The CyberWire Daily Briefing 01.21.13

Cyber Trends

Brits trust banks more than government to protect them from fraud (Finextra) The vast majority - 80% - of Brits think that government and law enforcement agencies only do an average or below average job of fighting card and account fraud, according to the poll of around 300 people. A notable minority - 16% - say the government is doing a very bad or poor job, and two thirds say ministers are doing an average job. Just a fifth think they are doing a good or excellent job

EMC Corporation : Security Leaders Urge Organizations to Prepare for Big Data Revolution in Information Security (4-Traders) Security experts from Booz Allen Hamilton, Northeastern University and RSA predict Big Data will likely transform nearly all core technology segments in information security within the next two years. Newest RSA Security Brief, "Big Data Fuels Intelligence-Driven Security" offers guidelines to help organizations leverage security Big Data and intelligent analytics to better assess risk, prevent and even predict high stakes and unknown threats

65 percent of firms fear a cyber attack in 2013 according to BCI research (AME Info) A new survey published by the Business Continuity Institute (BCI) in association with BSI has revealed that 65% of organizations are extremely concerned or concerned about a cyber attack in 2013. The survey also reveals that 71% see the use of the

5 Ways Business Still Fails The IT Organization (InformationWeek) I've received a lot of responses to my recent column, "6 Ways IT Still Fails The Business." Some of you didn't like it. "I believe you are wrong on every point you have made," offered one reader. The most common response was along these lines: "Agree, but the problem is a two-way street." That is, business unit leaders share the blame when IT teams can't deliver everything a company wants. Based partly on your feedback, I offer some of the ways business leaders fail their IT organizations

BYOD to fuel enterprise spending on data recovery in 2013 (Fierce Mobile IT) The widespread use of mobile devices at work will pose data recovery challenges, fueling enterprise investment in data recovery tools, predicted data recovery firm Kroll Ontrack. The prediction is based on an increase in data recovery requests in 2012 prompted by mobile devices in the workplace and the adoption of virtualization, according to the data recovery firm

Ovum: Mobile business intelligence will enable timely business decisions (Fierce Mobile IT) Mobile business intelligence will enable enterprises to adapt to the new mobile business reality that requires them to have access to mobile BI in order to make timely business decisions, according to research firm Ovum

Legislation, Policy and Regulation

Cyber security needs to be a board level issue (Help Net Security) As part of the much talked about Cyber Security Strategy, the UK Government is committed to helping reduce vulnerability to attack and ensure that the UK is the safest place to do business. One strand of the strategy was an executive briefing, which targeted the most senior levels in the UKs largest companies and provided them with advice on how to safeguard their most valuable assets, such as personal data, online services and intellectual property. In September 2012 the UK Government launched Cyber Security Guidance for Business at an event that was attended by FTSE 100 CEOs and Chairs

'Aaron's Law' could have unintended consequences (CSO) Tragedy shouldn't undermine protection of private and public property, experts say

Keeping The Internet Free (Washington Post) IInternet freedom is not something to be taken lightly, as anyone who has tried to gain access to forbidden sites in China will tell you. The countries that would like to censor Internet content, including Russia, China, Iran and others, were eager to see their authority to do so etched into a United Nations treaty debated at a conference last month in Dubai. The United States and other nations committed to a free and open Internet refused to sign the treaty. It was a largely symbolic protest but the right thing to do

Products, Services, and Solutions

Cisco releases three 802.11ac powered Smart Wi-Fi Routers (Help Net Security) Cisco Linksys announced the expansion of its Linksys Smart Wi-Fi portfolio with three 802.11ac powered Smart Wi-Fi Routers, a new compact 802.11ac USB adapter, new features and new Smart Wi-Fi Apps

CounterTack gets first patent for cyber attack protection software (Boston Business Journal) CounterTack, a Waltham, Mass. company led by CEO Neal Creighton, that helps companies protect against cyber attacks in progress, has received its first patent for its cyber attack detection technology

Review: WordPress 3 Ultimate Security (Help Net Security) Author: Olly Connelly Pages: 408 Publisher: Packt Publishing ISBN: 1849512108 Back in 2004, the company behind the then-popular blogging platform Movable Type shot themselves in the foot by

Lenovo unveils ThinkPad X131e Chromebook (Fierce CIO: TechWatch) Lenovo on Thursday unveiled a new 11.6-inch Chromebook that is specially designed to meet the needs of K-12 educational institutions. The ThinkPad X131e Chromebook comes in at just below four pounds, and comes with an Intel (NASDAQ: INTC) processor and a 1366x768 resolution anti-glare display

Microsoft drives users towards subscription service with Office 2013 (Fierce CIO: TechWatch) Microsoft is getting ready to launch Office 2013 within the next few weeks, says longtime Microsoft watcher Mary Jo Foley. Based on information that Microsoft shared with some of its partners this week, the stand-alone versions of Office Standard 2013 and Office Professional Plus 2013 look set to retail at $369 and $499 respectively, she writes

Technologies, Techniques, and Standards

10 Tips To Scare Away the Cyber Stalker (SymbianOne) Privacy and security is always a concern, particularly in this era of social media and excessive social sharing. Did you know that January is the tenth annual National Stalking Awareness Month dedicated to educating the public about the dangers related to the crime of stalking both online and offline? The National Cyber Security Alliance (NCSA) and McAfee (security software provider) have offered up some valuable tips for those of you who have been or may become victims of cyber stalkers. Indeed some useful tips here, however, it may be a mammoth effort to go back in time and correct everything so be aware, you may be in store for a huge effort if this is a concern of yours

Marketplace

China's Huawei criticizes US security complaints (Metronews) Chinese tech giant Huawei on Monday criticized U.S. claims the company might be a security risk as trade protectionism that harms consumers. The comments came as Huawei Technologies Ltd., a maker of network switching gear and smartphones, disclosed details of its 2012 performance in an effort to show transparency and allay security concerns. At a news conference, chief financial officer Cathy Meng expressed frustration about U.S. security complaints

NHS trust opts for HP active-active no-SSD tier SAN deployment (Computer Weekly) Brighton and Sussex University Hospitals NHS Trust (BSUH) has upgraded its storage and disaster recovery infrastructure as part of a 10-year 26m IT consolidation and electronic patient records (EPR) project. The NHS trust chose HP over Dell, and has implemented HP private cloud infrastructure with LeftHand iSCSI SANs in active-active configuration to support the complete revamp of its IT systems

Air Force Space Command to bolster cyber force (US Air Force) The Air Force Space Command expects to be directed to add 1,000 new people, mainly civilians, to its base of about 6,000 cyber professionals for fiscal 2014, the command's chief said here Jan. 17. Speaking with reporters at a meeting of the Defense Writers Group, Gen. William L. Shelton said direction for the hires would come from the Office of the Secretary of Defense, fueled by the U.S. Cyber Command.

Triple Canopy JV Wins $181M for Natl Lab Security (Govconwire) A Triple Canopy-Securiguard joint venture has won a potential $181,672,893 contract from the U.S. Energy Department for security services at a national laboratory, the department said Thursday. Reston, Va.-based National Strategic Protective Services LLC won the potential five-year contract, which contains three base years and a two-year option. Santa Fe Protective Services, a woman-owned small

ManTech to Help DoD Anti-Terror Office Manage R&D Programs (Govconwire) ManTech International (NASDAQ: MANT) has won a potential $33.5 million contract to help a Defense Department program office manage counterterrorism projects, the company said Friday. The cost-plus-fixed fee contract with the Combating Terrorism Technical Support Office has one base year and two one-year options. ManTech said the CTTSO oversees a national research and development program

Hudson cyber security firm lands investment company client (Wicked Local- Hudson) Hudson-based Corero Network Security, global provider of Distributed Denial of Service (DDoS) defense, announced that Zacks Investment

Big Data Profile: Booz Allen Hamilton's Josh Sullivan (InformationWeek) Dr. Josh Sullivan, VP at consulting firm Booz Allen Hamilton, talks hiring challenges, big data consortiums, and more

North Korean Internet stance will affect its 'physical world,' 'economic growth' (Ars Technica) Eric Schmidt blogs about his trip to the country, full of Linux and restrictions. Former Google CEO Eric Schmidt is back from a North Korean trip not everyone was thrilled about. Last night, he took to his Google+ page to post a few quick thoughts on the experience--leading with an unsurprising revelation. "Overall, the technology in North Korea is very limited right now." Schmidt described a few quick problems he encountered during his trip

The Silicon Valley Elite Need A Culture Of Duty (TechCrunch) Editor's note: Joe Lonsdale is a General Partner at Formation 8, an early-growth technology fund. He is co-founder of Palantir and Addepar and is proud to be behind other successful mission-driven technology companies. When we saw a huge gap in the government's technology response to 9/11 and founded Palantir in 2004, Silicon Valley venture capitalists refused to invest. They said "no"

Herrod To Leave VMware, Join Venture Capital Firm (InformationWeek) Steve Herrod has resigned as CTO of VMware to become managing partner of General Catalyst and share his startup experience

Cylance hires former DHS official, other prominent cyber experts (Reuters) Technology startup Cylance Inc hired four prominent experts in the field of protecting power plants, water utilities and other infrastructure systems from cyber attacks as the firm gets ready to release its first line of security products. The list includes Eric Cornelius, who just stepped down as deputy director and chief technical analyst with the Department of Homeland Security's Control Systems Security Program. Cornelius helped manage the agency's Industrial Control Systems Cyber Emergence Response Team, or ICS-CERT, which investigates cyber incidents at utilities and other infrastructure operators across the United States

Research and Development

A New Twist to Light Wave Communications (SIGNAL Magazine) Twisted beams of light may illuminate a straight path to more secure and higher capacity communications. A new type of photodetector developed at Harvard's School of Engineering and Applied Sciences (SEAS) allows systems to judge these beams by their spin rate. It will allow the encoding of an infinite amount of numbers in those data streams, which offers the potential for dramatically larger data rates as well as better encryption

Google Aims To Eliminate Need For Passwords, Looks To Cryptography (Hot Hardware) Most of us have dozens of passwords to remember, including for multiple email accounts, Google, Facebook, online banking and credit card accounts, services like Dropbox and Evernote, and on and on, and it's simply a pain. It can be difficult to create

Intel envisions fiber optics at motherboard level (Fierce CIO: TechWatch) Intel is preparing for a future where fiber optics is implemented at the motherboard level and used to shuffle data at high-speeds between servers. The appeal of light has to do with it being a much faster vehicle for moving data compared to ordinary electrical wiring, as well as its lower power requirements

Security Patches, Mitigations, and Software Updates

Sourcefire VRT rules update addresses remote stack buffer overflow (internet Storm Center) Sourcefire VRT released a rules update on 17 JAN that included what they refer to as "a potential security issue with rule 3:20275 reported by Tavis Ormandy." Tavis' Tweet states that "today's snort rules fix a remote stack buffer overflow I found in rule 20275

Foxit Patches Vulnerability, Updates Reader Product (Threatpost) Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents

Firefox update 18 gets an update, but no security problems this time (Naked Security) Firefox's version 18 gets an update to 18.0.1. The new point release mops up three bugs, all of them no doubt annoying to those affected, but none of them security related

Cyber Attacks, Threats, and Vulnerabilities

Red October Attackers Shutting Down C&C Infrastructure (Threatpost) It appears that the attackers behind the Red October cyberespionage campaign are taking their ball and going home. Since the attack came to light on Monday, the attackers have begun shutting down their infrastructure and the hosting providers and registrars involved with some of the command-and-control domains are shutting those down, as well

Eugene Kaspersky And Mikko Hypponen Talk Red October And The Future Of Cyber Warfare At DLD (TechCrunch) What is the consequence of cyber warfare slowly becoming increasingly common? That was the basic question that guided the DLD keynotes of Eugene Kaspersky, the co-founder of security company Kaspersky Lab, and F-Secure's chief research officer Mikko Hypponen

Iran cyber police uncovers hacking of US bank (Payvand Iran News) "The attack sources have not been located inside Iran and even Iranian users have been victimized," says Brigadier General Seyed Kamal Hadianfar, the head of Iranian Cyber Police in an interview to Mehr News. FETA has been launched in May 2011 to contain new wave of cyber crime. In a short time, FETA employed elites and experts and prevented many crimes, with 67 cases with definite outcomes

Are Russian Hackers Helping the Syrian Government? (Cyberarms) As the Syrian civil war drags on one thing is clear, Russia is arming the Syrian government. As they have already supplied arms and attack helicopters to al-Assads regime, could Russian hackers be performing cyber attacks against Syrian opposition too? Its really no secret that Russia is arming the Syrian government, and there is nothing illegal about it

'Anonymous' hacks Oz Unis email to protest bulk iPad buy (The Register) Email servers at the University of Western Sydney, which last year announced it would hand iPads to all staff and over 10,000 incoming students, have been hacked by someone using the name Anonymous. The University is known to use Microsofts live@edu hosted email service. The attacker has used the Universitys servers to send spam and has also subscribed students to various commercial mailing lists

UNSW confirms hacking breach (Sydney Morning Herald) The University of NSW has been the target of a concerted effort to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed. Universities are being increasingly targeted by hackers who often want to get access to high-bandwidth university internet connections and use them to conduct further attacks. It comes as the Prime Minister, Julia Gillard, reportedly plans to raise a massive escalation in cyber attacks against government and industry as one of the two key security issues facing the nation in an address on Wednesday

Twitter 'spam bots' not mine, says Greg Hunt (Sydney Morning Herald) Opposition environment spokesman Greg Hunt's office denies it is responsible for an army of fake spam Twitter accounts that social media experts say retweeted his post and other anti-Labor missives. The spambot claims first appeared on Sunday in a Storify document that quickly spread, and appeared to be backed up after Twitter disabled several of the alleged bot accounts referred to. The suspicious retweets were on Mr Hunt's tweet from last week that claimed the carbon tax was partly responsible for job losses at Penrice Soda in Adelaide

Australian based Baby Care Advice web site hacked, Credentials leaked (Cyberwarnews) An Australian based Baby care advice website has become victim to hacker @JokerCracker who has been on a spree of attacks today. The website is babycareadvice. com and is a website that offers access to professionals who can help give advice to new mothers or mothers needing help with baby care

Cybercriminals exploit Java 0-day fears to serve malware (Help Net Security) With all the recent Java zero-day vulnerabilities being exploited in the wild and Internet news outlets heavily covering the development of the situation, many users will look for updates for the popular

Java hacker boasts of finding two more unpatched holes (Naked Security) Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again. The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago

Java Zero Day Vulnerability Exploits JMX and MethodHandles (Java World) By leveraging the a vulnerability in the Java Management Extensions (JMX) MBean components, unprivileged Java code can access restricted classes. By using that vulnerability in conjunction with a second vulnerability involving recursive use of the

Java 7 Update 11 Still has a Flaw (Internet Storm Center) According to a posting yesterday by Adam Gowdiak of Security Explorations to Full Disclosure, Java 7 Update 11 (CVE-2013-0422) is still vulnerable as "…a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21)

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found (Threatpost) Expect the roar from security experts urging users to abandon Java to reach ear-splitting levels after reports this morning that new sandbox bypass vulnerabilities are present in the latest Java update

Have you uninstalled Java yet? (Fierce CIO: TechWatch) It has been barely week since we reported on a Java exploit being circulated in the wild, and now a new Java exploit is being offered for sale. What's even more disconcerting is the fact that this came barely 24 hours after Oracle (NASDAQ: ORCL) issued a security patch for the earlier exploit--one which is already being called a less than complete resolution by some

Java Zero-Day Exploits: Why I am STILL Not Worried (Comodo Blogs) Sure enough, zero-day exploit vulnerabilities have been identified in compromised Java web sites. Oracle has rushed out a patch to deal with these problems, one of which is a bug that some analysts feel should have been fixed when the

Java Security Warnings: Cut Through The Confusion (InvormationWeek) Recent warnings to deactivate Java are raising additional questions: What about JavaScript, EJB, JavaFX, Android and any other use of the programming language

Security Flaws Found in Philips Xper Hospital Management System (eSecurity Planet) Cylance researchers were able to gain remote root access to the system. At Digital Bond's SCADA Security Scientific Symposium (S4) in Miami, Cylance researchers Terry McCorkle and Billy Rios recently demonstrated security vulnerabilities in Philips' Xper Information Management system. "The medical information management system typically connects with various types of medical equipment, including x-ray machines, in a hospital network, according to the company," writes SecurityWeek's Fahmida Y. Rashid

Security Flaws Found in ESPN ScoreCenter App (eSecurity Planet) Researchers at Zscaler have uncovered a cross-site scripting vulnerability, and found that passwords were being sent in clear text. Zscaler researchers recently uncovered two significant vulnerabilities in the ESPN ScoreCenter app for iOS

Utah Health Department Acknowledges New Security Breach (eSecurity Planet) The Utah Department of Health (UDOH) recently began notifying approximately 6,000 Medicaid clients that their personal data (including name, Medicaid identification number, age and recent prescription history) was misplaced by third-party contractor Goold Health Systems, which processes Medicaid pharmacy transactions for the UDOH."Late in the day on Jan. 10, a Goold employee pulled a routine report containing the names, ages and recent prescriptions for 6,000 enrollees," writes The Salt Lake Tribune's Kirsten Stewart. "Struggling to upload the report to a secure file server, the employee saved it on an unencrypted thumb drive and left the health departments headquarters with the device. The employee had planned to upload it later, but misplaced the device while traveling between Salt Lake City, Denver and Washington, D.C., said health department spokesman Tom Hudachko

20,000 Credentials leaked from Proximus Security Customer Support Site (Cyberwarnews) A Security and surveillance hardware supplier customer support database has been leaked to the public by @JokerCracker. The company Proximus Security (http://www. proximus-security

New RAT family makes its traffic look legitimate (Help Net Security) RATs - Remote Access Trojans - are often used by cyber attackers to maintain a foothold in the infected computers and make them do things unbeknownst to their owners

Cloud Security Threat: Vulnerable APIs (InformationWeek) From banks to Instagram, weaknesses in online APIs may put company data at risk, warn security experts

The end of strong password-only security (Help Net Security) More than 90% of user-generated passwords will be vulnerable to hacking in a matter of seconds, according to Deloitte's Canadian Technology, Media & Telecommunications (TMT) Predictions 2013 report

Fox-IT analysts demystify the Pobelka botnet (Help Net Security) Analysts from Dutch-based security audit firm Fox-IT have recently released examined in great detail a botnet that has been around for quite some time, and is still functioning and bringing money to

Why Facebook Graph Search will help cybercriminals (Help Net Security) While Facebook's newly announced graph search capability is awesome for people who like social networking, it also provides criminals with another source of information about potential targets

Security vulnerabilities in ESPN ScoreCenter mobile app (Help Net Security) ESPN ScoreCenter, one of the most popular mobile sports apps on the market, has significant security vulnerabilities that could compromise users' mobile devices, including the threat of data theft.

Fake Plants vs Zombies and other Android games infiltrate Google Play store, make money for fraudsters (Naked Security) Is Google doing a good enough job of policing apps in the official Android app store? It seems not

'Bob' outsources tech job to China; watches cat videos at work (IT World) Showing what can happen when companies don't periodically review network logs, a software developer working for a large U.S. critical infrastructure company hired a Chinese firm to do his job so he could spend time surfing Reddit and watching cat videos. Details of the 2012 incident, investigated by Verizon's security services group, was recounted this week in a blog post by Verizon security researcher Andrew Valentine

Academia

Canadian Student Expelled After Finding Critical Flaw in Software Used by Colleges (Softpedia) According to the National Post, Al-Khabaz identified a security hole in the Omnivox software an application used by most general and vocational colleges in Quebec while working on a mobile app designed to allow students to access their accounts more easily. He found that because of sloppy coding, anyone with basic computer skills could gain access to the personal details of over 250,000 students, including their social insurance numbers

Capitol College Appoints Fixmo's Daniel Ford to Information Assurance Advisory Board (Insurance News) Capitol College issued the following news release: Capitol College has announced that Daniel Ford, chief security officer at Fixmo, has been appointed to the advisory board for the college's information assurance program

Litigation, Investigation, and Enforcement

Indian two-factor authentication fraudsters busted by Delhi cops (Naked Security) Two more alleged cybercrooks are cooling their heels in custody this weekend. The modern-day bank robbers are said to have run a scam that allowed them to work around the two-factor authentication protection offered by the victims' banks

Dutch KLPD (Police) must disclose its information about secret botnet project (WebWereld) The Dutcgh Police must decide within two days whether to comply with the WOB (Law to Publish Government Management Information) request by Rejo Zenger, through which he demands disclouse of documentation on the Botnetfighting project Taurus. Up to now the KLPD refuses for months to make a decision on the request by Rejo Zenger, an intenret freedom fighter. In the project Taurus the High Tech Crimne Unit of the KLPD works together with Fox-IT, a privately owned Dutch Cyber Security company, the FBI and the SIDN, in the monitoring and fighting of botnets

Polish CERT acts against Virut malware with domain takedowns (Naked Security) CERT Polska, a computer emergency response team in Poland that is run under the aegis of the country's Research and Academic Network (NASK), has announced takedown action against a raft of web servers associated with the Virut family of malware. Most zombies rely on connecting to so-called C&C (command-and-control) servers to find out what to do next. So taking over some or all of those servers can make a big difference, at least temporarily, to the crooks' ability to operate their botnets

How M.I.T. Ensnared a Hacker, Bucking a Freewheeling Culture (New York Times) In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before. Months earlier, the mysterious visitor had used the school's computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities

Aaron Swartz and the Two Faces of Power (Wired Threat Level) Power isn't just an abstraction: It has possessors, supplicants, and hand servants. And it's not good to be on Power's bad side if what you do falls into the gray area of enforcing the letter as opposed to the principles

Design and Innovation

Innovation In Spotlight, But Wrong Cast? (InformationWeek) Boston Consulting Group shines a klieg light on innovation, but lots of leading companies and industries go unnoticed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cybergamut Technical Tuesday: Finding Splunk Before Splunk Finds You (Columbia, Maryland, USA, January 22, 2013) Rob Frazier of Whiteboard Federal Technologies will present his talk "Finding Splunk Before Splunk Finds You". Certification letters will be available for PMI PMP PDU' and CISSP CPEs as well as other technical credits as appropriate. The live event will be in Columbia, MD, and there will be a cybergamut node established in Omaha, Nebraska for this event.

TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.

Data Privacy Day (Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy Day (DPD), is collaborating with many educational institutions, corporations, government and non-profit organizations across the world to make Data Privacy Day on January 28th a success. Data Privacy Day is an international day of awareness to educate everyone to respect privacy and safeguard personal information.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.

North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

The CyberWire Daily Briefing for 1.21.2013