skip navigation

More signal. Less noise.

Daily briefing.

The Assad regime abruptly shut down Syria's Internet connections yesterday. (Rebels had made heavy and effective use of the Web for command and control. Gaddafi's regime in Libya also disabled the Internet in its last days.) Anonymous' OpIsrael hacks Israeli news agency DEBKAfile and releases user accounts.

A new version of the W32/VBNA-X worm spreads rapidly: it uses Windows Autorun and "clever social engineering" to implant banking Trojans. Western Connecticut University notifies more than 200,000 that a database vulnerability exposed their personal information. Lack of a Chief Information Security Officer probably contributed to the recent hack of South Carolina's unencrypted tax database: the Revenue Department CISO position went unfilled for a year—the state found no takers at a $100k salary. Legislators want an independent investigation.

More enterprises consider adding cyber counteroffensives to their defensive strategies. The malware black market's evolution affects how bug hunters do business, and not in a good way: expect zero day exploits to debut in the black market, then move to legitimate markets as "newly discovered vulnerabilities." Rising threats to the financial sector lead banks to take a leading role in containing criminal cyber campaigns.

NSA's Accumulo becomes a point of contention in US budget debates: the Senate wants it jettisoned for a commercial alternative.

Business schools offer cyber track MBAs; they're now struggling to introduce big data analytics into their curricula.

The EU joins the US and Canada in opposing more restrictive UN management of the Internet. Thailand thinks it's facing a cyber crisis.

Notes.

Today's issue includes events affecting Albania, Australia, Bermuda, Canada, China, Eurpoean Union, Finland, Germany, Russia, Singapore, Spain, Syria, Thailand, United Arab Emirates, United Kingdom, United Nations, United States..

Cyber Attacks, Threats, and Vulnerabilities

Syria Has Just Been Taken Offline (Wired Danger Room) Syria has been largely cut off from the rest of the internet — just as rebel forces are making some of their biggest advances yet against the Assad regime

Syria has cut itself off from the internet and shut down cellular service (Quartz) Syria has just cut itself off from the internet, reports internet monitoring firm Renesys. (Update at 11:18 a.m. ET: The above chart from Akamai confirms the shutdown.) Telephone service is also down, Syrian activists tell the AP. Previously, the government has cut off access to communications in pockets of the country, usually when commencing a military operation, but this is only the second time that Syria has cut itself off from the internet entirely. Internet and cellular connectivity has been an essential enabler of the distributed communication of Syria's leaderless revolution, leading to fears that the government would eventually cut off communications networks entirely. One of the rebels said on Twitter that they are prepared for a communications shutdown

OpIsrael: Anonymous hacked Israel news agency DEBKAfile, accounts leaked (E Hacking News) The Anonymous hackers has hacked into the official website of an Israel News Agency, DEBKAfile (debka. com) and leaked user accounts. The hack is an apparent retaliation for what the hacktivist claimed is Debkafiles long history of being a tongue of the Mossad

W32/VBNA-X worm spreads quickly through networks and removable media (Naked Security) A new particularly virulent version of the malware family known as W32/VBNA (also SillyFDC/Autorun) is spreading very quickly. It takes advantage of Windows Autorun and some very clever social engineering techniques to plant banking Trojans on victim computers

WCSU Alerts Students and Families Their Personal Data Exposed (Threatpost) Western Connecticut State University officials began alerting almost 234,000 students, their families and prospective students culled from purchased lists that their personal information was exposed due to a database vulnerability

Phishing scam uses real Butterfield employee details (Royal Gazette) Butterfield Bank has been targeted in another online e-mail scam, this one using the real name and contact details of an actual bank employee

NSS Labs Reveals Browsers' Anti-Phishing Progress And Phishers' New Tactics (Dark Reading) NSS Labs today released the latest results and analysis from its web browser security comparative series which evaluated the phishing protection offered by the four leading browsers -- Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox. During the 10-day test period, the average phishing URL catch rate ranged from 90% for Firefox 15 to 94% for Chrome 21 -- a significant improvement from 2009 testing where the average block rate was 46%. The average time it took the tested browsers to block a phishing URL also improved

Phony T-Mobile, Vodaphone Notifications Duping U.K. Users (Threatpost) Cybercriminals in the United Kingdom this week have launched two separate but similar scams intent on gaining access to users' computers. Both scams impersonate e-mail notifications from popular British cell phone companies and both ultimately open a backdoor on the targeted computers

Shylock Malware Evasion Techniques Now Detect RDP Connections (Threatpost) Plenty of malware samples contain embedded functionality that helps the code avoid detection by security software, or places encryption or packing barriers that keep security researchers from studying changes that would help vendors write detection signatures. The Shylock malware has taken that dynamic a step further

Hacker puts new Java flaw in the window (Web wereld) A hacker offers online a previously discovered vulnerability in Java. The highest bidder can exploit the exclusive use, making it leak longer remains unknown and is not patched. A hacker on the Internet provides a new Java 0-day to

Albania Pirate Group thrown off Facebook for second time in a month (Naked Security) Hackers who have been sharing information publicly on Facebook about how to break into computer systems have had their pages shut down for the second time in a month

Security Patches, Mitigations, and Software Updates

PayPal Fixes Trio of Remote-Access Vulnerabilities (Threatpost) PayPal has repaired three remote-access vulnerabilities found in different areas of its website, including a cross-site scripting (XSS) flaw on its PayPal Community Forum. All three flaws were submitted to PayPal's Bug Bounty Program. Researcher Benjamin Kunz Mejri of Vulnerability-Lab reported the security vulnerabilities to PayPal in September; patches were released in late October according to an advisory posted this week to the Full Disclosure list

Google fixes Webmaster Tools access flaw (ZDNet) For several hours, people who formerly had formal access to sites' Webmaster Tools accounts were given access again by mistake. There is as yet no evidence of anyone causing damage due to the error. Google has fixed a security flaw in its Webmaster Tools, which gave temporary access to sites' tools to people who previously had official access, but were no longer supposed to

Cyber Trends

Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk (CSO) I recently read Jody Westby's blog on Forbes (which is a great article) on the subject of "Caution: Active Response to Cyber Attacks Has High Risk." There are several areas I agree with in Jody's blog but there are equally the same number of areas, if not more areas where I disagree. Certainly, cybersecurity will never get better until we are able to curb cybercrime. However, there is much more we need to do to improve cybersecurity. These centers around truly building security into every function of business and IT planning. If we build security into every function and facet of every bit of software and hardware that we create implement and deploy, then our levels of risk will be reduced significantly. This means regardless the level of attempts at cybercrime our data is protected. If we encapsulate our sensitive data upon inception, much like the creators of Gauss encrypted the payload, then we significantly reduce risk. The new approach of that is referred to in the article of "hacking back," "striking back," or "active defense (an oxymoron to begin with)," is described as alarming. I find it to be refreshing and required

How The Sale Of Vulnerabilities Will Change In 2013 (Dark Reading) The market for the sale of zero-day vulnerabilities fundamentally shifted this year and heading into 2013 bug hunters will increasingly play by a set of new rules, vulnerability experts say. As the sale of black market zero-day exploits continues to

Opinion: Hackers Should Forget Disclosure, Keep Security Holes to Themselves (Wired Threat Level) Vendors, governments and the information security industry have incentives to protect their interests over their users'. Not all the players will act ethically, or capably. So who should the hacker disclose to

Can Banks Prevent the Next Cyber Attack? (Wall Street & Technology) Comparing a cyber attack to a natural disaster, Andy Ozment, senior director for Cybersecurity, National Security Staff, The White House, said that private industry, not the government, is usually the first responder to cyber attacks. "We are debating

McConnell Says Cyber Threats on Financials Rising (Bloomberg) Mike McConnell, vice chairman of Booz Allen Hamilton Inc., talks about cyber security threats facing the financial industry. McConnell speaks with Sara Eisen and Scarlet Fu on Bloomberg Television's "Surveillance

Munich Re Study Focuses on Rising 'Cyber Crime' (Insurance Journal) "Cyber attacks are a reality and companies need to prepare themselves," warns Munich Re…study – "Cost of Cyber Crime" – conducted by the Ponemon Institute

Few Invest in Security Awareness Training (The Info Pro) A survey a few years back by SAI found that while the majority of employees had a mostly positive view of information security in the enterprise, this did not translate into actual practical security implementation. In fact, 20% of those responding had no idea to whom within their company they should report a security event. Further, 25% of employees said they had received no security awareness training whatsoever.

Economic espionage - Piece of Cake (YouTube) Economic espionage costs the UK billions every year. It can have a major impact on business and jobs through lost contracts, company failures and redundancies. This film illustrates how easy it is to collect information about people and companies given today's global interconnectivity, the increasing dependencies of companies on IT, the routine use of social networking sites and a general lack of good security practice

Marketplace

White House threatens to veto Senate Defense bill (FederalNewsRadio) The White House also took issue with a measure requiring the DoD chief information officer to discontinue use of the National Security Agency's "Accumulo" open-source software program if a viable commercial alternative can be found. "The provisions

No 'Plan B' For Pentagon In Case Of Big Budget Cut (New York Times) Gen. Dwight D. Eisenhower famously said that plans are nothing, but planning is everything because no war plan survives first contact with the enemy. Therefore, the military should hone its ability for continuous planning

Pentagon Official Hopeful Congress Will Stop January 2 Cuts (Reuters) A top Pentagon official said on Thursday he is "cautiously optimistic" that Congress will avert automatic budget cuts that are due to kick in on January 2, citing some increased willingness among Republicans to consider additional revenue now that the presidential election is over

Pentagon Budget Planners Set For Tough Decisions (Agence France-Presse) No matter how high-stakes budget talks between the White House and Congress end, experts say one thing is certain -- the Pentagon will suffer major cuts. The only question is what will get the ax

IBM And ForeScout Team on Network Security Intelligence And Automated Threat Response (Dark Reading) Partnership will allow joint customers to improve real-time visibility, security intelligence, and automated control

Northrop Grumman Delivers Australian Automated Biometric Information System (Sacramento Bee) The company also recently completed the acquisition of M5 Network Security, a Canberra-based provider of cyber security and secure mobile communications to Australian military and intelligence organizations. Northrop Grumman is a leading global

TASC to Provide Fed Agencies with IT Equipment, Software and Services (ExecutiveBiz) TASC Inc. has won a prime position on an IT Schedule 70 contract from the U.S. General Services Administration, according to a company statement. The prime position provides TASC a contract with five base years and three five-year options

Unisys to Transfer National Archives to Cloud-Based Google Apps (The New New Internet) Unisys has been chosen by the U.S. National Archives to transfer email and collaboration apps to the cloud, according to a company statement

Harris exec to take reins at Artel (Washington Technology) Ted Hengst, president of Harris Corp.'s IT business and the corporate chief information officer, is leaving the company to become CEO of Artel LLC. Artel, which was founded in 1986, was acquired in 2011 by the private equity groups Torch Hill Investment Partners and TPG Growth. The company had over $400 million in 2011 revenue

Wayne Lucernoni to Become Acting Harris IT President as Ted Hengst New Artel CEO (GovConExecutive) Harris Corp.'s Ted Hengst, president of IT business and the corporate chief information officer, has been named CEO of Artel LLC, effective Dec. 3, according to a Washington Technology article. Wayne Lucernoni, current vice president and general manager for intelligence, civilian and health care programs will become acting president of Harris IT

CenturyLink Promotes Jeff Von Deylen to Lead Savvis (Govconwire) CenturyLink (NYSE: CTL) has promoted Jeff Von Deylen, current senior vice president of global operations and client services for its Savvis subsidiary, to lead the subsidiary as president, effective Wednesday. CenturyLink said Von Deylen, who joined Savvis in 2003 as chief financial officer and board member, will succeed Bill Fathers, who is leaving the company

FireEye names David DeWalt as CEO (ARNet) DeWalt has had more than 25 years of experience in leading technology companies, with a focus on cyber security. He has also served as FireEye's board

Former Apple SVP calls Forstall firing 'deserved and justified' (Ars Technica) Father of the iPod had his own run-ins with Forstall during iPhone development

How Much is a Good CISO Worth? - Seeking a Qualified Chief Information Security Officer for $100K (Govenment Information Security) Would you take a job as a chief information security officer for $100,000 a year? It seems no qualified IT security manager wanted the job as CISO at South Carolina's Department of Revenue for that salary. While the CISO post stood vacant this past summer, at least one assailant hacked into the department's tax system, exposing the Social Security numbers and other personally identifiable information of nearly 4 million taxpayers

Cyber security pioneer predicts Apple's closed philosophy will end its dominance (Reuters via BGR) In an interview with Reuters, cyber security expert and Kaspersky Lab CEO Eugene Kaspersky said that Apple (AAPL) won't be able to sustain its growth following its closed philosophy. The Cupertino-based company is known for its tight integration of hardware and software throughout its computer, music, smartphone and tablet line of devices. Despite this, Apple has seen great success and at one point cornered the music, mobile and tablet market. In recent times, however, the iPhone maker has lost market share from increased competition from both Google (GOOG) and Microsoft (MSFT)

Wall Street thinks RIM is back! Just don't count on it to stick around (Quartz) A report by Goldman Sachs just upgraded RIM to a "buy" rating. On its face, at least through the first quarter of next year, this is not an unreasonable recommendation. Before this surge, RIM had been trading at or below the total value of its assets since June. In January, the company will release the BlackBerry 10, which will almost certainly boost the company's revenue as die-hard fans of Blackberrys scoop it up, reversing, at least temporarily, the ongoing contraction in the growth of shipments of BlackBerrys. It could even, as Goldman predicts, return the company to profitability, at least for that quarter

Booz Allen Hamilton: Unsuitable For Investment (Seeking Alpha) Recommendation: I recommend refraining from the purchase of Booz Allen Hamilton (BAH) common stock. The business has historically generated ample excess cash flows and could achieve strong growth in the future. However, the business depends on

LivingSocial Confirms Layoffs: 400, All But A Couple Dozen In The U.S., 10 Percent Of Workforce (TechCrunch) It's not only Groupon that is feeling the crunch among daily deal sites: LivingSocial is laying off 400 employees today. There were reports of the layoffs out yesterday from more than one source; the company confirmed the number to TechCrunch in an email just now. "I can confirm that we notified approximately 400 employees today — all but a couple dozen in the United States

R.I.P. Frothy Times, A Return To Normalcy (TechCrunch) Whatever it is, it is palpable. A sort of buzz in the Valley that all is not well, and a slight nervousness among entrepreneurs, investors and startup employees as they flit about their day-to-day. We may not be in the middle of an outright private market collapse, but there will definitely be fewer tigers and monkeys at this year's holiday parties

Products, Services, and Solutions

Voltage Security Leverages Persistent Systems To Deliver Solution Upgrades And Security Alerts (Dark Reading) Voltage is now able to deliver solution upgrades within 18 hours

Mozilla ships Firefox with H.264 support on Android (Ars Technica) New Firefox version uses hardware support to avoid patent license fees

Chrome Blocks 94 Percent of Phishing Attacks, Firefox 90 Percent, Study Finds (Softpedia) The number of phishing sites has been decreasing for the past couple of years, but there are still plenty of dangerous ones out there. Staying alert is the best way to protect against these threats, but the browser you're using can play a role as well

Android security and optimization app (Help Net Security) IObit released its Android security and optimization app - Advanced Mobile Care, designed for Android 2.2 and above. The app gives Android users a way to protect their smartphones from Android

Mobile communications hub with embedded encryption (Help Net Security) API Technologies announced the new SST Secure Communications Hub (SCH) with integrated encryption. The SB1500ER Secure Communication Hub is a single, integrated device that replaces case-based solution

Fully loaded new 27-inch iMac will cost over $4,200—before tax (Ars Technica) Top model starts at $1,999, but those build-to-order options really add up

Dell releases powerful, well-supported Linux Ultrabook (Ars Technica) "Project Sputnik" aims to be your fellow traveler by focusing on "DevOps"

Like it or not, nonreplaceable CPUs may be the future of desktops (Ars Technica) Future Intel CPUs may come soldered to motherboards, but what does that change

What the heck is Windows Blue? (IT World) We're still in the midst of an Internet-wide discussion of Windows 8 and whether it's a success or a stinker, and now we've got another version of Windows to worry about: Windows Blue

Internet Explorer sucks less than it used to, claims Microsoft (Naked Security) There are plenty of people who love to hate Microsoft Internet Explorer. But does it really suck less than it used to

AML Analytics launch their free Sanctions Alert Service (AML Analytics) Introducing AML Sanctions Alert Service (AML - SAS)The problems and potential risks associated with the ever changing and hugely complex International sanctions lists represent a well understood challenge to all that work in our industry sector. The risks associated with delayed change implementation are equally established. AML Analytics, as leaders in the forensic analysis and benchmarking of financial crime systems and processes have created solutions to meet these challenges in the delivery of safe testing and report services to our clients across the Global Financial services Industry

AT&T Named Worst Major Cellphone Carrier Again (Mashable) AT&T has been named the worst-rated major cellphone carrier in the U.S. for the second year in a row, according to a new study

Trend Micro cloud security optimized for Amazon Web Services (Help Net Security) Amazon Web Services (AWS) customers are able to take advantage of optimized security solutions from Trend Micro for their AWS deployments, including the AWS Storage Gateway. Customers deploying

Amazon Web Services Slashes Storage Prices (InformationWeek) At its first developers conference, Re:Invent, Amazon features customers like Netflix and NASDAQ and disses its software firm rivals

Not To Be Outdone By Amazon, Google Reduces Its Cloud Storage Pricing For 2nd Time In A Week (TechCrunch) This is competition at work: earlier this week, Google announced that it would reduce the price of its standard Google Cloud Storage by just a bit over 20%. Then, Amazon announced yesterday that it would reduce the price of its S3 cloud storage service by about 25% across the board. Today, in a somewhat surprising move, Google announced that it would reduce the price of Cloud Storage by yet

Technologies, Techniques, and Standards

'CyberCity' Faces Its First Attacks Next Month (Dark Reading) SANS' model city gives military, government cybersecurity experts a cyberattack reality check. Military cybersecurity experts next month will undertake a mission to protect the six-foot-by-eight-foot NetWars CyberCity scale model just off the Jersey Turnpike that has its own hospital, cybercafe, bank, and power plant from its first round of cyberattacks

ISC Feature of the Week: SSH Scan Reports (Internet Storm Center) Our feature this week introduces Dr. Ullrich's newest system addition addressing wide spread reports of SSH scans. This system collects logs you submit via a special API URL. We keep receiving reports from readers about wide spread ssh scans. This system was setup to get a better handle on these scans. http://isc.sans.edu/sshreports.html Reporting will be released as soon as there is enough information collected

New Norman AS Video Urges Senior Management to Close the Gap (EON: Enhanced Online News) Norman AS, the global leader in threat discovery…with the goal of maximizing defenses against cyber threats

3 Tips for Securing Email Messages (and Avoiding International Scandal) (eSecurity Planet) Former CIA Director General David Petraeus and paramour Paula Broadwell could have made good use of three strategies for keeping private email exchanges private. By now everyone has heard the news about the resignation of former U.S. CIA Director General David Petraeus in light of his extra-marital relationship with biographer Paula Broadwell

Hadoop will be a relic soon, predicts Numenta founder (Fierce Big Data) Numenta is a startup with a cloud-based prediction engine for streaming data. The company launched in 2005 and went into beta earlier this year. It is ready enough now to start making a difference that the New York Times profiled its founder, Jeff Hawkins, this week and called his company a brainy big data company--a play on Hawkins' theories on neuroscience

Ten lies programmers tell themselves (IT World) Sitting alone staring at code all day can lead one to be less than honest with oneself. Here are some of the more common fibs that coders tell themselves

How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items (Healthcare Infomation Security) Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to deliver a potentially dangerous shock

Virtualization Security: Protecting Virtualized Environments (Net-Security) Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. What's more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments

'PandaIT_SOS: Confessions of an IT Professional' Contest Comes to and End (Sacramento Bee) Panda Security, The Cloud Security Company, today revealed unique anecdotes that were gathered from its 'PandaIT SOS: Confessions of an IT Professional' contest. Launched in September, the contest gave IT professionals an opportunity to share hilarious or utterly bizarre moments experienced when dealing with user problems. The story that garnered the most votes was this submission: (Help by phone) Client: - "Oh! I'm seeing the mouse pointer move on its own." IT Professional: "Yes, Sir. It's me. I've already got remote access to your computer. I will solve your problem right away." Client: "Oh, that's nice. Do you want me to turn on the lights? Maybe you'll see better"

Design and Innovation

Infineon Researchers Awarded German Prize (4-traders) Their research project "Cryptographic Protocol with Inherent Side-Channel Resistance" was honored with the 1st prize at this year's awards ceremony. The project describes an innovative encryption scheme that offers data security for price-sensitive

FierceGovernment's Fierce 15 (Fierce Government IT) FierceGovernment is proud to announce our first annual Fierce 15--a recognition of federal employees and teams who have done particularly innovative things. Most of the civil servants recognized in the Fierce 15 won't be found keynoting event after event across Washington. Instead, they handle behind-the-scenes orchestration of some of the most progressive projects underway in government and work tirelessly to make government more efficient, mission-oriented and accountable

Academia

CourseTalk Launches A Yelp For Open Online Courses And What This Means For Higher Education (TechCrunch) One of the most popular topics in education technology these days is the subject of MOOCs, otherwise known as Massive Open Online Courses. Thanks to the buzz around MOOC platforms like Coursera, Udacity and edX, there are few universities and colleges that aren't currently struggling with whether or not they should hop on the bandwagon

Business schools struggle with analytics training approach (Fierce Big Data) U.S. News & World Report this week confirmed market assumptions that data scientists are in demand, but said that MBA students and the schools themselves are divided on the best approach for education and training

Legislation, Policy, and Regulation

Uniting European CERTs And Law Enforcement In Cybercrime Battle (Dark Reading) European Union agency IDs hurdles preventing better intelligence-sharing, cooperation among first-line Computer Emergency Response Teams and police

UK's House Of Lords Summons Facebook And Google To Talk Convergence And Media Power (TechCrunch) The UK's House of Lords has summoned senior figures from Facebook and Google in their ongoing investigation into media convergence, media power and how this should be regulated in the future. The Communications Committee, which is leading the investigation, will be meeting Simon Milner, policy director at Facebook, and Sarah Hunter, Google's head of UK public policy, along with Edward Rousell

'If It Ain't Broke Don't Fix It': EU Adds Its Voice To The Chorus Opposing More Internet Regulation Ahead Of Key ITU Dubai Meeting (TechCrunch) The European Union today became the latest official body to back an open internet, ahead of a important United Nations meeting to update internet and telecoms regulation for the first time in 24 years. The International Telecommunication Union, a UN agency, is meeting in December in Dubai for the World Conference On International Telecommunications to revise the International Telecommunication

Ministries seek to avert cyber security 'crisis' (Bangkok Post) The Ministry of Defence (MoD) and Ministry of Information and Communications Technology (ICT) are ramping up efforts to boost cyber security, with one expert describing the security situation in Thailand as a "crisis". Ministry officials, speaking at a cyber security conference yesterday, said the public sector is at growing risk of cyber attack due to the popular use of social media and inadequate security systems.

McCaul ratified as House Homeland Security chairman (Government Security News) …In a statement following the action, McCaul thanked House Speaker John Boehner (R-OH) for his recommendation and noted the challenges the Department of Homeland

The Art of the Deal (Foreign Policy) The proliferation of new intelligence and analysis offices, such as the one within the Department of Homeland Security, created rival (and welcome, some would contend) judgments and estimates. Even inside the White House, the president has appointed

ITU packet inspection standard raises privacy concerns, says CDT (Computerworld Australia) The UN's telecommunications standards organization has approved a standard for deep packet inspection (DPI) that raises serious concerns about privacy

What An Executive Order On Cybersecurity May Mean For Enterprises (Dark Reading) While officials say an executive order could set voluntary security standards, companies worry that it can result in a checklist approach to security

GSA officials discuss nuts and bolts of FedRAMP implementation (Fierce Government IT) The Federal Risk Authorization Management Program, or FedRAMP, is still in the early stages of implementation. In order to address common questions on the process, General Services Administration officials fielded inquiries from industry and agency IT shops during a Nov. 7 DigitalGov University webinar

Do Not Track initiative goes off track (Fierce Big Data) An unlikely and difficult initiative for helping people manage how their activities are tracked across the Internet got a little more difficult this week as Aleecia McDonald stepped down as co-chair of the W3C's Tracking Protection Working Group

Regulators should make breach disclosure compulsory (ZDNet) Organizations attacked by hackers ought to disclose the breaches to affected consumers, but regulators need to strike a balance as revealing system flaws publicly might invite more troubles. Regulators will have to take responsibility and make it compulsory for organizations to report instances of cybersecurity breaches. Without government pressure, companies will not voluntarily disclose such incidents as it would negatively impact their reputations and stir shareholders' concerns

The Pace of US Cyber-Preparedness is Accelerating (Security Bistro) Three recent moves by the Pentagon, State Department and White House indicate that the pace of preparation for engaging in offensive cyber attacks is increasing. The first was the speech given by Leon Panetta, Secretary of Defense on October 12 where he used the term cyber Pearl Harbor. Of course to anyone who follows these developments the term is not at all new as Jason Healey of the Atlantic Council pointed out at the recent FedCyber conference in D.C., credit for being first goes to Winn Schwartau who warned of an Electronic Pearl Harbor waiting to happen in testimony to Congress in 1991

Litigation, Investigation, and Law Enforcement

Bank Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case (Wired Threat Level) In a case watched closely by banks and their commercial customers, a financial institution in Maine has agreed to reimburse a construction company $345,000 that was lost to hackers after a court ruled that the bank's security practices were "commercially

FBI told Canada about spy in their midst (Seattle Times) Canadian police were tipped off by the FBI to a possible security breach by a Canadian navy intelligence officer who later pleaded guilty to espionage, documents made public Thursday say

SC Democrats call for independent hacking probe (SF Gate) The controversy over the hacking of millions of South Carolina tax returns turned political on Thursday as Democrats called for an independent investigation into what happened and tax credits for as long as a decade for those who suffered losses through identity theft

Judge Gives Bradley Manning Permission to Plead Guilty for WikiLeaks Dumps (Wired Threat Level) A military judge in Maryland has accepted the terms under which alleged WikiLeaks leaker Bradley Manning has proposed to plead guilty

ISPs Delay Monitoring of Illicit File Sharing (Wired Threat Level) The nation's major internet service providers are delaying an initiative backed by the Obama administration and pushed by Hollywood and the major record labels to disrupt and possibly terminate internet access for online copyright scofflaws

Software Speech (Stanford Law Review) When is software speech for purposes of the First Amendment? This issue has taken on new life amid recent accusations that Google used its search rankings to harm its competitors. This spring, Eugene Volokh coauthored a white paper explaining why Google's search results are fully protected speech that lies beyond the reach of the antitrust laws. The paper sparked a firestorm of controversy, and in a matter of weeks, dozens of scholars, lawyers, and technologists had joined the debate

Nokia seeks to block sale of some RIM products (Computerworld) Nokia has asked a California court to enforce an arbitration award that would prevent Research In Motion from selling products with wireless LAN capabilities until the companies can agree on patent royalty rates

Red flags and the H-P board of directors' liability exposure re the Autonomy acquisition (ProfessorBainbridge) In connection with the growing controversy over Hewlett-Packard's acquisition of Autonomy, the WSJ is reporting that HP is accusing Autonomy of having "made 'outright misrepresentations' to inflate its financial results" prior to the acquisition

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Digital Security Summit (Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.

CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, December 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.

tmforum Management World Americas (Orlando, Florida, USA, December 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive...

Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, December 4, 2012) An overview of sandboxing as a key security technology.

BayThreat (Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

SANS Cyber Defense Initiative (Washington, DC, December 7 - 16, 2012) Specialized courses covering the latest in cyber attacks, including how they work and how to stop them. The event will also feature the Netwars Tournament of Champions.

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, December 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.