not detect this instrusion.

A partnership between Samsung and Swiftkey was meant to keep Galaxy phone up-to-date with the latest word prediction software. But researchers at NowSecure found that the update procedure can be compromised, potentially giving hackers access to core internals of the operating system. The hack can be carried out over wifi networks and perhaps over cellular networks.

The MACOS operating system from Apple has an application that is a manager for all the cryptographic keys used to protect data on the system. The "keychain" app is an important party of Apple's security for MAC computers. Researchers found significant flaws in the app and showed how to exploit them to gain access to a user's personal data, wherever it was stored --- locally or in iCloud. Frustrated by Apple's slow pace in addressing the problem, the researchers went public with their discovery, spurring Apple to work with them on a daily basis to get the holes closed.

Governments are touchy about the use of encryption by their citizens, today more so than ever. The NSA believes that it is possible to have encryption that is perfectly secure but also allows the government, under careful judicial control, to read the encrypted data without contacting the person who did the encrypting. The descriptive phrase for this is "exceptional access". It has raised a firestorm of debate. A group of 14 security experts have published a paper opposing the idea. "The government's proposals for exceptional access are wrong in principle and unworkable in practice," said Ross Anderson.
Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications

A US Federal Court has been asked to nullify an NSA program to collect bulk collection of calling information for US phones. The program was revealed by Edward Snowden, and it has been the subject of recent legislation and court challenges. Apparently the program is still in effect. The ACLU has petitioned the court to issue an injunction stopping the program. Also in question are the previously collected phone records.

Many recently manufactured Chrysler vehicles come with software that connects them to the Internet. This wonderful capability is provided by a wireless service Uconnect that connects these cars to the Sprint cellphone network. Unfortunately, researchers have demonstrated that it is possible for unauthorized users (i.e., hackers) to take control of the car from the Internet. They can, for example, stop and start the engine. All such cars the subject of a large recall.

Have you installed the latest versions of all your software? Do you use a different password for everyone of your accounts? Do you use two factor authentication? Then you might be a security expert. On the other hand, if you rely on anti-virus software and change your passwords frequently, you might not be an expert. These observations were presented at the recent SOUPS conference, based on a survey carried out by researchers at Google.