EADS and KruppThyssen disclose cyber attacks, and both are attributed to the Chinese government, indicating that concern over alleged PLA espionage has spread from North America to Europe. China continues to deny its involvement as it seeks a modus vivendi in cyber space with its most important trading partners. Al Jazeera and Anti-War do their best to make the Chinese foreign ministry's case, but recent attack attributions are holding up.
Trustwave warns customers not to be deceived by a phishing campaign. Duo Security finds a way around Google's two-step login verification. Jihadist chatter in cyberspace implausibly finds a US-Israeli-Iranian conspiracy to conquer Syria. Anonymous does some crowing about its ability to hack US Government sites.
The SANS Institute publishes two interesting accounts of threats: mass-customized spam and exploitation of vulnerable embedded devices. Lastline reports on evasive malware, and Sophos debunks Facebook rumors that the Talking Angela iPhone app targets children for exploitation: Angela appears entirely benign.
Two attack post-mortems are of interest. Bit9 tells how it opened itself to SQL-injection attack, and IEEE Spectrum describes Kaspersky's role in finding Stuxnet.
Private users may be better at browser hygiene than enterprises. SMS is replacing email spam. Apple and Facebook hacks are branding cautionary tales.
US budget sequestration will (probably) arrive Friday. Australia prepares to invest in security situational awareness. SAIC discloses more about its pending breakup, and HP reveals its big data security strategy.
The Japanese government establishes an APT database. Los Alamos researchers demonstrate quantum cryptography for power grid security.
Today's issue includes events affecting Australia, China, France, Germany, India, Iran, Israel, Japan, New Zealand, Spain, Syria, United Arab Emirates, United States..
[RSA 2013] Conference Resources(RSA Conference) Bookmark this page for easy access to the information and resources you'll need to make the most out of your week. Make sure to check out what's new for 2013!
Investors demand more transparency about corporate cyberattacks(Help Net Security) More than 70 percent of American investors are interested in reviewing public company cybersecurity practices and nearly 80 percent would not likely consider investing in a company with a history of cyberattacks, according to a new nationwide survey of investors released by HBGary at the RSA Conference 2013 in San Francisco
RSA 2013: SSL as security mechanism and masking agent(CSO) Palo Alto Networks says SSL by itself represented 5 percent of all bandwidth and the sixth-highest volume of malware logs within known applications. That and other findings from its Application Usage and Threat Report
Cloud Security Falls Short…But Could Be Great(Dark Reading) A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections
RSA 2013:Weatherford outlines 'cyber 9-1-1' plan(CSO) Mark Weatherford, deputy undersecretary for cybersecurity at DHS, wants to set up a cyber 9-1-1 system for critical infrastructure. He outlined his vision today at the Cloud Security Alliance Summit, held as part of the RSA Conference. Weatherford pointed to a massive malware attack against Saudi Armaco that infected 30,000 workstations at the Saudi national energy company. That incident sent "a lot of ripples" through the critical infrastructure industry in the U.S. So did the DoS attacks that flooded the systems of financial service providers this past fall. "All of these types of things are a sliver of what occupies my thoughts on a day-to-day basis," Weatherford said
RSA 2013: A spirited debate about infosec certs(CSO) A highlight at RSA Conference today will be a panel discussion on infosec certs. The question: Are they still valuable? Few topics will spark emotion in security practitioners like the value of security certs. These days, one cert in particular is a favorite punching bag: the CISSP, administered by (ISC)2. In recent years, I've heard several industry friends brag about letting theirs expire. Yesterday at BSidesSF, two friends got into a spirited argument about it.
Debate: Internet GUN CONTROL -- Are Pentesting Tools Good Or Evil?(Dark Reading) Penetration testing tools allow users to assess the vulnerable state of their IT platforms. Some say that they are useful, while others assert they are detrimental for the overall health of the Internet. Come hear the debate and weigh in with your own opinions
Same As It Ever Was(Dark Reading) Trade shows, booth babes, and hype aside -- who are you, and what can you do? That is the question. Enter XACML and ABAC. You may have heard that the RSA Conference is going on this week. Who knows how good anyone's security is, but one thing you can be sure of -- there will be hype and pyrotechnics aplenty. Still for all the buzz (and it gets dialed up each year), the process of delivering security does not change that much from one year to the next. Who are you and what can you do? That is the question on the table. Most real world systems cannot reliably answer that question, and no amount of trade show booths and parties can mask this deficiency
McAfee dumps signatures and proclaims an (almost) end to botnets(The Register) Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. McAfee's malware signature database has grown to over 113 million core samples in the last year. But rather than using just that data to spot malware, McAfee has now integrated behavioral heuristics into its security code so that it can spot unknown samples based on their operating characteristics. The end result could crush botnets as a threat, said the company's GM of network security, Pat Calhoun
The Cyber Security LifeJourney Premieres at RSA 2013(MarketWatch) New technology enables the nation's youth to test-drive careers in cyber security with leading cyber security companies. LifeJourney, the new online career-simulation platform that lets students and jobseekers test-drive careers in cyber security, premiered today at the RSA Conference. LifeJourney enables leading cyber security companies to become role models for millions of students and others interested in understanding careers across the industry. Using the LifeJourney platform, companies can showcase their star talent and transform their technologies into virtual experiences, "field trips," that let someone live a day in the life of an actual cyber security professional
A framework for building privacy-oriented apps(Help Net Security) At the RSA Conference 2013 in San Francisco, SpiderOak announced it is launching privacy into the mainstream with the unveiling of Crypton, a "zero-knowledge" application framework for building crypto
Procera Networks and Tilera Unleash 200Gbps Deep Packet Inspection Solution(MarketWatch) Procera Networks, Inc. PKT -2.70% , the global intelligent policy enforcement company and Tilera Corporation, the leader in 64-bit TILE-Gx(TM) manycore general purpose processors, today announced they have achieved 200Gbps of Deep Packet Inspection (DPI) performance deploying the Procera Network Application Visibility Library (NAVL) on TILExtreme-Gx(TM) Duo platform, utilizing approximately 70 percent of the TILE-Gx cores
Pwn Pad: A tablet for penetration testers(Help Net Security) At the RSA Conference 2013 in San Francisco, Pwnie Express released the Pwn Pad, a tablet loaded with wired and wireless pentesting tools. The Pwn Pad contains bleeding edge tools for enterprise
Connect securely to the cloud using JSON and XMPP(Help Net Security) At the RSA Conference 2013 in San Francisco, Express Logic and Cypherbridge Systems announced the integration of the Cypherbridge embedded secure Cloud Device Kit for Express Logic platforms
Thales and Ponemon Institute study shows encryption and key management increasingly viewed as strategic issues(IT News Online) Thales, leader in information systems and communications security, announces the publication of its latest Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that encryption continues to be viewed as a strategic issue and that organizations are increasing their investment in encryption across the enterprise in response to compliance regulations and cyber-attacks.
More than 4,000 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan and Brazil, examining global encryption trends and regional differences in encryption usage. The report is now in its eighth year since its launch in 2005
First Ponemon Study on Big Data Analytics in Cyber Defense is a National Wake Up Call(IT News Online) A groundbreaking study from a top cybersecurity analyst firm, Big Data Analytics in Cyber Defense, confirms that big data analytics offer a powerful arsenal for cyber security, but adoption is alarmingly slow. The report, released today by Teradata Corporation (NYSE: TDC), the analytic data solutions company, and the Ponemon Institute, contains several key findings: Cyber-attacks are getting worse but only 20 percent say their organizations are more effective at stopping them. The greatest areas of cyber security risk are caused by mobility, lack of visibility and multiple global interconnected network systems
Juniper Unveils Data Center Security Solution and Global Attacker Intelligence Service(Softpedia) At the 2013 RSA Conference in San Francisco, Juniper Networks unveiled its latest data center security solution and the Junos Spotlight Secure, a global attack intelligence service that provides valuable information on threats, attackers and individual devices. The new products are designed to protect enterprises against a wide range of threats, including data exfiltration and website outages. Spotlight Secure will be integrated into Junos WebApp Secure and Juniper Networks SRX Series Services Gateways
Cyber Attacks, Threats, and Vulnerabilities
China worried about cyber security: FM spokeswoman(Eastday) A Foreign Ministry spokeswoman said Monday that the Chinese government is worried about recent negative developments in cyber security. Spokeswoman Hua Chunying made the remarks at a regular press briefing in response to a question regarding an alleged Chinese cyber attack directed at Germany
Why the Chinese Cyber Threat is a Bunch of Baloney(Anti-War) The Obama White House seems to be launching a public relations campaign against China, drumming up hatred and fear about alleged cyber-espionage activities of the Chinese government against the US. The President is reportedly even considering imposing economic sanctions on China
China wants hacking allegations to stop(ZDNet) Following another allegation it directed a cyberattack on Germany, China voices concerns accusations against the country will increase the risk of conflict and deter nations from working together to safeguard the Internet. The Chinese government has expressed concerns over recent negative cybersecurity developments and hopes accusations against the country will stop. According to a China Daily report Monday, the government held a press conference to address questions regarding an alleged Chinese cyberattack directed against Germany
Hacking incidents and the rise of the new Chinese bogeyman(Al Jazeera) Many are beginning to realise that the military digital complex can be more profitable than its industrial complex. February kicked off with reports from the New York Times that their computer networks had been breached by Chinese hackers. A few weeks later, US Computer Security firm Mandiant, released a report [PDF] which purported to link Chinese cyber attacks against 141 US companies to a section of the People's Liberation Army (Unit 61398). Just two days after the release of the report, the US government announced a new strategy for dealing with such attacks and released a 142 page policy document on "Mitigating the Theft of US Trade Secrets"
Cyberwar: Anonymous Hacked U.S. Government Multiple Times(Science World Report) Notorious hacker group Anonymous announced (and proved) in the middle of February that it gained access to the State Department's website and also captured a database, which was then published online. It also defaced the site, and published sensitive information, of investment firm George K. Baum & Company – all in the name of Aaron Swartz and Lulzsec. This marks the latest round in a heating cyberwar which is going on between multiple parties. The two dominant players are China and the U.S. which fuel the militarization of cyberspace to reach their national goals, like messing with Iran's nuclear program and conducting large scale industrial espionage
Mass-Customized Malware Lures: Don't trust your cat!(Internet Storm Center) Usually, we find that e-mail used to trick users to malicious or spam sites is either not customized at all, or manually tailored for a particular recipient. A couple years ago at our RSA panel with Alan Paller and Ed Skoudis, I eluded to "mass customized" malware. Malware that automatically harvests social networking accounts or other open source information to find out how to best target you. For example, the malware may see that you "Like" Star Trek on Facebook and then will send you a link to a new movie trailer
Silent Traitors - Embedded Devices in your Datacenter(Internet Storm Center) I was recently in a client engagement where we had to rebuild / redeploy some ESXi 4.x servers as ESXi 5.1. This was a simple task, and quickly done (thanks VMware!), but before we were finished I realized that we had missed a critical part - the remote managent port on the servers. These were iLO ports in this case, as the servers are HP's, but they could just as easily have been DRAC / iDRAC (Dell), IMM or AMM (IBM) or BMC (Cisco, anything with a Tyan motherboard or lots of other vendors). These "remote management ports are in fact all embedded systems - Linux servers on a card, booting from flash and usually running a web application. This means that once you update them (via a flash process) they are "frozen in time" as far as Linux versions and patches go. In this case, these iLO cards hadn't been touched in 3 years
Talking Angela iPhone app scare spreads on Facebook(Naked Security) A bogus warning is spreading across Facebook, telling parents of young children to watch out for a rogue iPhone/iPad app that (the warning claims) steals children's names, details of where they go to school, and even takes secret pictures of their faces
The security threat of evasive malware(Help Net Security) Lastline has released a new report that looks at how malware authors are able to exploit the limited visibility of automated malware analysis systems (sandboxes) and ensure that targeted attacks and
Hacking victim Bit9 blames SQL injection flaw(CSO) The company's breach came after it failed to install its own security software. Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendor's systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from installing their own malicious software. In an embarrassing admission, Bit9 said earlier this month that it neglected to install its own software on a part of its network, which lead to the compromise
The Real Story of Stuxnet(IEEE Spectrum) How Kaspersky Lab tracked down the malware that stymied Iran's nuclear-fuel enrichment program. Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it's the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab's U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack
Windows XP and Firefox browser amass worst vulnerability record over past 25 years(CSO) In a look at the number of vulnerabilities recorded over 25 years in software products and open source, a researcher at Sourcefire has determined that Microsoft Windows XP and the Mozilla Firefox browser stand out as the two with the largest number of high-severity vulnerabilities. Windows XP has had 453 while Firefox has had 433 vulnerabilities rated high and critical based on the Common Vulnerabilities and Exposures (CVE) database and the second source for the statistics, the National Vulnerability Database from the National Institute of Standards and Technology (NIST)
Security Patches, Mitigations, and Software Updates
Apple will give popular jailbreak tool the banhammer with next iOS update(Ars Technica) The evasi0n jailbreak uses exploits that will disappear in iOS 6.1.3. Apple's next minor point iOS update will fix the exploits that allow iPhones to be jailbroken with a very popular tool, according to a report from MacRumors. The 6.1.3 update, which was seeded to developers as a beta one week ago, will break the functionality of the jailbreaking tool known as "evasi0n," meaning its creators will have to find a new way around or through the OS
Browser Security Still A Sore Spot For Companies (Podcast)(Security Ledger) Clueless "end users" are a common straw man (or woman) in the security industry. They're blamed for everything from data breaches to malware infections. Accepted wisdom is that companies "get it" when it comes to security – consumers (their employees) don't. But what if it is the other way around? That's one tantalizing bit of data you could take away from Qualys's Browser Check service. The free online vulnerability scanning service has assessed millions of endpoints in its two years of existence. And, by and large, it has found that consumers – not corporate users – are following good security practice by migrating to more modern, and secure web browsers
SMS becoming meaty attraction for spammers(CSO) Unlimited messaging plans offer fertile ground for bold junk mail campaigns. As spam volumes continue to decline, spammers are turning their attention to texting, according to a report released Monday by Cloudmark. A number of factors are attracting spammers to SMS as a delivery vehicle for their digital detritus, not the least of which is trust
Tom Still: Latest cyber-attack report underscores size of the threat - and need for defense(WisBusiness) In the bad old days of the Cold War, people worried about missile silos in the Soviet Union. In the emerging world of cyber-warfare, the most pervasive threats may come from nests of sophisticated computer hackers in Shanghai, Tehran or Pyongyang. The Feb. 18 release of a private report that tracked 141 corporate data thefts to China, perhaps even to units of the People's Liberation Army itself, has heightened government and private concerns about cyber-attacks. Increasingly at risk are some of America's lifelines - including its energy pipelines, its water supply, its health-care networks and its financial institutions
Cyber attack of Apple exposes online risks for brands(Guardian) Today it's imperative that businesses use online channels to engage customers and drive the sales lifecycle. However, with its estimated 8.2bn pages and no true regulator, the internet remains a vast and dangerous space. The dangers of the web have recently been highlighted by a string of high-profile hackings at some of the biggest global brands. Apple is the latest company to fall victim to a cyber attack following similar incidents at Facebook, Amazon and Sony
GOP Blasts 'Road Show'(Washington Post) Republicans on Monday rejected President Obama's high-pressure push to avert a series of budget cuts called the sequester, saying that Obama is engaged in scare tactics and political campaigning when he should be seeking a deal
G.O.P. Drafts Plan To Give Obama Discretion On Cuts(New York Times) Congressional Republicans are preparing to counter increasingly dire warnings from President Obama about the impact of automatic budget cuts with a plan to give the administration more flexibility in instituting $85 billion in cuts, a proposal they say could protect the most vital programs while shifting more of the political fallout to the White House
NIST Publishes Cybersecurity RFI(Chemical Facility Security News) This morning the National Institute of Standards and Technology (NIST) Published a notice in the Federal Register (78 FR 13024-13028) requesting information in support of their development of the Cybersecurity Framework directed by the Presidents Executive Order Improving Critical Infrastructure Cybersecurity (EO 13636). The RFIThe bulk of the request for information (RFI) is as I have described in two previous blog posts on the Presidents Executive Order:Cybersecurity EO Developing the Cybersecurity FrameworkCybersecurity EO NIST RFI Questions
Australian Government likely to invest in situational awareness security: Trend Micro(ARN) Security vendor foresees the $1.46 billion investment by the Government used for visibility monitoring. The pledge of $1.46 billion by the Australian Government into cyber security will potentially be used for situational awareness. That is according to Trend Micro A/NZ managing director, Sanjay Mehta, who draws parallels to the US$6 billion the US Government set aside for its own initiative
Premier 100 IT Leader: Henry J. Sienkiewicz(CoputerWorld) A massive agency relocation prompts an opportunity to redesign support. Delivering a competitive advantage is a matter of national security for Henry J. Sienkiewicz, vice chief information assurance executive at the Defense Information Systems Agency (DISA)
SEC chairman lays out big data technology initiatives(FierceGovernmentIT) Understaffed and outspent, the Securities and Exchange Commission is making an "unprecedented" investment in technology to protect investors and keep up with the fast pace and complexity of financial markets, says SEC Chairman Elisse Walter
NATO School Oberammergau selects Raytheon's Trusted Thin Client to streamline multilevel training environments(Sacramento Bee) Cross domain solution to provide students simultaneous secure network access. Raytheon Trusted Computer Solutions (RTCS), a wholly owned subsidiary of Raytheon Company (NYSE: RTN), today announced that its Trusted Thin Client (TTC) cross domain solution has been selected by the North Atlantic Treaty Organization (NATO) School Oberammergau Expeditionary Intelligence Training Program (EITP) to provide full access to their classroom training networks
Red Cross offers Office 365 to its units worldwide(IT World) The International Federation of Red Cross and Red Crescent Societies (IFRC) now offers its more than 180 National Societies the option to adopt Office 365, Microsoft's cloud-based suite of email, collaboration and productivity software
Navy Hedges Bets on NGEN Contract(SIGNAL Magazine) The Department of the Navy is looking to lengthen the Navy-Marine Corps Intranet (NMCI) contract if its new Next Generation Enterprise Network (NGEN) program is delayed beyond its expected April 30, 2014 switchover date
SAIC Keeping Name For Planned IT, Services Company(GovConWire) Science Applications International Corp. (NYSE: SAI) will retain its current name for the enterprise information technology and technical services business upon completion of its separation into two independent companies. The other business focused in national security, health and engineering will take on the name "Leidos," intended to reflect how the company brings together ideas from
HP unveils 'Big Data Security' strategy(TechWorld) HP today took the wraps off its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyberattacks or rogue-employee behavior. HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problem
Colin Mahoney Named Intl, Service Solutions EVP(GovConWire) Colin Mahoney, a 26-year Rockwell Collins (NYSE: COL) and a vice president, will succeed Greg Churchill as executive vice president for international and service solutions. Mahoney's appointment is effective immediately as Churchill will retire from the company in March after a 30-year career there, the company said Friday. Prior to this appointment, Mahoney served as
SAFECode Names Howard Schmidt Executive Director(Dark Reading) The former White House cybersecurity adviser brings to SAFECode more than 40 years of information security experience. The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective security assurance methods, today announced it has named former White House cybersecurity advisor Howard A. Schmidt as its Executive Director
Samsung ad fail: IT security is hardly chill, bro(Quartz) Samsung USA hoped to capitalize on millions of eyeballs on last night's Oscars by continuing a recent campaign for its growing family of Galaxy smartphones, phablets and tablets. Situated in the (very, very brogrammer) office of a fictional game developer, the newest ad showed the development team sitting down with famed Goth director Tim Burton to kick some ideas around for a new game, "Unicorn Apocalypse," relying heavily on their personal Galaxy devices to do business. Underneath the strained hipster dialog and over-the-top madhouse millennial office scenery was a buttoned-down message: your employees can have it all, without compromising IT security
The worst decision Marissa Mayer has made in her tenure as Yahoo CEO(Quartz) Let's get this straight: Yahoo is a company that was supposed to move forward under new CEO Marissa Mayer, right? Last week, she issued an edict that everyone at Yahoo must be in the office every day. That means all the customer-service staff and remote workers who live in the mountains of Colorado or in a condo on Miami Beach must either give up their jobs or relocate closer to a Yahoo office. What a fabulous way to step back in time, and lose talent to other more open-minded and flexible employers. Some commenters on AllThingsD, which broke the news of the telecommuting ban at Yahoo, even speculated that the company is using the decision as a "stealth layoff"
IT Security Professionals: Well Paid and Staying Where They Are(ERE) Information security professionals are among the most stable of tech workers. They are paid well, the majority got raises last year — 20% of them of more than 5%. Plus the demand for security specialists will grow 11% annually for the next five years
Call For $30 Smartphones To Connect The Next Wave Of Mobile Users From Emerging Markets(TechCrunch) Smartphones have been getting more affordable but to connect the "next billions" of users they need to get more affordable still. Speaking at Mobile World Congress today Manoj Kohli, CEO of carrier Bharti Airtel – which operates in India and Africa — said the price of smartphones needs to come down to $30, and mobile data dongles to $10, to break down the affordability barrier
14 dirty IT tricks, security pros edition(CSO) The IT security world is full of charlatans and wannabes. And all of us have been "advised" by at least one of them. All you want in an IT security consultant is expertise, unbiased advice, and experienced recommendations at a reasonable price. But with some, you get much more than you bargained for
Products, Services, and Solutions
Punkspider enumerates web application vulnerabilities(Internet Storm Center) Thanks to Gebhard for pointing out the article by Heise about a new spider focusing on finding web application vulnerabilities . "Punkspider" runs essentially a vulnerabiliy scan on random web sites. The results are then searchable. I am not sure about the quality about the results (it doesn't find anything for isc.sans.edu ... ) but you may want to check your own site. There is also a simple, non documented at this point, json API
Twitter hackers with ideas for hilarious stunts should get a move on(New Statesman) Last week I wrote about Twitter's upcoming hospitality to targeted advertising, and what this means for its users (almost definitely a dystopian nightmare). But Twitter is strangely inhospitable to advertisers in other ways - making a branded account something of a liability. Branded accounts only have the same security as the rest of us - just the one username and password
Skyhigh Networks lets bosses snoop on employee cloud use(The Register) People have a tendency to skirt corporate IT policy and use their own applications on the network, and Skyhigh Networks thinks it has a way for IT admins to stop this from happening. The company came out of stealth on Monday to announce the general availability of its Skyhigh Networks software, which can monitor any of 2,000 cloud-based applications and give admins a way to shut off unauthorized use of insecure, disapproved of, or other such banned apps
Watch out, Facebook: Tencent's WeChat is coming to America(Quartz) WeChat, the mobile messaging service from China-based Tencent, is quickly stealing market share from its chief competitor, Sina's Weibo microblog. But Sina is not the only company that should be worried. Facebook ought to take note, as well, because WeChat is headed its way
Enterprise account manager with double safekeeping feature(Help Net Security) Double safekeeping, or the two-man rule, has long been an established control mechanism for ensuring high levels of security during critical operations because the process requires the involvement of two or more authorized personnel when accessing sensitive resources
World Mobile Congress: Nokia launches 4 low-cost models, one for just Dh73(Emirates 24/7) Entry level Lumia 520 and Lumia 720 take total Lumia models to five. Mobile phone major Nokia is in no mood to let off its status in the developing market. Today it launched four new models - including two new smartphones - the entry level Lumia 520 and a slightly higher-end Lumia 720, taking its total Lumia models to five
KoolSpan Releases TrustChip Family For The IPhone(MacNews) KoolSpan Inc., developer of the TrustChip family of plug-in mobile security solutions, has announced availability of TrustChip for iPhone. The company says the product offers the first ever hardware-based encryption for voice on iPhone
8 LinkedIn Etiquette Mistakes(InformationWeek) LinkedIn is not just another social network like Twitter where anything goes. Avoid these "don'ts" and avoid becoming a LinkedIn pariah
Microsoft Launches IE10 For Windows 7, Starts Auto-Upgrading IE9 Users And Launches New Ad Campagin(TechCrunch) This sure took a while, but Microsoft just announced that Internet Explorer 10 is now finally available for all Windows 7 users worldwide. Previously, the release version of IE10 was only available on Windows 8, though the company did launch a preview version for Windows 7 users last November. Starting today, Microsoft will make the release version of IE10 available for download to all Windows 7
With The Open, ZTE Aims To Get The Young And Adventurous Fired Up For Firefox OS(TechCrunch) ZTE's press conference yesterday didn't really reveal anything we didn't already know, but it at least gave us the opportunity to play with the Chinese OEM's first Firefox OS-powered smartphone. The cost-conscious Open is apparently meant for "young people who are adventurers and want to try something new" (according to He Shiyou, head of ZTE's Mobile Devices Division anyway), but how is it?
Japanese gov builds APT database to study targeted attack info(The Register) Hopes to understand attackers' MO, share info with US. The Japanese government will respond to the increasing threats from targeted cyber attacks by building a centralised advanced persistent threat (APT) database designed to aggregate threat intelligence so it can be shared with domestic security organisations and foreign governments
Cloud Security Alliance endorses AICPA SOC report(Journal of Accountancy) The AICPA's framework for assessing the reliability of a cloud provider's technology and systems controls has won the endorsement of the Cloud Security Alliance (CSA), a not-for-profit coalition with members including Google, Microsoft, Ernst & Young
If My Phone Falls Down The Seat Crevice Again I'll Lose It. Please Redesign Meatspace.(TechCrunch) The physical world wasn't built for $500 devices we need every other minute. This is never more obvious than when I strain my back and curse like a sailor because my phone has fallen into the gap beside my car or plane seat. As tech companies obsess over usability, the thoughtlessness that mars the meatspace comes into painfully sharp relief
Apple Patents Situational Awareness And Location Information Sharing For Mobile Devices(TechCrunch) Apple was issued a couple of interesting new patents today (spotted by AppleInsider), including one that could make an iPhone aware of changes in a user's situation, and alter phone settings accordingly. That would make for a mobile phone that might be able to automatically switch to silent mode when in a movie theatre, for instance, or which could wake from sleep upon being pulled out of a
Sergey Brin's brilliant strategy to make Google Glass seem normal: Never take them off(Quartz) Since Google launched its reality-augmenting Project Glass in June, it's been pretty much impossible find a picture of Google co-founder Sergei Brin in which he's not wearing the futuristic eye-piece. Last night's Vanity Fair Oscar party was no exception. Which means 150 of Hollywood's most famous and beautiful people, from Natalie Portman to JJ Abrams, got to look Brin in the eye as a tiny display glowed just above his right pupil, as if that were something totally normal that they should just get used to
Research and Development
Quantum Cryptography Demonstrated for Electric Grid Security(Tom's Hardware Guide) According to the Los Alamos National Laboratory, Quantum cryptography also allows energy providers to detect and "defeat an adversary" who may be trying to disrupt energy supply. The technology is largely based on a newly developed miniaturized QC
OSTP widens public access to federally funded research(FierceGovernmentIT) The direct results of unclassified federally funded research--peer-reviewed publications and data--should be available to the public typically after a 1 year embargo period, says the Office of Science and Technology Policy
Executive Order Could Warrant Cyber-Security Response(Complaince Week) With cyber-security legislation stalled in Congress, President Barack Obama issued an executive order that could have far-reaching effects on businesses of all types. The order expands efforts to share information, both classified and un-classified, between companies and the government on imminent threats to critical infrastructure from online attacks. It also calls for standardized cyber-security practices. The National Institute of Standards and Technology will develop voluntary standards and practices for reducing cyber-threats to infrastructure, such as nuclear power plants and the electrical power grid
As cybersecurity receives more attention, DHS becomes a critical player(Infosecurity Magazine) That was the message imparted today by Mark Weatherford, DHS Deputy Undersecretary of Cybersecurity, during his keynote address to the Cloud Security Alliance (CSA) Summit in San Francisco. Weatherford heads the DHS Cybersecurity Communications Directorate, which is tasked with securing civilian public sector networks at the federal level, in addition to consulting with critical infrastructure companies, and coordinating responses to cyber attacks of national importance. Weatherford was delighted that President Obama dedicated two paragraphs of his recent State of the Union address to the topic of cybersecurity, during which the nations chief executive highlighted an executive order he signed earlier in the day that would require increased information sharing about threats between the public and private sectors
The Web During Emergency(iHLS) The Israeli Internet Society (ISOC-IL) discussed the subject of New Media under fire at a recent conference of the Israel Internet Association. The Head of New Media at the IDF, Sasha Dratwa participated in a panel which examined the issue of Israels publicity in the web. Dratwa stated After 57 million exposures on Facebook, and more than 10 million on YouTube, the media stopped talking about the bombing in Gaza, and started to speak about the IDFs tweets on Twitter
Lawmaker Asks For Review Of Distinguished Warfare Medal(Stripes.com) Rep. Tom Rooney, R-Fla., has joined the chorus of critics asking the Pentagon to reconsider the ranking of the new Distinguished Warfare Medal, to be awarded to drone pilots and other offsite troops involved in combat operations
A Battle Brews Over CIA Pick(Wall Street Journal) As the battle over Chuck Hagel's confirmation as defense secretary winds down, another appears to be just heating up: Republicans are threatening to block the nomination of John Brennan to lead the Central Intelligence Agency
Cyber attack should be met with a price(Citizens' Voice) Spying always has been a fact of life, and it always has incorporated state-of-the-art technology. Enemies spy on enemies. Friends spy on friends because, otherwise, how do you know they deserve that status? There is little shocking, then, about the discovery that a unit of the Chinese Army has conducted sophisticated Internet hacking operations not only against the U.S. government but against U.S. industries and even media companies that report on political oppression in China
I see your malware, and I raise you a cyber attack(Techday) Malware this, cyber attack that, just another normal day in New Zealand's ICT industry according to the Labour Party. In wake of recent breaches of big industry players such as Microsoft, Apple and Facebook, it appears closer to home no government is safe, with Kiwi officials now targets of advanced sophisticated attacks
Litigation, Investigation, and Law Enforcement
OPSEC Lessons From The Courtroom Sidebar(Dark Reading) Jury duty leads to interesting observations on courtroom technology and operational security practices. Last week, I experienced the jury selection process for the first time. Having watched plenty of TV shows and movies that involve courtroom scenes, I have to say it was a pretty exciting experience. As a geek, though, it was hard not to also be interested in all of the different electronic and computer technologies being used in the courtroom
The Pirate Bay leaves Sweden for friendlier waters(Ars Technica) TPB decamps for Spain and Norway after Swedish Pirate Party is threatened. The Swedish Pirate Party has stopped hosting the notorious website The Pirate Bay, according to TorrentFreak. While no one knows where the site is actually run from, Web-hosting services have been provided through the Swedish Pirate Party for a few years now
ISPs Now Monitoring for Copyright Infringement(Wired) The nation's major internet service providers on Monday said they are beginning to roll out an initiative to disrupt internet access for online copyright scofflaws. The so-called "Copyright Alert System" is backed by the President Barack Obama administration and was pushed heavily by record labels and Hollywood studios
Sentencing of LulzSec double agent postponed(CNet) Hector Xavier Monsegur, better known by his nom de plume "Sabu," was slated to face sentencing in New York City today for his role hacking into public and private Web sites as one of the hacktivists operating under the LulzSec label. All told, he faces a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft. But Monsegur, who subsequently worked as a double agent for the FBI, still awaits his fate
One of the founders of the DNS Changer pleaded guilty(cyberbezpieczenstwo) He started the process of Trojan creators. Do you remember malware aptly named DNS Changer ? As a reminder that malware was responsible in 2012 for the infected computers in over 100 countries, of which over half a million machines in the U.S. alone. The principle of operation of the program was easy to change the DNS addresses on web pages so that typing the name of a popular service such as an Internet user was redirected to a completely different sitet
DDoS: Terrorism or legitimate form of protest?(ZDNet) Some people seem to think that distributed denial of service attacks can be justified morally or ethically. Read this analysis to find out if that claim is supported or thoroughly debunked. If your neighbor doesn't like that you watch certain TV shows, is it okay for him to come over and smash your TV
Manning headed back to court in Maryland(Miami Herald) A U.S. Army private accused of sending hundreds of thousands of classified documents to the anti-secrecy website WikiLeaks is back in court for a four-day hearing that may address his attorney's motion to dismiss the charges against
One American's Struggle to Save New York City from Cyber Saboteurs(Forbes) In the State of the Union address, President Obama warned that cyber-terrorism poses a grave and growing threat to America's critical infrastructure systems. One of the biggest bull's eye in the cyber-terrorist's shooting gallery is likely to be the Indian Point nuclear complex located about 24 miles north of New York City in the Village of Buchanan, in Upper Westchester County. Under the control of rogue agents, the dinosaur-era nuclear reactors could become conduits for creating a "cyber Pearl Harbor" in the Big Apple
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
NRO Winter Way Forward Conference(Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
IHS CERAWeek 2013(Houston, Texas, USA, March 4 - 8, 2013) IHS CERAWeek 2013 will offer new insight on the energy future -- and on the strategic and investment responses by producers, consumers and policy-makers. What are the changes ahead in the competitive...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
CanSecWest 2013(Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
Google and University of Maryland Cybersecurity Seminar(College Park, Maryland, USA, March 14, 2013) Dr. Ari Juels, Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories, will discuss "Aggregation and Distribution in Cloud Security." His talk will feature information...
Department of Homeland Security 6th Annual Industry Day(Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit(Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...
AFCEA Belvoir Industry Days 2013(National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.