The CyberWire Daily Briefing for 12.13.2012
Four of the five US banks threatened by the Izz ad-Din al-Qassam Cyber Fighters experienced minor disruptions, but on the whole the promised offensive has so far proved a fizzle.
A familiar Windows scam migrates to Macs in the form of VKMusic 4 for Mac, an SMS fraud Trojan. Older versions of Joomla and WordPress are hit by IFrame injection attacks.
In California, Medi-Cal admits it inadvertently posted 14,000 Social Security numbers online last month. Darwinare, the still-at-large hacker who broke into the Australian Defence Force Academy with an SQL injection attack, is back online piously boasting of how shockingly easy his caper was.
Two criminal economy developments are worth noting. "Project Blitzkrieg," the online job board recruiting hackers for financial fraud, appears to be for real, and to be having some success scouting talent. And the Citadel Trojan kit is being withdrawn from many underground markets—its controllers are restricting sales to their "circle of trust."
Dell and FireEye conclude a strategic partnership as FireEye launches a "Certified Service Provider" sales channel. In-Q-Tel, the CIA's venture capital unit, invests in Tyfone, a mobile cloud security start-up. Raytheon, building up its encryption capabilities, buys SafeNet's Government Solutions unit.
Government Security News ponders hacking back, and wonders if "playground justice" has a future in cyberspace. The US National Institute of Standards and Technology invites feedback on its proposed rectification of information security names: contact them by January 15 to comment on their new comprehensive glossary. The EU commits to "digital freedom."
Notes.
Today's issue includes events affecting Australia, Bosnia and Herzegovina, Canada, Croatia, European Union, Finland, Iran, Israel, Macedonia, Malta, New Zealand, Peru, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
4 Banks Respond to DDoS Threats (Bank Info Security) The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack. U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way. On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters' second wave of attacks would likely be more fierce than the first
Joomla, WordPress Sites Hit by IFrame Injection Attacks (Threatpost) Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform
SMS Extortion Trojan Targeting Apple Machines (Threatpost) In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud. Trojan. SMSSend
Internet Explorer tracks cursor even when minimised (The Register) A security researcher has published yet another reason not to use Internet Explorer for anything, under any circumstances: it can track your mouse cursor movements, even when its minimised. Affecting all versions newer than IE 6. 0, and with no plans for a fix by Microsoft, the bug is demonstrated here (not being an IE user, this El Reg hack hasnt tested the game)
14,000 Californians at Risk Following Medi-Cal, DHCS Breach (Threatpost) Medi-Cal, Californias Medicaid welfare program, came clean to customers this week admitting it mistakenly posted almost 14,000 of its users Social Security numbers online last month. Providers of In-Home Supportive Services (IHSS) care in 25 counties are affected by the breach, according to a report from KCRA-TV, a Sacramento-based television station. Users information was posted on a government site for at least nine days, beginning Nov. 8, before being removed on Nov. 14, according to the report
Hacker shocked at ease of entry (Sydney Morning Herald) The hacker who stole the personal details of thousands of Australian military personnel used a simple technique that would fail to breach most modern security systems. Darwinare, who describes himself as ''the first black hacker'' and is linked with online activists Anonymous, used a method called SQL injection last month to access a University of NSW database at the Australian Defence Force Academy. He then dumped the data - the full names, dates of birth and other details of about 12,000 former and current ADFA students and staff - onto a public website
New Findings Lend Credence to Project Blitzkrieg (Krebs on Security) Project Blitzkrieg, a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a formidable crime machine in preparation for the project
Citadel Trojan Kit Gradually Withdrawn from Underground Forums, RSA Says (Softpedia) After learning that the developers of the Citadel Trojan are planning to stop selling their creation to anyone outside their circle of trust, RSA has been continually monitoring the evolution of this topic. Now, they reveal that the Citadel masterminds are keeping their promise. Over the past weeks, Citadel Trojan kits have been gradually withdrawn from many of the underground forums they have been sold on
Did your new laptop come with malware preinstalled? (IT World) How sure are you that your new laptop or that new router for your company didn't come with malicious software already loaded? Could there be an extra hardware component dedicated to spying on you or your colleagues? How would you ever know? If you winced just thinking about that, then you have some appreciation of the complexity of what is often called "supply chain security:" the herculean task of verifying the authenticity and integrity of computer hardware and software
Samsung Smart TV Bug Allows Remote Access, Root Privileges (Threatpost) It turns out that some smart TVs are a little too smart for their own good--and the good of users. Some specific models of Samsung TVs that have Wi-Fi and other advanced capabilities have a flaw that enables an attacker to take a variety of actions on the TV, including accessing potentially sensitive data, remote files and information, the drive image and eventually gain root access to the device. The issue affects many Samsung TVs, and the researcher who discovered the problem found that he could remotely access the remote control for the TV, retrieve files located on any USB drive attached to the TV and even install malicious software on the TV
Officials unsure of weaknesses in cyber security of state agencies (GreenvilleOnline.com) Nearly two months after publicly disclosing a massive data breach at the Department of Revenue, state officials are unsure just what kind of weaknesses exist in state agencies cyber security. The State Budget and Control Board the five-member board that oversees the states administrative agency as well as state financial decisions took the first step to find out Wednesday when it authorized hiring a consultant to craft a bid for a firm to assess the states security and develop a statewide cyber security firm. The board also approved a $20
Pentagon Warns: 'Pervasive' Industrial Spying Targets U.S. Space Tech (Wired Danger Room) International spies are becoming increasingly interested in the radiation-hardened microchips used in U.S. spacecraft, according to a new Defense Department report
Despite Lack Of Trust, Internet Users' Security Behaviors Far From Ideal, RoboForm Study Finds (Dark Reading) Many people report experiences with having a personal online account hacked
Most Dangerous Holiday Web Search Terms Of 2012 (Dark Reading) Blue Coat's Malware Research Team recently noticed a huge spike in holiday themed Search Engine Poisoning attacks and published the results of their findings
Security Patches, Mitigations, and Software Updates
Facebook privacy control overhaul will remove ability to limit who can find us (Naked Security) Facebook's most recent round of changes carry some good privacy tidings, including Privacy shortcuts from the main page drop-down menu, plus a new Request Removal tool for getting untagged (and telling the tagger why) in multiple photos. But it's also a story of missed opportunities and privacy features being taken away
Facebook Streamlines Privacy Controls in Latest Update (Threatpost) In what may be the least surprising news of the day, Facebook is again making changes to its privacy controls. The existing privacy controls, which we explored in depth in our How-To Video on the subject, are a bit convoluted. So it makes sense that product manager Samuel Lessin is rolling out some end-of-the-year privacy feature updates on the world's largest social network that are essentially designed to clarify existing features and seamlessly integrate privacy controls into Facebook's primary interface
Cyber Trends
Increasing cloud adoption puts enterprises at risk (Help Net Security) Enterprises are running one-third of their mission-critical applications in the cloud today and expect to have half of all critical applications running in the cloud by 2015, according to SailPoint
The 'Intelligent Objects' that surround us (Malta Independent) Technology in the last decade has assumed a fundamental role in our daily lives. We are increasingly surrounded by discrete intelligent components designed to provide us with more sophisticated choices designed to enhance our personal experience and quality of life. From our phones, to our home security system, to the refrigerator in our house, an increasing number of devices are constantly connected to the internet and with each other
Watch Mikko Hyppnen's full talk on cyber warfare from Wired 2012 (Wired) According to cyber security expert Mikko Hyppnen, we might not be in a cyber war but we are in a cyber arms race, and the governments involved are the James Bond of the cyberhacking world -- seemingly unstoppable. Speaking at Wired 2012, the chief research officer for Finnish-based F-secure said we are ill-equipped to battle the growing threats coming out of government cyberhacking divisions."We can protect against the everyday criminal threats," he explained, citing banking trojans. These, he says, are the equivalent to petty criminals stopping cars at gunpoint to steal passengers' wallets: "they don't care whose card they steal, as long as they get it.
Research firm predicts 2013 will be 'year of Microsoft' in mobile space (Fierce Mobile IT) In 2013, mobile device management will be the enterprise BYOD "umbrella" under which mobile device security and management functions will fall, according to Juniper Research
Big Data Revolution Will Be Led By Revolutionaries (InformationWeek) Why "old-guard" vendors didn't make our list of big data vendors to watch in 2013
Marketplace
DoD Officials Hope For Flexibility If Sequestration Occurs (DefenseNews.com) U.S. defense officials are still holding out hope that they might be given some flexibility on how to tailor spending reductions, particularly in weapon buying accounts, should sequestration go into effect next month, according to a senior defense official
Pentagon Said To Face $62 Billion Automatic Spending Reduction (Bloomberg Government) Pentagon budget analysts and attorneys have determined the U.S. military faces spending reductions of about $62.3 billion, $10 billion more than previously estimated, if automatic cuts take effect on Jan. 2, according to a U.S. defense official
Shedding Light On What Sequestration May Bring (Washington Post) Federal employees have a major stake in the debate over whether, and how, the government should back away from the fiscal cliff and potential for automatic sequestration cuts to programs starting in January
'Fiscal Cliff' Talks Appear To Stall (Washington Post) Washington stumbled closer to the fiscal cliff Wednesday as President Obama and congressional Republicans dug in further on their positions on taxes, even as no face-to-face negotiations took place
Dell Looks To FireEye For Zero-Day Protection (TechWeekEurope UK) Tech titan Dell will not be looking to create its own zero-day catching technology, but is instead partnering with security start-up FireEye to provide protection against unknown threats. The Texan firm is currently holding its second ever Dell World
Army Awarding Up to $315M for Security System Support (Govconwire) The U.S. Army has awarded 10 companies positions on a potential $315 million contract to support security and control systems. According to the Defense Department, work under the firm-fixed-price award will occur through Dec. 6, 2017 and the Army will determine location with each order. Awardees include: American Systems BAE Systems M.C. Dean Science Applications
CIA pumps money into mobile security startup (Fierce Mobile IT) The Central Intelligence Agency's investment arm In-Q-Tel is investing an undisclosed amount of money into Tyfone, a Portland, Ore.-based mobile security in the cloud startup. IQT said it was investing in Tyfone because of its patent portfolio and innovations in mobile financial products, secure ID management and near field communications
List of Bug Bounty program for PenTesters and Ethical Hackers (E Hacking News) The Best way to improve Network security is hiring hackers" Unfortunately, companies can't hire all best hackers. So the companies has chosen another best way to improve their system security, "Bug Bounty Programs". Bug Bounty program is the place where Security researchers and Ethical hackers love to find vulnerabilities in target website or app and get rewarded for their findings
GDIT Hiring 30 to Help FBI Run Computer Forensics (Govconwire) General Dynamics will provide information technology services to the FBI to help the bureau operate its computer forensics networks, the company announced Wednesday. The company's information technology unit won a potential five-year, $42.2 million task order under the bureau's Information Technology Supplies and Support Services contract, a $30 billion vehicle awarded in 2010 for eight years
GDIT, SAIC, SRA Among Senate IT Support Contract Competitors (Govconwire) The U.S. Senate's sergeant at arms office has selected seven companies to compete for the opportunity to become the prime contractor for information technology support services. According to a FedBizOpps notice, the Senate is referring vendors interested in subcontracting opportunities to companies listed in the notice. Prime contract competitors include: GBTI Solutions General Dynamics
U.S. Federal Agency That Switched From BlackBerrys To iPhones Has A Rethink: Plans To Test BB10 Devices Next Year (TechCrunch) Some good news for embattled smartphone maker RIM: the U.S. Immigration and Customs Enforcement agency (ICE) has said it plans to test BlackBerry 10 devices next year. ICE had previously announced it would switch its staff from BlackBerrys to iPhones but now plans to begin a pilot program on RIM's new line of BlackBerry 10 smartphones and BlackBerry Enterprise Service 10 early next year
Raytheon Acquires SafeNet's Government Solutions Business (Govconwire) Raytheon Company (NYSE: RTN) has acquired the government solutions business of SafeNet Inc. for an undisclosed sum. According to a Raytheon release, the deal enhances the Marlborough, Mass. company's encryption capabilities by adding SafeNet's federally-approved solutions which help the U.S. military more securely transmit classified voice and data traffic
Raytheon acquires SafeNet's government solutions business (Baltimore Sun) The company said the divestiture would enable it to focus on data protection and cyber security for commercial and government customers. SafeNet had said
CSC Selling Australian IT Staffing Unit for $73M (Govconwire) Computer Sciences Corp. (NYSE: CSC) has agreed to sell its Australia-based information technology staffing unit to a South African employment services firm for $73.5 million cash. The company expects to close its sale of Paxus to Adcorp by the end of January 2013 and CSC will continue working with Paxus to meet IT staffing needs in
Telstra invests $4 million in cloud communications company (Computer World) Telstra completed a $4 million investment in Whispir that will help the cloud-based software company expand into Asia. Telstra currently sells the Whispir platform to its enterprise and government customers. Whispir specialises in mobile, email, voice and digital communications
Should Cisco Buy Citrix Or NetApp? (InformationWeek) It's anybody's guess as to what Cisco's next acquisition will be, but here's why I'm betting on Citrix
2012 a Tough Year for Symantec and Norton (Toolbox.com) 2012 is a year that many of the folks at Symantec and their Norton group would like to forget. The year started off bad enough with the revelation in January that a hacker had stolen and posted for the public source code of the 2006 versions of Norton Utilities, PCAnywhere, Norton Antivirus and Norton Utilities. The group known as "Yama Tough" hacked into an Indian Government server to access the code
Exelis Plans $100M Share Repurchase Over Next 4 Years (Govconwire) ITT Exelis' (NYSE: XLS) board of directors has approved a plan to repurchase up to $100 million of its common stock over the next four years, the company announced Wednesday. The company said the primary goal of the buyback initiative is to offset dilution from equity awards made by the company. Purchases can occur between
How Dividend Paying SAIC Will Benefit From Splitting In Two (Seeking Alpha) SAIC, Inc. (SAI) is a $3.87 billion mid-cap technical services company that provides solutions for the US Government, the intelligence community
The Incredible Shrinking Chip Industry (IEEE Spectrum) The field has narrowed considerably, especially when it comes to making advanced chips, GlobalFoundries CEO says
Vaultive Announces Appointment of Leading Cloud Security Industry Experts to Advisory Board (MarketWire) Vaultive, a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services, today announced the formation of its Advisory Board, which includes notable cloud computing industry luminaries Dave Cullinane, CEO of SecurityStarfish, Jim Reavis, co-founder and executive director of the Cloud Security Alliance, and Dr. Eran Tromer of Tel Aviv University's School of Computer Science
The answer to HP's troubles? Throw the bums out! (Ars Technica) The best way to save HP may be to kill it—or at least cut off its head
Products, Services, and Solutions
Not all security devices are created equal (Help Net Security) Independent test lab Broadband-Testing released a report on its performance validation of IT network firewall solutions from Cisco Systems, NetPilot, SonicWall and WatchGuard. Using Spirent's
The Russians are coming (with a dual-screen smartphone) (Quartz) Yota Devices, a Russian corporation once tied to state-run defense, plans to start selling a dual-screen smartphone powered by Google's Android software, according to the Wall Street Journal. The phone will have a traditional LCD screen on one side and an electronic-paper display (a technology seen on e-book readers) on the other. "The design will allow users to continuously view all kinds of streaming data in real time—from Twitter feeds to stock market tickers—without having to constantly wake their phones up from sleep mode or quickly drain their batteries
FireEye Launches Certified Service Provider Program to Expand Offerings (MarketWatch) FireEye, Inc., the leader in stopping advanced cyber attacks, today announced the FireEye Certified Service Provider (FCSP) program to expand its channel strategy and develop new markets. The FCSP program supports customers who leverage a service provider model and who have complex, hybrid environments, outsource IT, and limited resources to support sophisticated IT security infrastructures
NCP Engineering Releases Secure Enterprise Management Version 3.0 (Dark Reading) SEM 3.0 enables two-factor authentication with a one-time password
nCircle PureCloud Automatically Scans For Zero-Day Threats (Dark Reading) Purecloud SmartScan is designed to automatically identify critical vulnerabilities and emerging threats on targeted systems
Free Browser Scan Service Debuts (Dark Reading) New Rapid7 offering provides baseline view of state of end user browser security
Google's New Data Highlighter Lets You Add Structured Data To Your Sites Without Touching Any Code (TechCrunch) Google wants website owners to add as much structured data to their sites as possible in order to improve its search results and Knowledge Graph boxes with rich snippets like event listings, reviews and other information. Adding this kind of metadata to a site, however, isn't always trivial and many small businesses don't really have the expertise to add microdata or RDFa markup to their sites
Samsung takes top spot in femtocell market (Fierce Mobile IT) Samsung has overtaken Airvana's top position in global wireless femtocell market, posting an aggressive 45 percent revenue increase in the third quarter compared to the second quarter, according to the latest stats from Infonetics Research
Intel Launches Low Power Atom To Counter ARM (InformationWeek) Intel offers 6-watt chip for data centers to beat back Calxeda, other ARM designers using mobile chips to build servers
Yahoo Gets Serious About Mobile (InformationWeek) New email and Flickr apps show that CEO Mayer is pushing to make Yahoo a contender in the mobile market
Technologies, Techniques, and Standards
Habits Of Highly Successful Security Awareness Programs (Dark Reading) Report illustrates how challenging security awareness is for information security professionals
Hack Back: Getting Even with 'Cyber Scum' - Is There a Role for Playground Justice in Cyberspace? (Govenment Information Security) The real world isn't like the online world."This simple sentence - written by Mikko Hypponen in the forward of Christopher E. Elisan's recently published book, Malware, Rootkits & Botnets: A Beginners Guide (McGraw-Hill) - contains a powerful message: Legislators need to be mindful of when they listen to the increasing voices in the cybersecurity community espousing the idea that American corporations and, presumably everyday citizens, should be allowed to "hack back" at the nameless and faceless scum of the earth who disable our networks, attack our computer systems, pilfer our sensitive data (including holding it for ransom) and destroy our credit rating. The idea has certain emotional appeal. There are more than a few nation-state actors, cybercriminals and hacktivist whom I would like nothing more to do than to expose or even deny service to their botnet command and control servers
NIST Revising Glossary of Infosec Terms - Defined Terms Found in NIST, Defense Dept. Publications (Govenment Information Security) Looking for a holiday gift for your boss who doesn't quite understand information security lingo? The National Institute of Standards and Technology has one you can give, and it's free. NIST has issued a draft of Interagency Report 7298 Revision 2: NIST Glossary of Key Information Security Terms
A Higher Security Standard for EHRs - Testing for Tougher Interoperability, Security Requirements (Healthcare Infomation Security) A new, voluntary, private-sector certification program aims to help assure healthcare organizations that electronic health record and health information exchange software, as well as medical devices, meet tough security and interoperability requirements. ICSA Labs, a unit of Verizon, in January will begin testing health IT products to certify that they meet the security and interoperability standard profiles of IHE USA, a non-profit interoperability standards deployment committee of IHE International, says Amit Trivedi, ICSA Labs' healthcare program manager. IHE includes 575 members that collaborate to improve the way computer systems in healthcare share information
Creating a Culture for Continuous Monitoring - Facing Similar Challenges as Those Posed by ERP Systems (Govenment Information Security) It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton. Schu sees instituting continuous monitoring as the same type of challenge government agencies and businesses faced at the turn of the century when they rolled out enterprise resource planning systems, which many users didn't fancy, at first
Design and Innovation
Contest Lets the Crowd Create Your Next Billion-Dollar Algorithm (Wired Business) The cult of the founder tells us that great companies start when lone geniuses sweat through the night turning the world's next great idea into code. But what if you could still start a company while someone else does the
Research and Development
The Roger Williams Code (Slate) How a team of scholars decrypted a secret language—and discovered the last known work of the American theologian
MIT Makes Smallest Gallium Arsenide Transistor (IEEE Spectrum) At 22 nanometers, it shows compound semiconductors could take over from silicon
Schroedinger's gardenia: Does biology need quantum mechanics? (Ars Technica) A review of the processes that might exploit quantum weirdness
Academia
Keith Mularski, FBI Cyber Expert, Speaks at CyberPoint on "What Keeps Me Up at Night" (CyberPoint News) Keith Mularski, Supervisory Special Agent of the Cyber Squad, Pittsburgh Division of the Federal Bureau of Investigation (FBI) spoke on December 12, 2012. An expert in cyber crime fighting, Keith Mularski shared his experience and insight into this most modern form of organized crime…Special Agent Mularski also conducted a special session for a group of students from Baltimore-area high schools and colleges. The students were particularly interested in cyberspace's emerging threats. Mularski's short answer: the coming crime wave will exploit mobile devices
Legislation, Policy, and Regulation
Reporting breaches: EU tightens rules (Financial Times) Picture the scene: a European retailer discovers it has fallen prey to hackers. A database holding the personal details of some 5m customers has been compromised, although it is not yet clear what data have been stolen. The retailer now has just 24 hours to report the breach, not just to the data protection agency of the country where it has its main European operations (in the UK, this is the Information Commissioners Office), but also to every customer whose personal data has been exposed
U.S. Terrorism Agency to Tap a Vast Database of Citizens (Wall Street Journal) Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime
Expiring Warrantless Spy Bill to Be Reauthorized by Year's End (Wired Threat Level) U.S. spies can rest easy knowing that the nation's warrantless wiretapping program -- secretly employed by the Bush administration in the wake of the 2001 terror attacks -- won't expire at year's end
Powerless UK IPv6 Promotion Body 6UK Shuts Down (Tech Week Europe) IPv6 promotion body 6UK has shut down, saying that a lack of government support has left it powerless to promote the next generation of Internet protocols, and warning the UK may become an island of obsolete technology. The board of 6UK - a promotion body set up two years ago all resigned on Friday saying the job of promoting a move to Internet protocol version 6 (IPv6) was impossible. A move to IPv6 is important because it increases the number of Internet addresses, and all the IPv4 addresses have been issued by the global Internet authorities
European Parliament endorses digital freedom strategy (Fierce Government IT) The European Parliament adopted Dec. 11 a first-ever Digital Freedom Strategy to guide European Union foreign policy. As the world's largest trading block, the parliament says it's now put digital freedom on the EU political agenda and that it intends to leverage economic power to promote and protect uncensored access to the web globally
Litigation, Investigation, and Law Enforcement
The Biggest Hacker Busts Of 2012 (Dark Reading) It's easy enough to focus on the major breaches of 2012 and feel a certain hopelessness. But this year was a banner one for busting black hat bad guys. Several major international operations reaped a harvest of hackers, from big shot Russian gangsters to bored British teens. This was the year they locked up the world's biggest pirate in Sweden. And the gangly Anonymous guy who probably should have worn the mask but didn't. The thoughtful cyber criminal should be sure to consider some questions in the year ahead
How Aaron Barr correctly identified Commander X (Ars Technica) HBGary Federal's Anonymous-hunting CEO didn't know how right he was. When HBGary Federal CEO Aaron Barr decided to out the leaders of Anonymous, the loose hacker collective, he spent months infiltrating the group under the name "Coganon." By the end of it he had identified three people who appeared to wield the most influence in the group. One of them was "Commander X," the 50-something hacktivist who jumped bail and fled to Canada to avoid federal hacking charges
Spy's Case Offers Rare Glimpse Inside CIA (Spy Talk) A highly decorated former CIA deep cover operatives long quest to nail the spy agency for obliterating his career in retaliation for exposing the security violations of a senior agency official and her State Department husband gets a rare public hearing Friday. Peter B, whose full name and former duties remain classified, contends that he lost his CIA job because he had learned about an affair that the husband of his supervisor, Margaret Peggy Lyons, was carrying on with a Taiwanese spy. Lyons husband, State Department Asia expert Donald Keyes, eventually pleaded guilty to lying to the FBI about his affair with the Taiwan operative and the hoard of secret documents he kept at home
Former UNL senior faces charge in NU computer security breach (Journal Star) The U.S. Attorney's Office has filed a federal charge against a former University of Nebraska-Lincoln senior in connection to a security breach this spring. Daniel Stratman, who is listed as a computer science and mathematics major on UNL's website, made his first court appearance last week on a charge of reckless damage to a protected computer during unauthorized access
US law enforcement busts cybercrime rings with help from Facebook (CSO) U.S. law enforcement agencies with the help of Facebook have arrested 10 persons from various countries in connection with international cybercrime rings that targeted users on the social network. The operation is said to have identified international cybercrime rings that used various variants of a malware called Yahos. The malware has infected more than 11 million computers and caused over US$850 million in losses through a Butterfly botnet, which steals computer users' credit card, bank account, and other personal identifiable information, the Federal Bureau of Investigation said in a statement late Tuesday
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.