The CyberWire Daily Briefing for 12.6.2012
"Parastoo's" recent attacks on the International Atomic Energy Agency looks more like an Iranian government operation than pure hacktivism. Actual hacktivists, however, stay busy: DARWINARE (prominent in OpIsrael) compromises a Michigan State University database and Anonymous chatter indicates a forthcoming attack on the International Telecommunications Union.
Swiss intelligence services catch one of their own leaking sensitive US and British intelligence data. Visitors to Trading Forex risk infection by a malicious Java applet. Gameover Zeus is spreading via the Cutwail botnet. Insurance companies Nationwide and Allied suffer major data breaches affecting more than a million users.
People answering the phone are still too trusting. Fake "tech support" calls remain effective, and the Duchess of Cambridge's pregnancy was revealed by social engineering. (Her hospital spilled to Australian shock jocks pretending to be Queen Elizabeth.)
Booz Allen predicts the top financial cyber trends for 2013. More BYOD and burgeoning Android malware combine into a serious problem for businesses.
US agencies are told to prepare for budget sequestration. SRA buys MorganFranklin's national security business and Emulex makes an offer for Endace. Citigroup announces 11,000 layoffs, many of them technology workers. The Daily Record publishes a guide for cyber security entrepreneurs, focused on Maryland but of interest to the industry as a whole.
US Customs and Border Protection says software legally originates where it was converted to object code. The US Congress, German and Canadian governments, Google, Mozilla, Facebook, and many others find themselves agreeing with Anonymous that the ITU's proposed Internet regime is problematic.
Notes.
Today's issue includes events affecting Australia, Belize, Canada, European Union, Germany, Guatemala, Iran, Israel, Italy, Kyrgyzstan, Netherlands, New Zealand, Russia, Saudi Arabia, Spain, Switzerland, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
U.S. Cyberwar escalates (Daily Beast) Amateur hackers or Iranian pros? Clues suggest the most recent cyber-attack on the International Atomic Energy Agency may be more than a prank. The latest hack against the computer servers of the International Atomic Energy Agency (IAEA)
Michigan State University Hacked (eSecurity Planet) Hacker DARWINARE recently published approximately 1,500 names, e-mail addresses, encrypted passwords, user IDs and mailing addresses stolen from Michigan State University."The hack was announced by the hacker on the Twitter with a link to [an] AnonPaste [page]," writes E Hacking News' Sabari Selvan. "According to the hacker's statement, he…extracted the database by [a] MySQL Oracle Database Backdoor.""@Darwinare has been leaking [the databases] of many high profile companies and universities, including the database of [the] University of Colorado," HackRead reports. "The hacker also played a vital role during #OpIsrael"
Anonymous said to be planning cyberattack on ITU site (CSO) Discussions in chat rooms used by Anonymous indicate members will attack the International Telecommunications Union's site on Dec. 8
Swiss spy agency warns U.S., Britain about huge data leak (Reuters) Intelligence agencies in the United States and Britain are among those who were warned by Swiss authorities that their data could have been put in jeopardy, said one of the sources, who asked for anonymity when discussing sensitive information. Swiss authorities arrested the technician suspected in the data theft last summer amid signs he was acting suspiciously. He later was released from prison while a criminal investigation by the office of Switzerland's Federal Attorney General continues, according to two sources familiar with the case
Spoofed RapidFax alert carries hard-to-detect Trojan (Help Net Security) Malicious email alerts purportedly being sent by RapidFax, a service that allows users to send faxes online without the need for a fax machine, have been hitting inboxes in the last few days
FOREX Web Site Pushes Malware (eSecurity Planet) Websense researchers recently found that the Web site Trading Forex, at tradingforex. com, has been injected with a malicious Java applet designed to install malware on visitors' systems."The company has raised the prospect that such an attack may constitute a shift in the way some cyber criminals work, suggesting they may now be looking to attack easier targets with online systems and less mature security systems, compared to banks and stock exchanges," writes IT PRO's Jane McCallion."The Java applet planted on the website attempts to install a malicious executable written in Visual Basic. Net and requires
Gameover Zeus Variant Sends Malicious Email Via Cutwail Botnet (Threatpost) The crew responsible for operating the Gameover variant of the infamous Zeus banking trojan is soliciting the enormous Cutwail botnet's spamming capacity as an engine to fire off millions of malicious emails that seemingly originate from a number of recognizable U.S. banks
Zeus Botnet Eurograbber Steals $47 Million (InformaitonWeek) Sophisticated, targeted attack campaign enabled criminals to steal an estimated $47 million from more than 30,000 corporate and private banking customers
Nationwide, Allied Insurance Breach Hits 1.1 Million Users (Threatpost) An estimated 1.1 million consumers are at risk of identity theft after theives broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes. The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but it waited to inform consumers directly. Earlier news accounts offered some hints at the scope of the breach, including some 30,000 victims in Florida and Ohio and 90,000 in Iowa
Hackers Hit Ex-Military Head (Wall Street Journal) Federal Bureau of Investigation is pursuing foreign hackers who targeted the computers of retired Adm. Mike Mullen, the former chairman of the Joint Chiefs of Staff, in the latest example of what current and former officials call a pattern of attacks on computers of former high-ranking U.S. officials
Lost mobile device impacts 1,800 home infusion patients (Clinical-Innovation) The loss of an unencrypted handheld Palm device in the Continuum Home Infusion unit of the University of Virginia Medical Center has resulted in a data breach of protected health information. More than 1,800 patients or potential patients were affected. The device had information on patients who received home infusion services during September or who were referred to Continuum for services from August 2007 through September 2012
Abuse of .EU domains by malware gangs continues despite Registrar notification (Naked Security) What do you do when attackers are abusing legitimate domain Registration services? How do you stop or at least disrupt the malicious attacks? Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results
Users Advised to Disable Smart Card for Protection Against Shylock Malware (Softpedia) According to researchers from F-Secure, there's a clever way to protect yourself against the Shakespearian malware known as Shylock. By disabling the Smart Card service from the operating system's control panel, you can ensure that the threat doesn't infect your computer
WCSU Admits Major Security Lapse (eSecurity Planet) Western Connecticut State University recently began notifying students and their families that their personal information, including their Social Security numbers, may have been exposed due to an unidentified "computer system vulnerability." The university says it has no evidence at this point that the records were ever accessed inappropriately. The vulnerability, which existed from April 2009 to September 2012, affects 233,880 people whose records had been collected beginning in 1999, including students, their families, and others, including high school students whose SAT scores had been purchased in lists
Fake tech support calls - revisited (Internet Storm Center) Back when this scam started to become "popular", the caller usually claimed to be from Microsoft or any other large well known techie company, and tried to talk the person answering into running some commands or programs on the PC "in order to fix a critical problem". But the latest twist of this scam seems to get more targeted: We have had two reports of fake tech support calls where the caller claimed to be representing the firm to which the called company had in fact outsourced its IT Support
'G'day, the Queen speaking' - socially engineering the Duchess of Cambridge's hospital (Naked Security) Pranksters at a Sydney radio station called the Duchess of Cambridge's hospital in London, pretending to be Her Majesty the Queen and Prince Charles. To their astonishment, their social engineering succeeded. How would your organisation fare
Cyber Trends
Small Medical Offices Biggest Risk to Patient Data Security, Privacy (Threatpost) Small physician practices, much like their small commercial business counterparts, have been the primary source of health care related data breaches, according to an analysis of breaches from 2009 to October 2012 released today by the Health Information Trust Alliance (HITRUST)
Know Thy Attackers (Bank Info Security) Why Information Sharing is Key to Security. Everyone is coming out with year-end predictions, but here's a list that caught my attention. Booz Allen Hamilton issued a list of the top 10 cyberthreat trends for financial services in 2013
Trusteer: More Chrome, 64-bit Windows Malware to Come in 2013 (Threatpost) Tis the season for predictions and security firm Trusteer checks in today with a handful for the upcoming New Year. In a post on the company's blog, CTO Amit Klein distills Trusteer's top ideas into an infographic,. The company predicts the security landscape will see more exploits, specifically Man-in-the-Browser malware, targeting Google's Chrome browser, the further emergence of native 64-bit Windows malware and what the firm claims will be a more drawn out malware lifecycle
Android malware can place a company's 'future at risk', report warns (Fierce Mobile IT) In the U.S. market, malware threats against Google's (NASDAQ: GOOG) Android smartphones are exceeding threats against PCs, the traditional targets of hackers, according to Sophos' Security Threat Report 2013
Mobile security concerns soar among IT managers (Fierce Mobile IT) Security concerns about mobile devices in the enterprise have soared among IT managers over the last three years, according to an annual endpoint security survey of IT managers conducted by the Ponemon Institute and security firm Lumension
BYOD security concerns are mounting (Fierce Mobile IT) As can be seen in two of the stories in today's newsletter, security concerns about BYOD are mounting as attacks against popular devices, such as Android, also mount. According to a survey by the Ponemon Institute, close to one-quarter of IT managers see mobile devices as a rising security threat to the enterprise. And security firm Sophos is warning about the explosive growth of malware targeting Android devices
Infonetics: Ethernet microwave gear market sees 5 percent growth in third quarter (Fierce Mobile IT) The market for Ethernet microwave gear grew 5 percent in the third quarter of 2012 compared with the same quarter in 2011, and is expected to increase at a 38 percent compound annual growth rate, according to Infonetics Research
10 hard truths IT must learn to accept (IT World) Unsanctioned devices, compromised networks, downtime -- today's IT is all about embracing imperfections
Mobile traffic jams set to continue as users soar (Sydney Morning Herald) You're at a major sporting or music event, or at a train station during peak hour, and try to post about it on Facebook but it fails. Welcome to the 21st century, where 30. 2 million mobile voice and data services operate in Australia according to a new report by the communications regulator and mobile networks struggle to keep up
Death by software? (CSO) A Cyber Attack Results in a Human Death: WatchGuard hopes it is wrong in this prediction. But with more computing devices embedded in cars, phones, TVs and even medical devices, digitally dealt death is not only possible, it's plausible
Marketplace
Agencies Are Advised To Prepare For Cuts (New York Times) The White House sent a notice to federal agencies this week telling them to prepare for the possibility of deep automatic spending cuts at the end of the year, but President Obamas spokesman said he remained confident he can reach a deal with Congress to avoid that
Defense Department Prepares Plans for Sequestration (American Forces Press Service) The Defense Department has received guidance from the Office of Management and Budget and is now planning for sequestration, Pentagon Press Secretary George Little said today. Speaking during a press availability, Little stressed the department still hopes Congress will be able to avoid sequestration that would take effect Jan. 2, 2013
Federal Contract Spending Falls 4% (Washington Post) The Defense Department accounted for slightly more than half of the reduction in contract spending for 2012, trimming about $13 billion compared with the previous year. All other agencies cut about $11 billion combined. Jennings said a decrease in war spending probably helped the Defense Department's numbers
Better Spies, Not More (Los Angeles Times) The Defense Intelligence Agency is planning to dramatically expand the ranks of its covert "collectors" -- a.k.a. case officers or, more popularly, spies. It has 500 or so and hopes to double that number
Foes Find Common Ground In Attacking Defense Department Workforce Cuts (Washington Post) A Defense Department funding bill has made bedfellows of two groups more likely to be found in opposite corners - federal labor and federal contractors
IRS modernization effort leaves IRS IT vulnerable, says TIGTA (Fierce Government IT) The Internal Revenue Service's IT modernization efforts have left vulnerabilities in place that can expose taxpayer information, says the Treasury Inspector General for Tax Administration
TAPE, ARINC, MC Dean Teaming for Navy C5ISR Services IDIQ (Govconwire) TAPE LLC, ARINC and M.C. Dean are partnering to provide the U.S. Navy support services for the branch's C5ISR missions (command, control, communications, computers, combat systems, intelligence, surveillance and reconnaissance). TAPE said it won a position on a potential $98.7 million contract and the team will compete for task orders to support missions within cyber
SRA to Buy MorganFranklin's Natl Security Business (Govconwire) SRA International has agreed to acquire MorganFranklin's national security business in an effort to grow its defense, national security and health portfolios. SRA did not disclose terms of the deal and said the company expects to close the transaction by December. Approximately 180 MorganFranklin employees, many of whom are based at client sites in the
CACI Forms New Federal Civilian and Business Systems Solutions Business Groups to Pursue Strategic Growth Opportunities (4-Traders) Company Taps CACI Veterans Rick Dansey and Valerie Lyons as Leaders. CACI International Inc (NYSE:CACI) today announced the next step in its growth strategy to pursue opportunities in its $72 billion Federal Civilian and $8 billion Business Systems markets by forming business groups dedicated to these markets, effective January 1, 2013
Endace gets takeover approach; kiwi gains (Yahoo Business Desk) Emulex, the NYSE-listed data storage maker, offered to buy Endace, at a 69 percent premium to its last trading price, winning over the target company's independent directors. A subsidiary of Emulex, El Dorado Research Venture, plans to offer 5 pounds a share cash for Endace, the New Zealand-based, London Stock Exchange listed company that commercialised cyber-security research done by Waikato University. The offer values Endace at 80.7 million pounds
EMC, VMware Team To Woo Cloud Developers (InformationWeek) Can Pivotal Initiative partnership successfully merge scattered open source code with proprietary code for next-gen cloud apps
Former GTSI CEO Sterling Phillips Joins USIS as Chief Executive, President (Govconwire) Altegrity has appointed former GTSI CEO Sterling Phillips to serve as chief executive and president for its US Investigations Services subsidiary, effective Jan. 1, 2013. USIS said Phillips will report to Altegrity CEO Sharon Rowlands and hold overall responsibility for USIS' investigative services division and global security solutions division, comprised of nearly 6,000 employees worldwide
Operations and technology to bear the brunt of brutal Citi rationalisation plan (Finextra) Citigroup is to slash four per cent of its global workforce, eliminating 11,000 jobs in a bid to save more than $1. 1 billion in operating expenses. The drastic cutbacks were announced by incoming CEO Micahel Corbat, who took over from ousted chief Vikram Pandit in October.
85% of top IT executives consider abandoning Oracle's pricey contracts (Quartz) Oracle is a $156 billion corporate IT company with a big problem on its hands: in a recent survey of senior information-technology executives in charge of IT budgets greater than $50 million, 85% are trying to figure out how to get out of expensive license agreements with Oracle, reports the Register
If tech is so important, why are IT wages flat? (IT World) Despite information technology's ever increasing role in the economy, IT wages remain persistently flat. This may be tech's inconvenient truth.
Endgame Appoints New CEO (Dark Reading) Nathaniel Fick was most recently CEO of the Center for a New American Security (CNAS). Endgame, a provider of cybersecurity solutions that meet the most demanding challenges of the US Government's defense and intelligence organizations, today announced the appointment of Nathaniel Fick as Chief Executive Officer
Apple to Invest in Manufacturing Macs in US: CEO Cook (Businessweek) Apple Inc. (AAPL) plans to spend more than $100 million next year on building Mac computers in the U.S., shifting a small portion of manufacturing away from China, the country that has handled assembly of its products for years
Cybersecurity in Maryland (The Daily Record) A cottage industry is springing up to help cybersecurity entrepreneurs navigate the tricky waters of commerce in a culture that prizes stealth and secrecy
Products, Services, and Solutions
Wave Systems Introduces Scrambls For Enterprise; Technology Protects Data Posted On Social Networks (Dark Reading) Scrambls protects data that is often overlooked in corporate security initiatives
Mocana Rolls Out New Capabilities For Mobile App Protection (Dark Reading) Latest release of Mocana MAP introduces a host of new app-wrapping security policies
FireMon updates Security Manager platform (Help Net Security) FireMon announced an update to the Security Manager platform that provides more visibility and insight into the behavior of traffic on the network, and expanded analysis/reporting through a Web-based
Damballa Failsafe 5.1 Delivers Industry's First 'Breach Confirmation' and 'Instant Replay' Capabilities (BusinessWire) Advanced Threat Protection Inventions Reduce the Workload of Incident Response Teams While Vastly Improving Time-to-Remediation. Damballa Inc., the recognized experts in advanced threat protection, today unveiled Damballa Failsafe 5.1, the most advanced cyber threat solution for corporate networks. Damballa Failsafe 5.1 includes features that reduce the workload of over-tasked incident response teams, while vastly improving the time it takes to confirm and remediate a breach.
Kevin Systrom: Instagram Will Exist Independent Of Facebook For A Long Time To Come (TechCrunch) Today Twitter and mobile photo-sharing app Instagram took one step apart from each other, but this isn't necessarily a sign that Instagram is stepping further into the arms of its new owner, Facebook
Kevin Systrom: Facebook Is Still Trying To Figure Out How To Best Create Value Out Of The Instagram Acquisition (TechCrunch) Instagram co-founder and CEO Kevin Systrom sat down with CrunchFund's MG Siegler at LeWeb Paris 2012 today to discuss the company's status after its acquisition by Facebook. According to Systrom, the deal allowed Instagram to focus more on developing the app and grow faster. At the same time, though, he also acknowledged that Facebook is still trying to figure out how to really create value out of
The Internet Giveth, And Taketh Away: Sometimes, Business Decisions Are Bad For Users (TechCrunch) Just when you thought everything on the Internet was shiny and happy, things like today's Instagram decision to pull support for Twitter cards happens. Instagram Co-Founder said at Le Web that it was purely a business decision and that the company feels like people should be able to see photos in their full glory...on Instagram's (updated) site, with profiles. That's cool, because well, it's
Red Hat releases new Enterprise Linux beta (IT World) Red Hat has released Enterprise Linux 6.4, a beta that deploys a number of new features, many of which are focused on interoperability with the Microsoft ecosystem
Android, Windows tablets gain on iPad, says IDC (Fierce Mobile IT) Android and Windows-based tablets are expected to gain market share on market leader iPad this year, according to the latest estimates by IDC
RIM pushes to have 70,000 apps available for BlackBerry 10's launch (Fierce Mobile IT) A key to the success of BlackBerry 10 will be the availability of consumer and enterprise apps when the smartphone hits the market on Jan. 30
RIM's BlackBerry 10 To Block Certain Passwords (InformationWeek) A file uncovered in early builds of BlackBerry 10 shows a list of 106 passwords that won't be allowed on RIM's new devices
Technologies, Techniques, and Standards
Don't Bring Cybercrime Home For The Holidays (Dark Reading) Here are a few strategies for keeping the cyber-grinches out
5 Steps For Good Database Hygiene (Dark Reading) Reduce risk to data through these database and web app good 'grooming' habits. Some of the most important ways to reduce risk boil down to the fundamentals of security. Keep systems well patched, prevent data from spreading around, make sure systems are properly segmented and watch where you store valuable log-in data. Much like flossing, these good habits require day-to-day maintenance that will reap long-term benefits. Here are what the experts say about the kinds of actions necessary to keep up on good database hygiene
Attack Intelligence-Sharing Goes 'Wire-Speed' (Dark Reading) And the project has some heavy-duty players behind it: The U.S. Department of Homeland Security (DHS), U.S. Computer Emergency Readiness Team (US-CERT), National Institute of Standards and Technology (NIST), Financial Services Information
Cloud Security Alliance Lays Out Mobile Device Guidance (Virtualization Review) The Cloud Security Alliance (CSA) recently released an assessment and threat report on the state of mobile computing. Titled "Security Guidance for Critical Areas of Mobile Computing," the 60-page document created by more than 60 participating CSA
NIST: No uniform approach to identity management (Fierce Government IT) Identity management is a major cybersecurity consideration for agencies but there is no standard approach to federated identity management, according to the National Institute of Standards and Technolog
Design and Innovation
Founder's Story: Hearsay Social's Steve Garrity On How To Build A Strong Engineering Culture (TechCrunch) Earlier this week, I sat down with Steve Garrity, co-founder and CTO of Hearsay Social. Steve shares his thoughts and learning from managing an engineer-driven company that expanded from zero to one hundred in three years
Innovative CIOs show how to make money with IT (IT World) A select few CIOs are generating cold hard cash through innovation and collaboration. We rounded up examples of CIOs who generate revenue with IT, either by boosting sales or developing a product or service sold externally
Life really is a game--with a lot of clicks--and then you die (Quartz) A mindless game called Curiosity, the brainchild of the former creative director of Microsoft Game Studios Peter Molyneux, debuted early last month. This is a free app for iOS and Android users to deconstruct a giant cube that holds an even bigger secret, only to be revealed to the first person to reach the center. And to get there, you just tap on your screen. It's been exactly a month since launch, and we're still tapping. And tapping. Nobody knows what this prize is
Research and Development
Death by Algorithm: West Point Code Shows Which Terrorists Should Disappear First (Wired Danger Room) Paulo Shakarian has an algorithm that might one day help dismantle al-Qaida — or at least one of its lesser affiliates
CyberCop system, a Russian project against cybercrime (SecurityAffairs) This time I desire to speak about an interesting initiative of Group-IB company, a resident of the Moscow-based Skolkovo Foundation, that has received a grant in the amount of 30m rubles (approximately $966,000) for the development of a global counter-cybercrime system. The funds is co-financed by the Skolkovo Foundation which has provided 21m rubles ($676,000), and LETA Group also the Group-IBs controlling company. Im following the company since the pubblication of an interesting report on cybercrime activities conduced by the Russian mafia and other criminal organizations, the numbers are impressive, the figures are doubled in 2011
Academia
Auburn University unveils new cyber security facility (oanow) From protecting residents from the latest online phishing scams to safeguarding the nations security online, these guys have got you covered. Auburn University officially opened the doors to its Cyber and Security Center at the Auburn Regional Airport Wednesday, tapping retired Lt. Gen. Ronald Burgess to lead the universitys cyber initiative. I cant tell everybody how excited I am to be here, said Burgess, former director of the U.S. Defense Intelligence Agency and AU alumnus, as he addressed an audience that filled the Cyber Centers open source intelligence lab
Stanford names 2012 engineering heroes (EE Times) Stanford University has released its annual list of engineering heroes, with 2012's picks including both Yahoo founders, a former U.S. secretary of defense, an earthquake engineering pioneer and the inventor of cryptography. The seven, chosen from
Legislation, Policy, and Regulation
Software comes from the place where it's converted into object code, says CBP (Fierce Government IT) A software application's country of origin for purposes of government procurement depends on the location where the software build occurs and not on where the source code was written, Customs and Border Protection says in an advisory ruling issued earlier this year. CBP cites a landmark 1982 court case in which U.S. Court of International Trade ruled that the country of origin of a programmable read-only memory chip depends on where it is programmed and not on where the chip itself is made
Kyrgyz discuss cyber-security (Central Asia Online) Kyrgyz officials December 4-5 discussed their countrys efforts to fight cyber-terrorism at a conference sponsored by the OSCE and the NGO Civil Initiative on Internet Policy (CIIP). Kyrgyzstan doesnt have any cyber-security specialists, CIIP IT co-ordinator Artem Goryaynov said. "We need to apply a single state standard for protecting the confidential data of all government agencies and create an agency responsible for cyber-security."The Interior Ministry (MVD) has been fighting online terrorism and extremism for two years, MVD representative Rustam Aibashev said
Companies not investing enough on cyber-security: Ottawa (Montreal Gazette) Canadian companies may be skimping on IT security, leaving themselves and Canadians vulnerable to attacks from hackers, newly released records suggest. The documents from Public Safety Canada show that the scale of cyber-security threats is significant and many companies dont invest the required money or time in good IT security. How to solve this problem is something the Harper government has been investigating, according to records released to Postmedia News under access to information laws
EU privacy watchdog expects no immediate change in data protection standoff with US (CSO) One way to reconcile US rules with EU privacy laws would be to take things sector by sector, the EU data protection supervisor suggested
The Dutch, the Yanks, the Cloud and YOU (Security Bistro) Recently a research project by the Amsterdam University [PDF Alert] revealed that US law allows for the US government to access information stored in the Cloud, by (ab)using the PATRIOT act. Multiple Dutch politicians have started asking questions from state secretary Teeven of the Justice Department as to whether he knew about this before the research project, and whether he did anything to prevent this or to warn Dutch citizens about this potential breach of privacy. He has since sent in an official answer
Physical and Cyber Infrastructure Protection Working Together (FederalNewsRadio.com) Jane, the NPPD leads the Department of Homeland Security's mission to enhance the protection and resilience of our nation's critical infrastructure - you know, the energy, transportation, communications, water, financial services - those things which
Australian privacy commissioner calls for mandatory data breach notification (Computer World) The Australian privacy commissioner and a consumer group supported mandatory data breach notifications, in comments submitted today to the Attorney General. Last week, the Australian Parliament passed a bill containing several amendments to privacy law. Among other things, the law gives Privacy Commissioner Timothy Pilgrim more powers, including the right to seek civil penalties for serious privacy breaches
Right to be forgotten should be limited, says European Parliament vice president (Fierce Government IT) A section in a draft European Union data protection proposal guaranteeing the right of individuals to selectively prevent personal data from being propagated has little support as it's currently written, said Alexander Alvaro, the German vice president of the European Parliament
Issa open source language comes under criticism (Fierce Government IT) Draft legislation proposed by Rep. Darrell Issa (R-Calif.) to overhaul federal information technology has drawn opposition for its section on open source software adoption
Congress declares opposition to UN takeover of the Internet (Ars Technica) House votes 397-0 against, even though UN lacks power for unilateral changes
ITU's DPI standard leaks after email SNAFU (Register) Updated - vote approves DPI standard A moment of inattention has allowed the ITU's proposed deep packet inspection (DPI) standard to escape. The slip-up happened when an Australian CryptoParty activist Asher Wolf put out a public call on Twitter asking
US fails to shield Google, Facebook from ITU process (Ars Technica) Debate over the future of 'Net governance pits US against authoritarian regimes
Google, Mozilla Warn Of Threats To Internet Freedom (InformationWeek) The International Telecommunications Union's effort to update a telecom treaty could hinder Internet freedom, the two companies claim
Former hacker 'Dark Tangent' issues warning over new internet rules (The National) Rules to dictate the future of the internet being drawn up in Dubai will be technically impossible to implement, the world's authority on Web addresses has warned
The UN's ITU and the Internet: A Cautionary Tale (PJ Media) As the United Nations heads deeper into its Internet grab, a.k.a its 11-day telecom treaty conference, in Dubai, things aren't going so well for America and the friends of freedom. The Hill reports that "A joint proposal from the United States and Canada aimed at keeping Internet regulations out of a global telecommunications treaty failed to secure early approval from other countries on Tuesday" -- though talks may continue along these lines
Litigation, Investigation, and Law Enforcement
No warrant, no problem: How the government can still get your digital data (Ars Techica) And you may never find out about it
Huawei rejects U.S. threat to national security claims (Homeland Security Newswire) In October the United States House Intelligence Committeeissued a report warning U.S. companies against using two Chinese companies, Huawei and ZTE, for their telecommunication technology needs. The report implied that the firms may be too close to Chinas Communist Party and its military. The report also suggested their products and services could pose a threat to the security of the United States
Is It Legal For The Military To Patrol American Networks? (ForeignPolicy.com) Posse Comitatus meets the 21st century
Online marketer tapped browser flaw to see if visitors were pregnant (Ars Technica) Ad network served banners on 45,000 websites; now settles federal charges
FTC Settles With Ad Network Over Browser History Sniffing (Threatpost) The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company's practice of sniffing users' browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from performing history sniffing and requires the company to destroy all of the data it's collected from consumers up to this point through history sniffing
South Carolina Inspector General: Centralize Security (Healthcare Infomation Security) As a result of a breach of the state's tax IT system that exposed Social Security numbers and other personal information of nearly 4 million people, South Carolina's inspector general calls for the state to centralize the way it governs information security. The existing approach creates a statewide IT security posture that's inadequate, Inspector General Patrick Malley writes in the 18-page interim report issued Dec. 3. The report points out that no state entity has the authority or responsibility to provide IT security standards, policy and oversight statewide
Software Giant John McAfee Arrested in Guatemala (Fox News) Guatemalan police arrested software company founder John McAfee Wednesday for entering the country illegally, ending a bizarre journey and search for the anti-virus guru by authorities in Belize
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.