The CyberWire Daily Briefing for 12.3.2012
Syria is back online, with Internet connectivity restored over the weekend.
Little new has emerged on the malware recently discovered stealing technical data from Japan's space agency, but researchers discern Chinese government fingerprints in the exploit, and believe the discovery points to a large technical espionage campaign.
A new stack buffer overflow vulnerability is found in MySQL. An Instagram vulnerability permits iPhone account takeover. Screenshot tools are found to have data leakage vulnerabilities.
The UK government undertakes a drive to warn the public of the online threat, and begins by disclosing that foreign governments are trying to map critical infrastructure as a precursor to cyber attack. (An expert, however, claims plausibly that a major Internet disruption is likelier to come from a "glorious cock-up" than a state-sponsored attack.)
The US Government approaches "fiscal cliff" and sequestration deadlines; observers see an eleventh hour budget accord as unlikely. Raytheon, however, says it believes the cliff will prove a mere "speed bump," and that in any case foreign sales will keep the company flush. Trend Micro positions itself for an emerging market in cyber offensive capabilities.
DARPA's Vetting Commodity IT Software and Firmware (VET) program, which will "look for innovative, large-scale approaches to verifying the security and functionality of commodity IT devices" kicks off with a Proposer's Day next week.
UN Internet governance talks are underway in Dubai. The US Army concludes an investigation into the Palantir-DCGS fracas and finds no wrongdoing, but system partisans (especially those Wired calls "Palantir fanboys") remain unconvinced.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Finland, Iran, Japan, Saudi Arabia, Syria, Turkey, Ukraine, United Arab Emirates, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Syria back online after two-day internet blackout (ZDNet) According to web monitoring firm Renesys, 'the restoration was achieved just as quickly and neatly as the outage'. However, it may be too early to tell for sure what precisely caused the cutoff on Thursday. Internet access was restored to the people of Syria on Saturday, ending a two-day blackout
Malware found sucking up data on new Japanese space agency rocket (Naked Security) Japan's space agency said on Friday that it found a computer virus on one of its desktop computers that was stealing data on one of its newest rockets and beaming it to controllers outside the agency, the New York Times reported.
Japan Aerospace Exploration Agency hit again by malware (Security Affairs) The New Your Times has recently published the news the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored from a computer in Tsukuba Space Center located in northeast area of Tokyo, where it has been detected a malware that was stealing information. The stolen data includes details on ongoing projects such as the Epsilon project, a solid-fuel rocket, this last feature is desirable for the attackers due the possible implication in military use
Zero Day MySQL Buffer Overflow (Internet Storm Center) A new stack-based buffer overflow vulnerability was released on Full Disclosure yesterday for MySQL. Depending of the user privileges, the flaw can cause
Security firms warn of spreading Windows AutoRun malware (CSO Salted Hash) Significant increase in infection is curious because Windows 7 and Windows 8 PCs will not launch autorun.inf files
Instagram vulnerability on iPhone allows for account takeover (CSO) A security researcher has found a vulnerability in Instagram involving how it handles cookies
Snipping Leaks (Internet Storm Center) ISC reader Phil asked a great question earlier today: "I'm wondering if there are data leakage concerns with screenshot tools such as MS Snipping Tool, if such tools have metadata in any of the formats they support". Well, yes, they do. Screenshots taken with the MS Snipping Tool and saved in JPG format contain both an EXIF and XMP header. You can look at what's in there for example with Phil Harvey's excellent ExifTool. The leakage is nowhere near as extensive as what is often found in MS Office documents, but it is definitely present
Acer India Hacked, 20,000 User Credentials Leaked (Softpedia) A Turkish hacker called Maxney has managed to breach and deface a number of six subdomains owned by Acer India. The affected sites are: acn. acer
ADP Discloses Ambulance Data Billing System Breach (Dark Reading) Investigation revealed unauthorized access and, in certain instances, disclosure of personal information
UK is hit by cyber enemies (The Sun) Foreign states have tried to penetrate the UK's network of vital utilities to plot a cyber attack, security bosses have revealed. Potential enemies attempted for the first time to "map" transport links, electricity and water supply. The warning follows a similar one issued in the US recently by FBI cyber defence chiefs. The Government today launches a drive to alert the public to the soaring threat of online attacks
Cyber Trends
Anti-Botnet Efforts Still Nascent, But Groups Hopeful (Dark Reading) Seven months after a government-industry coalition announced recommendations for ISPs to fight botnets, success is still a long way off
Lack of industry collaboration spurs cyberterrorism (ZDNet) Absence of trust and coordination among nation states, and communication between public and private sectors to fight organized cyberterrorists, means the security industry has fallen behind. The security industry is lagging behind cyberterrorists due to a lack of cooperation and communication between the public and private sectors and nation states. Speakers at Cyber Security Forum Asia 2012, hosted by security and defense firm IB Consultancy here Monday, reiterated the importance of collaboration among private and public organizations in fighting cybercrime, but noted such coordination has yet to be established despite the surge in cyberattacks.
Why virtual currency Bitcoin can't save the Iranian economy (Quartz) After decades of sanctions on Iranian trade, sanctions restricting the flow of money in and out of Iran have inflicted significant damage on the Iranian economy. That owes much to the Belgium-based Society for Worldwide International Financial Transfers (SWIFT), which in March agreed to block any Iranian banks blacklisted by the European Union from using its international payment systems. Not long after the SWIFT cutoff, things started going rapidly downhill for the Iranian rial, suggesting that it has become much tougher for Iran to get hold of the hard currency it has used to prop up the rial
Cybergeddon likely to be caused by 'glorious cock-up' (Techworld) The likelihood of a state-sponsored attack on the Internet is relatively small. Cybergeddon is more likely to be caused by a "glorious cock-up" than a state-sponsored cyber attack, according to Paul Simmonds, co-founder of the Jericho Forum and former CISO of AstraZeneca and ICI. Speaking at the "Cybergeddon - fact or fiction?" debate at the Imperial War Museum in London, Simmonds said it is more likely that all the DNS route servers will be taken out by a cascade action due to a botched router upgrade than a deliberate attempt by one government to bring down
Intelligence community must adapt to era of vast data, study says (GovExec.com) The digital information revolution has handed the U.S. intelligence community a slew of new challenges that are nowhere close to resolution, a new study says. The 21st-century problems range from mountains of data to accelerated pace of change to competing information flow from nongovernmental sources to fears of violating privacy and civil liberties, according to a paper "Expectations of Intelligence in the Information Age," released Thursday by the Intelligence and National Security Alliance, a nonprofit that brings together experts in the public, private and academic sectors. The paper drew praise from Defense Intelligence Agency Director Lt. Gen. Michael Flynn, who spoke at a banquet in Arlington, Va., to mark the paper's release
Mobile and cloud developments will dominate 2013 (Help Net Security) For the past several years, the IT industry's transition to the 3rd Platform, built on mobile computing, cloud services, social networking, and big data analytics technologies, has dominated the annual reports
Marketplace
Doubts Grow On 'Cliff' Accord (Washington Post) As the White House and Republican leaders enter the final month of negotiations to avoid a year-end fiscal cliff, both sides struck an uncompromising tone Sunday, as warnings mounted that they will be unable to forge an agreement to stop an automatic series of deep spending cuts and large tax hikes that could push the economy into recession
The Bipartisan Fiscal Doomsday Fast Approaching (Washington Post) The Defense Department would need to delay equipment purchases and repairs, trim services for military families and perhaps compromise the readiness of military units preparing to deploy, according to the White House report
CEO Of Massive US Defense Firm Scoffs At The 'Fiscal Cliff' (Business Insider) The fiscal what? Cliff? How about the fiscal "speed bump." The CEO of the fourth largest U.S. defense firm, Raytheon (5th largest in the world), Bill Swanson "is telling investors sequestration would be a 'speed bump,' not a 'guillotine,'" according to Politico
Stepped Up Cyberthreats Prompt Air Force To Rethink Training, Acquisitions (SIGNAL) U.S. Air Force cybersecurity training may be conducted 24 hours a day, seven days a week if needed to meet burgeoning demand for cybersecurity experts in the near future, according to the service's chief information officer
Northrop Launches Tech Development Network (ExecutiveBiz) Northrop Grumman has launched a new Web-based environment for academic institutions and small businesses to collaborate on technology development, the company announced Wednesday
Taking the fight to the hackers (Ottawa Citizen) Trend Micro's 50-employee office on Hines Road in Kanata has become the launch pad for its cyber counter offensive. Kellermann said the company, which posted revenues of $1.21 billion U.S. in 2011, has pulled numerous resources from other countries to
ManTech JV to Provide Marines Warfighting Lab Engineering (ExecutiveBiz) A ManTech International joint venture has won a $23 million contract to provide engineering services for a U.S. Marine Corps laboratory that maps out the branch's combat development process, the company announced Friday. GenTech Partners, a partnership between ManTech and Genex, will also provide technical, analytical and business support services to the Marine Corps Warfighting Laboratory
Twitter Case Exposes the Downside of Grandstanding (Wired Business) Twitter was slapped with a temporary restraining order after it tried to cut off the startup PeopleBrowsr. PeopleBrowsr says Twitter misled it with rhetoric about being an open platform
EADS shareholding structure shakeup on the way (Quartz) French and Germany shareholders are in talks to change the shareholding and corporate governance structures of European aerospace giant, and Airbus parent, EADS. The company confirmed the news on Monday, in response to a flurry of recent press reports. The company didn't say a whole lot more, except to explain it was participating in these discussions and that any changes would require board approval. A new deal could be announced as early as today
Products, Services, and Solutions
Here comes the first real alternative to iPhone and Android (Quartz) If you talk to enough people at the Finnish mobile startup Jolla, at some point it occurs to you that the company it most resembles is Apple. Not the Apple of today, which is basically a half-trillion-dollar supply chain with a design appendage, but Apple back when it was Steve Jobs obsessing over the creation of the Macintosh, which was radical in its focus on the user. In demos, at least, Jolla's decidedly different new mobile operating system (OS), called Sailfish, looks that good
Spirent Puts SCinet Multi-100G Network to the Test (HPC Wire) Spirent Communications, a leader in network, services and devices testing, today announced that SCinet, a powerful network that provided nearly 800 Gigabits per second (Gbps) of capacity for the SC12 conference, used Spirent's high-speed Ethernet solutions to test the performance of its wide area network infrastructure. Spirent also played a key role in the Ethernet Alliance's live interoperability demonstration of high-speed Ethernet switches for high performance computing and data center environments
AVG releases Safe Browser for iOS, updates AntiVirus for Android (Help Net Security) AVG updated its AntiVirus for Android and launched the new AVG Safe Browser for iOS. The main eye catcher in AVG AntiVirus for Android version 3.0.2 is the new user interface. Based on extensive us
Metaforic releases software protection technology (Help Net Security) Metaforic unveiled several new technology advancements that make it easier for software creators to protect a wide range of software (mobile, embedded, desktop, server) against hacking and subversion
Nmap 6.25 released (Help Net Security) Nmap is a free and open source utility for network exploration or security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services
Technologies, Techniques, and Standards
IAM: The Reason Why OWASP Top 10 Doesn't Change (Dark Reading) OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney? Some years ago, Chris Hoff asked why the OWASP Top 10 doesn't change? Yes, Appsec feels like Groundhog Day, but it's not because the people at OWASP are sitting on their hands. The OWASP Top 10 catalogs the top Web vulnerabilities that all applications face, and it's reviewed and updated on a regular basis but Hoff is right: it mostly does not change
Finding Vulnerabilities By Attacking Your Own Environment (Dark Reading) Penetration testing can be essential in exposing your organization's security weaknesses -- and you don't always need to hire an outside firm to do it
Collecting Logs from Security Devices at Home (Internet Storm Center) You have probably considered logging the data from your home security devices and often the most difficult question is, where do I start? I included a list of loggers that can be used to collect security data from home devices. One that I have always found interesting is the gateway ISP router because it collects various types of logs including firewall logs (i.e. iptables). Some of these loggers require more work to setup (i.e. Linux rsyslog) while other are much simpler (i.e. Windows Syslog Server) and start collecting logs right away from your network. For example, the Syslog Server from Sourceforge is a free Windows syslog server that can setup in minutes and can easily collects the logs from a home based router. It has a few features where you can view the events by host, severity (as per picture) and facility and can send an email when a threshold value has been reached
Forensic analytics not security silver bullet (ZDNet) Forensic analytics cannot completely eradicate security issues but can help companies better understand their security risks, which is key to a comprehensive security strategy. The volatile nature of security attacks does not mean forensic analytics are ineffective since studying past incidents can help companies better understand risks and be prepared in any kind of breach. Forensic analytics generally entail looking back at past incidents to determine what went wrong, the damage incurred, and who was responsible for the attack
Dovell's Three Laws of Computers - Network Access Authentication is essential to the Laws of Computers (Access-Smart) The concept of mechanical devices that will do manual and menial labor can be traced back to Ancient Greece. Whether its an automaton by Hephaestus or Hondas Asimo robot, they all have something in common, a human-written program that controls the machines behaviors and actions. In a 1942 short story Runaround, Isaac Asimov first introduced the Three Laws of Robotics that is accepted as gospel among roboticists
Guidelines for Mobile Computing (Midsize Insider) Mobile devices have changed the way midsize businesses work. Recently, the Cloud Security Alliance (CSA) made this clear when it released a report called "Security Guidance for Critical Areas of Mobile Computing," which details security insights for critical areas of mobile. An article, recently featured in the Cloud Times, features the report, which also assesses main threats that exist today
U.S. Military Train In Cyber-City To Prepare For Hack Defense (RTT News) A cyber city, developed by the Sans Institute and measuring 6 feet by 8 feet, has been built in New Jersey to train U.S. government "cyber warriors" to fend off threats to the nation's electronic infrastructure. The mock town is complete with a bank
Research and Development
DARPA's program to reveal backdoors, hidden malicious functionality in commercial IT devices (Homeland Security Newswire) The scenario is one that information security experts dread: widespread dissemination of commercial technology which is secretly wired to function in unintended ways or even spy on its users. From this vantage point, mobile phones, network routers, computer work stations, and any other device hooked up to a network can provide a point of entry for an adversary. For the Department of Defense this issue is even more of a concern now than ever before as DoD personnel rely on equipment bought in large quantities and built with components manufactured all over the world
Improving cyber attack detection through computer modeling (Phys.Org) In their Human Factors article, "Cyber Situation Awareness: Modeling Detection of Cyber Attacks With Instance-Based Learning Theory
Legislation, Policy, and Regulation
Internet Hangs in Balance as World Governments Meet in Secret (Wired Threat Level) There's a lot of sky-is-falling doomsday predictions about the World Conference on International Telecommunications, which opens Monday in Dubai with some 190-plus nations discussing the global internet's future
UN internet regulation treaty talks begin in Dubai (BBC) A UN agency is trying to calm fears that the internet could be damaged by a conference it is hosting. Government regulators from 193 countries are in Dubai to revise a wide-ranging communications treaty. Google has warned the event threatened the "open internet", while the EU said the current system worked, adding: "If it ain't broke, don't fix it."But the agency said action was needed to ensure investment in infrastructure to help more people access the net."The brutal truth is that the internet remains largely [the] rich world's privilege, " said Dr Hamadoun Toure, secretary-general of the UN's International Telecommunications Union, ahead of the meeting
Australia fights net rules as threat to free speech (Sydney Morning Herald) Communications Minister Stephen Conroy arrives in Dubai on Monday to lobby against proposed changes to internet regulation that web giants such as Google warn "could permit governments to censor legitimate speech or even cut off internet access altogether". From December 3-14 representatives of 193 governments and other telecommunications stakeholders will gather in Dubai for the World Conference on International Telecommunications (WCIT) to update global telecom rules. Last updated 24 years ago in Melbourne, the treaty sets out regulations on how international voice, data and video traffic is handled
Commission sidelined from critical IT summit in Dubai (EurActiv) EU member states yesterday (29 November) elbowed the European Commission out of a representative role when 193 governments gather next week in Dubai for key treaty negotiations affecting the telecoms and internet industry. Instead, EU member states' representatives at the EU Council of Ministers agreed a joint position for them to approve individually at the World Conference on International Telecommunications (WCIT), taking place on 3-14 December in Dubai. The development will increase doubts about how some of the key decisions will fall at the critical conference as the EU's common interest - which the European Commission is supposed to embody - will effectively not be represented
Rewriting the Constitution on Facebook (IEEE Spectrum) The Icelandic Constitutional Assembly relied on social media in drafting a new constitution
Are You The Next Bradley Manning? (Federal Times) The White Houses long-awaited insider threat policy, announced two weeks ago, is likely to usher in some noticeable and not-so-noticeable changes at many federal workplaces: Most employees workplace activities will be monitored, by both colleagues and technology. In many cases, thats already happening
Saudi- Kingdom's digital future plan outlined at security summit (MENAFN.COM) Cyber security is no longer just about tools, but requires an integrated global approach," explained Carl Williamson, executive director of cyber strategy at Northrop Grumman Corporation. Williamson was leading a panel discussion on the challenge of
Security experts debate moving critical infrastructure online (Help Net Security) Paul Simmonds, Co-Founder of The Jericho Forum, has suggested that companies attempting to reduce costs by moving critical systems online could be opening themselves up to cyber attacks
The Pentagon is tweaking the cyber capabilities it wants from the services (Foreign Policy) In a move that may increase funding and organizational reshuffling of the U.S. military's cyber forces, the Joint Chiefs of Staff and the Office of the Secretary of Defense are set to tell the U.S. armed services what roles they are expected to fulfill in supporting cyber operations in the coming decade. In April, U.S. Cyber Command gave each of the armed services a list of cyber capabilities that it needed them to develop to conduct operations around the world. Now, Pentagon's brass are updating that list to account for cyber challenges that may emerge later in the decade
Ukraine Approves Biometric IDs (Dark Reading) IDs will comply with the standards recommended by the International Civil Aviation Organization
Litigation, Investigation, and Law Enforcement
Sharp increase in authorities accessing private data (Sydney Morning Herald) Australian law enforcement and government agencies have sharply increased their access without warrant to vast quantities of private telephone and internet data, prompting new calls for tighter controls on surveillance powers. Government agencies accessed private telecommunications data and internet logs more than 300,000 times during criminal and revenue investigations in 2011-12, a 20 per cent increase on the level of surveillance activity in the year before. Figures from the federal Attorney-Generals Department show that on average, these agencies obtained private data from telecommunications and internet service providers 5800 times every week
NASA employees demand probe of data security (Sydney Morning Herald) Workers at NASA's Jet Propulsion Laboratory (JPL) are demanding US Congress investigate the space agency's actions following the theft of a laptop computer containing personal information for up to 10,000 employees. The incident is just the latest in a series of NASA disputes involving employee background checks. The laptop was stolen from an employee's locked vehicle in Washington, D.C., on October 31
NSA embarrassment: spy agency censors their own talking points in FOIA response (RT) The US National Security Agency has responded to a Freedom of Information Act request for recent talking points from the spy agency's public affairs office, but unsurprisingly even those memos meant for the media have been heavily redacted
Third Time's Not the Charm When Asking about Warrantless Wiretapping (American Civil Liberties Union News and Information) Wyden then asked the Inspectors General for the National Security Agency (NSA) and the Intelligence Community to "determine the feasibility of estimating" the number. The NSA IG - the watchdog whose mission is to "ensure that the Agency respects
Army's Own Data Mining System Fails Test (Washington Times) The Pentagon's top weapons tester has given a failing grade to the Army's premier battlefield intelligence processor, which troops in Afghanistan have criticized as being too slow and unreliable in sifting data to find the enemy.
Palantir, assorted hands and nearby cookie jars (SDTimes.com) This is also about the time the Army's Deputy Chief Staff of Intelligence began its own investigation of the Palantir system
Report clears Army brass evaluating battlefield data processor (Washington Times) An in-house Army investigation into why its own independent test report on a battlefield intelligence system was ordered to be destroyed and a new one written has cleared officials of any wrongdoing. The investigation by Lt. Gen. William Grisoli, who directs the Army Office of Business Transformation, focused on the unusual decision last spring to destroy a final test report on Palantir, a non-Army computer processor growing in popularity among troops in Afghanistan in finding roadside bombs
No Spy Software Scandal Here, Army Claims (Wired) With its slick interface and its ability to find hidden relationships, Palantir has attracted a cult of fanboys in the military and intelligence communities
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
tmforum Management World Americas (Orlando, Florida, USA, Dec 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive Roundtables, this year's new interactive conference covers the most critical challenges facing digital business today across five Forums.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.