The CyberWire Daily Briefing for 6.21.2013
#opPetrol did launch, but with such limited effect it must be judged another Anonymous fizzle. Other hacktivists—US-based TeamBerserk—attack Hong Kong's CITIC Telecom unit.
Denial-of-service attacks hit Boston's public transit system (via its Network Solutions host) and British lender Amigo. Morningstar suffers a data breach affecting 182,000 clients' information.
Venerable remote administration tool PoisonIvy improves its stealth by hiding in a legitimate application. In the criminal economy a subscription-based service supports DIY Bitcoin mining, even as underground boutiques increasingly accept payment in Bitcoins. The Samsung Galaxy S4 is found vulnerable to smishing. Puppet automation software is vulnerable to remote code execution.
This week's LinkedIn DNS issue turns out, as suspected, to be an error, not a hack.
Businesses, particularly their boards, are advised to take cyber crime seriously—a Naked Security opinion piece gives it good treatment. A Quartz essayist, seeking to place PRISM in context, thinks pervasive data collection and big data analytics mean privacy is irretrievably lost.
Others are less willing to surrender, as evidenced by more privacy and do-not-track products hitting the market. Some privacy tools, as Ars Technica notes, may actually pique governments' surveillance interest. Others call for a "Nuremberg Code"—informed consent rules—to govern big data.
The US Congress considers "Aaron's Law" modifications to CFFA, and a bill to foster FISA court declassification is also introduced. The Guardian releases more leaked PRISM documents. Senators accuse security investigation contractors of background investigation fraud as the Office of Personnel Management pleads an impossible investigatory workload.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Indonesia, Democratic People's Republic of Korea, Russia, Saudi Arabia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
OpPetrol Launched: Government Sites from Saudi Arabia and Indonesia Hacked (Softpedia) So far, the hackers have managed to breach a government website from Saudi Arabia and eight government sites from Indonesia. Most of the sites have been restored, but some of them are still inaccessible
Morningstar Hacked (eSecurity Planet) 182,000 clients' names, mailing addresses, e-mail addresses and passwords were exposed, along with 2,300 clients' credit card numbers
Website of guarantor lender Amigo Loans crashes twice in two days after coming under cyber attack" (Daily Mail) Guarantor lender Amigo Loans claims its website has crashed twice in the last month after being targeted by cyber criminals
MBTA.com goes down after cyber attack hits company that runs domain (Boston.com) The MBTA's website became inaccessible late Wednesday night and into Thursday when an outside company that runs domain name services for many websites, including mbta.com, experienced technical issues related to a cyberattack, officials said
US hackers claim cyber attack on CITIC Telecom unit (Hong Kong Standard) A US-based hacking group has claimed responsibility for a cyber attack on a CITIC Telecom subsidiary in which the personal details of more than 2,500 customers were stolen. The police's Commercial Crime Bureau said it is investigating the hacking of
PoisonIvy Uses Legitimate Application as Loader (TrendLabs Security Intelligence Blog) I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar
New subscription-based SHA256/Scrypt supporting stealth DIY Bitcoin mining tool spotted in the wild (Webroot Threat Blog) A recently released subscription-based SHA256/Scrypt supporting stealth DIY Bitcoin mining tool is poised to empower cybercriminals with advanced Bitcoin mining capabilities to be used on the malware-infected hosts that they have direct access to, or have purchased through a boutique cybercrime-friendly E-shop selling access to hacked PCs. Let's take a peek at the DIY Bitcoin mining tool, and discuss some of its core features
New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin (Webroot Threat Blog) Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire
Qihoo 360 Discovered Serious Smishing Vulnerability In Samsung Galaxy S4 (Dark Reading) Vulnerability is related to the "cloud backup" feature of Galaxy S4
Brazen new Android Trojan manages your device for you (GMA News) This brazen new malware not only steals data from an infected smartphone or tablet—it also takes control of the entire device. Security vendor Bitdefender said the new malware—Trojan.Obad.A—seizes administrator privileges to manage the infected device
Security Flaw Found in Puppet IT Automation Software (eSecurity Planet) The vulnerability could enable remote code execution. Puppet Labs recently published a notice warning of a remote code execution vulnerability in its Puppet automation software (h/t The Register)
The LinkedIn hack that wasn't (Naked Security) Bryan Berg, the co-founder of microblogging site App.net, pronounced earlier today that LinkedIn had been hacked. That turned out to be not quite correct, as Paul Ducklin explains
Security Patches, Mitigations, and Software Updates
Oracle and Apple update Java - zapping browser Java would already have blocked 92.5% of the risk (Naked Security) As promised last week, Oracle shipped a Critical Patch Update for Java on Tuesday 18 June 2013. Apple, which offers its own builds of Java, updated at the same time. Paul Ducklin takes a look
Cyber Trends
Who needs the NSA? Your dishwasher is already watching every move you make (Quartz) In the aftermath of Edward Snowden's disclosures about alleged surveillance programs by the National Security Agency, it's tempting to undertake a wholesale rethink of your online behavior, get a burner phone and install new e-mail tools, or just cut the cord entirely—except even that may not keep away the gaze of surveilling parties. Just living in a modern, equipped home is enough to create multiple peepholes for the government, or even foreign hackers, to figure out what you're doing
Hey board directors, help your companies fight cybercrime - and yes, it matters (Naked Security) According to a recent report by the ICSA, boardrooms need to "wake up" to the danger of cybercrime, as their buy in is vital to ensure companies are prepared to face cyber threats
Cybersecurity is a business imperative (Help Net Security) While cybercrime threats are on the rise, current attempts to counter them remain largely unsuccessful. According to the 2013 State of Cybercrime Survey report, organizations have made little progress
Film: High risk reporting along China's Great Firewall in High Tech, Low Life (ZDNet) Eagerly-awaited documentary High Tech, Low Life released this week online. The film chronicles life on the edge for two bloggers under China's increasing surveillance and propaganda directives
Knowing The Cyber Business (Armed with Science) As U.S. Cyber Command gains strength and steadily extends its range across the newest warfare domain, it has called on all the services over the next five years to contribute trained-up teams of cyber operators to ensure U.S. military freedom of action
Most Companies Unprepared For Cyber-Attacks, Analysts Say (BestTechie) The FBI created "cyber-squads" to police the web, however, they haven't been able to fight off website attacks of the White House, CIA, FBI, Department of Justice, US Department of Homeland Security, and many others. A recent breach at the Pentagon
How does cloud computing factor into health data breaches? (HealthITSecurity.com) The Cloud Security Alliance released The Notorious Nine: Cloud Computing Top Threats in 2013 that believes cloud security is an imminent threat and listed data breaches as it top threat. It cited University of North Carolina, the University of
Marketplace
Bid protest process cost effective way to promote private sector confidence, says Gordon (FierceGovernment) The benefits of bid protests outweigh costs because protests provide a low-cost way for disgruntled participants to air their complaints, former Office of Federal Procurement Policy Administrator Daniel Gordon says in a paper to be published this year in the Public Law Contract Journal
Sequestration cuts hurt DoD ability to provide budgetary readiness statement, survey says (FierceGovernment) Across-the-board sequestration cuts have hurt the Defense Department's ability meet the the fiscal 2014 audit-readiness of budgetary resources goal, a June survey (.pdf) conducted by American Society of Military Comptrollers and Grant Thornton says
Obama pay cap proposal would mostly affect large contractors, GAO says (FierceGovernment) If White House proposed legislation to cap reimbursment for contractor executive pay at the president's salary is enacted for cost reimbursment contracts, few small contractors would be affected but for larger contractors reducing the cap would dramatically increase the number of employees with pay above the cap, a June 19 Government Accountability Office report says
SRA Wins NIH Tech Support Task Order for $184M BPA (ExecutiveBiz) SRA International will provide information technology support services to the National Institutes of Health under a task order, part of a blanket purchase agreement worth up to $184 million
Microsoft's Bug Bounty Program and the Law of Unintended Consequences (Threatpost) The Microsoft bug bounty program has been nearly a decade in the making and it is clear from the shape and size of it that the company did not simply slap the program together in order to join the cool kids. Rather, Microsoft's security team spent years watching the way other programs work, seeing what incentives attract good researchers and looking for a system that made sense for Microsoft's specific goals. The result is a well thought-out reward system that likely will reward good research while making customers safer at the same time. But the program may also create some unintended consequences and ripples in the security world
Will SAIC Stock Rise From Its Impending Split? (Motley Fool) SAIC has earned a solid reputation in the cyber-security industry, benefiting from the rise in Internet- and network-based attacks on computer systems and other technology. But its strategic move to split itself in two would create a smaller government
CACI Appoints Larry Clifton Chief Human Resources Officer (Business Wire) CACI International Inc (NYSE:CACI) announced today that it has appointed Larry Clifton Chief Human Resources Officer and Executive Vice President, effective immediately. Mr. Clifton had been performing as Acting Chief Human Resources Officer since February, during which time he worked closely with CACI's executive team, business groups, and staff organizations to align the company's HR initiatives with its strategic goals and objectives
Stonesoft Names Antti Reijonen as Global Chief Technology Officer (Channel EMEA) Cyber security expert, Stonesoft, has today announced the appointment of Antti Reijonen as the company's global CTO. In this role, Reijonen will be
Products, Services, and Solutions
How Vine Climbed to the Top of the Social Media Ladder (Wired) Wired chats with Vine's three young founders – Rus Yusupov, Dom Hofmann, and Colin Kroll – about how the fantastically popular mobile video service grew up
Twitter Can't Control Rapid Growth of Its Vine (Wired) Twitter's app for sharing short videos, Vine, has seen web traffic grow more than 46-fold, while the App has more than doubled its share of U.S. iPhone users — all in less than six months. This explains rumors that Facebook
Cookie Clearinghouse to enable user choice for online tracking (Help Net Security) The Center for Internet and Society (CIS) at Stanford Law School launched a new online privacy initiative called the Cookie Clearinghouse, which will empower Internet users to make informed choices
Cybersecurity Arsenal List 2013 (Cyberwarzone) The tools in this list are owned by tool developers or vendors and they can be modified any time.If you have any question about these tools, please direct contact tool developers or vendors
Clueful Privacy Advisor (for Android) (PC Magazine) Malware is the big bad boogeyman [of Android, but a far more common problem happens to be apps that just ask for a few too many permissions. In the worst case, malicious apps can take advantage of SMS permissions to send premium messages and sign you up for unwanted services. In other scenarios, you might just not want to own a game that wants access to your address book
Coming soon: Data convergence, common data pools and data dredging vendors (FierceBigData) Like many CIOs in government at the state and local level, Maryland's CIO, Michael Powell, is actively pushing to use big data to solve local problems. Already, Maryland has created a consortium of all 47 acute care hospitals in the state, creating a platform for a health information exchange. Powell says that in the future, the platform will serve for other uses too, including sharing diagnostic data throughout the system and integrating cost data
GE partners with AWS for big data clout in Industrial Internet (FierceBigData) General Electric is highly focused on cashing in on the "Industrial Internet," wherein machines talk to the cloud and companies can then tap that industrial data in real-time to do many things, including automating industrial processes beyond anything that has been seen so far. However, the machines doing the talking are not limited to those bolted to a factory floor. Even jet engines, gas turbines and MRI machines will be reporting constantly to the cloud
Firefox Advances Do Not Track Techonology (InformationWeek) Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers
Technologies, Techniques, and Standards
Data Classification Can Boost Risk Management (Dark Reading) The trouble is organizations must execute on classification and retention policies to gain benefits. The effectiveness of data classification and retention policies can have strong ripple effects across an organization's entire IT risk management framework. After all, how data is classified can determine what risk management priorities are placed on it and the less data that is retained long-term, the less volume the organization has to sift through to determine appropriate protection levels
Why Are We So Slow To Detect Data Breaches? (Dark Reading) Poor instrumenting of network sensors, bad SIEM tuning and lack of communication between security team members allows breaches more time to fester
Analyzing Vulnerabilities In Business-Critical Applications (Dark Reading) Fears of downtime and broken apps complicate the vulnerability scanning process. Here are some tips to help
Use of Tor and e-mail crypto could increase chances that NSA keeps your data (Ars Technica) When it comes to surveillance rules, some US people are more equal than others. Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they're collected inadvertently, according to a secret government document published Thursday
Wall Street prepares for simulated cyber attack (Help Net Security) This edition of the cyber drill is a bit different from the first one conducted in November 2011, when the participants were all sitting at one table and dealing with both a cyber attack and mock armed attackers trying to get into the physical premises
Visualization, predictive analytics top tools for cyber defenders (FierceBigData) Cyber criminals are launching more sophisticated attacks every day but thanks to big data tools, they can no longer operate undetected. Wayne Rash at eWeek gives a compelling account of how cyber defenders are using big data visualization and predictive analytics not only to track attacks in real-time, but to watch the earliest movements towards building an attack in order to stop it before it gets much beyond the planning stage
It's All about the Applications (SecurityWeek) In my previous SecurityWeek column, I wrote about Managing Security with the Business in Mind and discussed briefly the importance of taking an application-centric approach to security policy management. I'd like to drill down into that a bit more because critical applications fuel the business and oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security (i.e. safely remove firewall rules no longer in use by decommissioned applications) and allow IT to keep up with the dynamic needs of the business (i.e. process changes much more quickly and enable faster service delivery). The problem is, it's not that simple
NIST guide aims to make industrial control systems more resilient (FierceGovIT) Industrial control systems, such as those used by utilities and manufacturing, are integrating new capabilities that promote connectivity and remote access, but also necessitate unique security solutions, says the National Institute of Standards and Technology in an updated special publication issued May 15
NIST promises iris biometric ID standard soon (FierceGovIT) The National Institute of Standards and Technology is still readying a standard for the use of iris images in federal identity cards and intends to release a special publication covering the use of the iris biometric this July, said Charles Romine, director of the NIST Information Technology Laboratory
Coming soon: Data convergence, common data pools and data dredging vendors (FierceBigData) Like many CIOs in government at the state and local level, Maryland's CIO, Michael Powell, is actively pushing to use big data to solve local problems. Already, Maryland has created a consortium of all 47 acute care hospitals in the state, creating a platform for a health information exchange. Powell says that in the future, the platform will serve for other uses too, including sharing diagnostic data throughout the system and integrating cost data
Legislation, Policy, and Regulation
Global repercussions of PRISM scandal (Help Net Security) The revelation of the existence of the PRISM program, which allows U.S. government agencies to either directly or indirectly have access to email and chat content, videos, photos, stored data, transferred files, notifications, online social networking details, and more of users of nine of the biggest and most popular Internet companies and services in the world today has apparently shaken the rest of the world more than it has U.S. citizens
Edward Snowden and Booz: How Privatizing Leads to Crony Corruption (The Atlantic) Booz Allen Hamilton, Edward Snowden's former employer, is a cash cow earning billions from its intelligence work for the U.S. government. Snowden is among thousands of people who used to work for the government who went on to earn far more doing the
Nelson calls for Senate probe into contractor security clearances (Tbo.com) But Nelson, reacting to a question from the Tribune about another incident involving a Tampa-based Booz Allen Hamilton hire, wrote a letter to Sen. Dianne Feinstein, chair of the Senate Select Committee on Intelligence, calling for an investigation
Senator says Booz Allen hired convict for classified job (Reuters) Senator Bill Nelson said contractor Booz Allen Hamilton had hired an employee convicted of lying to the U.S. government for a position in which he would handle classified documents. Nelson, a Florida Democrat, called on the
FBI director defends phone surveillance program (CSO) Senators question the FBI's collection of U.S. phone records
Privacy advocates hope Texas law against online snooping inspires Congress (CSO) While the Lone Star state is the first, it is unlikely to be the last to pass such a law
NSA Leak Could Prompt Re-Analysis of Data Collection (Voice of America) Recent disclosures about how the U.S. National Security Agency collects information for top-secret surveillance programs could prompt U.S. intelligence agencies to reconsider their data-collection processes and who has access to the information
Hard National Security Choices (Lawfare) The National Security Agency has released two documents, which describe the two sections of FISA—sections 215 and 702—that lie at the center of the controversy sparked by the Edward Snowden leaks. Read them here and here
National Security Über Alles? (Huffington Post) The controversy over the National Security Agency's gigantic information-gathering and collection programs is sparking a much-needed national debate. And that's a good thing, for a number of reasons. Sure, a lot of this is about the ongoing tension
The numbers game muddies NSA surveillance debate (Barre Montpelier Times Argus) The National Security Agency building at Fort Meade, Md. is shown. As many as one of every five worldwide terror threats picked up by U.S. government surveillance has been targeted on the United States, the Obama administration says
"Aaron's Law," to amend the CFAA, introduced in Congress (SC Magazine) Lawmakers have unveiled companion bills in the House and Senate that would reform a federal anti-hacking law that critics believe is outdated and has enabled unnecessarily aggressive prosecutions
Aaron's Law, the Much-Needed Reform of the CFAA, Is Finally Here (Wired) Lying about one's age on Facebook, or checking personal email on a work computer, could violate this felony statute. This flaw in the CFAA allows the government to imprison Americans for a violation of a non-negotiable, private agreement that is
Lawmakers introduce new bill to compel gov't to declassify secret court opinions (Ars Technica) Former senator who had a hand in its creation calls secret court "disturbing."
The New Triad (ForeignPolicy.com) This "New Triad" consists of special operations forces, unmanned vehicles, and cybercapabilities. Each has an important individual role to play, but taken together, the sum of their impacts will be far greater than that of each of the parts when used alone
Crackdown On Leaks Has Chilling Effect (Miami Herald) Even before a former U.S. intelligence contractor exposed the secret collection of Americans phone records, the Obama administration was pressing a government-wide crackdown on security threats that requires federal employees to keep closer tabs on their co-workers and exhorts managers to punish those who fail to report their suspicions
CIO empowerment isn't just for department CIOs, says Szykman (FierceGovIT) Recent congressional testimony and White House oversight has further fueled the discussion around strengthening federal chief information officer authorities. While the focus has largely been on centralizing programs under the department CIOs, Commerce Department CIO Simon Szykman says greater authorities should be given to component CIOs as well
We Need a Nuremberg Code for Big Data (Slate) The world of social-engineering surveillance is growing rapidly. Recent revelations about the federal government's PRISM program have sparked widespread debate about the benefits and harms of state surveillance of Americans in the name of national security. But what about the surveillance we submit to in the service of more mundane activities, like improving children's vocabularies or increasing student engagement in the classroom? This growing world of social-engineering surveillance has garnered far less attention and controversy but poses significant challenges to the future of privacy
Litigation, Investigation, and Law Enforcement
5 Fun Facts From the Latest NSA Leak (Wired) After a brief respite, the Guardian newspaper has resumed its publication of leaked NSA documents. The latest round provides a look at the secret rules the government follows for collecting data on U.S. persons. We found a number of interesting
New NSA Warrantless Tactics Reveal Little Room For Presumption Of Innocence (TechCrunch) The Guardian released new details about the National Security Agency's spying practices, which reveals how analysts can store vast sums of data without a warrant. Specifically, if the NSA "inadvertently" stumbles upon anything related to a potential crime, it can store the data for later investigations. Quite reasonably, the Supreme Court has declared that law enforcement can
Revealed: the top secret rules that allow NSA to use US data without a warrant (Guardian) Fisa court submissions show broad scope of procedures governing NSA's surveillance of Americans' communication
Snowden Invited To Iceland By Founder Of Payment Provider DataCell (TechCrunch) Reuters is reporting that Olafur Vignir Sigurvinsson, founder of colocation service Datacell, is offering to fly NSA whistleblower Edward Snowden from Hong Kong to Reykjavik in a private jet should the country grant him asylum
Company Being Probed Did Snowden Background Check, Senator Says (Bloomberg) A federal contractor under criminal investigation conducted the background check on Edward Snowden, who leaked secret documents on U.S. surveillance programs, a lawmaker said
Report: Fraud in security checks (Politico) Nearly 5 million Americans have security clearances, a number that has made news since Snowden used his access to release secret information about National Security Agency surveillance programs. Almost three-quarters of those individuals have
Feds Seized 1,700 Online Domains in 3 Years (Wired) Federal authorities said today that, since June 2010, they have seized more than 1,700 domains that allegedly breached intellectual property rights. Seized under a program known as "Operation in Our Sites," the domains hosted material the authorities said illegally streamed
Google told to delete Street View payload data or face UK prosecution (The Guardian) Information commissioner's office says it will launch contempt of court proceedings if data is not deleted within 35 days
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.
Digital Forensics and Incident Response Summit (Austin, Texas, USA, Jul 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.
London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.
3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.
cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.
Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.