skip navigation

More signal. Less noise.

Daily briefing.

The Izz ad-Din al-Qassam Cyber Fighters announce that the third phase of their cyber jihad against the United States began yesterday and will continue through tomorrow, but so far no reports of denial-of-service attacks on banks have appeared. (But the "Iranian Cyber Army" did target a German school on Monday.)

Czech news agencies undergo a DDOS attack of apparently domestic origin. An Indonesian hacker breaches three Venezuelan government websites.

Oracle's Java travails continue: recent Java security upgrades have been bypassed in the wild by social engineering.

A time-stamp bug in sudo exposes systems to attack—unauthenticated users can execute commands for about five minutes without entering a password.

Truthout and the Nation discern the malign hand of new villains behind the PLA's attacks on news outlets: HBGary and the US Chamber of Commerce pioneered the PLA's tactics against progressive lobbyists, they charge.

Pwn2Own and Pwnium are underway in Vancouver, with many white hat hacking achievements expected. (Google makes its challenge harder with an eleventh-hour Chrome upgrade.)

A Varonis report reinforces the importance of physically securing (and encrypting) devices: half the companies studied had lost items holding significant information.

Symantec says, contra the lessons some take from Yahoo, remote work can be both productive and secure. FierceCIO offers tips on safe use of public Wi-Fi.

Two training programs address the cyber workforce: Warrior to Cyber Warrior (for transitioning military personnel) and UMBC's Cyber Academy.

The US Defense Science Board recommends a "segmented" approach to cyber security incorporating focused intelligence and deterrence.

Notes.

Today's issue includes events affecting Czech Republic, Estonia, European Union, Germany, Indonesia, Iran, Ireland, Nigeria, Oman, United States, and Venezuela..

Cyber Attacks, Threats, and Vulnerabilities

Izz ad-Din al-Qassam Cyber Fighters Announce New Attacks (eSecurity Planet) The Izz ad-Din al-Qassam Cyber Fighters, who have claimed responsibility for an ongoing series of cyber attacks against U.S. banks, today announced phase three of their operation in response to the continuing availability of the YouTube video 'Innocence of Muslims.'"The attacks on banking websites began in mid-September, flooding a different site each time with massive amounts of useless data requests, essentially blocking the sites from the rest of the Internet," writes TechNewsDaily's Paul Wagenseil. "Such denial-of-service attacks don't harm the Web servers being targeted, or the data they contain, but do inconvenience bank customers, especially small businesses that depend on continuous access to online banking

Iranian Cyber Army Hacked Porsche-school (Cyberwarzone) The homepage of Waldkraiburger Realschule was last Monday target of Iranian hacker. Overtime at the Internet address of the school was only a page with cryptic messages available. Under the heading "Hacked" there was a reference to a Iranian Cyber Army 2012 "as well as the apparent email address of the hacker

Major Czech Republic News Websites Disrupted by DDOS Attacks (Softpedia) Several major news websites from the Czech Republic have been disrupted earlier this week after unknown hackers launched distributed denial-of-service (DDOS) attacks against them. The list of targets includes IHNED. cz, iDNES

Three Venezuelan Government Sites Breached by Indonesian Hacker (Softpedia) Indonesian hacker Hmei7, whos known for defacing tens of thousands of websites, has breached and defaced three websites of the government of Venezuela, E Hacking News reports. The targeted sites are the ones of the National Mutual Guarantee Company for Medium and Small Industry

Attackers Beat Java Default Security Settings with Social Engineering (Threatpost) Oracle's new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering

New exploit kit concentrates on Java flaws (Help Net Security) Webroot's Dancho Danchev is known for combing through the wilds of the Internet for places where cyber criminals congregate and reporting back with interesting news about tools and services offered

Java zero-day holes appearing at the rate of one a day (InfoWorld) Raise your hand if you're tired of reading about Java zero-day security holes. I know I am. But when holes are being discovered an average rate of more than one per day -- and with companies such as Apple, Facebook, and Twitter openly admitting they've

Dangerous beans: Oracle deep in the storm (Help Net Security) Last week security researchers from FireEye discovered a new Java exploit that works against the latest versions of Java (version 6 update 41 and version 7 updated 15) making this a zero-day

Time Stamp Bug in Sudo Could Have Allowed Code Entry (Threatpost) A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password

BitInstant becomes latest bitcoin theft victim (Finextra) Using simple social engineering techniques, an attacker has managed to steal around $12,500 in bitcoins from virtual currency exchange BitInstant. BitInstant went offline over the weekend before reappearing on Monday with a blog post explaining the attack. According to the post, an attacker contacted the site's domain registrar - proxying through a network owned by a UK haulage company - posing as the writer and using a "very similar" e-mail address

Asprox botnet proves to be a resilient foe (Computer World) A botnet that has been in the eye of researchers for years continues to serve up malware, spam and fake antivirus software, according to research by Trend Micro. The security vendor released a 30-page paper on Asprox, a long-running botnet first seen in 2007 that uses sophisticated engineering to flourish. Asprox seemed to have fallen off the security industry's radar, but it has continued to run spam campaigns spoofing brands such as FedEx, the U.S. Postal Service and American Airlines."While these activities continued to make the news, few were connected to the Asprox botnet," according to the report, authored by Nart Villeneuve, Jessa dela Torre and David Sancho

Longline phishing attacks rely on mass customization (Help Net Security) Proofpoint released a wide-ranging study that identified a new class of sophisticated and effective, large-scale phishing attack dubbed "longlining". Longlining, which is named after the industrial fishing

Older MiniDuke strain found, raises questions about its origins (Help Net Security) A version of MiniDuke - the cyberspy malware aimed at governments and agencies in Europe and elsewhere - has been operating for at least 21 months, internet security firm Bitdefender has discovered

Lobbyists Targeting Liberal Groups Channeled Chinese Hackers' Strategy (Truthout) The revelation, made by The New York Times and a firm called Mandiant last month, that the Chinese military is engaging in a sophisticated campaign of Internet spying and cyber attacks targeting American corporations and government websites provoked widespread alarm. What hasn't been noted is that the Chinese plot bears much in common with a conspiracy to spy on and sabotage liberal advocacy groups and unions—a plot developed on behalf of none other than the US Chamber of Commerce back in 2011

CloudFlare outage triggered by 'bad' router rule (FierceCIO: TechWatch) What was supposed to be a minor reprogramming of CloudFlare's Juniper routers designed to deflect a DDoS attack instead knocked the company off the Internet for an hour on Sunday morning. CloudFlare provides a service to speed up the delivery of web pages, as well as a suite of tools designed to filter malicious network traffic

Bashas' Cyber Attack Hits Rim Country (Payson Roundup) A cyber attack that targeted credit and debit card information of Bashas' customers, is hitting local residents, according to recent reports. Payson resident Al Charter said someone used his wife's credit card twice at South Carolina gas stations

50 million users restless after the cyber attack on Evernote (Capital Technologies) Recently, the online note taking service 'Evernote' was the new target of a cyber attack that led to millions of accounts being hacked and a lot of important user information being compromised. This incident has created a feeling on insecurity between

Pwn2Own, Pwnium Attract Dollars and 0-Days by the Bushel (Threatpost) The new year is barely two months old and it's already been a brutal one for the disclosure of new vulnerabilities. Java, Adobe Reader, Flash, Google Chrome and a number of other widely deployed applications have all been hit with a slew of serious bugs in just the last few weeks. And that's likely to get worse this week as researchers convene in Vancouver for the Pwn2Own and Pwnium hacking contests

Security Patches, Mitigations, and Software Updates

Google Patches 10 Chrome Flaws Ahead of Pwn2Own, Pwnium (Threatpost) Google raised the degree of difficulty for Pwn2Own and Pwnium hacking contestants by patching 10 vulnerabilities in its Web browser last night

Stable Channel Update [Chrome Security Updates] (Chrome Releases) The Stable channel has been updated to 25.0.1364.152 for Windows and Linux. Note: these release notes also apply to the same version for Mac that was released last Friday. This release contains security and stability improvements along with a number of bug fixes

Oracle releases emergency patch to fix exploited Java flaw (Help Net Security) Oracle has released an out-of-band Java patch to fix the CVE-2013-1493 vulnerability that is currently being exploited in attacks in the wild. The security alert accompanying the release says that

Evernote: We're Adding Two-Factor Authentication (InformationWeek) After data breach and wide password reset, Evernote accelerates plans to offer additional security to users

Cyber Trends

Are we really facing cyberwar? (Cyberwarzone) A few weeks ago I was standing by a railway track in the small town of Gaithersburg in Maryland as a CSX freight train blasted through the level crossing; its horn blaring and bells sounding out a warning. Passengers may have largely deserted America's rails but freight trains remain vital to America's economic well-being. Like most other pieces of modern infrastructure the railways are controlled by complex digital systems

Half of companies have lost a device with important data (Fresh Business Thinking) Half of companies have lost a device with important company data on it, causing security implications for over a fifth of organizations, according to Varonis. 57% of employees believe that BYOD put

PC Market To Shrink For Second Year: IDC (InformationWeek) PC shipments will decline in 2013 for second straight year, IDC now says, despite introduction of Windows 8. But growth is expected during the next several years

What Unlocked Phones Mean For Businesses (InformationWeek) U.S. lawmakers pledge to change regulations that make it illegal to unlock cell phones. Is there an upside for the enterprise

Marketplace

Pentagon Projects $35B O&M Shortfall (DefenseNews.com) The Pentagon is expecting a $35 billion shortfall in operations and maintenance (O&M) funding in 2013 should billions of dollars in defense spending reductions and other budget restrictions remain in place for the rest of the fiscal year

House To Consider A Bill That Would Continue Pay Freeze (Washington Post) Federal employee salary rates would remain frozen through 2013 under a bill the House plans to start considering Wednesday

Trying To Revive Talks, Obama Goes Around G.O.P. Leaders (New York Times) With Republican leaders in Congress forswearing budget negotiations over new revenues, President Obama has begun reaching around them to Republican lawmakers with a history of willingness to cut bipartisan deals

Raytheon Enters into Two Mentor-Protege Relationships (ExecutiveBiz) Raytheon has entered into two mentor-protege agreements with small businesses ISYS Technologies and Equipment Links, Inc, according to a company statement. "Raytheon is committed to offering maximum opportunities for small and disadvantaged businesses to contribute and succeed within our key customer programs," said Sylvia Courtney, Raytheon's intelligence and information systems vice president of supply chain

Trusteer boss harps on cyber security to prevent financial fraud (Vanguard Nigeria) The channel manager of the global leader in financial fraud prevention solutions, Trusteer, Amit Wohl has said that the range of service solutions in its offering will help financial institutions protect their businesses and retain banking customers against account takeover, credential theft and fraudulent transactions

Cyber Attacks Can Never Be Stopped Completely (Muscat Daily) Awareness among nations of the threats of cyber warfare is improving but attacks on public- and private-sector institutions can never be stopped completely, according to Tom Burton, head of cyber defence at Detica, an arm of UK defence giant BAE Systems

Up to 150 new jobs for Cork as FireEye establishes tech support in the city (Silicon Republic) California-headquartered FireEye provides autometed threat forensics and dynamic malware protection against advanced cyber threats such as advanced

Cyber security firm expanding to Utah, bringing 250 jobs (Deseret News) FireEye, a cyber security threat protection firm headquartered in California, is expanding into Utah and is expected to bring

VMware CEO Causes Public Cloud Stir (InformationWeek) Pat Gelsinger asserts VMware ecosystem must capture customers before public cloud does. Will this be his Mitt Romney 47% moment?

Eye of the GovCon M and A Storm (GovConExec) After gushing throughout 2012, GovCon M&A deal announcements have slowed to a trickle thus far in 2013. At a recent deal conference in DC last week, lenders and other transaction advisors were commenting about their lack of deal flow. Sellers clearly tried to accelerate deals that might have otherwise closed in early 2013, before year-end

Products, Services, and Solutions

BlackBerry Can Set EMM Standard With BES 10 (Dark Reading) The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices

VMware will hate this: Amazon slashes cloud prices up to 28 percent (Ars Technica) Amazon prices continue downward trajectory, while VMware searches for answers. Last week, VMware's top executives displayed just how worried they are about the competitive threat posed by Amazon's cloud computing service. With customers able to spin up virtual machines in Amazon data centers, VMware is concerned fewer people will buy its virtualization tools

Lync 2013 is everything that Skype should be. Why do they both exist? (Ars Technica) Microsoft's Skype strategy continues to perplex. With Microsoft working hard to fold the venerable MSN Messenger network and client into Skype, Microsoft is left with two messaging products: Skype and Lync. The future of these apps is integration and interconnection. That's not today's reality, however

Spamhaus warns marketers to keep email databases tidy (Computer World) Spamhaus is warning marketers to keep their databases cleansed of bad email addresses lest their messages be mistaken for spam and blocked. The U.K.-based spam-fighting organization had taken some heat for blocking so-called "transactional" email messages, or messages a retailer sends after asking a consumer if they want to receive a purchase receipt by email. The practice allows retailers to grow their email marketing databases

Safe iOS web surfing for kids (Help Net Security) Net Nanny for iOS brings safe web browsing and surfing for kids of all ages to iPod Touch, iPhone and iPad using iOS 5.0 or later. Available from the App Store for $4.99

VASCO launches new card reader for transaction signing and PKI applications (Help Net Security) VASCO launched DIGIPASS 870, a USB connectable card reader which can be used in both connected and unconnected mode. In connected mode DIGIPASS 870 can be used for a number of PKI-based, e-banking

Auditing of Web apps with analytics dashboard for compliance (Help Net Security) SaaSID has launched Cloud Application Manager 2.0 (CAM), the latest version of its browser-based authentication, management and auditing solution. CAM 2.0's audit report is now displayed

Enterprise security for businesses addressing privacy obstacles (Help Net Security) Protegrity announced deeper enterprise security for global businesses addressing privacy obstacles such as cross-border data transfer and industry specific regulatory compliance

Dell SecureWorks expands incident response services (Help Net Security) Dell SecureWorks is expanding its incident response (IR) services to counter the growing severity and frequency of breaches. Many organizations aren't equipped internally to plan for and respond to to

Google unveils Zopfli data compression library (FierceCIO: TechWatch) Following an announcement earlier in the week, Google (NASDAQ: GOOG) on Friday released an open-source general-purpose data compression library that claims to compress files to 3 to 8 percent smaller than the widely used zlib library

Technologies, Techniques, and Standards

Secure Development: Must-Do Or Money Pit? (Dark Reading) At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development

IPv6 Focus Month: Device Defaults (Internet Storm Center) IPv6 in this part of the planet is not very advanced, as in the deployment isn't. Whilst companies and telcos realise that the end so to speak is nigh for IPv4 uptake is rather slow in AU at least. Telcos are however quickly addressing this and no doubt a number of them are close to enabling IPv6 to your gateway. If they haven't already. This brings be to my favourite devices, firewalls

Building an Incident Response Team and IR Process (Infosec Institute) In our world today, we have an abundance of many things, among which are -unexpected events. Falling meteorites, terrorist attacks, hacktivist demonstrations, blackouts, tsunamis. well, you get the point

The secret to creating a global, virtual workplace that's still productive (Quartz) At Symantec, it's up to employees to decide how they manage their time--as long as they get the job done. The physical part of work--where and how it's done--is shifting in big ways. We all recognize the signs: you'll schedule a meeting and you're the only person sitting in the conference room, with 20 people on the phone. You'll hear dogs barking in the background, babies crying. Yet all of these people have, in their heads, what they need for the meeting

Conflicting views on cloud security responsibility (Help Net Security) CA and the Ponemon Institute released a study that shows companies have improved their practices around cloud computing security compared to a previous study from 2010. Still, the responses raise questions

Open standards are key for security in the cloud (Help Net Security) The current divide between proprietary and open approaches to enterprise cloud computing has implications beyond the obvious. More than just issues of cloud interoperability and data portability, open

Tips on how to use public Wi-Fi safely (FierceCIO: TechWatch) Are you someone who travels often and regularly make use of public Wi-Fi? Noting that using an open public Wi-Fi is dangerous business, Larry Seltzer over at BYTE outlined a number of useful tips in a commentary on how users can stay safe when accessing the Internet this way. In a nutshell, an "open" Wi-Fi network without the lock icon is unencrypted, and is open for all to see in the absence of measures taken to encrypt transmitted data

Design and Innovation

New London Incubator SeedCloud Puts £500,000 Into Sentience Technology, Aims At Big Data Startups (TechCrunch) As if there weren't enough technology startup accelerators already in Europe, yet another launched today with the hope of attracting 'cloud' based startups in the areas of Big Data, Machine Learning and other similarly high-end areas. But unlike some, this one will have some pretty heavyweight serial entrepreneurs involved. SeedCloud is an new London-based incubator which also announces its first

Academia

News Corp's Education Tablet May Be The Bureaucratic Fit Schools Need To Adopt Tech (TechCrunch) Public school systems are cheerfully decorated dictatorships: discipline, standards, and testing are the driving concepts of modern k-12 education. The very reason why districts purchase bundles of the same textbooks is so they can keep classrooms in lockstep alignment as teachers meticulous meet timely instructional goals. Amplify, NewsCorp's new education division, finally revealed its

W2CW Announces Its Second Cohort Of Cyber Security Students (Sacramento Bee) Lunarline, a cyber security company, and Echo360, the leader in active learning and lecture capture solutions, together announced the start of the second cohort of Warrior to Cyber Warrior (W2CW) students. The non-profit organization provides career training that links America's returning Veterans and Wounded Warriors to employers in need of qualified cyber security professionals through training and career placement. The W2CW program is a six-month, tuition-free cyber security training and certification program that gives Veterans and wounded service members the skills needed to transition from the military to a career as a cyber security professional

Cyber Academy - Certificate in Computer Network Operations (UMBC Training Centers) UMBC Training Centers has launched the Cyber Academy to address the tremendous need for Cyber professionals in the workforce. The Cyber Academy is a full time, intensive training program designed to prepare students for immediate employment in Cybersecurity job specialties within government and industry

Legislation, Policy, and Regulation

White House Cybersecurity Czar: New Executive Order A 'Down Payment' (Dark Reading) Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure

Why are telcos upset Google isn't subject to Obama's new cybersecurity rules? (The Verge) The debate about how best to protect the nation from hypothetical dire, impending cyber attacks on infrastructure, which government officials and military leaders have been warning of for years, is far from settled in Washington. In fact, President Obama's recent move to sign an executive order on cybersecurity creating a program for intelligence agencies to share classified information they have on so-called national "cyber threats" with the private sector is now being criticized by leading telecom company participants. AT&T and Verzion say the President's order improperly excludes consumer tech companies like Google, Apple, and Microsoft from the list of those eligible to receive, and held responsible to act upon, the government's threat information

US lawmakers want Internet freedom task force (Computer World) New legislation in the U.S. Congress would establish a government task force to monitor domestic and overseas policy proposals that could threaten Internet freedom. The Global Free Internet Act, introduced Tuesday by Representative Zoe Lofgren and three other California Democrats, would create a new task force comprising government officials and outside Internet activists. The task force would monitor proposals and practices, in both the U.S. and in other countries, that deny market access to Internet goods and services or threaten the technical operation, security and free flow of communications on the Internet

Security reports say EU needs more 'honeypots' to lure cyberattackers (EurActiv) European computer emergency response teams, which are being beefed up as part of the EUs cybersecurity strategy, need to set more honeypot traps to snare cyber attackers, according to reports. Two internal memoranda drafted last month by the European Network and Information Security Agency (ENISA) said that the response teams, or CERTS, are not spreading their detection nets as widely as possible and are failing fully to share their information with one another. In computer terminology, a honeypot is a trap set to detect or deflect attempts at unauthorised use of information systems

U.S. Defense Science Board Calls for Segmented Force Cyber Defense (SIGNAL Magazine) The United States quickly must adopt a segmented approach to its military forces to ensure that key elements can survive a comprehensive cyber attack, according to a recently released Defense Science Board (DSB) Task Force on Resilient Military Systems. This approach entails a risk reduction strategy that combines deterrence, refocused intelligence capabilities and improved cyber defense. The effort must constitute a broad systems approach grounded in its technical and economic feasibility to face a cyber threat that has potential consequences similar in some ways to the nuclear threat of the Cold War, the DSB report says

Hardening Our Defenses Against Cyberwarfare (Wall Street Journal) Before the devastating attacks of Sept. 11, 2001, it was difficult for most Americans to fathom such a tragedy on U.S. soil. It later became clear that we had not seen the warning signs. Today, advances in technology that connect utilities, industries and information in real time have changed the nature of the threats facing the nation. Digital networks could be used as a conduit to gas lines, power grids and transportation systems to silently deliver a devastating cyberattack to the U.S

Pentagon chastised for inability to ward off cyber-attacks (Star Tribune) Overall, Defense Department is "not prepared" and its capabilities are "fragmented," unclassified version says. A new report for the Pentagon concludes that the nation's military is unprepared for a full-scale cyber-conflict with a top-tier adversary and must ramp up its prowess. The unclassified version of the study by the Defense Science Board also urges the intelligence community to boost its collection on leading nations' cyber-capabilities and to maintain the threat of a nuclear strike as a deterrent to a major cyberattack

OVERNIGHT TECH: Napolitano to testify on cyber mission (The Hill) The ACLU has argued that the Department of Homeland Security should be the lead hub for intelligence-sharing efforts about cyber threats between government and industry. As a civilian agency, the ACLU notes that DHS is subject to more accountability

Need to safeguard ME virtual borders (Oman Daily Observer) Following discussions on defensive strategies against the ever-increasing threat of cyber warfare, day two of the Cyber Defence Summit in Muscat was opened by Tom Burton, Director of Detica Managed Security at BAE Systems Detica. He was joined by Professor Fred Piper, Founder of Information Security Group and a Lecturer at Royal Holloway, University of London. Piper commented: "Specialist national research institutes are really important for the growth of information security in the region. And the education should be kept dynamic, otherwise degrees and all the hard work done will be irrelevant. Cyber space changes every day and we need to keep up with it." He was on a panel discussion with Jonathan Shaw, a former Major General at the Ministry of Defence in UK. Shaw discussed the formation of a balanced national cyber capability. "There are four types of response for attacks in cyber space: structural, technical, behavourial and political. Hackers will find weakness in our networks -- in terms of structure there needs to be a presence of superior body dedicating how regions should co-operate and it ensures that a decided framework is followed," he highlighted

Litigation, Investigation, and Law Enforcement

Microsoft Says It Will Not Appeal $731M Fine Over Browser Antitrust Violations: 'We Take Full Responsibility' (TechCrunch) The European Commission today said that it will be fining Microsoft 561 million Euro ($731 million) over antitrust violations related to distribution of its Internet Explorer browser — and a humbled Microsoft has now issued a formal response, saying that it will not appeal the fine, and that it takes "full responsibility" for the "technical error" that caused the violation

Michigan thwarts online attacks on records (Detroit News) The Snyder administration has fended off a 19 percent rise in online attacks on millions of state records in the past two years a sign that cybersecurity is a growing duty for government. The state said it spends $10 million a year on 23 technicians who staff an around-the-clock electronics security center that handles 187,000 cyberattacks a day, up from 157,459 a day in 2010. Like other states and the federal government, Michigan is dealing with online hacker attacks that are more frequent and sophisticated

Google Says the FBI Is Secretly Spying on Some of Its Customers (Wired) The terrorists apparently would win if Google told you the exact number of times the Federal Bureau of Investigation invoked a secret process to extract data about the media giants customers. Thats why it is unlawful for any record-keeper to disclose it has received a so-called National Security Letter. But under a deal brokered with the President Barack Obama administration, Google on Tuesday published a range of times it received National Security Letters demanding it divulge account information to the authorities without warrants

Gang arrested for hacking and stealing from exchange companies (Help Net Security) The Dubai police has arrested three people allegedly belonging to a crime gang that managed to steal nearly $2 million from Dubai exchange companies with the help of hackers. The hackers have broken

Requiem for a Dream (New Yorker) Aaron Swartz was brilliant and beloved. But the people who knew him best saw a darker side…Aaron Swartz hanged himself in his apartment in Brooklyn on January 11th. He was twenty-six, but he had been well known as a computer programmer for many years. At the age of fourteen, he helped to develop the RSS software that enables the syndication of information over the Internet. At fifteen, he e-mailed one of the leading theorists of Internet law, Lawrence Lessig, and helped to write the code for Lessig's Creative Commons, which, by writing alternatives to standard copyright licenses, allows people to share their work more freely. At nineteen, he was a developer of Reddit, one of the world's most widely used social-networking news site

Hackback Debates -- The Rematch (Volokh Conspiracy) Last fall, Orin Kerr and I engaged in an online debate over the Computer Fraud and Abuse Act -- specifically whether it is lawful for the victim of computer crime to follow his stolen data into networks controlled by the thief. The debate spread across several posts and into the comments, but it's been pulled into one place

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

IHS CERAWeek 2013 (Houston, Texas, USA, March 4 - 8, 2013) IHS CERAWeek 2013 will offer new insight on the energy future -- and on the strategic and investment responses by producers, consumers and policy-makers. What are the changes ahead in the competitive...

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...

Google and University of Maryland Cybersecurity Seminar (College Park, Maryland, USA, March 14, 2013) Dr. Ari Juels, Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories, will discuss "Aggregation and Distribution in Cloud Security." His talk will feature information...

Department of Homeland Security 6th Annual Industry Day (Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.

CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical,...

NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, June 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by...

U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, June 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your...

2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...

3rd annual Cyber Security Summit (, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

First International Conference on Cyber-Physical Systems, Networks, and Applications (Taipei, Taiwan, August 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications...

TechCrunch Disrupt San Francisco (San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September...

15th Annual AT&T Cyber Security Conference (New York, New York, USA, September 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP...

CyberMaryland 2013 (Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for...

International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, October 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through...

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.