The CyberWire Daily Briefing for 6.20.2013

Cyber Attacks, Threats, and Vulnerabilities

Trend Micro press release Over #OpPetrol Attacks (Cyberwarzone) Leading global security company Trend Micro Incorporated (TYO:4704) has documented anomalous malicious activity that indicates the hacktivist group Anonymous has launched its attacks on the oil industry

Anonymous' #OpPetrol: Leading into June 20 (TrendLabs Security Intelligence Blog) Although an estimated 1,000 websites, 35,000 email credentials, and over 100,000 Facebook accounts have been claimed as compromised since the announcement of #OpPetrol last month, attacker participation and the overall sophistication of the attacks leading into June 20 appears to be limited. These defacements and disclosures are consistent with what has been seen in recent operations, where the attacks did not seem to get much traction

Anonymous #opPetrol target list has been released (Cyberwarzone) Just a few more hours and #opPetrol will be initiated by Anonymous spirits all around the world. It was unclear which companies were going to be attacked but one of the sources that will attack the companies in #opPetrol has shared a #opPetrol target list with Cyberwarzone

São Paulo's Americana municipality Websites Hacked against police brutality on protesters (Hack Read) A group of Brazilian hackers from HighTech Brazil HackTeam has hacked and defaced the official website of Americana municipality of São Paulo, Brazil along with 10 of its sub-domains against the police brutality on people protesting against increase of bus fares. The sites were hacked yesterday and left with a deface page, a Youtube video along with a message in Portuguese language

#OpIsrael: 87 Israeli Websites Hacked by CapoO_TunisiAnoO (Hack Read) CapoO_TunisiAnoO hacker from Tunisia who doesn't require any introduction has hacked and defaced 87 Israeli websites three days ago. As usual all 87 sites were left with a deface page along with a note and a YouTube video, warning Israel to stop the Palestinian occupation or else get ready for another #OpIsrael. However, according to the deface message: Hacked by CapoO_TunisiAnoO, OpIsrael -STORM ATTACK V

Kazakhstan suffers cyber attack (Transitions Online) Kazakh citizens are under cyber attack. The attack in question is delivered through phishing emails, and is thought to be driven by an advanced persistent threat (APT) organisation, via software called NetTraveler. The virus 'steals sensitive data from

Chinese hackers referencing PRISM to lure e-mail victims (Cyberwarzone) A cyber security professional named Brandon Dixon recently discovered an e-mail scam, apparently sent by the same group responsible for the "NetTraveler" attacks sourced to Chinese hackers, with an ingeniously newsy hook

Data fears after telco cyber hit (Hong Kong Standard) An overseas cyber attack on telco ComNet Phone may have compromised the personal information of its 2,500 customers. ComNet Phone provides online calls and IDD services. Its website could not be accessed last night as it was "under maintenance"

Hong Kong to Follow Up on Snowden's Claims of U.S. Hacking (Bloomberg) Hong Kong's government is investigating claims by former National Security Agency contractor Edward Snowden that the U.S. had attacked computers in the city

LinkedIn Outage Tied to DNS Issue (Threatpost) A site outage and redirection on LinkedIn's site Wednesday night blamed on a DNS problem has security experts and users worried that the networking site's DNS records may have been compromised, along with those of several other sites. But it appears the issue may have been caused by a simple mistake

LinkedIn DNS hijacked, traffic rerouted for an hour, and users' cookies read in plain text (VentureBeat) App.net co-founder Bryan Berg noticed that LinkedIn was DNS hijacked tonight, and that traffic was re-routed to a shady India-based site, http://www.confluence-networks.com. That's bad for LinkedIn, but there's worse news for you

Linkedin DNS Hijack (Internet Storm Center) LinkedIn had its DNS "hijacked". There are no details right now, but often this is the result of an attacker compromissing the account used to manage DNS servers.But so far, no details are available so this could be just a simple misconfiguration

Linkedin DNS Issue, Change PassWord Again!? (Cyberwarzone) Our site is now recovering for some members. We determined it was a DNS issue, we're continuing to work on it. Thanks for your patience.(@LinkedIn Twitter)

LinkedIn confirms it suffered a one hour outage due to a 'DNS issue' (The Next Web) Business-focused social network LinkedIn is continuing to recover from a DNS error that took the site offline for an hour. The outage began when the popular service's homepage was replaced by a domain sales page

Adobe's subscription-only Photoshop Creative Cloud already hacked (VentureBeat) While not specifically stated, I felt like one of the driving points behind Adobe's decision to transform its Creative Suite software bundle into a subscription-based online service (Creative Cloud) was an intention to curb the large number of people who would pirate apps like Photoshop, Illustrator, and InDesign

65+ websites compromised to deliver malvertising (Help Net Security) At least 65 different sites serving ads that ultimately led to malware have been spotted by Zscaler researchers. The massive malvertising campaign started with injected code into the ads served on

Rogue 'Oops Video Player' attempts to visually social engineer users, mimicks Adobe Flash Player's installation process (Webroot Threat Blog) Our sensors have just detected yet another rogue advertisement served through the Yieldmanager ad network, this one enticing users into downloading a rogue video player known as the 'Oops Video Player'. What's particularly interesting about this rogue ad campaign is that the PUA (Potentially Unwanted Application) attempts to visually trick users by mimicking Adobe Flash Player's installation process

Toyota websites victim of cyberattacks (Cyberwarzone) Toyota Motor Corp. said on Wednesday June 19th. 2013, that some of its Japanese website content had been tampered with through a cyberattack that could have exposed visitors to a malicious program

Facebook Restores Connections to Tor Users After Malware Spike (Threatpost) Facebook's automated malware detection systems temporarily blocked visitors this week using the Tor anonymity service

Facebook's untimely block on Tor mistakenly freaks out activists (Naked Security) Tor login to Facebook has been restored, ending a brief spate of panic over the prospect of political activists being blocked from logging in via the encrypted and anonymous network

Defense Official Calls F-35 Plans Compromised by Cyber-Theft a 'Major Problem' (WAPI) Defense Undersecretary for Acquisition Frank Kendall told the Senate Appropriations Committee at a hearing Wednesday that he was "reasonably confident" the F-35 Joint Strike Fighter plane's classified information was "well protected."

Report finds that cyber-terrorists and hackers could break into your vehicle's electronics, even while you're driving (Daily News) Your automobile could be wide open to attacks from cyber-terrorists and hackers - and the threat is only growing. Today's vehicles are loaded with electronics, making them an increasingly enticing option for a variety of evil-doers. Work is being done to prevent vehicles from becoming moving targets. But can the good guys stay one step ahead of the bad

Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots (Friedrich-Alexander-Universität Erlangen-Nürnberg) Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak. The same usability/security trade-off arises in scenarios where passwords are generated by machines but exchanged by humans, as is the case in pre-shared key (PSK) authentication. We investigate this trade-off by analyzing the PSK authentication method used by Apple iOS to set up a secure WPA2 connection when using an iPhone as a Wi-Fi mobile hotspot. We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake

Poor USB security puts info for 6 million Medicare beneficiaries at risk (FierceHealthIT) A Medicare contractor's failure to adequately implement security controls over USB devices put sensitive information for more than six million Medicare beneficiaries at risk, according to a report published this month by the U.S. Department of Health & Human Services Office of Inspector General

City of Waukee website pulled offline after hacker defaces site (SC Magazine) Hackers defaced an Iowa city's website on Sunday and Monday, causing officials to temporarily take the site offline

Customized spam uses cell phone users' data against them (Help Net Security) US mobile spammers are using cell phone users' personal data to launch invasive, highly targeted attacks, according to AdaptiveMobile

Security Patches, Mitigations, and Software Updates

HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On (Internet Storm Center) HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On

Cyber Trends

Gartner Warns of Surge in Personal Data on IT Systems (eSecurity Planet) The research firm predicts that by 2019, 90 percent of organizations will have personal data on IT systems they don't own or control

At prices this low, the NSA can't afford to not spy on us (IT World) Data storage experts estimate the cost to the NSA of storing surveillance data on all Americans - and it's surprisingly affordable

South African businesses unprepared for the growing risk of cyber attacks (ITInews) South Africa's own Star Newspaper was the victim of a cyber-attack when an organisation took down Independent Newspaper's Internet and e-mail service with a distributed denial of service (DDOS) attack. Fortunately none of their servers were breached so

Cyber attack readiness urged (Gulf Daily News) Very few Bahrain companies are equipped to deal with 'incidents' arising out of cyber attacks, an expert has warned. According to Protiviti Bahrain IT consulting head and director K Kalyanaraman, with the rise of cyber threats in the Middle

Why We Should Wash Our Hands of "Cyber-Hygiene" (Slate) Hygiene isn't the right metaphor for cybersecurity. Apparently the Internet is a very dirty thing--one that requires you to wash up after using it. At least that's the attitude of people calling for "cyber-hygiene." For example, Ben Hammersley, the editor at large of Wired UK, recently wrote in the Guardian

Marketplace

NSA spying could mean U.S. tech companies lose international business (CSO) Domestic Internet firms face political, economic consequences for breach of trust over the NSA surveillance controversy. Many are concerned the revelations could hurt their bottom line

PRISM paranoia is officially Google's worst nightmare (VentureBeat) Reports of widespread government surveillance aren't a problem for just you- they're a nightmare for Google as well. Since the initial PRISM reports dropped earlier this month, Google and other tech companies have struggled to distance themselves from the

PRISM scandal highlights need for B2B marketers to address customer privacy (FierceCMO) The PRISM spying scandal has brought the privacy debate to the forefront for Americans as it shines a spotlight on the data collection practices of several big companies. It has been brought to America's attention that Google, along with Facebook, Apple, Microsoft and others, collects billions of pieces of consumer information--mainly for marketing and advertising purposes. And it has now been unveiled that the information gathered may end up in the hands of "Big Government."

Snowden's Employer Has Philanthropic Ties and Espionage Roots (The Nonprofit Quarterly) Writing for CorpWatch, Pratap Chatterjee raises a very different issue: the roles and agendas of military and intelligence contractors like Booz Allen Hamilton, which he says collectively account for 70 percent of the $52 billion U.S. intelligence

Facebook's Former Security Chief Now Works for the NSA (The Atlantic Wire) About a year after Facebook reportedly joined PRISM, Max Kelly, the social network's chief security officer left for a job at the National Security Agency, either a curious career move or one that makes complete sense. The Chief Security Officer at a tech company is primarily concerned with keeping its information inside the company. Now working for an agency that tries to gather as much information as it can, Kelly's new job is sort of a complete reversal

The only winners of the NSA debacle are companies that protect your online privacy (Quartz) Companies that protect your privacy with software are seeing a big to their businesses following revelations that America's internet giants have been turned into appendages of its surveillance state

Lunarline Teams with Electrosoft for VA Contract Win (MarketWatch) Lunarline is a VA Certified Service-Disabled Veteran-Owned Small Business (SDVOSB) and is a recipient of the DOT Cyber Security Excellence Award and was

GAO bid protest on CIA cloud hinges greatly on solicitation ambiguity (FierceGovIT) The Government Accountability Office's protest decision directing the CIA to reopen a competition for a private cloud infrastructure after awarding a contract worth up to $600 million over 4 years with options for up to 5 more years hinges in great measure on ambiguity within the initial solicitation

Invertix, Near Infinity Complete Merger (GovConWire) Technology firms Invertix and Near Infinity have merged to become Altamira Technologies Corporation, led by President and CEO Art Hurtado. Hurtado said Tuesday that the rebranded company will "seek to deepen and align our core capabilities around emerging requirements in big data, cyber, analytics and mobility" for customers in spaces including national security and intelligence

Icahn makes a new proposal for Dell (FierceFinance) Carl Icahn appears to be on the defensive in the Dell buyout sweepstakes. None of his proposals so far have generated a lot of traction, prompting him to go public with yet another concept. In his latest effort to offer more shareholder value than Michael Dell's offer, he proposed that the company buy 1.1 billion shares of Dell at $14 each

Andreessen Horowitz and Citi Ventures Drop $11M Into Phone Fraud Prevention Startup (SecurityWeek) Security Firm Raises $11 Million To Help Combat Bank Phone Fraud and Improve Enterprise Call Center Security. Pindrop Security, a startup focused on combating phone-based fraud, today announced the close of an $11 Million Series A investment round led by Andreessen Horowitz and Citi Ventures

In-Q-Tel Bets On 3 Hot Technologies (InformationWeek) In-Q-Tel, the investment arm of the U.S. intelligence community, has signed new technology development agreements with three companies that are producing leading-edge capabilities in the areas of artificial intelligence, flash storage technology and portable solar-generated power supplies

CSI: Atlanta? No, It's Phone Fingerprinting (Dark Reading) Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud

Palantir Now Fighting Human Traffickers, Instead of the U.S. Army (Foregin Policy) The sharp-elbowed, ultra-connected data mining firm Palantir may be best known around Washington these days for its war with Army over its intelligence software. But the company is also making inroads in Foggy Bottom, where it's using its terror-hunting tech to help State Department fight human traffickers. And it's getting assists from unlikely allies like Google and LexisNexis

5 questions with Alissa Torres, SANS Instructor and Incident Handler at Mandiant (CSO) These days, the certified SANS Instructor and Incident Handler at Mandiant, draws upon her military experience daily on the job. Torres answered some questions for Leading Edge about how her time in the military prepared her for her current work in the

One on one with Gabriel Weinberg, CEO at DuckDuckGo (FierceContentManagement) DuckDuckGo is a search engine with a twist. It pledges not to track your information, while providing some interesting search features. We interviewed DuckDuckGo CEO and founder Gabriel Weinberg, and we asked him about the search engine's privacy policies and its growing popularity

Mark Schultz to Become SAIC EVP, General Counsel (GovConWire) Mark Schultz, a former chief legal and risk officer and corporate secretary at MWH Global, has joined Science Applications International Corp. (NYSE: SAI) as general counsel for its technical services and information technology segment

General Dynamics IT group appoints SVP of intelligence group (Washington Business Journal) He previously served as vice president and general manager of General Dynamics Information Technology's National Intelligence sector, providing IT solutions and mission support to the intelligence market, while also managing internal operations

Nimish Doshi Named Northrop Tech Services Sector CFO, VP (GovConWire) Nimish Doshi, a 16-year veteran of Northrop Grumman Corp. (NYSE: NOC), has been appointed chief financial officer and vice president of business management for the company's technical services sector

Microsoft Unveils Three Bug Bounty Programs for Win 8.1, IE 11 Previews (SecurityWeek) Microsoft will pay security researchers for issues they uncover in the preview versions of Windows 8.1 and Internet Explorer 11 (IE11) as part of its own bounty program

Products, Services, and Solutions

Shootout results: Best security tools for small business (IDGE Insider) Check Point comes out on top; Kerio, WatchGuard, Elitecore and Sophos score high in review of unified threat management (UTM) devices

Stanford tries to improve 'Do Not Track' browser privacy (CSO) Stanford University has launched an online privacy initiative meant to complement Do Not Track, an effort aimed at preventing sites from recording people's Web browsing without permission

Etisalat launches cyber-attack protection in UAE (Telecompaper) UAE operator Etisalat has launched a security product to prevent cyber-attacks through Distributed Denial of Service (DDoS) management, Emirates 24/7

Tool for IT challenges and legal requests (Help Net Security) Kroll Ontrack announced Ontrack PowerControls 7.0. Complete with Microsoft Exchange Server 2013 and Microsoft SharePoint Server 2013 support as well as new functionality for preserving and exporting

Ultra–fast online backup from GFI Software (Help Net Security) GFI Software announced GFI MAX Backup, a service that enables all MSPs to add secure data backup to the services they can offer customers at a time when demand for secure online backup continues to rise

Apple comes up short on enterprise mobility management, says 151 Advisors (FierceMobileIT) At its developers' conference held last week, Apple failed to address enterprise mobility management concerns by not offering functionality that could help IT departments manage and secure their fleets of iPhones and iPads, judged Bill Rom, managing partner at consulting firm 151 Advisors

Bitdefender Tops AV-Test Latest Android Security Review (PC Magazine) Earlier this week, AV-Test released the latest results in its continuing look at Android security. Only three apps failed to get certified, and the average detection rate of all the apps jumped up to 96 percent. Despite the close competition

Stonesoft Security Engine 5.5 Provides Virtual Engines (MarketWatch) The cyber security expert Stonesoft introduces the new Stonesoft Security Engine platform and Stonesoft Management

NSA spinoff Sqrrl debuts commercially with tech to set big data free (BizJournals) Cambridge startup Sqrrl on Wednesday announced the full commercial debut of its database software for powering big-data applications. Founded last year, Sqrrl offers an enterprise version of Apache Accumulo, which lets businesses apply controls to sensitive pieces of data so that the rest of the data doesn't have to be locked up

Technologies, Techniques, and Standards

9 reasons your sys admin hates you (IT World) Sys admins are the lifelines between your keyboard and productivity, so the last thing you want to do is get on their bad side. By avoiding these 9 faux pas, you can help keep your sys admin happy and your systems humming along

Cryptography and the Message for Liberty (Daily Reckoning) But we do have it, thanks to a series of simultaneous discoveries of the logic of public-key cryptography in the 1970s. (From Wikipedia, I'm amazed to learn that William Stanley Jevons, economist of the late 19th-century marginal revolution in

Thwarting facial recognition systems with privacy visors (Help Net Security) Despite Google announcement that it won't allow facial recognition on Google Glass (yet) and Facebook turning it off (just in Europe), every person should be aware that it is only a matter of time

Slide Show: 10 Ways Attackers Automate Malware Production (Dark Reading) Peeking into an attacker's toolbox to see how malware production is automated and the Internet is flooded with millions of unique malware applications

Inside Out vs. Outside In (Kaspersky Blog) When we think of information security, we tend to think of external hackers and cyber-criminals fighting their way inside an organisation's network to steal its information. Clearswift commissioned some research that takes a holistic view of information security incidents and found that 83% of organisations surveyed said they had experienced a security breach in the last 12 months. However, contrary to where the security spend is focused, 58% of all incidents originated from inside the organization rather than from shadowy, malevolent outsiders - the culprits being employees, ex-employees and trusted partners: people like you and me

With Online Connections, Appearances Can Deceive (InformationWeek) I get a consistent stream of LinkedIn invites on a daily basis. They fall in three broad categories

Threat Intelligence Staffing to Evolve Security Operations (SecurityWeek) The structure of today's enterprise organization security operations must evolve to compete with the growing threat landscape and sophistication of adversaries

Beware Of HTML5 Development Risks (Dark Reading) Local storage, native resource rights, and third-party code all add greater functionality and higher risk to HTML5 applications. As HTML5 continues to experience a groundswell of acceptance within the developer community, organizations must think seriously about how key changes in this latest standard will require them to shift their application security paradigms for Web and mobile apps. Designed to help developers more closely mimic native application through browser-based apps, HTML5 includes a number of useful features that pose as double-edged swords from a security perspective

Security ROI: 5 Practices Analyzed (InformationWeek) Traditionally, enterprise data security has relied on a "fortress defense" approach: keep all assets within a corporate castle and build towering walls to keep out the enemy. However, with an evolving threat landscape that includes targeted attacks, social engineering and spear phishing, the model leaves plenty of vulnerable attack points

PRISM: A Security Big Data Success Story (TripWire) If we put aside policy and politics around the PRISM news, this is actually a story of a successful application of a "Big Data" approach to security analytics

Research and Development

Computing: The quantum company (Nature) D-Wave is pioneering a novel way of making quantum computers -- but it is also courting controversy. "I've been doing combative stuff since I was born," says Geordie Rose, leaning back in a chair in his small, windowless office in Burnaby, Canada, as he describes how he has spent most of his life making things difficult for himself. Until his early 20s, that meant an obsession with wrestling -- the sport that, he claims, provides the least reward for the most work. More recently, says Rose, now 41, "that's been D-Wave in a nutshell: an unbearable amount of pain and very little recognition"

Legislation, Policy, and Regulation

The effect of PRISM on Europe's General Data Protection Regulation (Infosecurity Magazine) PRISM is the US surveillance program that allows the NSA to gain access to the accounts of major US cloud services providers, including the accounts of non-US citizens. The GDPR is the proposed data protection law for the EU. The two are, on the surface, incompatible

European Commissioner Squares Up to Eric Holder Over "Completely Illegal" Surveillance (Slate) The Obama administration is trying to quell public concern about the extent of the National Security Agency's surveillance programs. But the public relations effort is having zero impact in Europe--where a serious backlash against the spying continues to unfold in the European Parliament

Gov't surveillance & the loss of trust (New York Post) Amid all the heated cross-currents of debate about the National Security Agency's massive surveillance program, there is a growing distrust of the Obama administration that makes weighing the costs and benefits of the NSA program itself hard to assess

NSA Checks, Balances Out Of Whack (Miami Herald) Disclosures about National Security Agency cyber-spying on millions of Americans vividly illustrate how the federal governments check-and-balance system is out of balance

'The Watchers' Have Had Their Eyes On Us For Years (KUHF-FM) Shane Harris, an author and journalist who covers intelligence, surveillance and cybersecurity for a number of publications, says that the revelations about

NSA Tests IT Access Control Restrictions (InformationWeek) Could two-person access requirements and better automation prevent future leaks? The National Security Agency (NSA) is studying new information security policies and technology to help the agency prevent future leaks

Contractors Clearing Contractors Shows U.S. Secret Access Spike (Bloomberg) The U.S. government is increasingly relying on contractors to conduct background investigations for security clearances like the top-secret access granted to Edward Snowden

What Prism Knows: 8 Metadata Facts (InformationWeek) Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques. One of the biggest worries triggered by Edward Snowden's National Security Agency (NSA) leaks concerns the scale of data being collected by the intelligence agency

Intelligence community defends surveillance programs (FierceGovIT) Intelligence community and Justice Department officials took to a rare open hearing of the House Intelligence Committee to defend surveillance programs, with National Security Agency head Gen. Keith Alexander stating that intercepted information has helped prevent more than 50 potential terrorist attacks across the globe since Sept. 11, 2001

Deputy AG admits spy program mistakenly targets innocent people (Washington Examiner) James Cole, deputy attorney general, testified before the House Intelligence Committee on Tuesday that when it comes to metadata collection, "every now and then there may be a mistake"

IG: DHS Needs Cybersecurity Strategic Plan (GovInfoSecurity) The Department of Homeland Security lacks a strategic plan for implementing long-term goals to help agencies comply with the Federal Information Security Management Act, according to the department's inspector general

Equip forces with cyber warfare tools (Cyberwarzone) Noting that cyber attacks could cause destruction on an unprecedented scale, former President A P J Abdul Kalam on Thursday stressed on the need to equip future officers of armed forces to envisage and combat technology-driven warfare

Litigation, Investigation, and Law Enforcement

Rand Paul: James Clapper was lying (CNN) President Barack Obama's director of national intelligence was flat-out lying when he told lawmakers in March the government wasn't collecting data on millions of Americans, Sen. Rand Paul asserted Tuesday

Greenwald: NSA chief 'misleading' (Politico) Guardian reporter Glenn Greenwald disputed National Security Agency Director Keith Alexander's statement that the NSA's surveillance programs have stopped more than 50 terrorist plots, calling his comment "misleading." "It's not that they're lying

'Tell your boss I owe him another friggin' beer:' Hot mic catches NSA boss praising FBI chiefs for supportive testimony on surveillance programs (Daily Mail) The director of the National Security Agency was overheard offering a round of beer to the FBI's second-in-command following Tuesday's congressional hearing on the NSA's controversial surveillance programs

2 Senators: Phone Data Didn't Help Fight Terror (Washington Post) The National Security Agency's massive collection of Americans' phone records has "played little or no role" in the disruption of dozens of terrorist plots, contrary to Obama administration assertions, said two U.S. senators who have access to classified information

Merkel Challenges Obama on Surveillance (New York Times) Challenged personally by Chancellor Angela Merkel of Germany about American intelligence programs that monitor foreigners' communications without individualized court orders, President Obama said Wednesday that German terrorist threats

Obama Says Surveillance Helped In Case In Germany (New York Times) Pressed personally by Chancellor Angela Merkel of Germany about the United States surveillance of foreigners phone and e-mail traffic, President Obama said Wednesday that terrorist threats in her country were among those foiled by such intelligence operations worldwide a contention that Ms. Merkel seemed to confirm

Hiding behind judicial robes in the battle over national security (Fox News) In the most unlikely of outcomes, everyone's favorite crutch in the controversy over the National Security Agency's eavesdropping programs has become the Foreign Intelligence Surveillance Court (FISC). Sitting in a steel vault at the top of the Justice

Feds: we can't give up cellular location data, because NSA doesn't collect it (Ars Technica) In wake of NSA-Verizon disclosure, lawyers are asking for new information

Amazon Web Services: We'll go to court to fight gov't requests for data (IT World) AWS said it will disclose government requests for data to customers and help customers fight such requests

Privacy officials from six nations want answers about Google Glass (Naked Security) The privacy officials of six countries and the European Commission have a host of questions about Google Glass, wouldn't mind getting their hands on the devices, and are wondering why, exactly, Google hasn't rung most of them up to hash out the privacy issues

France Gives Google Three Month Deadline Over Privacy Policy (SecurityWeek) France on Thursday threatened Google with a fine of up to 150,000 euros ($198,000) if it does not bring its privacy procedures into line with French law on data protection within three months

Google, responding to Edward Snowden's leaks, challenges gag order on NSA (Washington Post) The details of the National Security Agency's surveillance programs have been gradually emerging since Edward Snowden, a former contractor for the agency, leaked classified documents describing them earlier this month. Still, basic questions remain

Why Is Google Pushing Back So Hard Against the Feds? (Slashdot) Google has asked the Foreign Intelligence Surveillance Court, the federal court that oversees surveillance warrants, to loosen its gag order on how often the federal government requests user data from tech companies

Julian Assange Emerges As Central Figure In Bradley Manning Trial (Huffington Post) Bradley Manning is at the defense table. Casting a long shadow over his trial, however, is the figure of someone else the government would apparently like to put on trial: Julian Assange. On Tuesday, government prosecutors sparred

Judge sides with US government, Army in document dispute involving Bradley Manning (Fox News) The Army also promised to be forthcoming with the documents as Manning's trial, which began June 3, continues at Maryland's Fort Meade. The documents are being posted for the public and press on an Internet site. But lawyers for the center said they

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.

NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.

ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).

Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.

American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.

Digital Forensics and Incident Response Summit (Austin, Texas, USA, Jul 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.

London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.

3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.

cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.

Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.

2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.

Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.