The CyberWire Daily Briefing 07.25.13

Cyber Trends

China, Ukraine And Saudi Arabia See Record Growth in Malware Threats In 2013, According To NQ Mobile Mid-Year Report (Dark Reading) Fake apps, malicious URLs and SMS scams responsible for majority of the estimated 21 million device infections. According to a new security report released today by NQ Mobile, Inc. (NYSE: NQ), a leading global provider of mobile Internet services, 51,000 new mobile malware threats were identified in the first half of 2013, infecting an estimated 21 million mobile devices

Here's some unsettling advice from the former top US cyberspook about protecting humanity (Quartz) As the only person to ever head both the US National Security Agency and the US Central Intelligence Agency, ret'd Air Force General Michael V. Hayden has a lot of experience in seeing around corners. He's now a global security consultant, helping companies and governments to protect themselves against cyber threats and other dangers. Last week, Hayden, also a director of Motorola Solutions and a distinguished visiting professor at the George Mason University School of Public Policy, said in a rare extended interview that Chinese telecommunications giant Huawei Technologies shared sensitive US information with the Beijing government. In a brief aside, he added that he's undecided as to whether corporations should be allowed to go on the cyber-offensive, even in the absence of government intervention and protection

On SANS Forensics Survey (Gartner) SANS just released an interesting survey "The SANS Survey of Digital Forensics and Incident Response" and it is definitely a very worthwhile read

The Myth of the Disappearing Perimeter Is Still Mythical (SANS Security Trends) Two recent items in my inbox: "PENTAGON SPENT MILLIONS TO COUNTER INSIDER THREATS AFTER WIKILEAKS FIASCO" - NextGov piece on how DISA has spent millions buying (and sometimes installing) the old McAfee Host Based Security Subsystem software but not much return on that investment. "DISA ELIMINATING FIREWALLS" - AFCEA Signal piecequotingDISA Director Lt. Gen. Ronnie Hawkins Jr. on the future DISA security architecture that will "designed to protect data rather than networks." So, to summarize: in item (1) we learn that DISA has spent many, many millions over the years trying to make PCs and data secure and it doesn't work; while in item 2 we hear that the future architecture will rely on making hosts and information secure and then perimeters will disappear

Technology needs to be joined up and offer the capability to protect, detect and monitor attacks (SC Magazine) Talking to SC Magazine, Tom Burton, head of cyber security services at BAE Systems Detica said that upon launching its CyberReveal tool in April, it had decided to take a fundamentally different approach to security and it was important to understand what you want to technology to do, and what is different about a threat

Hackers have the advantage in cyber arms race, security expert tells Computing (Computing) The world is involved in a cyber arms race in which professional hackers and cyber criminals are on the front foot. That's the message of Tom Burton, head of cyber security services for BAE Systems Detica, in an interview with Computing at the defence and security company's central London nerve centre

Firms Far From Taming The Tower Of APT Babel (Dark Reading) Threat intelligence firms each continue to have their own lexicon for advanced persistent threats, making information sharing more difficult. Companies looking to learn more about the attackers who are targeting their systems will likely have to translate between reports from different incident-response and security firms

How Banks Can Fill the Trust Deficit in the Digital Economy (American Banker) Identity management and trust in the online world may be the new business of banking

There Will Be Blood: The Era of Engagement Banking (American Banker) Customer behavior is changing. Expectations are shifting. Technology is accelerating this shift as it alters traditional relationships with our customers as well as the banking industry's historical sources of revenue, growth, retention and customer loyalty

A question of trust (Help Net Security) Trust is the foundation for many of our relationships, both in our personal and business life. Trust is one of the strongest elements supporting a relationship and helps it survive the toughest of challenges, but it can also be one of the most brittle parts, easily broken beyond repair. Building up trust can take years, and losing it can sometimes take mere seconds

Cyber Threat is Real and Mobile (Mobile Enterprise) At the end of last season's Homeland, a Showtime drama, a pacemaker was hacked, causing the death of a pivotal character. That's just television, right? A creative unreality where viewers are asked to suspend disbelief in order to enjoy the program? Actually, and scarily, such technological scenarios may be entirely possible in the future, thanks to the Internet of Things

Five things to consider for a mobile security policy (CSO) Mobile is the new endpoint in IT. But organizations are still struggling with mobile security. Aaron Rhodes of Neohapsis lists five steps to take when developing a corporate mobile security policy

72% can't securely manage multiple computing environments (Help Net Security) AppSense and CTOVision announced the results of a survey that included responses from 245 executives, technologists and contractors - across the defense, intelligence and civilian sectors

BYOD security: Clueless in the enterprise (FierceMobileIT) The BYOD trend has been the bane of IT managers since it began. And the number one concern about BYOD centers around security of corporate data and networks

Legislation, Policy and Regulation

MI5 and GCHQ call for FTSE 350 cyber health check (ComputerWeekly) The heads of the UK's intelligence agencies MI5 and GCHQ have called on the country's top 350 listed companies to take part in a cyber governance health check. The call comes a day after a report by business consultancy firm KPMG revealed that cyber leaks at FTSE 350 firms are putting the UK's economic growth and national security at risk and retailer Lakeland revealed it had been targeted by a "sophisticated and sustained" cyber attack

Government is not spending enough on cyber security awareness, says Labour's Chi Onwurah (Computing) The government is not spending enough on cyber security awareness, according to the Labour MP and shadow Minister of the Cabinet Office, Chi Onwurah

Most Think Agency Infringes On Rights (Washington Post) But majority also want leaker charged with crime, poll finds

House Fails To Kill Pentagon's Foreign Websites (USAToday) The House has failed to kill funding for websites the Pentagon uses to try to influence foreign audiences, an initiative criticized in a recent undisclosed government report

A List Of Congressmen Who Voted For & Against The Amendment To Stop NSA Spying (TechCrunch) Congress narrowly defeated a law to completely cut off funds to the National Security Agency's dragnet spying program. We have a lot of readers who are furious that their representatives didn't stand up for their 4th Amendment rights, so here's a list of everyone who voted for and against Representative Justin Amash's amendment to the Defense Appropriations bill, which

House Attempt To Rein In N.S.A. Narrowly Fails (New York Times) A deeply divided House defeated legislation Wednesday that would have blocked the National Security Agency from collecting vast amounts of phone records, handing the Obama administration a hard-fought victory in the first Congressional showdown over the N.S.A.s surveillance activities since Edward J. Snowdens security breaches last month

Lewis: Chinese can be pressured into accepting global cybersecurity norms (FierceGovIT) Chinese cyber espionage is a fundamental test of whether that country's integration into the international system will be peaceful, cybersecurity expert James Andrew Lewis told a July 23 House panel

Plans to centralize cybersecurity with DHS seen as step forward (CSO) Continuous Diagnostics and Mitigation program would bolster federal continuity, as well as boost security practices at state, local level

New DOJ policies aim to protect journalists in investigations (FierceGovernment) The Justice Department has developed a new set of policies to guide investigations that involve journalists, requiring among other things the attorney general's approval for search warrants and court orders directed at journalists

Did the State Department's William Lay deserve IG criticism? (FCW) Several readers reacted strongly to an article FCW published July 19 covering a State Department Inspector General report on the Bureau of Information Resource Management, Office of Information Assurance (IRM/IA). Some readers were critical of FCW's reporting on the IG's findings, which included criticism against Chief Information Security Officer William Lay, who heads the Bureau

Products, Services, and Solutions

Put your passwords in your pocket and take them everywhere you go (PC World) Password managers help you keep more passwords than you can memorize. Eric asked if he could carry one on a flash drive. I discussed password managers recently in Manage passwords, and not just on the Web, but I didn't discuss portability. How do you take your passwords with you when you step away from your computer

Bit9 Launches Enterprise-class Threat Protection Solution for Mac (SecurityWeek) Bit9, a Waltham, Mass-based security software maker best known for its trust-based endpoint and server security solutions, this week announced an enterprise-class security solution for Mac OS X

Seculert announce launch of APT analysis technology (SC Magazine) Available after beta testing, the company said that the Elastic Sandbox technology allows users to select increments of time and different geo locations by which to analyse their sample

There is No Single 'Most Secure' Browser (Infoscecurity Magazine) Reports comparing the major browsers' ability to catch phishing, prevent socially engineered malware and protect the users' privacy show that no one browser stands above all others in protecting its users

Learning the art and practice of cyber-defense (Times of Israel) The Comsimulator does its worst against network protection systems in order to help them do their best. Every single network protection system, even the most sophisticated, has chinks in its armor. The proof, said Comsec CEO Moshe Ishai, is that his company's new security stress testing system, the Comsimulator, was successful in breaching the defenses of 100 percent of systems tested for resistance to DDOS (distributed denial of service) cyber-attacks, in which hackers inundate a site with traffic in order to overload it and shut it down

Emergent and Red Hat Announce Cloud Collaboration Around OpenShift PaaS - BWWGeeksWorld (BWW) Emergent, LLC, an award-winning small business and IT solutions provider, today announced its focus on enabling the use of Red Hat's OpenShift Platform-as-a-Service (PaaS) solution for the Intelligence Community (IC). Utilizing Red Hat's PaaS offering, Emergent delivered a streamlined solution focused on application delivery, scalability and control of the infrastructure

ManTech Subsidiary to Unveil Cyber Incident Response System (ExecutiveBiz) A ManTech International subsidiary plans to introduce an incident response command center system that is designed to help enterprises address cybersecurity threats

AT&T Cloud Storage Receives FedRAMP Approval (ExecutiveBiz) AT&T has received provisional authorization from a federal government program to offer its storage services to federal, state and local governments, GCN reports Wednesday

Technologies, Techniques, and Standards

Making It Cool to Be a 'Good Digital Citizen' (McAfee) If you are a parent today, you are among the first generation of adults tasked with raising good digital citizens. And while learning to be a "good digital citizen" is a hot topic in education circles have you noticed that it's quickly demoted to "goofy" when you attempt to talk about it at the dinner table with your kids

NSA Implements Two-Man Control for Sysadmins (Schneier) In an effort to lock the barn door after the horse has escaped, the NSA is implementing two-man control for sysadmins

Key Metrics for Risk-Based Security Management (Tripwire) Tripwire has released the results of an extensive study focused on the state of risk-based security management with the Ponemon Institute. The study examined the key risk-based security metrics IT security managers used most frequently to gauge the effectiveness of their organizations' overall security efforts

How A ZIP Code Can Tell A Marketer Exactly Who You Are (Forbes) How is it that a simple five-digit ZIP code provides any insight into who you are? After reading my recent article on how stores often ask for our ZIP codes to build marketing profiles, Michael Romanovsky wondered how it all works. "There may be more than one person with the same name in a particular ZIP code; thus the store may market to the wrong person," he wrote

Stop Malvertisements from Causing a Click-tastrophe on Your Computer (McAfee) Web ads: sometimes annoying, other times entertaining and useful, but for the most part, harmless. Or so you thought. It seems that cybercriminals are now turning their attention toward pulling you in with a strong sales message, and you may be none the wiser until it's too late

Blueprints Of NSA's Ridiculously Expensive Data Center In Utah Suggest It Holds Less Info Than Thought (Forbes) For the last two months, we've been bombarded with stories about the spying information-collection practices of the NSA thanks to documents leaked by the agency's most regretted contract employee, Edward Snowden. The degree of forced exposure has gotten to the point that the agency -- whose acronym is jokingly said to stand for "No Such Agency" and "Never Say Anything" -- actually issued a press release on Friday announcing that it got the legal sign-off for a fresh batch of "telephony metadata in bulk" from companies such as Verizon and AT&T - despite continuing controversy over that including the call records of millions of Americans who are non-terrorists and non-criminal suspects

8 tips to enhance your online privacy (CSO) Is real online privacy possible? Should it be? Experts say there are ways to make invasive monitoring (including government surveillance) difficult, but not impossible

Phishing and viruses: What you can do to keep your email, bank account and business safe from cyberattack (Vegas Inc.) When it comes to cyberspying and computer hacking, it might seem like only large companies and government agencies are at risk of attack. But as cybersecurity pro Chris Coleman sees it, small companies and everyday people should be worried, too. Coleman is president and CEO of Lookingglass Cyber Solutions, a software firm with offices in Arlington, Va., and Baltimore

GSA privatizes 3PAO accreditation under FedRAMP (FierceGovIT) A nonprofit will take control of the process of accrediting companies that certify cloud services' compliance with federal security controls, the General Services Administration announced July 23. The American Association for Laboratory Accreditation, in a "long-planned privatization," will now vet third party assessment organizations (known as "3PAOs") under the GSA-led FedRAMP program, under which private sector cloud providers seeking to sell low- and moderate-risk cloud services to the government must gain certification from a 3PAO that their offerings comply with a set of security controls

Marketplace

PRISM causes one in ten to cancel US cloud contracts (Business Cloud News) According to survey results released Wednesday by the Cloud Security Alliance, 56 per cent of non-US residents are less likely to use US-based cloud service

How NSA Data Demands On Microsoft Shape Your Security (InformationWeek) Microsoft is legally prevented from saying too much about charges it collaborated with the NSA. Product security gets caught in this complex situation

What does the future hold for Cisco and Sourcefire? (CSO) Cisco is buying Sourcefire. Cisco has dabbled in security, but this acquisition moves them squarely into the security arena, and makes it a major player

RSA Adaptive IAM Goes Mobile with Acquisition of PassBan (RSA) Mobile is fast becoming the default way to access enterprise data and resources. But access to resources is rarely protected on most smart devices. With the advent of cloud apps and mobility, one of the most elusive capabilities for authentication and IAM vendors has been providing support for a variety of authentication technologies that better protect access to resources available on or from mobile devices, as well as back-end policy management - all built within a single solution

Cyber Security Co. Receives $3.5M In Seed Funding (Twin Cities Business) Eden Prairie-based Intensity Analytics Corporation said it will use the funding to expand its technology, increase staff, and strengthen its position in the cyber security industry

Ayasdi Scores $30M Series B Round As Citigroup And GE Look For Answers In Big Data Mapping (Forbes) In big data, the multi-million dollar question may be how to interpret massive data sets when you actually don't know the question. That's at least what several major institutional venture capital firms are betting by putting tens of millions behind big data startup Ayasdi

Light Point Security ranked 12 of 24 startups (Wall Street Journal) Internet security is a hot area right now: it's also a competitive industry. Watch as the co-founders of Light Point Security explain how they went about choosing their company's name, logo and tagline

Veris Group, LLC Completes AT&T 3PAO Assessment Resulting in FedRAMP JAB Provisional ATO (StreetInsider) Veris Group, LLC recently announced that it served as the Third Party Assessment Organization (3PAO) for global telecommunications leader AT&T. Veris Group performed the 3PAO security assessment of AT&T's Storage as a Service (STaaS) platform. The FedRAMP program requires a 3PAO such as Veris Group to assess a CSP's cloud system and provide a security assessment package for review. The successful AT&T assessment resulted in a Federal Risk Authorization and Management Program (FedRAMP) Provisional Authority to Operate (PATO) from the Joint Authorization Board (JAB) on the STaaS platform as part of the AT&T Infrastructure as a Service (IaaS) solution

CGI to set up cyber security lab in the UK (ComputerworldUK) Prior to the acquisition, Logica was already doing business with the Ministry of Defence on cyber security, and CGI owns a US company called Stanley, which

Amazon legal filing torpedoes Big Blue's spook cloud dreams (The Register) Bezos & Co bring in the lawyers to get lucrative CIA cloud contract through

CACI Wins $45M Navy IT, C2 Systems Contract (GovConWire) CACI International (NYSE: CACI) has won a potential two-year, $45 million contract to supply information technology systems to the U.S. Navy for business activities and command and control operations. The Space and Naval Warfare Systems Center Atlantic awarded the task order to CACI under the Information Technology Enterprise Solutions-2 Services program, the company said Wednesday

Don't Want Trackers Watching Your Web And Smartphone Activity? This Start–up's For You. (Forbes) One hot afternoon in June four software engineers, a lawyer and a miniature pinscher named Lunch were gathered around designer Dan Kwon's computer at Disconnect, a startup in San Francisco. They were watching their new education video, "Unwanted Tracking Is Not Cool." Its star is an octopus puppet that gets sliced and diced while browsing the Web as countless companies secretly take information from him, make inaccurate assumptions and create profiles

Guardtime Appoints Fujii Kiyotaka to Advisory Board (PRWeb) Mr Fuji Kiyotaka joins Guardtime team to jointly realize the shared vision of ubiquitous data authentication for information assurance in the digital world

BlackBerry Lays Off 250 Employees From Its New Product Testing And R&D Department (TechCrunch) Layoffs at Waterloo-based smartphone industry pioneer BlackBerry cut deep last year, with around 5,000 employees being let go. Those cuts continue into 2013 as BlackBerry undergoes what CEO Thorsten Heins called a "complex transition" earlier this month, and the latest is that 250 employees of its core R&D and new product testing facility have been let go as of earlier this week

Research and Development

The science of guessing: analyzing an anonymized corpus of 70 million passwords (J Bonneau) We report on the largest corpus of user-chosen passwords ever studied, consisting of anonymized password histograms representing almost 70 million Yahoo! users, mitigating privacy concerns while enabling analysis of dozens of subpopulations based on demographic factors and site usage characteristics. This large data set motivates a thorough statistical treatment of estimating guessing difficulty by sampling from a secret distribution. In place of previously used metrics such as Shannon entropy and guessing entropy, which cannot be estimated with any realistically sized sample, we develop partial guessing metrics including a new variant of guesswork parameterized by an attacker's desired success rate

Patent Issued for Parameterizable Cryptography (Hispanic Business) A patent by the inventor Perlman, Radia J. (Redmond, WA), filed on October 20, 2009, was published online on July 16, 2013, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents

Security Patches, Mitigations, and Software Updates

Google strengthens Android security muscle with SELinux protection (Ars Technica) Addition of SELinux to version 4.3 one of several improvements to Android security

Cyber Attacks, Threats, and Vulnerabilities

Israeli hackers initiate Operation Islam (Cyberwarzone) #opIslam is an operation that has been initiated by the hacking group IsraeliElite. The hackers are going to launch the operation on the 26th of June. The Israeli hackers are asking the world to assist #opIslam in the fight against cyber terrorism

Viber admits to swallowing 'Syrian Electronic Army' phishing bait (Naked Security) The Syrian Electronic Army (SEA) claimed on Tuesday that it had taken over the support page for instant messaging/VoIP service Viber. Viber itself announced that the claims are overblown and that only two minor systems were breached - a customer support panel and a support administration system

Stanford University Is Investigating An Apparent Security Breach, Urges Community To Reset Passwords (TechCrunch) Stanford University urged network users to change their passwords late Wednesday evening, explaining that it "is investigating an apparent breach of its information technology infrastructure." Randall Livingston, Stanford's chief financial officer, emailed the entire Stanford community, noting that Stanford does "not yet know the scope of the intrusion"

Anonymous releases final list of FEMA contacts (SC Magazine) The hacker collective Anonymous has released a third and final round of Federal Emergency Management Agency (FEMA) contacts. The release is said to be the end of a trilogy in an email sent from the presumed hackers to SCMagazine.com. The dispatch from the group goes on to say that the remainder of the information will remain in various encrypted backups awaiting further analysis

Banking trojan KINS resembles architecture of Zeus, targets Windows users (SC Magazine) A new banking trojan designed to steal financial information from Windows users is up for sale, and researchers may be mixing it up with other malware. Dubbed "KINS" by its developers, the trojan is expected to be a long-awaited replacement for other financial malware, like Zeus, SpyEye and the Citadel

Citadel malware active on 20,000 PCs in Japan, says Trend Micro (PC World) Citadel malware is installed on over 20,000 PCs in Japan and actively sending financial information it harvests to servers abroad, according to security software vendor Trend Micro

Bogus AmEx notification leads to thorough phishing (Help Net Security) American Express-themed phishing emails are never out of circulation, but it pays to know which new (or recycled) angle is being used at the moment. The latest one to hit inboxes is a bogus

After A Week Of iOS Dev Site Downtime, Apple Creates Status Page To Show Which Services Are Back Online (TechCrunch) It's been more than a week and Apple's developer website is still down, following what turned out to be a hacking breach (which may or may not have been caused by a 25-year-old Turkish security researcher). Apple has now emailed iOS developers with an update on the situation. It's also created a status page to show which services have been restored — the vast majority of which remain offline

Once more into the breach: How hackers compromise websites like Apple's (ComputerWorld) Unless you happen to call the proverbial rock home, you've probably heard that Apple's developer websites were recently hit by a hacking attack. Though the developer site has been inaccessible since last week, the company didn't announce the intrusion until Sunday; as of this writing, the site remains down. That outage has resulted in considerable inconvenience for app developers, not to mention the poor IT people in Cupertino who have been working around the clock to deal with the breach

Server misconfiguration discloses passwords of all Barracuda employees (Hacker News) Security expert Ebrahim Hegazy has found a password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials

Hackers Reveal Nasty New Car Attacks—With Me Behind The Wheel (Forbes) Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop-or even slow down-produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets-along with the delighted cackling of the two hackers sitting behind me in the backseat

Breaking And Entering: Hackers Say "Smart" Homes Are Easy Targets (Security Ledger) In just the last two years, the price of home automation technology has come way down, while variety has exploded. Smart home technology goes way beyond niche products like the Nest IP-enabled thermostat or (save us) the "HAPIfork." A growing list of vendors are selling infrastructure to support a whole network of intelligent "stuff", enabling remote management of home security and surveillance systems, IP-enabled door locks, IP enabled lights, smart home appliances, HVAC (heat and cooling) and more

How Attackers Target And Exploit Critical Business Applications (Dark Reading) Applications such as ERP and CRM make businesses go, yet are often left unpatched and vulnerable. Most enterprises rely on a few critical business applications for their day-to-day operations. Many of these applications are well-known, off-the-shelf or cloud-based products. Because of their critical nature and the value of the data contained within them, they are a prime target for attackers

The rise of TOR-based botnets (WeLiveSecurity) TOR-based botnets are not a new trend and were already being discussed a few years ago at Defcon 18 ("Resilient Botnet Command and Control with Tor"). But in the last year we've been able to confirm some interesting facts concerning the use of these ideas in real-world botnets. This topic was already discussed around the beginning of 2013 in a Rapid7 blog post ("Skynet, a Tor-powered botnet straight from Reddit"). In early July Dancho Danchev also posted information about a TOR-based C&C for a ring-3 rootkit

The Biggest Threat To National Security Is The Thumb Drive (Business Insider Australia) How did we destroy Iranian nuclear facilities? With a thumb drive. And how did Snowden allegedly smuggle out the blueprints to the NSA? With a thumb drive. No, it wasn't by some ultra secretive means of super-complex cyber code writing and cloud encryption by which good ol' Eddy breached America's security in arguably the most secure compound on the planet -- nope -- he simply walked in with a thumb drive, downloaded the NSA, and walked out

US restaurant chain Chipotle admits faking Twitter account hack (Computing) A US restaurant chain called Chipotle has admitted that an apparent hack of its Twitter account was instead a publicity stunt. Over the course of an hour on Sunday, its account, @ChipotleTweets, posted a series of bizarre and random tweets indicative of a cracked account

Academia

Montgomery College offers cybersecurity camp for middle-schoolers (Gazette.Net: Maryland Community News Online) Students will be taught basic concepts of programming, forensics, cryptography and program management from a series of gaming, modeling and simulation

QinetiQ Group plc : Youngsters receive cyber training with help from QinetiQ (4-Traders) Over 60 Year 8 and 9 students from across Herefordshire and Worcestershire were present at the University of Worcester Arena earlier this month to learn more about cyber security

Auburn University Program Trains Future National Security Analysts (InformationWeek) Auburn University and Intelligent Software Solutions partnership enables students to learn by providing data analysis services to the U.S. government

Oxford Expands its Cybersecurity Education (Infosecurity Magazine) The University of Oxford is poised to broaden its cybersecurity education offerings, with advanced degree training beginning this autumn

Litigation, Investigation, and Enforcement

Closing arguments come Thursday in Manning case (Baltimore Sun) Accused WikiLeaker accused of aiding the enemy, could face life in prison

Irish Data Protection Agency Smiles On Apple, Facebook Prism Compliance (TechCrunch) The Irish Office of the Data Protection Commissioner has responded to two of the complaints filed last month by the Europe v Facebook (evf) campaign group against several U.S. technology companies for alleged collaboration with the NSA's Prism data collection program. Responding specifically to complaints against Apple and Facebook, it takes the view that there's no complaint to answer

Snowden Gets Novel And Change Of Clothes, But No Clearance To Exit Airport (New York Times) After a month holed up in the transit zone of Moscows Sheremetyevo airport, Edward J. Snowden, the former intelligence contractor sought by the United States on espionage charges, received a change of clothes and a copy of Crime and Punishment during a meeting with his lawyer on Wednesday, but still no clearance to enter Russia

Iran, belatedly, invites Snowden to visit, 'elaborate' on U.S. spying practices (Washington Post) Just over a month after he landed in Moscow and on the same day that he may finally win permission to leave an airport transit zone and officially enter Russia, an Iranian organization has invited Edward Snowden to visit Iran

CFAA Loopholes and Gotchas Discussed at Black Hat (Threatpost) Attorney Marcia Hofmann will cover aspects of the Computer Fraud and Abuse Act that security researchers need to be aware of during a Black Hat session next week

Cyber Cops (Terrace Standard) The Terrace RCMP deal with a wide variety of cyber complaints on a daily basis - from online scams defrauding residents of their money, to online threats, to inappropriate photographs - and while it's their duty to investigate these instances, the web is deep and there is often not much they can do

EFF: Forced Decryption Violates Fifth Ammendment (Threatpost) If the government would like to force Jeffrey Feldman to decrypt the contents of the hard-drives and Dell computer found in his apartment, then they must offer him immunity and cannot use any of the information found on the devices as part of their case against him

International hackers stole 160 million credit card numbers in largest U.S. hacking scheme, feds say (Newark Star-Ledger) Five men from Russia and the Ukraine are alleged to have operated a global hacking network infiltrating the world's largest financial institutions, federal authorities said today

McAuliffe is tied to executive of Chinese firm accused of spying; senator demands answers on visas (Washington Times) A businessman seeking to invest in the sister firm of Virginia gubernatorial candidate Terry McAuliffe's former green car company in exchange for U.S. legal status is a top official at Huawei Technologies Co., a Chinese telecommunications giant recently accused of spying

Design and Innovation

Oldest University-Affiliated Research and Technology Park in Maryland Hangs Out No-Vacancy Sign (UMBC News) Today, bwtech@UMBC, the oldest university-affiliated research and technology park in Maryland, announced that it has leased all of its space. The park is situated on seventy-one acres and has a total of 525,000 square feet. Eighty thousand square feet of that is wet laboratory space. The remaining 445,000 square feet house technology and office space