The CyberWire Daily Briefing for 6.4.2013
More than a week of unrest in Turkey is, predictably, accompanied by the cyber-rioting one has come to expect in such situations. (It's also following the transnational pattern established in Syria and elsewhere.)
Threatpost reports on how (and why) peer-to-peer botnets are peculiarly resistant to takedown, and what this suggests for mitigation tactics. Georgia Tech researchers demonstrate iOS devices' vulnerability to arbitrary software injection—they used a modified charger in the exploit.
A new privilege escalation platform is observed in the wild. A new crimeware black market opens, offering access to compromised PCs. Elcomsoft finds problems with Apple security: briefly, files stored in iCloud appear poorly protected.
Ambivalent news from the US FBI: the Bureau broke a hard disk's encryption in "mere weeks," good insofar as it got the Bureau a warrant against a child pornographer, but less good inasmuch as it suggests that hard disk encryption is newly vulnerable. Businesses might want to consider adding additional layers of encryption to protect invaluable data.
Industry observers note that employees tend to place company information on personal devices as well as into cloud services. Some also note that BYOD has become a distraction that impedes clear thinking about the implications of mobile technology. (Security tends to increase what Clausewitz called "friction," thus inevitably tending to produce tension with operational needs. And no quick technological fixes are in prospect—quantum cryptography and biometrics bring challenges and vulnerabilities of their own.)
As a Sino-American summit approaches, both parties struggle toward a cyber modus vivendi.
Notes.
Today's issue includes events affecting Australia, China, India, Iran, Lithuania, Malaysia, Philippines, South Africa, Turkey, Tunisia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
More 145 Turkish Websites Hacked by Tunisian Hackers (HackRead) Anti-government protests are raising in Turkey, so as the protest on Turkish cyber space where 145 Turkish websites have been hacked and defaced by Tunisian hackers. While scrolling Zone-h, I found out two Tunisian hackers going with the handles of Badi & Tn_Scorpion defaced all 145 websites today, leaving a deface page along with a message on all hacked sites, according to which
Peer-to-Peer Botnets Resilient to Takedown Attempts (Threatpost) A team of researchers examined the resiliency of peer-to-peer botnets and mitigation tactics that could help with takedowns
Hack any iOS Device within One Minute by a Modified Charger (HackRead) A team of security researchers at Georgia Institute of Technology have found a way by which any iOS device can be hacked within a minute by the help of modified charger. Researchers claim that despite Apple's exemplary defence system, they were able to injected arbitrary software into one of its devices based on the latest and updated operating system (OS). After successful hack, the researchers have issued
Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace (Webroot Threat Blog) Utilizing the very best in 'malicious economies of scale' concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that's not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to the stealth Apache 2 module that we profiled back in November, 2012, this platform raises the stakes even higher, thanks to the automation, intuitive and easy to use interface, and virtually limitless possibilities for monetization of the hijacked traffic
New E-shop sells access to thousands of hacked PCs, accepts Bitcoin (Webroot Threat Blog) Remember the E-shop offering access to hacked PCs, based on malware 'executions' that we profiled last month? We have recently spotted a newly launched, competing E-shop, once again selling access to hacked PCs worldwide, based on malware 'executions'. However, this time, there's no limit to the use of (competing) bot killers, meaning that the botnet master behind the service has a higher probability of achieving market efficiency compared to their "colleague." Additionally, the botnet master won't have to manually verify the presence of bot killers and will basically aim to sell access to as many hacked PCs as possible
Apple's new security system fails to protect files stored in iCloud, says security firm (FierceMobileIT) Apple's (NASDAQ: AAPL) new two-factor authentication system does not apply to iCloud backups, enabling a hacker with a user's Apple ID and password to download and access information stored in iCloud, according to Vladimir Katalov with security firm ElcomSoft
FBI cracks encrypted hard disk in mere weeks (FierceCIO: TechWatch) Encryption is looking a little less secure now that the FBI has successfully cracked the encryption of a hard disk drive. The drive was owned by a suspected child pornographer and led to the discovery of "numerous" such files. Armed with this evidence, the FBI convinced a federal judge to order the suspect to either key in the password for his other storage drives, or provide an unencrypted copy of the data
Greetings to the President (The Economist) A cyber-attack on a Lithuanian news portal has slowed down the country's internet and highlighted its weak digital security, prompting appeals to other countries for assistance
Beware of Android Defender mobile scareware (Help Net Security) Scareware aimed at mobile users is not nearly as ubiquitous as that directed at those who use Windows-run PCs. Nevertheless, there is some out there. Sophos' Paul Ducklin has analyzed a sample that
EVE Online and Dust 514 Servers Down Following Cyber-Attack (Spong) The cyber-attack was made on the company's Tranquility cluster of servers, and CCP's investigation as to what happened seems to be more complex than initially suspected. The studio re-opened the servers shortly after a brief period of downtime, but had
Anatomy of a cyber attack on business (Financial Review) When a contractor with an Australian company tapped the letters IHS into his search engine in February this year, he did not know that he was about to compromise his organisation in the latest example of state-based cyber hacking to hit local business
Inside the Eye of a Microsoft 0-Day (eSecurity Planet) In late December of 2012, security firm FireEye discovered a zero-day attack that affected Microsoft IE. Microsoft fixed the issue in an out-of-band MS13-008 emergency patch that was issued in January. In May of 2013, FireEye found yet another zero-day
Security Patches, Mitigations, and Software Updates
Google zero-day disclosure change slammed, praised (CSO) Google admits the seven-day timeline is too short for some vendors to patch, but hopes it will push companies to advise customers sooner
Not good enough, Oracle - promises to secure Java are too little, too late (Naked Security) In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?
Cyber Trends
U.S. workers store corporate documents on personal devices, consumer cloud services, survey finds (FierceMobileIT) A full 91 percent of U.S. office workers store work documents on personal devices, such as USB drives, and 38 percent store documents on consumer cloud services, according to a survey of 2,000 office workers by Ipsos MORI on behalf of collaboration and cloud content management firm Huddle
Report finds security tools add software vulnerabilities of their own (TechTarget) After listing a series of high-level attacks during 2012 on US security companies like Symantec, Panda Security and Barracuda Networks, the survey concluded
Cyber attacks to surge in Gulf (gulfnews.com) A study by Trend Micro shows that cybercriminals are expected to continue generating even more profit by selling stolen user data as mobile payments are predicted to reach $1.3 trillion (Dh4.7 trillion) annually by 2017. "In 2013, IT managers in the
Current Analysis: BYOD is 'distraction' that prevents enterprises from thinking clearly (FierceMobileIT) BYOD is a "distraction" that prevents enterprises from thinking clearly about mobility, wrote Tim Dillon, research director for Asia-Pacific at Current Analysis, in a recent blog
States' top cyber challenge remains spear phishing (Government Technology) Last fall, one Huffington Post headline read: "White House Hacked In Cyber Attack That Used Spear-Phishing To Crack Unclassified Network." Earlier this year, the Federal Times led with the article: Feds' chief cyberthreat: spear phishing attacks. They described it this way: "The weapon of choice for most cyber hackers is a malicious email disguised as a friendly email." Yes, spear phishing is hot all over the USA - very hot
Get serious about preparing for cybercrime (InvestmentNews) Michael Hayden, the former head of the National Security Agency, estimated that including the theft of intellectual property, the cost was more than $1 trillion. Most of these attacks are aimed at government departments and agencies; at corporations
'Phl growth vulnerable to cyber attacks' (Philippine Star) "For example, if the banking and financing system is paralyzed by a cyber attack, you can imagine the cost in terms of millions of pesos and dollars per minute or per hour," De Leon said in an interview. "This (threat) can really affect our economy and
Don't become a cyber victim (Hong Kong Standard) Large-scale financial cyber crimes and state-affiliated espionage dominated the security landscape last year, revealed the report by Verizon, a leading US broadband provider. Espionage took up about 20 percent of the cases, while three out of every
Malware going retro in 2013, security firm finds (CSO) Old tricks attract attention of cyber bandits in the first quarter, McAfee finds
Marketplace
IBM to acquire cloud firm SoftLayer (ZDNet) IBM said on Tuesday it is buying SoftLayer, as the computing giant aims to bolster its cloud computing efforts. While financial terms of the deal were not disclosed, The Wall Street Journal said the acquisition is worth around $2 billion, citing a person familiar with the deal
Meet Eugene Kaspersky: the man on a mission to wage war against - and kill - the computer virus (Sydney Morning Herald) He's a virus killer whose name can be found inside tens of millions of computers worldwide - and he sees vistas of cyber-warfare everywhere he looks. The FBI trusts him, even though he also counts Russia's Federal Security Service (FSB), the successor to the KGB, as a client. Given that Eugene Kaspersky's company, Kaspersky Lab, is well on its way to becoming the dominant player in the world of computer security, it's perhaps not surprising that the 47-year-old Muscovite believes that cyber-crime, in all its hues, is currently the biggest threat facing the global economy. It's big business
ANALYSIS: Consulting giant jumps into vendor game (USA Today) The latest manifestation: Deloitte on Thursday announced the acquisition of cyber monitoring and threat intelligence provider Vigilant. So now a consulting giant has joined venture capitalists and equity firms in placing big bets in the cybersecurity
Raytheon Wins Cyber-War, Missile Contracts Worth at Least $105 Million (Motley Fool) This contract aims to design and develop a "runtime environment" for executing "cyber operations mission scripts" -- beginning to standardize how cyber warfare operations might be conducted in the future. Raytheon's involvement in this contract will be
Dell special committee recommends original deal (FierceFinance) As Carl Icahn and Southeastern Asset Management agitated for a better deal for Dell, it seemed for a moment that Michael Dell and Silver Lake would have to sweeten their bid. But then came more indications that the computer market was in disarray, and Michael Dell's offer started to look better
SRA Plans Chantilly HQ Move in 2015; Kevin Graves Comments (ExecutiveBiz) SRA International will move its headquarters from Fairfax, Va. to a location in Chantilly in 2015 that will be 35 percent less than the company's current hub, the Washington Post reported Monday
Goldman Sachs vs. Bloomberg in battle of heavyweights (FierceFinance) The high-stakes controversy over Bloomberg terminals began with a Goldman Sachs executive voicing reservations to her boss about a Bloomberg employee's questions concerning the whereabouts of another executive. The reporter had noted that the executive hadn't logged into his terminal in a while
Company news: Damballa's new CTO and Trustwave acquires SecureConnect (SC Magazine) Cloud Security Alliance, a nonprofit organization that promotes security best practices, has signed an agreement with nonprofit (ISC)² to collaborate on a
Keyw Holding Corporation: Acquisitions And Future Growth Ahead (Seeking Alpha) Keyw Holding Corporation (KEYW) is a specialized provider of mission-critical cyber security, cyber superiority, and geospatial intelligence solutions to US
9 Anti-Hacking Rock Stars Who Toil In The Shadows At Apple (AAPL) (San Francisco Chronicle) Also leads Apple's cooperative R&D agreement with the National Security Agency, which began in 2005, according to his LinkedIn profile. Background: He joined Apple as a senior systems engineer working with federal government and intelligence agencies
Silicon Valley at Front Line of Global Cyber War (ABC News) The U.S. government has stepped up efforts to thwart cyber-attacks, but those efforts are mainly focused at protecting its own secrets, especially regarding military operations and technologies. Paul Rosenzweig, a former Department of Homeland Security
From Left, Right And Center, Analysts Beg DoD To Tackle Overhead Costs (FederalNewsRadio.com) Prominent defense experts from across the political spectrum are lining up behind a new call to reduce overhead in the Defense Department's budget, saying that without fundamental management changes, internal bureaucratic costs are destined to crowd out the basic nuts and bolts of running a military in the not-too-distant future
Products, Services, and Solutions
Cavium Announces New Low Power Dual And Quad Core OCTEON® III (Daily Markets) These low-power processor families are the world's first to include up to 4 MIPS64 cores with full hardware virtualization, Deep Packet Inspection (DPI), Packet processing, Security and QOS capabilities in a highly integrated System on a Chip
General Dynamics Expands Into Malware Detection And Analysis (Dark Reading) General Dynamics Fidelis Cybersecurity Solutions today plans to roll out a new malware and botnet detection and analysis appliance that extends its deep packet inspection technology to root out incoming malicious content from email, files and Web traffic
Mindspeed and Lionic to Demonstrate DPI Anti-Virus for Consumer Storage (Fort Mills Times) "The deep packet inspection engine integrated in the Comcerto 2000 is the perfect vehicle to introduce deep packet inspection technology in the home," said Eric Lu, chief executive officer at Lionic. "Lionic is excited to be working with Mindspeed and
LinkedIn flips the two-factor authentication switch (Naked Security) Just in time for the one-year anniversary of getting its socks knocked off in an attack that saw 6.5 million passwords swiped. Thanks: that's a good anniversary gift, LinkedIn
Technologies, Techniques, and Standards
Knowing where to look for the owner of an offending IP address (Internet Storm Center) We often see how attackers try to exploit our information assets in our company, coming from inside and outside the company. When you locate an internal IP address trying to affect things, it's easy to locate if you have information security controls like Network Access Control (NAC), Dynamic Host Configuration Protocol (DHCP), Firewalls and Network IPS. Problem is: what should we do if the offending ip address is outside in the Internet? There are five Regional Internet Registry (RIR) entities in the world. For their region, they assign IP address for IPV4, IPV6 and autonomous system numbers
Defeating Internet Blocking With Lahana VPN-Tor Bridge (Threatpost) As the anti-government protests in Turkey have escalated in the last few days, privacy activists and security experts have begun working on ways to help people inside Turkey get reliable access to the Internet and privacy tools such as Tor. A security researcher over the weekend released a new tool called Lahana that enables users
Cryptography as a means to counter Internet censorship (The Hindu) George Orwell's depiction of dystopia in his classic 1984, a society devoid of privacy, may have seemed like an exaggeration in 1949. But, with technology intruding deep into our lives today, we may actually be heading into a less obvious version of a
Interoperability, portability standards to advance cloud adoption, raise questions, says Messina (FierceGovIT) A major obstacle to moving to the cloud is the worry that a client will become trapped or locked in to a single service and unable to transfer data. But in the next 3 to 5 years a tremendous amount of focus will go toward developing interoperability standards for cloud computing, which will encourage broader adoption of cloud computing, said John Messina, a National Institute of Standards and Technology computer scientist and co-chair of the cloud computing reference architecture working group
9 tips, tricks and must-haves for security awareness programs (CSO) What are the essential ingredients for making a security awareness program successful? Check out these 9 tips from CSO contributors on how to make awareness work in your organization
Research and Development
Quantum encryption: It's not unbreakable "perfect" cryptography (ITProPortal) In theory, we've had this licked for hundreds of years. We've long known how to create totally unbreakable encryption, ciphers so strong that no amount of modern supercomputing power could brute force its way into your grocery list, if you really
Google biometrics tests show there's no magic pill for passwords (CSO) Electronic tattoos and pills that make the body itself a password would create their own unique challenges, security experts warn
Academia
MSU cyber operations education earns federal designation (Mississippi Business Journal) The National Security Agency and U.S. Cyber Command have designated Mississippi State University as a Center of Academic Excellence in cyber operations. The certification comes after a rigorous, two-year application process by faculty in
Colleges expand programs as cybersecurity threats grow (USA Today) Fueled by an increase in cyber attacks on critical infrastructure -- nearly 200 last year compared with fewer than a dozen in 2009, the federal Department of Homeland Security says -- cybersecurity has become among the hottest job markets
Professors Are About to Get an Online Education (Wall Street Journal) Anyone who cares about America's shortage of computer-science experts should cheer the recent news out of Georgia Tech. The Atlanta university is making major waves in business and higher education with its May 14 announcement that the college will offer the first online master's degree in computer science--and that the degree can be had for a quarter of the cost of a typical on-campus degree. Many other universities are experimenting with open online courses, or MOOCs, but Georgia Tech's move raises the bar significantly by offering full credit in a graduate program
Legislation, Policy, and Regulation
Lawmaker: US Cyber War on Iran Violating International Law (Fars News Agency) A senior Iranian lawmaker strongly criticized Washington's decision on launching cyber war against Iran, and termed the act as a clear violation of international law
Sekeramayi says Zimbabwe under cyber attack (Nehanda Radio) State Security Minister Sydney Sekeramayi believes the country is under cyber attack and ill-equipped to deal with the problem due to lack of resources. Minister of State for National Security Sydney Sekeramayi. Sydney Sekeremayi
NATO takes up cyber-defense as threat grows (GMA News) There is no intention to develop "offensive capacities," the official said, adding that of NATO's 28 members, 23 have already signed up to exchange information and help in the event of a cyber-attack. One diplomat noted that NATO had a special problem
Cyber theft: A hard war to wage (Financial Times) Washington is angry. Really angry. It is just not sure what to do about it. US officials have accused Chinese hackers of stealing corporate trade secrets since the mid-2000s but during the past few months the outrage has reached a political tipping point. cyber security has been thrust to the top of the agenda in US-China relations
China, US agree to talks on cyber theft and espionage (Sydney Morning Herald) General Keith Alexander, head of the US Cyber Command and director of the National Security Agency, has said the attacks have resulted in the ''greatest transfer of wealth in history''. Hackers have stolen a variety of secrets, including negotiating
Chinese cyber attack on US casts shadow on Obama-Xi meet (Firstpost) A shirt-sleeves summit between the world's two top economic powers is shaping up as anything but relaxing, with an assertive new Chinese leadership seeking a bigger place at the global table and the United States pushing back, especially in
Hagel's cyber-attack warning to China draws retort (Northwest Arkansas News) A Chinese military leader Saturday pointedly questioned the expanded US
China Partners US To Fight Cyber Attack (CHANNELS) U.S. Defense Secretary Chuck Hagel briefly mentioned U.S. concerns about the rising threats of cyber-attack, and China's alleged role in cyber spying at the Shangri-La Dialogue in Singapore. In response, spokesman Hong Lei stressed at the press
Obama counterterrorism speech may have alluded to 'going dark' proposal (FierceGovernment) Privacy advocates are drawing attention to a line in President Obama's May 22 speech outlining a new direction for U.S. counterterrorism efforts that appears to foreshadow administration support for new online surveillance capabilities
FedRAMP for cloud brokers would be valuable, say panelists (FierceGovIT) As agencies move to the cloud it's unclear whether cloud brokers are acting on their behalf or on behalf of cloud providers, said Hamid Ouyachi, chief technology officer at the Labor Department
PortfolioStat reflects OMB concerns with CIO authority (FierceGovIT) A relatively large concern of the Office of Management and Budget's PortfolioStat has been authority of agency chief information officers, show documents obtained by FierceGovernmentIT through the Freedom of Information Act
Ruppersberger: Cybersecurity bill is necessary, will not violate privacy (Baltimore Sun) The Cyber Intelligence Sharing and Protection Act (CISPA) is simple, allowing the American government and businesses to voluntarily share classified information on impending cyber threats before an attack occurs. The editorial clearly describes how
Why Is the Department of Homeland Security Monitoring Tea Party (theTrumpet.com) In a white paper presented to the House Permanent Select Committee on Intelligence, the Department of Homeland Security is encouraged to evolve into a federalized police force that can monitor Americans in any town and prevent threats from fellow
The Growing Cyber Threat: Is Anyone Truly Safe? (HSToday) U.S law enforcement agencies, the National Security Agency, U.S. Cyber Command and the Department of Homeland Security are all working together on the issue, he added. The growing cyber threat affects all levels of society, from individuals having
Cyber Security Calls for Partnering (Electric Co-op Today) NRECA met with top officials at the Department of Energy and the Department of Homeland Security on cyber security, a top-of-mind issue where federal and co-op relations will be key to protecting the nation's power grid
Fighting cyber fraud - a delicate balance for democracy (UKauthorITy.com) The flip-side of fighting cyber-fraud threats to public services will inevitably involve extensive monitoring of online activity that is bound to cause friction with privacy campaigners, the panel heard at the UKAtv Live debate, "Fighting cyber fraud
Army releases new leaders' handbook on cybersecurity (OODA Loop) Currently, all Army commands are developing Information Assurance/Cybersecurity awareness training to address areas of weakness identified by the Army Information Assurance Self-Assessment Tool. During the Army Cybersecurity Awareness Week, Oct
Litigation, Investigation, and Law Enforcement
Cyber crime: Without a trace (Financial Times) Shortly before the closure of Liberty Reserve, the Department of Homeland Security seized the US bank accounts of the largest Bitcoin exchange because the owner failed to register it correctly. When the authorities raided Mr Budovsky's home in a gated
Cyber attack hacker faces prison time (Acumin) Cyber attack hacker faces prison time. A man who conducted a cyber attack on intelligence company Stratfor in 2011 could spend up to a decade in prison after pleading guilty at a court in New York. Jeremy Hammond, 28, admitted to stealing information
Malaysian exchangers helped hide paper trail for world's largest cyber money-launderer (The Malaysian Insider) Money exchangers based in Malaysia played a key role in hiding the paper trail for Liberty Reserve, the global, virtual "bank of choice" for identity thieves, drug traffickers, computer hackers and child pornographers, whose founders and workers were indicted this week by US authorities for being the world's largest cyber money laundering operation
Virginia compliance issue leads FastCash4Bitcoins to suspend service (CoinDesk) Posts on both FastCash4Bitcoins and the Bitcoin Forum reported that a complaint had been filed alleging that Tangible Cryptography was operating as an unlicensed money transmitter. Following an initial investigation that determined the company's
Fake payment phishers busted in South Africa (Naked Security) It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape. The gang supposedly used a mixture of email and SMS to lure their victims into giving away
Prosecutor: Manning shared data without regard for national security (CSO) Bradley Manning's court martial begins at Fort Meade, Maryland
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
Pen Test Berlin 2013 (Berlin, Germany, Jun 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations and social events. The training offers the opportunity to participate in NetWars.
CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, Jun 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods in cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks.
NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, Jun 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by providing America's leaders with critical information they need to defend our country, save lives, and advance U.S. goals and alliances globally. The exposition will be unclassified and will consist of a one-day event as an adjunct to the SIGINT Conference. The conference sessions will be conducted in a classified area in close proximity to the exhibits.
U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, Jun 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your information' to lead up to their Annual IT Security Awareness Conference. This specific workshop will take place on June 5, 2013 with a focus on Security Issues..
Capital Connection 2013 (Washington, DC, USA, Jun 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections, or grow their enterprise. It is one of the nation's most respected industry conferences with more than 800 attendees each year who share a common goal of enhancing our technological ecosystem.
RSA Conference Asia Pacific 2013 (Singapore, Jun 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will be able to attend keynote sessions presented by leading information security industry experts and guest speakers, and choose from approximately 50 sessions.
29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, Jun 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.