skip navigation

More signal. Less noise.

Daily briefing.

In breaking news, l'Express reports that US intelligence agencies spied on French President Sarkozy's office earlier this year, allegedly using the Flame espionage kit. The US Government categorically denies the exploit.

Israel continues to undergo sustained cyber attack by Palestinian hackers and Anonymous members sympathetic to the Hamas cause in Gaza.

The Russian mob's long-anticipated High Roller wire fraud campaign is underway against European banking networks (mostly in Germany) and at least one unnamed major US bank. Exploit kit Gong Da bundles several Java attacks; expect the criminal offensive against Java to continue. A new Linux rootkit is discovered, but it appears to be low-end work. This weekend is traditionally US retail's biggest, from Black Friday to Cyber Monday, and both merchants and consumers are warned of cyber threats lurking in seasonal commerce.

Think your security officer's warnings about operational security, watching what you display, caution about postings, etc. are tiresome? Ask the lads at RAF Anglesey, who incautiously tacked their login credentials to a squadron wall, where they served as a background to PR photos of Prince William.

Bloomberg details $20B in US Intelligence Community contracts. SAIC wins a $433M task order for US CENTCOM enterprise IT services. Media content protection shop Kudleski Group enters the cyber market. Lockheed Martin wins continued G-Cloud work from the British government.

Observers try to sort out the implications of Europe's poignant "right to be forgotten."

Notes.

Today's issue includes events affecting Canada, China, European Union, Finland, France, Germany, Ireland, Israel, Luxembourg, Pakistan, Palestinian Territories, Russia, Spain, Switzerland, United Kingdom, United Nations, United States..

The CyberWire goes on hiatus for the US Thanksgiving holiday. We'll resume normal publication on Monday. In the meantime, a happy Thanksgiving to all.

Cyber Attacks, Threats, and Vulnerabilities

Report: French officials accuse US of hacking Sarkozy's computers (The Hill) The United States used U.S.-Israeli spy software to hack into the French presidential office earlier this year, the French cyberwarfare agency has concluded, according to the newsmagazine l'Express. The magazine reported late Tuesday that the computers of several close advisers to then-president Nicolas Sarkozy including Chief of Staff Xavier Musca were compromised in May by a computer virus that bears the hallmarks of Flame, which was allegedly created by a U.S.-Israeli team to target Iran's nuclear program. Anonymous French officials pointed the finger at the United States

US government hacked into French presidential office, spied on senior officials, says news report (Quartz) Using the sophisticated Flame malware first developed to spy on and sabotage Iran's nuclear program, US spymasters were able to gain almost unlimited access to the computers of senior French officials in the last days of former president Nicholas Sarkozy's reign, alleges a story in French magazine l'Express. The impact of this alleged attack is unknown, but experts on the Flame malware--believed to be the most sophisticated cyberweapon ever developed--say that compromised computers could have been used to record conversations via infected PCs' microphones. Screenshots may also have been captured, and files could have been copied. According to France's intelligence agency, quoted in the story, the resulting data was then routed through multiple servers on all five continents in order to hide the ultimate destination of the stolen data

Israel comes under cyber-attack from multiple opponents (The H) Israel comes under cyber-attack from multiple opponents. The list shows the latest attacks by the group Zoom Source: zone-h 1337, H4x0rL1f3, ZombiE_KsA and Invectus are among the names used by attackers who yesterday (Monday) hacked the Israeli

opIsrael: Israel facing mass cyber attack over Gaza (E Hacking News) In protest of attacks taking place on Gaza, Hackers hit Israel with mass cyber attack that resulted in hundreds of websites being defaced or tangodown, as well as database being leaked. Anonymous has leaked documents of 5000 Israeli officials. Yesterday, Pakistani hackers deface several high profile Israel website including BBC, Bing, MSN, Skype, Intel, Live, coke

Hack Archive: List of Israeli websites hacked as part of operation #OpIsrael (E Hacking News) At EHN , we have collected list of Israeli websites hacked as part of the operation called "#OpIsrael". Anonymous break into dirotmodiin. co. il, a site for finding real estate in Israel, and leaked 2000+ username, email address, and plain-text password

Anonymous: We Will Not Allow Israeli Propagandists to Undermine Our Efforts (Softpedia) Anonymous and non-Anonymous hacktivists from all over the world are currently busy launching attacks against Israels cyberspace. Israeli officials claimed that, so far, theyve been able to fend off all except one of the tens of millions of attacks. However, Anonymous representatives state that they will not allow Israeli propagandists to undermine [their] efforts

Operation High Roller Now Targets Europe's SEPA Network and Large US Bank (Threatpost) The criminals behind Operation High Roller, a complex wire-fraud scheme that has scammed high-end banking customers out of millions, have added a new dimension of automation to their attacks and expanded their efforts beyond Europe and have targeted a major U.S. bank

Gong Da Exploit Kit Bundling Numerous Java Attacks (Threatpost) Don't expect any relief from the current assault on Java. A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and Gong Da exploit kits, setting the stage for additional attacks, researchers said

New Linux Rootkit Emerges (Threatpost) A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems, and while it has some interesting features, it does not appear to be the work of high-level programmer or be meant for use in targeted attacks

Researchers Remotely Control Smart Cards with Malware PoC (Threatpost) A Luxembourg-based group of researchers has generated a proof-of-concept that could give attackers the ability to remotely seize control of USB smart cards through Windows machines infected with a piece of malware they developed, according to a PCWorld

Vodafone MMS email spam spreads malware (Naked Security) Do you own a mobile phone? Is your mobile phone on the Vodafone cellphone network? If so, you could be a prime target for infection by a new malware attack that has been distributed widely via email across the internet

Beware of scammy 'Free $500 Target voucher' offers (Help Net Security) With Black Friday, Cyber Monday and the end-of-year holidays rapidly approaching and people's minds being turned towards shopping and gift-giving, scammy offers for luxury goods and free gift cards are

Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities (Dark Reading) Meanwhile, businesses more worried about productivity than security threats

SMB Retailers Should Remember PCI This Black Friday (Dark Reading) PCI Council suggests hiring a certified pro to help avoid common SMB PCI pitfalls

Businesses bracing for security impact on Cyber Monday (Help Net Security) Most employees are not able to recognize online threats against the corporate network and companies are most concerned that online shopping could open the network to potential new threat vectors,

$450K stolen from Gold Bar's bank accounts (Herald Net) The city has so far recovered about $230,000 and is working to get back the rest

Prince William photos accidentally reveal RAF password (Naked Security) Prince William gets photographed doing his day job - unfortunately, someone didn't spot the password pinned to the wall behind him

Hardcore malware: Stuxnet, Duqu, and Flame (Word Press) Stuxnet, Duqu, and Flame have gained notoriety as some of the most damaging and devious forms of malware. First appearing in 2010, 2011, and 2012 respectively, these three worms have caused fear in the information security industry and panic among the administrators of infected hosts. Before analyzing their workings and unique characteristics, here is a review of malware in general and a summary of some noteworthy examples of destructive viruses from years past

Stuxnet's Infection Of Chevron Shows Why 'Weaponized' Malware Is A Bad Idea (Techdirt) The Stuxnet worm that attacked an Iranian nuclear enrichment facility a couple of years ago was exceptional from several viewpoints. It is believed to have been the costliest development effort in malware history, involving dozens of engineers. It also made use of an unprecedented number of zero-day exploits in Microsoft Windows in order to operate

A timeline of the Revenue cyber-attack (SCNow) A timeline of the Revenue cyber-attack

South Carolina tax chief resigns after taxpayers hit in cyber attack (Yahoo! News) The head of South Carolina's tax collection agency has resigned after hackers gained access to state computers and the personal information of nearly 4 million state taxpayers, including Social Security numbers

Olympics cyber attackers were amateurs (The Register) Twelve year old hacktivists and journalists with infected laptops were the biggest info security threats to the London 2012 Games - an event which in the end was notable for the absence of a major cyber attack, BT has revealed. The telco giant was in charge of supporting the official London2012. com site and the huge IP infrastructure which carried voice, cable TV, wireless and everything in between around the sites, according to BTs global head of secure customer advocacy, Phil Packman

Behind the Random NTP Bizarreness of Incorrect Year Being Set (Internet Storm Center) A few people have written in within the past 18 hours about their NTP server/clients getting set to the year 2000. The cause of this behavior is that an NTP server at the US Naval Observatory (pretty much the authoritative time source in the US) was rebooted and somehow reverted to the year 2000. This, then, propogated out for a limited time and downstream time sources also got this value. It's a transient problem and should already be rectified. Not much really to report except an error at the top of the food chain causing problems to the layers below. If you have a problem, just fix the year or resync your NTP server

Security Patches, Mitigations, and Software Updates

Mozilla Releases Firefox 17 with Click-to-Play, Updates Firefox for Android (Threatpost) FirefoxMozilla pushed out the latest build of its flagship browser, Firefox 17, today, adding a new click-to-play blocklisting feature that will help prevent users from running out-of-date or vulnerable versions of plug-ins or extensions. The update tweaks click-to-play in Firefox prompting users to either update or abandon old versions of software like Adobe's Reader and Flash and Microsoft Silverlight

Firefox 17 is more social and secure, but doesn't care for leopards (Ars Technica) Alongside the usual list of tweaks, Mozilla ends support for OS X 10.5

Cyber Trends

The Business Of Commercial Exploit Development (Dark Reading) A closer look at the debate surrounding this market. Over the past 15 years of cybersecurity discussion, it's doubtful that you'll have failed to notice the biannual flare-ups concerning vulnerability disclosure. Whether it's due to the slow fuse of a software vendor silently patching a legacy vulnerability, or the lightning strike of a zero-day being dropped at a security conference, these brushfires rage with fury for a short period until the tinder and media gets exhausted…until the next time

It's Not Just HP And Autonomy, The Enterprise Software Space Is A Giant Stinking Mess (TechCrunch) The enterprise software space is a giant stinking mess. And it's going to get even messier if the vendors don't start embracing the new spirit of collaboration and social technologies that represent the modern data workflow

Global Bankers Fear Bitcoin (uscyberlabs) Reading the European Central Bank report October 2012 Virtual Currency Schemes Were they plainly state that they are worried about Bitcoins. Linden dollars or Chinas Q-coin were different but they they scared the bankers when they translated to goods and service, the Q-coin was put down by China because they did not want an uncontrolled currency competing for the state coins. let me back up and explain itThe bottom line is The increase in the use of virtual money might lead to a decrease in the use of real money, thereby also reducing the cash needed to conduct the transactions generated by nominal income the other fear is On the one hand, they could have an impact on the velocity of money existing in the economy

New York Times Data Center Indictment Misses Big Picture (InformationWeek) A New York Times examination of increasing data center use and its environmental impact focuses on aging enterprise data centers. A more important issue: How much environmental benefit can we reap from today's modern cloud data centers

Marketplace

Spy Agency Multiple-Award Contracts Bring 80 Companies $20 Billion (Bloomberg Government) Intelligence agencies are ordering at least $20.5 billion in technology and professional services through 2017 from 80 companies using 20 classified multiple-award contracts, a Bloomberg Government analysis found

SAIC Awarded $433 Million Task Order By U.S. General Services Administration (Sacramento Bee) Company to Provide Enterprise Information Technology Services in Support of the U.S. Central Command. Science Applications International Corporation (SAIC) (NYSE: SAI) today announced it has been awarded a prime contract by the U.S. General Services Administration (GSA) to provide enterprise information technology (IT) support to the U.S. Central Command's (USCENTCOM) Directorate of Command, Control, Communications and Computers. The cost-plus award-fee (CPAF) task order has a one-year base period of performance, four one-year options, and a total contract value of $433 million, if all options are exercised. Work will be performed primarily in Tampa, Fla. The task order was awarded under the GSA Alliant Government-wide Acquisition Contract by the Federal Systems Integration and Management Center (FEDSIM)

Digits: NTSB May Drop BlackBerrys for iPhones, Citing Reliability (Wall Street Journal) Research In Motion Ltd. may be losing another U.S. government customer, but this time the reason isn't fickle employees who prefer to carry around an iPhone

CentraStage, Panda Security: Global MSP, Cloud Partnership? (MSPmentor) Something is brewing between CentraStage and Panda Security. Indeed, Panda Cloud Systems Management apparently leverages CentraStage's cloud-based RMM

Kudelski establishes new Cyber Security division (broadband tv news) (The Kudleski Group, best known for its media content protection, has launched a new Cyber Security division. Kudelski Security is centered around the privacy and confidentiality of data and analytics within a cloud dependent ecosystem. The portfolio includes monitoring the evolution of threats and keeping consumer data secured, while access to data becomes more dynamic and mobile, through new consumer devices like smartphones and tablets

WANdisco looks to gain Hadoop expertise through latest acquisition (Fierce Big Data) U.K. collaboration software company WANdisco completed its acquisition this week of Silicon Valley-based AltoStor, a company that helps create faster and more efficient software development. WANdisco will leverage AltoStor to launch its first big data-targeted solution in the first quarter of 2013. The AltoStor founders, Konstantin Shvachko and Jagane Sundar, are among the core Apache Hadoop creators, developers and on-going contributors

Dell Cloud Storing Hospital System's 233K Medical Images (New New Internet) Dell will provide two hospitals a system to help it manage the more than 233,000 medical images the hospitals generate per year, the company announced Monday. Centegra will store images long-term in Dell's cloud clinical archive and maintain five years' worth of images on-site for access…Dell said Centegra, an Illinois-based two-hospital system with several clinics, needed to consolidate existing picture archiving and communications systems for cardiology and radiology and wanted to add hardware to meet growing storage capacity demands

Lockheed to Continue UK Cloud Storage, Software Services (New New Internet) Lockheed Martin U.K. has won a 12-month contract to continue providing cloud computing infrastructure and software to the British government, the company announced Monday

Sharp ends early retirement plan as volunteers abound (IT World) Japan's Sharp, struggling with deep losses and searching for a financial savior, has cut short an early retirement program after being flooded with volunteers

Whitman's Hewlett-Packard Remodel Gets Another Hideous Surprise (Wired Business) Meg Whitman's turnaround of Hewlett-Packard is like remodeling some rambling ramshackle mansion. Every time she opens a door there is yet another disaster lurking inside

HP Vet Expanding Focus of Encryption Vendor Vormetric (eSecurity Planet) Former President of HP's Tipping Point takes the reins at encryption vendor Vormetric. HP is one of the world's largest IT vendors and home to many security technologies and professionals. It's no longer the home of Alan Kessler, though. Kessler, the former president of HP's Tipping Point

German city dumps OpenOffice and switches to Microsoft (IT World) A majority of the city council in Freiburg, Germany, has voted in favor of ditching the open source suite OpenOffice to return to Microsoft Office after severe problems and complaints from employees

Products, Services, and Solutions

Facebook Is All Smiles in China Now, But YY Is Coming (Wired Business) Chinese social network YY is poised to go public thanks in part to a robust voice chat system

Amazon floats Windows Server 2012 into AWS cloud (Ars Technica) AWS takes on Azure with free tier instances, Elastic Beanstalk support

Panda Cloud Antivirus Only Free Antivirus to Achieve Highest Rating (NEWS.GNOM.ES) Panda Security, The Cloud Security Company, today announced that Panda Cloud Antivirus Free Edition has earned another Advanced+ rating in the latest

Panda Security unveils new security device for mid-size, large firms (Computer Business Review) Cloud security company Panda Security has launched a new unified perimeter security appliance targeting mid-size and large enterprise firms which claimed to

Norton Mobile Security adds protection for iOS (Help Net Security) Norton by Symantec released the latest version of Norton Mobile Security which delivers protection for consumers' mobile needs, including support for iOS devices

Next version of Microsoft SQL Server to feature in-memory tech (Fierce CIO: TechWatch) The next version of Microsoft's SQL Server will come with in-memory technology, says Microsoft (NASDAQ: MSFT) , just months after the launch of SQL Server 2012. Codenamed "Hekaton," the technology is currently being tested with a number of the company's customers. Software from competitors such as Oracle's (NASDAQ: ORCL) Exadata and SAP's HANA already come with in-memory support

7 Cheap Cloud Storage Options (InformationWeek) You have a multitude of cloud storage choices beyond Dropbox, for enterprise and personal use. But make sure you understand the differences

RSA enhances risk-based authentication solution (Help Net Security) RSA announced enhancements to the RSA Adaptive Authentication On Premise solution designed to help organizations in wide range of industries achieve the right balance of security against advanced threats

RSA Upgrades Malware Defenses For Bank Transactions (InformationWeek) Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions

Technologies, Techniques, and Standards

Don't measure everything, says DOE web manager (Fierce Government IT) It's possible with today's website analytics tools to gather a wealth of data and monitor every detail of user activity. "You don't need to measure everything. Figure out what measurements really matter to you and put a plan in place to measure them," said Trish Cozart, senior project leader for the National Renewable Energy Laboratory's technology deployment tools team, during a Nov. 1 DigitalGov University webinar

Why there will be no patch for the Petraeus vulnerability (IT World) Security experts had four words of advice for those wondering over the implications of the sudden resignation last week of the U.S.'s Director of Central Intelligence, General David Petraeus: 'get used to it.'

Resilient Security Requires Creativity and Intelligence (Threatpost) Try to dampen your innate cynicism for one second, forget the source of this next comment, and absorb it: "We need resilient defenses." Dr. Steve King uttered those words at a small security event in Boston last week. Four simple words you've heard before that today make so much sense

Create and implement a vulnerability management program (Word Press) If you, as an information security professional, are tasked with maintaining the cyber defenses of an information system (IS), this is a responsibility that you cannot carry out in a haphazard manner. Given the complexity of modern computer networks, a standardized approach to IT security is necessary to ensure that all facets of the IS are protected to the utmost. As with network connectivity troubleshooting, it is simply better to follow a plan of defined steps rather than attempt to achieve your goal in an unorganized way

Tips for safe online shopping (Help Net Security) Veracode released a new infographic, "Identity Theft: Staying Safe in an Online World," that provides practical tips for keeping personal information safe when shopping online this holiday season

PCI Council adds guidelines for data security risk assessment (Help Net Security) The PCI Security Standards Council (PCI SSC) released the PCI DSS Risk Assessment Guidelines Information Supplement, a product of the PCI Risk Assessment Special Interest Group (SIG). Organizations

Thwart attackers' search for info by ditching out-of-office notifications (Help Net Security) When it comes to successfully defending organizations from targeted attacks, IT administrators must be aware that attention to every detail - no matter how small - will pay off. One of these detail.

YARN: Answer To Hadoop's Shortcomings? (InformationWeek) YARN framework may not be ready for prime time, but it could bring Hadoop to the next level, says Pervasive Software's chief technologist

Big Data Classes for CXOs (InformationWeek) Teaching C-suite executives the fundamentals of big data, a topic once confined to the rarefied world of computer scientists, is becoming a growth industry

Design and Innovation

Why Culture Matters: Supercell's Calculated Path To The Top Of The App Store (TechCrunch) "There was this moment in the industry when people thought that games were a science, not a form of art," said Ilkka Paananen, the CEO of red-hot Finnish gaming startup Supercell. "But inevitably, games are a form of art," he said. "They have to be supported by strong analytics, but you have to lead with creativity." With Zynga's moment passed, a new generation of gaming startups like

'Your criticisms are completely wrong': Stallman on software patents, 20 years in (Ars Technica) Free software guru makes a still-unpopular plea with new urgency—just ban them

Open source Java for Android? Don't bet on it (IT World) Industry observers aren't optimistic, despite chatter about the possibility in OpenJDK circles

Research and Development

Quantum Cryptography Conquers Noise Problem (Scientific American) Quantum cryptography could keep messages ultra-secure -- if the right detector can be developed. It's hard to stand out from the crowd -- particularly if you are a single photon in a sea of millions in an optical fiber

Quantum Cryptography At The End Of Your Road (Scientific American) In April of this year I wrote about how quantum cryptography (more properly called Quantum Key Distribution or QKD) was leaving the laboratory bench and is balanced on the cusp of entering into real-world use. At the time, many thought I was talking

Unhackable telecom networks a step closer (The Age) "The requirement of separate fibres has greatly restricted the applications of quantum cryptography in the past, as unused fibres are not always available for sending the single photons, and even when they are, can be prohibitively expensive"

Quantum Cryptography Can Mix With Data Traffic, Say Cambridge Boffins (TechWeekEurope UK) Quantum cryptography encodes each bit of a digital key upon a single photon - a particle of light - but the weakness of these signals has been a limitation, and has meant that quantum crypto systems would need to have their own dedicated fibre links

Your boss may already know you're about to quit (Fierce Big Data) There seem to be winners and losers on both sides of many big data questions. For example: On one hand, big data can help reduce employee turnover for a business. On the other it may "out you" as a likely seeker of greener pastures. Venture Beat previewed a new study yesterday by Evolv and the Center for Human Resources at the Wharton School of the University of Pennsylvania showing big data can be used to predict when employees may be about to quit

Fujitsu develops stream aggregation technology for processing data (Fierce Big Data) As the amount of data available for analysis increases and computation times lengthen, it becomes more difficult for an operation to manage updates. Improving the frequency of updates when aggregation times are lengthened has proved a challenge, but Fujitsu Laboratories has developed stream aggregation technology it believes can solve the problem without redoing computations or re-reading a variety of data types that change over time

Academia

Students Hack Their Way to Victory in Brooklyn (Sacramento Bee) Downtown Brooklyn last week transformed into ground zero for the world's largest student hacking contest and other cyber security games, all part of the ninth annual Polytechnic Institute of the New York University (NYU-Poly) Cyber Security Week (CSAW). The hundreds of finalists who converged on the NYU-Poly campus had bested 10,000 competitors in preliminary rounds of seven different challenges designed to encourage a new generation of cyber security experts capable of answering what President Barack Obama has called a national security crisis."By attracting a record number of students to the CSAW games this year, we were pleased to open opportunities for more students than ever to increase their cyber security knowledge and build the strong networks of the peers and professionals that they will need in this fast-changing field," said Nasir Memon, NYU-Poly professor of computer science and engineering and CSAW's founder. "It also gives me great pride to witness the leadership that NYU-Poly's cyber security students and alumni exhibit as they developed and organized the CSAW challenges into world-recognized events."Hundreds of faculty and professionals act as mentors, help fashion the challenges and judge the CSAW challenges

Cyber Security Students Can Help US Prepare for Cyber Attacks (U.S. News University) However, efforts are underway to beef up the nation's cyber security talent pool, as Reuters reports, the National Security Agency has already chosen four American colleges that would serve as Centers of Academic Excellence in Cyber Operation

Legislation, Policy, and Regulation

Take Two Aspirin And Steal My Data (Dark Reading) HIPAA and information security aren't suggestions. They're the law. When I am in a doctor's office, either as a patient or along with a family member, I can't help but think about HIPAA compliance and information security. It's my chance to be a secret shopper or, in this case, a covert observer of the operating environment of another organization

Lofgren heads to reddit for help with bill language (Fierce Government IT) Rep. Zoe Lofgren (D-Calif.) is turning to online community and aggregator reddit to crowdsource a legislative proposal that would dictate how domain name seizures are handled in the cases of alleged copyright infringement, libel and obscenity. The legislation aims to "build due process requirements" into domain name seizures by requiring the government to provide notice and give the accused a chance to defend themselves prior to the seizing or redirecting of the domain name

Google rallies opposition to UN takeover of Internet governance (Ars Technica) Critics say shifting Internet governance to the ITU would make it less open

Pakistan cybercrime bill faces delay, consensus not reached (ZDNet) Plans to turn country cybercrime ordinance into law delayed as stakeholders could not agree on critical clauses, with one camp reportedly concerned about its reduced powers. Pakistan cybercrime bill faces delay after a parliamentary meeting failed to arrive at a consensus on critical clauses in the draft crafted by legal and industry experts. The process may take a longer time as two key stakeholders, Pakistan's Federal Investigation Agency (FIA), and Pakistan Software Houses Association (P@SHA), could not reach a consensus on critical clauses, sources told The Express Tribune on Tuesday

Dear Congress: Please keep your dirty hands off cybersecurity, email privacy (CSO Salted Hash) Some continue to cry out for Congress to pass a cybersecurity law. But as the latest Tom-foolery over an email privacy bill demonstrates, the best thing Congress can do is nothing

The right to be forgotten: Between expectations and practice (Help Desk Security) The right to be forgotten is one of the elements of the new proposed regulation on data protection of the European Commission. The right allows people to ask for digitally held personal information to

Litigation, Investigation, and Law Enforcement

Tech engineers weigh in on alleged no-hiring agreement between EBay and Intuit (IT World) The U.S. government alleges that eBay and Intuit had an illegal agreement forbidding each company from hiring each other's employees. If it's true, tech workers say it makes them nervous

HP-Autonomy fraud allegations fallout: The winners and losers (IT World) Hewlett-Packard's bombshell revelation that it would take a US$8.8 billion non-cash writedown after allegedly discovering major accounting fraud related to its Autonomy business unit has rocked the tech world

AT&T iPad hacker plans to appeal felony conviction (Computer World) A man who exposed a major privacy weakness that divulged email addresses of iPad users on AT&T's network plans to appeal his conviction on two felony charges. Andrew Auernheimer, also known as "weev," used an automated scripting tool called the "iPad 3G Account Slurper" to pull the names and email addresses of 120,000 iPad 3G owners from AT&T's servers in June 2010. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with cellular connectivity, with the user's email address

Megaupload Assisted FBI vs NinjaVideo, But Evidence Then Used Against Them (TorrentFreak) In 2010, individuals from the now-defunct NinjaVideo site stored copyright-infringing videos on the servers of Megaupload. These subsequently came to the attention of the FBI who were conducting an investigation into NinjaVideo and its operators. As a result Megaupload was served with a criminal search warrant requiring it to hand over information to the authorities, but in a cruel twist Megauploads cooperation and a desire not to destroy evidence is now being used as evidence against it

Exceptionally grave damage: NSA refuses to declassify Obama's cybersecurity order (RT) The National Security Agency has shot down a Freedom of Information Act request for details about an elusive presidential order that may allow the government to deploy the military within the United States for the supposed sake of cybersecurity

Facebook says proposed European data protection fines could lead to court battles (Help Net Security) Documents handed over following a Freedom-of-Information request to the Irish Data Protection Commissioner have revealed that Facebook does not appreciate the proposed sanctions for anyone who fails

Who owns your Facebook, Twitter account after you die? (Emirates 24/7) Digital inheritance gains popularity among those who wish to pass on their online footprint to their loved ones when they are no more. Have you ever wondered what will happen to your Facebook, Twitter and email accounts after you pass away? Who should your passwords be handed over to in your absence? Or should they lie in limbo? Or should there be a service in place to tie up an individual's online life after their lifeline is switched off

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

IRISSCERT Cyber Crime Conference (Dublin, Ireland, November 22, 2012) The IRISSCERT Cyber Crime Conference will be held this year on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel, in Ballsbridge Dublin. This is an all day conference which focuses on providing...

Digital Security Summit (Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.

CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, December 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.

tmforum Management World Americas (Orlando, Florida, USA, December 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive...

Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, December 4, 2012) An overview of sandboxing as a key security technology.

BayThreat (Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

SANS Cyber Defense Initiative (Washington, DC, December 7 - 16, 2012) Specialized courses covering the latest in cyber attacks, including how they work and how to stop them. The event will also feature the Netwars Tournament of Champions.

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, December 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.