The CyberWire Daily Briefing for 11.20.2012
The cyber war between Israel and Hamas continues to attract volunteer participants, including Israeli civilians, Anonymous members, and Palestinian sympathizers from Pakistan and Bangladesh. The conflict raises (again) questions about how cyberspace conflict among states and non-state actors might be moderated or limited—do the lawyers among our readers see useful analogies in admiralty law? Such conflict appears certain to become more common, especially as companies consider offensive operations against cyber attackers. (Crowdstrike is the most recent prominent advocate of vigilantism.)
Phishing attacks proliferate. Backdoor.Makadocs turns Google Docs into a surrogate command-and-control server (Brazilian Windows 8 users are particularly affected). An attack on an Australian primary school shows how common and effective ransomware exploits have become.
Human resources departments, despite handwringing over vulnerabilities, increasingly allow employees to use social media at work. Security guru Bruce Schneier argues that cyber attackers enjoy enduring advantages over intelligence tools used to predict attacks (in fighter-pilot terms, the hackers are always inside the defenders' OODA loop).
Most CIOs remain skeptical of cloud security even as Britain's National Health Service moves to G-Cloud for better email security. US defense contractors pull in their horns and stockpile cash in anticipation of budget cuts. Intel's CEO Otellini will retire in the spring. (Analysts note Intel's failure to dominate the mobile chip market.)
Researchers at Toshiba and Cambridge University develop a way of securely distributing keys over high-speed fiber. Stanford researchers make progress in forcing quantum entanglement.
US investigators continue to call Chinese telecom manufacturers a security threat.
Today's issue includes events affecting Australia, Bangladesh, Belgium, Brazil, Ireland, Israel, Pakistan, Palestinian Territories, Philippines, Spain, Switzerland, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Israel Wages Cyber War With Hamas as Civilians Take Up Computers (Bloomberg) With companies like Check Point Software Technologies Ltd. (CHKP) and soldiers who exit intelligence units, Israel is aiming to become a leader in cyber
Israeli MSN, Skype, Live and Groupon Sites Hacked (Updated) (Softpedia) Pakistani hackers are also contributing to Operation Israel (OpIsrael). Theyve hacked and defaced a number of three Israeli sites apparently belonging to Microsoft, and the official website of Groupon
Bangladeshi Hackers Deface 20 Israeli Websites in Support for the People of Palestine (Softpedia) Operation Israel, or OpIsrael, is a hacktivist campaign supported by groups from all over the world. One of them is the Bangladesh Grey Hat Hackers (BGHH), who has defaced a number of 20 Israeli websites. This adds to the millions of cyberattacks launched against Israeli cyberspace over the past days
Israeli Official: Anonymous' Massive Cyber Attack Campaign Has Been A Flop (Huffington Post) A concerted effort of millions of attempts to cripple Israeli websites during the Gaza conflict has failed, Israel's finance minister said Monday, claiming that the only site that was successfully hacked was back up within minutes
Anonymous escalates its 'cyberwar' against Israel (CNet) Anonymous' hacking campaign against Israel to protest its attacks on Gaza escalated today with the release of a list of thousands of individuals who supposedly donated to a pro-Israel organization. The collective posted a Pastebin document that it said featured names -- and in some cases home addresses and e-mail addresses -- of donors for the Unity Coalition for Israel, which claims to represent "the largest network of pro-Israel groups in the world." The document appears to be quite old: one of the military e-mail addresses belonged to Douglas Feith, the U.S. undersecretary for defense under Bush, who left that job in 2005
When Virtual-States Attack Nation-States (AOL Government) Sources familiar with the turn of events in Israel say that now the Israeli government has confirmed publicly that a massive cyber attack targeting them is underway. This raises a number of questions. How will a nation-state, such as Israel, respond to
Malware uses Google Docs as proxy to command and control server (CSO) Backdoor.Makadocs variant uses Google Drive Viewer feature to receive instructions from its real command and control server. Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, as a bridge when communicating with attackers in order to hide the malicious traffic
Windows 8 Malware Using Google Docs to Target Brazilians (Threatpost) New malware targeting Windows 8 appears to be using Google Docs as a proxy server instead of directly connecting to a command and control (C&C) server. According to research done by Symantec and discussed in the company's Security Response blog late last week, a Trojan, Backdoor.Makadocs, targets Windows 8 - along with Windows Server 2012 - yet doesn't use any of the software's particular functions as an exploit vector
Blackhole exploits lead a black month for malware (Help Net Security) In October, GFI Software threat researchers uncovered a large number of Blackhole exploits disguised as Windows licenses (just prior to the release of Windows 8), Facebook account verification emails
Cyber-criminals hit primary school (Northern Star) A Byron Bay primary school has been the latest victim of sophisticated cyber crime in which their server was digitally "kidnapped" and held for ransom. Two weeks ago Byron Community Primary School's server was hacked. All data became inaccessible and vital daily tasks such as updating roles, recording financial transactions, and entering health records were impossible
Phishing Malware Combo Targets Twitter with Spurious Obama Story (SPAMfighter News) Security experts at Panda Security, describing the attack, state the scammers use the disgraceful missive for duping end-users so they'll proceed to follow
FreeBSD infrastructure breached, third-party packages potentially affected (Help Net Security) The FreeBSD team has announced over the weekend that two machines within the FreeBSD.org cluster have been compromised and have been consequently pulled offline for analysis. "These machines were
Fake tsunami news report leads to malware (Help Net Security) Fake news about celebrity deaths and impending natural disasters are often employed by online scammers and malware peddlers aiming to trick users into clicking on malicious links without thinking
Fake Apple apps appear on Android Google Play store (Naked Security) The Google Play store is NOT offering you genuine versions of iMovie, Keynote, Garage Band and other popular Apple products
Belgium - phishing fraudsters plunder hundreds of bank accounts (Wordpress) Flemish banks are currently being pummeled by a massive phishing attack. Over hundred Belgians have already been cleaned out of all money on their bank accounts. Fraudsters committed the crimes using email phishing and telephone calls to get hold of bank account numbers and pin data
Security Patches, Mitigations, and Software Updates
Adobe Patches DoS Flaw in ColdFusion 10 (Threatpost) ColdFusion patchAdobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ColdFusion is Adobe's platform and application server used by developers to build Web applications
Nintendo's fixes Wii U network after claims of accidental hack (Naked Security) Just hours after the US launch of Nintendo's latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the console's online component - the Miiverse
Despite Security Worries, Human Resources Allows Social Media At Work (Dark Reading) More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use
Urgently Needed: A Dumber, Tougher Grid (IEEE Spectrum) That's not to say a smarter grid will not also help. Since the hurricane and "nor'easter" that devastated the New Jersey and New York coasts two weeks ago, leaving millions without heat, gasoline and electricity, there has been a lot of loose talk about how a smarter grid might moderate the effects of such catastrophes in the future
Anticipating threats ineffective in enhancing security (ZDNet) Companies looking to predict cyberthreats to fend off attacks will not improve their IT systems' security robustness as the criminals responsible will evolve and develop their technologies accordingly. Speaking at a seminar here Monday, Bruce Schneier, chief security technology officer at BT, said technology has affected the balance of society and social mechanisms such as law and punishment, which help keep people in check so they will not commit crimes, online or otherwise. For instance, the Internet has given rise to anonymity and made it easier for cybercriminals to perpetrate their attacks without getting caught, Schneier observed
The Future Of Cyber Security (WOUB) On this edition of Conversations from Studio B, host Tom Hodson talks with with cyber communication security experts Danny OBrien and Andrew Lewman. OBrien is an Internet advocacy coordinator for the New York based Committee to Protect Journalists, and is a leading authority on cyber security threats. Lewman is the leader of the Tor project, which develops technology to allow journalists and others to scramble their communications when operating overseas
Security Wisdom Watch: National security edition (CSO Salted Hash) Risks to national security have dominated the headlines this past month. Let's review the more insidious examples
Panetta's Wrong About A Cyber 'Pearl Harbor' (ForeignPolicy.com) In recent months, the specter of a looming cyber "Pearl Harbor" has reappeared -- the phrase having first come into use in the 1990s. But it is the wrong metaphor
Generation Tech: Gifted but a long way from bad (Help Net Security) They have been described as technology's Generation Y or Generation Tech: an undisciplined, impulsive, entitled horde of twenty-something workers, seen as one of the biggest security challenges ever
How teens hide their online activity (Help Net Security) A European survey commissioned by McAfee has revealed an alarming disconnect between what teens are getting up to online, and what parents are aware of. Many UK teens are accessing inappropriate content
81% don't trust cloud security (Help Net Security) 81 percent of IT professionals express security concerns when moving data to the cloud, according to a recent survey by GreenSQL. The survey focused on one question: "What is your main security
Small businesses still underestimate cost of security breaches (ZDNet) That's just one of the high-level takeaways from the new State of Cyber Security Readiness survey by Ponemon Institute. Here's another: More than half of
CrowdStrike Wants UK Firms To Fight Cyber Crooks - But Is It 'Nuts'? (TechWeekEurope) When CrowdStrike CEO Shawn Henry calls on UK firms to fight back, is he inciting more cyber crime? The FBI's former cyber security chief was in London last
NHS anticipates move to G-Cloud for secure email services (Computer Weekly) The NHS Commissioning Board is looking to use multiple secure email providers via the governments G-Cloud framework. The move would be the largest deal yet to go through G-Cloud, pushing many millions of pounds through the framework. Around half a million users are currently on the secure email service NHSmail, which runs on Microsoft Exchange 2007
Defense Vendors Stockpile Cash Ahead Of Cliff (Bloomberg Government) Defense contractors led by Boeing Co. and Lockheed Martin Corp. are stashing more cash amid the threat of automatic federal budget cuts and expiring tax breaks
Honeywell Readies For Defense Cuts (Wall Street Journal) Honeywell International Inc. said Monday it expects the bulk of looming U.S. defense cuts to be implemented, and in a sharp break with rivals said it welcomes the reductions
Pentagon Propaganda Plan Is Source Of Controversy (USA Today) Senior officers at the Pentagon are being advised on countering Taliban propaganda by a marketing expert whose company once weeded out reporters who wrote negative stories in Afghanistan and helped the military deceive the enemy in Iraq, according to military documents and interview
DMI, ByteGrid Form Enterprise Data Center Partnership (ExecutiveBiz) Digital Management Inc. has signed an agreement with data center provider Bytegrid ... "Cyber threats, mobile device management, and the Federal Data Center
Commtouch Acquires eleven GmbH To Accelerate Launch Of Security-As-A-Service Solutions (Dark Reading) eleven also provides advanced on-premise email solutions and services
HP Misses, Q4 2012 Revenue Down 7% To $30B, $6.9B Net Loss, $8.8B Write-Down For Autonomy Acquisition (TechCrunch) HP's earnings for Q4 ending on October 31 show a gloomy quarter. Revenue is down 7 percent to $30 billion compared to Q4 2011. But the real problem comes from GAAP net income, with a net loss of $6.9 billion, or $3.49 per share, compared to a slim net profit of $0.2 billion for Q4 2011. Non-GAAP diluted earnings per share is at $1.16 compared to $1.17 year-over-year. Most of the bad news
Cisco ponies up $1.2 billion to beef up BYOD credentials (Fierce Mobile IT) Cisco (NASDAQ: CSCO) is paying $1.2 billion in cash and retention bonuses for Meraki, a cloud-based provider of mobile device management, mobile device security and Wi-Fi connectivity, to boost its BYOD credentials. Meraki's products support BYOD, guest networking, application control, WAN optimization, application firewalls and other networking services
Dell's Gale Buy Points To Cloud Focus (InformationWeek) Dell issued a dismal earnings report last week but hopes its Gale Technologies acquisition points to a more lucrative future
Intel CEO Otellini To Step Down (InformationWeek) Intel's Paul Otellini, president and CEO, is retiring as Intel stares down a post-PC era favoring mobile chips
How Intel's faith in x86 cost it the mobile market (Register) You can't fault departing Intel CEO Paul Otellini by claiming he didn't spot the way personal computing was becoming more mobile
eBay swings axe at Paypal (Channelbiz UK) 325 jobs to go in restructuring. eBay has announced that it is committing to a Q4 pre-tax restructuring charge of $15 mllion, relating to Paypal staff reductions. In other words, today it gave 325 employees the sack
Products, Services, and Solutions
Petraeus Fallout: 5 Gmail Security Facts (InformationWeek) Want to avoid a fall from grace? Then ensure you're not the chief of a spy agency who coordinates your extramarital affairs using a free webmail service. View this complementary article to learn about the top information security takeaway from the ongoing probe into the former director of the CIA, David Petraeus, who resigned after 14 months on the job
Why Facebook is full of it (IT World) Facebook says it's not deliberately throttling news feeds to sell more ads. Maybe that is true. But one way or another, they're lying to us
ITC: 'Plug-and-play' keeps company ahead of cyber threats (intelligentutility) Independent transmission owner ITC Holdings (NYSE:ITC) is "very aware" of cybersecurity, and the company has been diligent about guarding against cyber threats for nearly a decade, ITC vice-president of grid development Terry Harvill told TransmissionHub in an interview on trends that industry representatives will discuss at a panel session during TransForum East coming up in December. I dont think that it is unique to the transmission industry or utility industry that we face an ever growing threat of IT attacks, Harvill said. ITC is an independent electricity transmission company with high-voltage transmission systems in Michigans Lower Peninsula and parts of Iowa, Minnesota, Illinois, Missouri and Kansas through its subsidiaries ITCTransmission, Michigan Electric Transmission, ITC Midwest and ITC Great Plains
Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware (Softpeida) European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Cronto's Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such as ZeuS
Application traffic control now reaches network's edge (CSO) Xirrus' Application Control one of the first to take traffic policing, policy enforcement to the network perimeter, says analyst
Asahi Technologies Announces 24/7 Cyber Attack Surveillance to Help Online (PR Web) Internet merchants across the globe anticipate online sales to surge ahead this holiday season. Nevertheless, this growth provides cyber criminals a bigger opportunity to take advantage of online retailers and end users. Owing to the ardent need of a
Managed Services: 7 Blogs MSPmentor Didn't Write (MSPmentor) Interesting Move: Panda Security is leveraging CentraStage, a cloud-based remote monitoring and management (RMM) platform. This is a pretty big deal for
ForgeRock launches open source stack to secure applications and services (Help Net Security) ForgeRock announced availability of an open source stack to secure applications and services across enterprise, cloud, social and mobile environments
Brother to support iOS devices on cloud-based web conferencing service (Fierce Mobile IT) Brother is expanding its new cloud-based OmniJoin web conferencing service to support Apple's (NASDAQ: AAPL) iOS-based devices, such as the iPhone and iPad, Courtney Behrens, senior marketing manager at OmniJoin, told FierceMobileIT
Reports: Botched firmware update leading to bricked Wii U consoles (Ars Technica) Interrupting the roughly 5GB download can render the console useless
It's official: Windows 8 is a disappointment (Quartz) The new Microsoft operating system that all the reviewers called confusing isn't exactly winning over consumers either. Since its launch less than a month ago, Windows 8 has seen weaker sales than its predecessor Windows 7, an NDP Group report via AllThingD's John Packzkowski found. Sources inside Microsoft also say that the company doesn't like the early sales numbers it's seeing either,reports Paul Thurrott who runs a Supersite for Windows. "Microsoft has not met is internal projections for Windows 8 sales," he wrote. Microsoft blames the PC makers, says Thurrott. "My source cited to me the PC makers' 'inability to deliver,' a damning indictment that I think nicely explains why the firm felt it needed to start making its own PC and device hardware," he writes. But we suspect it has more to do with the newfangled tile look, which has users hesitant to switch away from the familiar Windows 7 start screen. Or maybe that's something that just takes getting used to, in which case we should expect a slow build for Windows 8?s impending smash success
LEAKED: MySpace's Master Plan To Raise $50 Million And Relaunch As A Spotify Killer (Business Insider) The parent company of MySpace is trying to raise $50 million in order to re-launch MySpace as a direct competitor to Spotify and Pandora in 2013
Technologies, Techniques, and Standards
Four Ways to Turn Insiders Into Assets (Dark Reading) Stop thinking about employees as threats and train them to make your company harder to attack. Jayson Street has few problems walking into businesses and getting access to sensitive company data. A vice president of information security for a bank by day, Street moonlights as a penetration tester at Stratagem 1 Solutions, a job at which he has yet to fail
Software 'glitches' are not acceptable. Learn from aviation (TechWorld) The term glitch is often used to describe an error in software, but the word itself undermines the severity of such errors, according to open source software company Adacore. Only this year, a so-called software glitch was responsible for a substantial IT failure at the Royal Bank of Scotland (RBS), which meant that millions of customers could not gain access to funds in their bank accounts. Events from the Wall Street Crash to Toyota's brake failings in 2009 have also been attributed to software glitches trivialising the problem and implying that it can be reasoned away
Total Information Assurance Framework For Modular Implementation (Blogger News Network) Subsequently as BS7799 evolved into ISO 27001 and new frameworks such as COBIT 5 have extended the "Information Security" concept to "Information Assurance" and added Authenticity and Non Repudiation as two other factors in defining Information
What's preferable: Exceptions or explicit error testing? (Ars Technica) A burning question from efficiency and security standpoints. Richard Keller asks: I often come across heated blog posts where the author uses the argument: "exceptions vs explicit error checking" to advocate his/her preferred language over some other language. The general consensus seems to be that languages that make use of exceptions are inherently better / cleaner than languages which rely heavily on error checking through explicit function calls. Is the use of exceptions considered better programming practice than explicit error checking, and if so, why
Design and Innovation
Is Technology Innovation Too Incremental? (InformationWeek) Two prominent big thinkers think it is. But I'm not buying their unsupported arguments
Research and Development
New Neural Chip Mimics Brain Function (SIGNAL) Researchers working for the U.S. Army have developed and patented a neural computer chip that mimics human brain functions and could potentially be used for quantum computing
Scientists Find Cheaper Way to Ensure Internet Security (New York Times) Scientists at Toshiba and Cambridge University have perfected a technique that offers a less expensive way to ensure the security of the high-speed fiber optic cables that are the backbone of the modern Internet. The research, which will be published Tuesday in the science journal Physical Review X, describes a technique for making infinitesimally short time measurements needed to capture pulses of quantum light hidden in streams of billions of photons transmitted each second in data networks. Scientists used an advanced photodetector to extract weak photons from the torrents of light pulses carried by fiber optic cables, making it possible to safely distribute secret keys necessary to scramble data over distances up to 56 miles
Stanford's quantum entanglement device brings us one step closer to quantum cryptography (ExtremeTech) Researchers at Stanford University have taken another major step toward using quantum entanglement for communication, streamlining the process by which two particles can be forced into an entangled state. Once entangled, each should react to changes
Quantum cryptography done on standard broadband fibre (BBC News) The "uncrackable codes" made by exploiting the branch of physics called quantum mechanics have been sent down kilometres of standard broadband fibre. This "quantum key distribution" has until now needed a dedicated fibre separate from that used to
What's The Big Idea? Pentagon Agency Backs Student Tinkerers To Find Out (NPR.org) At Analy High School in Sebastopol, Calif., three students are taking apart a bicycle that generates electricity. Another student is calibrating a laser cutter. They're all working in a cavernous building that once held the school's metal and electronics shop. Let's just say it has been updated
Legislation, Policy, and Regulation
Congresswoman Crowdsourcing Domain-Seizure Bill on Reddit (Wired Threat Level) Rep. Zoe Lofgren (D-California) has taken to the social-news site Reddit to crowdsource legislation that would make it more difficult for U.S. authorities to seize domains facilitating copyright infringement
UK govt tells banks to hand over account data to customers (Finextra) The UK government has warned banks that it is prepared to legislate to force them to hand over current account and credit card data to customers who request it. The threat relates to the midata project, which is designed to give Brits more access to, and control over, the data that companies hold on them so that they can get greater insight into their own spending habits and improve buying decisions. Lloyds Banking Group, MasterCard and Visa are among the big firms in the finance, energy and telecoms sectors to voluntarily back the project, promising to give customers who ask for it their data in an electronic machine-readable standard format
Philippines to set up cybersecurity operations center (ZDNet) The Armed Forces of the Philippines (AFP) will be establishing an operations center to counter cybersecurity threats. According to Manila Standard Today news site on Monday, the military's project is dubbed the Command, Control, Communications, Computers, Intelligence, Surveillance, Target Acquisition and Reconnaissance (C4ISTAR), military spokesperson Arnulfo Burgos said in a statement. It is "envisioned by the Department of National Defense and the AFP for a comprehensive upgrading and acquisition of modern equipment and solutions, under the AFP modernization program for efficient and effective conduct of operations," he said
Republican Senator's Plan Trims The Fat At Pentagon (Washington Post) I want to generate support for Sen. Tom Coburn (R-Okla.) in his newest budget reduction effort targeting some of the low-hanging fruit at the Pentagon
Litigation, Investigation, and Law Enforcement
Experian defends database security practices in face of investigations (Naked Security) Data brokers are on the hot seat as the Irish regulators begin an investigation into Experian's security methods and the US Congress demands more transparency into what's collected and how it's handled
Moneygram pays $100m to settle wire fraud charges (Finextra) Moneygram has agreed to pay $100 million to settle US charges that it criminally aided and abetted wire fraud and failed to maintain an effective anti-money laundering programme. The Department of Justice says that between 2004 and 2009, the firm violated the law by processing thousands of transactions for its agents "known to be involved" in a scam defrauding American citizens. The scams - which generally targeted the elderly and other vulnerable groups - included posing as victims' relatives in urgent need of money and falsely promising victims large cash prizes
Judge approves $22.5M Google fine for violating Safari privacy (Naked Security) A U.S. federal judge in San Francisco approved a legal settlement between the U.S. Federal Trade Commission (FTC) and Google on Friday to the tune of $22. 5M USD, declaring that Google mislead consumers about the privacy protections offered in its Safari web browser. Federal Judge Susan Illston gave her blessing to the settlement in a ruling on Friday, declaring the agreement "fair, adequate and reasonable." the Associated Press reported
Chinese Telecom Firms Pose a Threat to US National Security (U.S. News & World Report) A recent report of the U.S. National Counterintelligence Executive proclaimed that "Chinese actors are the world's most active and persistent perpetrators of economic espionage." And according to Keith Alexander, director of the National Security
For a complete running list of events, please visit the Event Tracker.
IRISSCERT Cyber Crime Conference (Dublin, Ireland, Nov 22, 2012) The IRISSCERT Cyber Crime Conference will be held this year on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel, in Ballsbridge Dublin. This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.