The CyberWire Daily Briefing for 11.16.2012
Escalating violence around Gaza finds its inevitable expression in cyberspace. Not only are Israel and Hamas tweeting their air and rocket strikes, but Hamas sympathizers among Anonymous open a cyber campaign against Israeli sites.
Georgia Tech warns that increasingly capable search personalization will soon enable sophisticated information operations in which attackers can shape their targets' information. Proof-of-concept malware shares USB smart card readers over the Internet. The Opera browser's homepage is found to be redirecting users to the Blackhole exploit kit.
Adobe closes its Connect user forum in the wake of the Egyptian Hacker breach. NASA continues to work to repair the damage done by its stolen laptop—the theft exposed 10,000 people's personal information.
Notable cyber trends include "information sprawl" into the cloud, the inadequacy of attack information sharing (inhibited by legal and regulatory regimes), the financial risk companies assume when collecting personal information, and the "reckless trust" companies accord third-party software.
After $1B, the US Air Force cuts its losses on a failed ERP program. Fidelity makes a major commitment to secure code development. Lockheed Martin's warnings about supply chain security say much about the complexity and fragility of the logistics the company established for its F-35 program. Thales continues a characteristically quiet expansion into the cyber market, opening an R&D center in Quebec and hinting that its next CEO may be a cyber expert.
The US Congress will not pass a cyber bill this session, making further executive orders likely. South Carolina's data breach moves into litigation.
Notes.
Today's issue includes events affecting Australia, Canada, China, Egypt, France, Israel, Norway, Palestinian Authority, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Anonymous Attacks Israeli Web Sites (New York Times) After Israel killed a top military commander of Hamas on Wednesday, Anonymous, the loose affiliation of hackers, retaliated with a series of attacks on Israeli Web sites. In a coordinated action that began at 3 a.m. New York time Thursday, hackers attacked Web sites belonging to the Israel Defense Forces, the prime ministers office, Israeli banks, airlines and security companies by flooding them with Web traffic, in a campaign they called #OpIsrael
Hamas Shoots Rockets at Tel Aviv, Tweeting Every Barrage (Wired Danger Room) On day two of the fight between Israel and Hamas, the Palestinian group hit back, launching its most sophisticated rockets and announcing every new barrage on social media
Israel Kills Hamas Leader, Instantly Posts It to YouTube (Wired Danger Room) The Israel Defense Forces didn't just kill Hamas's military leader on Wednesday. They killed him and then instantly posted the strike to YouTube. Then they tweeted a warning to all of his comrades
Attackers to Exploit Search Personalization, Supply Chains (Threatpost) Information systems and algorithms designed to personalize online search results will give attackers the ability to influence the information available to their victims in the coming years. Researchers, in turn, must seek ways to fortify these systems against malicious manipulation, according to the Emerging Cyber Threats Report 2013, a report released ahead of yesterday's Georgia Tech Cyber Security Summit 2012
Proof-of-concept malware can share USB smart card readers with attackers over Internet (CIO Magazine) Rascagneres is also the founder and leader of a malware analysis and engineering project called malware.lu, whose team designed this USB sharing malware
Opera homepage spotted redirecting visitors to Blackhole kit (Help Net Security) If you are an Opera user who hasn't changed the browser homepage or has visited Opera's Portal homepage (portal.opera.com) on Wednesday, you might want to check you computer for malware
Curiosity-piquing Twitter DM leads to double threat (Help Net Security) A double threat has been aimed at Twitter users as Direct Messages carrying a Facebook link and the question "what on earth could you be doing in our movie?" are currently doing rounds
Spoofed Better Business Bureau email leads to malware (Help Net Security) A massive spam campaign impersonating the Better Business Bureau is currently hitting inboxes around the world. The emails urges users to check out a report and to respond to the matter urgently
LinkedIn spam drives traffic to Toronto Drug Store (Naked Security) That email you just received from LinkedIn might be promoting a Thanksgiving sale of Viagra instead
TNS24 - a fake courier company website, used by online scammers (Naked Security) Beware of attractive strangers contacting you on Facebook, and requesting that you help finance a shipment of goods in your name…you might find yourself out of pocket, with little chance of redress
Cracked passwords from the alleged 'Egyptian hacker' Adobe breach (Naked Security) An allegedly Egyptian hacker going by the name ViruS_HimA has allegedly hacked into Adobe. According to himself, he's made off with a largish database of personally identifiable information. Wherever the data actually comes from, it reveals yet more poor password hygiene at both the client and the server…find out just how bad
Adobe suspends Connect user forum after apparent hack (ZDNet) Adobe has suspended a user forum where customers discuss its Connect videoconferencing product, after an apparent security breach in which credentials for members of the US military were leaked. The company said on Wednesday that the Connectusers. com forum was the only service to be compromised by the "unauthorised third party"
NASA breach update: Stolen laptop had data on 10,000 users (CSO) Breached unencrypted laptop puts personal data of NASA employees and contractors at risk, spokesman says
Cyber Trends
Symantec's Digital Information Index Reveals Half Of Business Information Resides Outside The Firewall (Dark Reading) Cloud and mobile computing driving information sprawl
Adequate Attack Data and Threat Information Sharing No Longer a Luxury (Threatpost) While some industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cross-industry groups such as the Advanced Cyber Security Center (ACSC) facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable information
Despite security concerns, enterprises place sensitive data in the cloud (Net-Security) One third of enterprises place highly sensitive data in the public cloud even though most are wary of the implications on security and other business processes, according to Forrester Consulting. Nearly half of respondents do not think their existing identity and access management (IAM) infrastructures will be able to support cloud applications and provide single sign-on (SSO). While most enterprises are concerned about exposing data to the cloud, nearly a third of them already place highly sensitive data like regulated financial (34%) and healthcare information (29%) in SaaS apps
European enterprises cautiously accepting BYOD (Net-Security) Results of the European edition of the ISACA IT Risk/Reward Barometer show slowly growing acceptance of BYOD in the workplace, with 28% of organisations freely allowing the use of personal mobile devices for work, compared with 34% in North America and 48% in Oceania. However, there has been a 20-percentage-point drop in enterprises that prohibit BYOD (down from 58% to 30%). More than half (54%) of IT professionals in Europe continue to report that the risk of BYOD outweighs the benefit, compared to 15% who say benefits are greater than risk and 31% who say that benefits and risk are balanced
Companies collecting personal info face financial risks (Net-Security) Many organizations lack the business behaviors and compliance practices necessary to adequately address growing consumer and regulatory concerns about data security and privacy, according to Edelman. The comprehensive study of 6,400 corporate privacy and security executives was conducted by the Ponemon Institute, a leading independent research organization. The analysis spans 29 countries around the world, and is believed to be one of the largest studies of its kind ever fielded
Attacks targeting government info, intellectual property grow more complex (GCN) Government -- in common with business sectors such as manufacturing, IT and technical services -- is being targeted by increasingly complex attacks with the intent of stealing data rather than money, according to the most recent snapshot from the Verizon Data Breach Investigation Report. Although the types of sensitive information held by government often differs from private sector intellectual property, government and the private sector share a lot in common as victims, according to Verizon analysts. While most financially motivated attacks are against targets of opportunity, when it comes to IP theft, the targeted nature of the attacks considerably changes how they are conceived and carried out, the report says
Security report: Enterprises place reckless trust in third-party software (ZDNet) Software security testing company Veracode's just-released Supplemental to its 2012 State of Software Security Report focuses on the software supply chain
90 percent say online privacy is threatened (Help Net Security) Ninety percent of U.S. consumers who use a mobile device for work activities feel their online privacy is threatened, but many persist in putting their privacy and security at risk
Mobile spam is impacting most U.S. adults (Help Net Security) Mobile spam has become prevalent, with the majority of U.S. adults who text reporting that they have received an unsolicited text message, according to a survey conducted online by Harris Interactive
Privacy scholars at the wall (Fierce Big Data) I went to a lecture last night put on by one of the Meetup groups I belong to. My family and friends think the group is some kind of subversive cult, which is an indication that I may need new friends--not much I can do about my family
Why Android's Dominance Is Bad (InformationWeek) Google's Android platform grabbed a commanding 72% share of the smartphone market during the third quarter. That needs to change
Petraeus Mission Impossible: Cloaking Email, Online Identities (InformationWeek) So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective
Marketplace
Change In U.S. Defense Strategy Could Ease Fiscal Challenge: Report (Reuters) A group of national security experts on Thursday proposed a new U.S. defense strategy they said could be safely implemented at different budget levels, enabling President Barack Obama to cut Pentagon spending by more than the $487 billion agreed to so far
Air Force scraps massive ERP project after racking up $1 billion in costs (IT World) The U.S. Air Force has decided to scrap a major ERP (enterprise resource planning) software project after spending $1 billion, concluding that finishing it would cost far too much more money for too little gain
Army Reserve Chief Jeffrey Talley Not Worried Over Sequestration (Govconwire) Army Lt. Gen. Jeffrey Talley, chief of the Army Reserve, told the Defense Writer's Group Wednesday he is not worried that sequestration will occur, American Forces Press Service reports. He said he is not worried because both Defense Secretary Leon Panetta and Army Secretary John McHugh told the departments to not plan for the cuts
Risks in Modernized e-File will delay retirement of legacy systems, says TIGTA (Fierce Government IT) The Internal Revenue Service may not be able to retire its legacy e-File system due to insufficient testing of the latest release of the Modernized e-File system, or MeF. Performance waivers and deferrals used in performance tests of MeF 7.0 remain unresolved, according to a Treasury Inspector General for Tax Administration report published Nov. 14 but dated Sept. 27
Profile: Michael Del Vecchio, OUSD-I Senior Cyber Adviser (ExecutiveGov) In 2005, he began his service as the National Security Agency's senior official assigned to the National Reconnaissance Office, where he also served as deputy director for NRO's signals intelligence acquisition and operations directorate, deputy chief
Online identity suppliers revealed for troubled Universal Credit (CSO) Department for Work and Pensions has selected seven providers, including the Post Office
Australian Computer Scientists to Develop Software for Multi-million-dollar US Program (Avionics Intelligence) Government will see a team of computer scientists from NICTA, Australia's Information and Communications Technology Research Centre of Excellence, develop a new breed of software to protect the critical systems in unmanned vehicles from cyber attack
TWD Acquires Federal Cloud, IT Services Contractor (Govconwire) TWD & Associates has acquired federal information technology contractor The Engle Group in a move to expand its offerings in IT service management, cloud computing and application development. McLean, Va-based Engle provides IT services to federal customers including the Justice, Department and Interior departments and "expands our reach into the civilian sector," said Larry Besterman
A Telling Gesture: Qualcomm Acquires Assets Of Digital Ultrasound Company, EPOS, To 'Differentiate' Next-Gen Snapdragon Chips (TechCrunch) Qualcomm Technologies, a subsidiary of mobile chipmaker Qualcomm, has announced it has acquired "certain assets" from Israeli company, EPOS Development, which develops low-cost, digital ultrasound positioning technologies for use in input systems such as pen, stylus and gesture recognition
Microsoft Names Julie Larson-Green to Lead Windows Operations (Govconwire) Microsoft Corp. has promoted Julie Larson-Green to lead all Windows software and hardware engineering, succeeding Windows and Windows Live president Steven Sinofsky. Larson-Green will lead all future Windows product development and future hardware opportunities, according to a company statement, "Leading Windows engineering is an incredible challenge and opportunity, and as I looked at the technical and
CounterTack Names New Chief Researcher (Dark Reading) Sean Bodmer has more than 16 years of security assurance experience
Fidelity Invests In Secure Software Development (Dark Reading) No code goes live at financial services firm until it has been fully vetted
Insight: Lockheed's F-35 logistics system revolutionary but risky (Reuters) One concern: Lockheed shored up political backing for the F-35 by choosing suppliers in nearly every U.S. state. But having such a large and widely dispersed group increases exposure to cyber attacks, said Ben Freeman, national security investigator
Thales sets research and Technology center (UPI.com) Thales Research and Technology Canada will concentrate on research for cybersecurity; information fusion with smart networks and sensors; intelligence
Sources: Cybersecurity Expert May Succeed Thales CEO (DefenseNews.com) Sogeti and Thales Communications & Security are corporate sponsors of a new chair in cyber defense and cybersecurity at France's Saint-Cyr Coetquidan
Sourcefire, Inc's CEO Presents at UBS Global Technology Conference-Transcript (Seeking Alpha) Unidentified Corporate Participant: I guess maybe the big question on everyone's mind has just been this expansion. You've had an amazing run in your core (Mark)et and now you've really laid a strategy to move outside and redraw the boundary
Norman AS Releases New Video That Explores Government Role in Cyber Security Policy (MarketWatch) Joe Weiss of Applied Control Solutions Notes the Absence of ICS Professionals from Policy Decisions
Antivirus startup linked to infamous Chinese hacker (CSO) Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisign's 2007 iDefense report, which described Dailin as the 20-year-old leader of a state-sponsored hacking team called NCPH, which stood for Network Crack Program Hacker
As AMD Explores Options, Intel Pain Looms (InformationWeek) Moore's Law is changing the rules of the game again. This time AMD and Intel could both be on the losing team
Products, Services, and Solutions
OpenDNS Goes Mobile (Dark Reading) New service an alternative to the VPN. OpenDNS founder and CEO David Ulevitch says his company over the past few years has become more of a security company than a pure DNS resolution service provider
Japan Mobile Company Debuts Real-Time Voice Translation App (IEEE Spectrum) NTT DoCoMo app allows callers to converse without language barriers
Free Risk Indexing Tool Offers Start For Assessments (Dark Reading) Ponemon and Edelman hope to offer benchmark for organizations that want to know where their data privacy risk posture stands
Sony Mobile Chief Acknowledges Its Smartphones Suck, Promises An iPhone, Galaxy S III Competitor Soon (TechCrunch) Sony makes a lot of really nice things, but it has never taken smartphones seriously. That's to change if Sony Mobile's sales chief, Dennis van Schie, is to be believed
GlobalSign Releases Free SSL Configuration Checker (Softpedia) World-renowned SSL certificate provider GlobalSign has released a free online service the SSL Configuration Checker which allows organizations that rely on SSL for website security to assess their configurations. Numerous organizations utilize SSL to ensure that their customers information is protected against cybercriminal attacks. However, companies must also make sure that their SSL configurations are not faulty, and this is where the SSL Configuration Checker steps in
NETGEAR unveils new VDSL application firewall (Help Net Security) NETGEAR introduced the ProSecure UTM25S Unified Threat Management Firewall, which provides two modular slots that fit optional interface cards, enabling IT administrators to custom-tailor the firewall
Check Point unveils ThreatCloud Security Services (Help Net Security) Check Point has announced ThreatCloud Security Services, a set of new security service offerings to assist customers in protecting their organisation's networks from threats
Rackspace enhances Private Cloud software (Help Net Security) Rackspace announced new features and enhanced support offerings for the Rackspace Private Cloud. Since the OpenStack-powered Rackspace Private Cloud Software launched in August, thousands of organizations
NJVC to Spotlight Cloudcuity at Gartner Data Center Conference (DigitalJournal.com) NJVC Cyber Dashboard – An award-winning dashboard that enables the visualization of core devices across an organization's entire IT enterprise
ArmorHub's Web Security Service Scans For Vulnerabilities & Malware, Works Great For Startups As Well As Your Dad (TechCrunch) ArmorHub is today launching a web security service targeting startups, small-to-medium sized businesses, and most importantly, the layperson who knows that website security is something to be concerned about, but doesn't know how to monitor their site or what to do if an issue is found. The company is being bootstrapped by Evan Beard, previously the founder and CEO of eTacts
Newvem Brings Cloud Analytics To AWS To Help Businesses Not Just Save, But Actually Profit On The Cloud (TechCrunch) Over the last few years, Amazon Web Services (AWS) has emerged as one of the most popular cloud infrastructure solutions out there, managing an unusual feat for those of its ilk by appealing equally to both early stage startups and enterprise. While it provides access to next-gen computing and hosting services for cheap and scales like a champ, the onboarding process remains tough for startups and
New iMacs may be delayed due to welding issues (Ars Technica) A "commercial source" suggests Apple may not ship the new iMacs until 2013
Google Sheds Light on New Android App Scanner (Threatpost) Google has divulged more information about its forthcoming application verifier for the Android operating system. The feature is being rolled out over the air alongside the latest build of the OS, Jelly Bean 4.2, on Nexus 7 and Galaxy Nexus devices as of yesterday
Facebook Jobs App Takes On LinkedIn (InformationWeek) Facebook's new app is designed to connect job candidates with hiring employers. Should LinkedIn be worried
LucidWorks successfully betas search app development platform (Fierce Big Data) Disaster planning, deep web intelligence and search and discovery are a few of the applications built by companies using the LucidWorks enterprise-grade search development platform, which the company will make generally available next month
Microsoft Windows 8 Tablet Plans In Disarray (InformationWeek) Surface Pro and other systems that run Win8 on Intel's Clover Trail platform are missing in action at a key time -- creating a nasty enterprise tablet problem for Microsoft.
Technologies, Techniques, and Standards
Encryption of Data-in-Use to Harness the Power of the Cloud (SYS-CON Media) The not-for-profit Cloud Security Alliance notes in its most recent Email Security Implementation Guidance that it is critical that the customer - not the cloud service provider - be responsible for the security and encryption protection controls
Lack of network history delays resolution of security issues (Help Net Security) Endace released the findings from its survey that highlight the operational challenges being faced by IT teams as they come to terms with the latest high-speed, network-centric technologies
Shop Safer This Cyber Monday (Business 2 Community) Here is a list of steps from The Better Business Bureau and the National Cyber Security Alliance that you can take to protect yourself from fraud this Cyber
How one NYC data center survived Hurricane Sandy (Ars Technica) Lesson learned from 10 days on generator power: more weather-proofing needed
How to report a computer crime: SQL injection website attack (Naked Security) Do you know how to report a computer crime? Or even who you would report it to? So far, we've looked at unauthorised email account access and malware in our series of articles on how to report a computer crime. In this article, we'll look at an SQL injection attack
7 Cheap Cloud Storage Options (InformationWeek) You have a multitude of cloud storage choices beyond Dropbox, for enterprise and personal use. But make sure you understand the differences
Nine security controls to look for in cloud contracts (NetworkWorld) To help ease the concerns of cloud security, which Gartner says is still a chief inhibitor to enterprise public cloud adoption, buyers are looking to contracts and service-level agreements to mitigate their risks. But Gartner cloud security analyst Jay Heiser says SLAs are still "weak" and "unsatisfying" in terms of addressing security, business continuity and assessment of security controls."A lot of these things are getting a lot of attention, but we're seeing little consistency in the contracts," he says, especially in the infrastructure-as-a-service (IaaS) market. Software-as-a-service (SaaS) controls are "primitive, but improving."Below are some of the common and recommended security provisions in cloud contracts and how common and effective they are
10+ challenges facing the 'international' CIO (Tech Republic) CIOs and managers who are responsible for international IT encounter different kinds of technical, organizational, and people issues from those who have IT responsibilities only on the home front. Yet few of these international executives get formal training on how to conduct international business before they go abroad. There are numerous issues to consider and many are only peripherally related to technology
Design and Innovation
CSC's Yogesh Khanna Wins 2012 'CTO Innovator Award' (Govconwire) Yogesh Khanna, vice president and chief technology officer for the North American public sector at Computer Sciences Corp. (NYSE: CSC), has won this year's CTO Innovator Award in the large company category. According to CSC, Khanna was was recognized for helping establish the company's data center consolidation and cloud computing go-to-market strategy and offerings
Research and Development
They Cracked This 250 Year-Old Code, And Found a Secret Society Inside (Wired Danger Room) For nearly 250 years, this book concealed the arcane rituals of an ancient order. But cracking the code only deepened the mystery
Stanford Physicists Take First Step Toward Quantum Cryptography (Patch.com) Quantum mechanics offers the potential to create absolutely secure telecommunications networks by harnessing a fundamental phenomenon of quantum particles. Now, a team of Stanford physicists has demonstrated a crucial first step in creating a quantum
Academia
Building Tomorrow's Cyber Defenders (Virginia Connection Newspapers) "Northrop Grumman is the largest cybersecurity provider to the federal government," said corporate spokeswoman Marynoele Benson. "This camp was about network defense, so kids could understand how their computers can be infiltrated and how to protect
Big Data Education: 3 Steps Universities Must Take (InformationWeek) How can universities help meet the growing demand for data scientists? Consider this advice from a professor working in the trenches with tomorrow's analytics pros
Legislation, Policy, and Regulation
Harry Reid's Virus (Wall Street Journal) The House adopted on a bipartisan vote in April the Cyber Intelligence Sharing and Protection Act giving companies liability protection to encourage them to monitor their systems and report attacks to the National Security Agency and other federal
Political Gridlock Leaves US Facing Cyber Pearl Harbor (Businessweek) Last month, Obama signed a separate cybersecurity directive authorizing the National Security Agency and other military units to take more aggressive action to defeat attacks on government and private computer systems. An Oct. 4 Bloomberg Government
Blocked Leaks Bill More About Message Discipline Than National Security (ACLU) Sen. Ron Wyden (D-OR) deserves significant credit for placing a hold today on a draft intelligence spending bill that would place enormous new obstacles in the path of journalists trying to report on government illegality, fraud and waste in the intelligence community. Although it is true that national security sometimes requires secrecy, restrictions on freedom of the press would do little to benefit the national security while significantly insulating government wrongdoing from public scrutiny
Why Congress Hacked Up a Bill to Stop Hackers (Businessweek) On July 30, U.S. Army General Keith Alexander, the director of the secretive National Security Agency, which helps guard the government's computer networks, addressed a group of lawmakers in a packed room in the Capitol. He said the U.S. had evidence
Congress Kills Cybersecurity Bill, White House Action Expected (InformationWeek) …"government and military targets face repeated exploitation attempts by Chinese hackers," the report said, fingering China in cyber espionage and cyber attacks aimed at the Department of Defense, NASA and U.S.-based companies like Lockheed Martin
As CIA Chief Scandal Looms, Lawmakers Consider Tightening E-Mail Privacy (As CIA Chief Scandal Looms, Lawmakers Consider Tightening E-Mail Privacy) Recent intrusions by the FBI into e-mail correspondence between former CIA Director David Petraeus and his mistress and biographer, Paula Broadwell, have raised a lot of questions and concerns about the governments ability to access private e-mails. The current law covering access to e-mail gives the government the right to snoop without a court order on email thats older than 180 days, but requires a court order for missives that are newer than this, a fact that privacy activists have been trying to change for years. Now they might finally be getting closer to that wish
Kramer: U.S. will emphasize market liberalization in WCIT-12 (Fierce Government IT) A second tranche of U.S. proposals for the planned December treaty-writing conference of the International Telecommunication Union in Dubai emphasizes "the criticality of liberalized markets," said Amb. Terry Kramer, head of the U.S. conference delegation
Last attempt at Senate cybersecurity bill fails (Fierce Government IT) A last attempt this Congress to pass a cybersecurity bill in the Senate failed Nov. 14 when less than a supermajority of lawmakers voted to invoke cloture, a necessary step before the bill can come to the floor. Lawmakers voted 51-47 for cloture, but with Republican senators voting against, consideration of a cybersecurity measure will likely have to wait until a bill can be reintroduced following the Jan. 3 convening of the 113th Congress
Litigation, Investigation, and Law Enforcement
Maker of Airport Body Scanners Suspected of Falsifying Software Tests (Wired) A company that supplies controversial passenger-screening machines for U.S. airports is under suspicion for possibly manipulating tests on privacy software designed to prevent the machines from producing graphic body images. The Transportation Security Administration sent a letter Nov. 9 to the parent company of Rapiscan, the maker of backscatter machines, requesting information about the testing of the software to determine if there was malfeasance. The machines use backscatter radiation to detect objects concealed beneath clothes
Report Says $67.9 Billion In Defense Budget Is Idled Away (Boston Globe) Fishy is right, according to "Department of Everything," a wry but scathing new report commissioned by Senator Tom Coburn of Oklahoma that identified $67.9 billion in the defense budget during the next decade designated for projects that have little to do with defending the nation. That waste includes conducting nonmilitary research, running schools, grocery stores, and microbreweries, and maintaining unnecessary overhead and supplies
C.I.A. Investigates Petraeus Affair As Lawmakers Press Libya Attack Inquiry (New York Times) The Central Intelligence Agencys inspector general has started an investigation into the general conduct of David H. Petraeus, who resigned last week as the C.I.A.s director after admitting to having an affair with his biographer, Paula Broadwell
China: No. 1 Cyber Threat (Free Beacon) Chinese state-run cyber attacks pose most significant global cyber threat, congressional report says. China's government carried out numerous cyber attacks against United States government and private sector computers this year and has emerged as the most significant threat in cyberspace, according to a congressional commission report made public Wednesday
Major Data Breach in State Tax System (Courthouse News) South Carolina's cyber-security contractor, Trustwave, let hackers into the state tax system, compromising the personal information of 3.6 million South Carolinians, taxpayers claim in a federal class action
Data breach could cost businesses $330M, ex-FBI official says (Greenvilleonline) The ultimate cost to some South Carolina businesses from the data breach at the state Department of Revenue could top $330 million, a former high-ranking FBI official says. Chris Swecker, the former No. 3 official at the FBI, told GreenvilleOnline. com this morning that even if only 1 percent of the 650,000 businesses whose information was exposed in the massive data breach was used for financial gain, it could mean losses totaling $338 million, based on FBI historical experience with data fraud
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.