The CyberWire Daily Briefing for 1.22.2013
As the Red October network (apparently) rolls up its command-and-control infrastructure, researchers discuss details of the cyber espionage campaign's spearphishing tactics.
US banks continue to press for NSA help against Iranian-inspired (or directed) denial-of-service attacks. Asian financial analysts are prompted to despair: if US banks can't handle DDOS attacks, what hope is there for the rest of the world? (Meanwhile Russia's President Putin directs the FSB to provide cyber protection for Russian media organizations.)
Networked printers that use the industry-standard JetDirect Printer Job Language are found vulnerable to exploitation, a potentially serious matter since lowly printers can give an attacker access to their larger enterprise networks. Polish security researchers continue their dismantling of the Virut botnet. (Virut is an interesting black market case study—the botnet came with its own EULA.)
Facebook's Graph search and the social network's privacy policies generally continue to trouble security experts. Kim Dotcom's new Mega service is already shown to expose users to cyber risks. Huawei router vulnerabilities are demonstrated.
The US Department of Homeland Security reports that US critical infrastructure sustained nearly 200 attacks against industrial control systems in 2012. The New York Times reports that such SCADA exploits are likely to be initiated through spearphishing.
Tip-toeing around budget sequestration, the US Department of Defense is slow-rolling contract awards. Huawei fights espionage accusations as it enjoys profits and considers an IPO. RIM considers licensing its OS. Atari files for bankruptcy.
British universities prepare for a major cyber competition. India prepares a national cyber infrastructure.
Notes.
Today's issue includes events affecting Canada, China, Cuba, European Union, India, Indonesia, Iran, New Zealand, Poland, Russia, Singapore, United Kingdom, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Operation Red October Attackers Wielded Spear Phishing (InformationWeek) The Red October malware network is one of the most advanced online espionage operations that's ever been discovered. That's the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America," according to research published by the security firm. The attackers, who appear to speak Russian but to have also used some Chinese-made software, seem to have focused their efforts on stealing diplomatic and government information, as well as scientific research, from not just PCs and servers but also mobile devices
Banks Seeking Aid on Iranian Cyber Attacks (Spamfighter) The banking majors in the US are pushing the government to aid them in smashing a long-term Iranian campaign of cyber attacks against American financial institutions, as reported in online.wsj.com on January 15, 2013. Though a huge amount has been spent in warding off these cyberattacks, they did not obtain much success in this prospect as they believe government involvement
Global Cyber Attacks Multiply Exponentially (Asia Sentinel) You could be forgiven for hitting the panic button if you discovered that firefighters had given up and sought divine intervention to control a blaze. Something like that would have been the case, however, when the security chiefs of some major US banks, generally considered the best in their business within the private sector, recently turned to the National Security Agency for help to protect their computer systems after a barrage of attacks on their web sites rendered them helpless
Exprespam Android Malware Steals Upwards to 75,000 Bits of Information (Threatpost) Early research from Symantec estimates that spammers behind a new type of Android malware may have already stolen "between 75,000 and 450,000 pieces of personal information" from Japanese users. While these numbers may be disparate it does suggest the malware, Android.Exprespam, has been successful since popping up a few weeks ago
Backdoor Trojan disguised as flight confirmation email hits German internet users (Naked Security) Backdoor Trojan disguised as flight confirmation email hits German internet users. German internet users should be on their guard today, after malware was widely spammed out posing as a flight confirmation from Lufthansa
Holes in common component could leave office printers open to attack (IT World) Forget "PC LOAD LETTER," a vulnerability in a standard component of modern office printers may make hardware from a wide range of vendors vulnerable to denial of service attacks and data theft, according to a researcher for security firm ViaForensics
Hackers Steal $40,000 from Vancouver Island Church (eSecurity Planet) The hackers appear to have gained access to the church's bank account through an employee's home computer
Polish knights slay Virut, the brazen virus army that has its own EULA (The Register) Security researchers have decapitated a spam-spewing network of hacked computers by pulling the plug on the central command-and-control servers. The compromised PCs were infected by the Virut virus and were being remotely controlled from these servers by miscreants. The takedown operation was coordinated by CERT Polska, the computer emergency response team in Poland
Security researchers cripple Virut botnet (CSO) Attackers still control some domains used by the botnet, the researchers say
iPhone hackers hint at progress towards iOS 6 jailbreak (CSO) Two new vulnerabilities were apparently found in a day, according to one of the hackers
Facebook Graph Search leaves little privacy and no opting out (CSO) When Graph Search becomes widely available, so will all your random "likes," travels and friendings
Storify shows Facebook privacy more illusion than fact (CSO) Facebook passes the buck to users, but that is seen as an example of why privacy advocates want tougher restrictions on Facebook
Has MEGA Failed Already, Exposed, Site Unstable and Twitter hacked! (Cyberwarnews) Kim Dotcom announced his new file sharing service MEGA (https://mega. co. nz/) on this week and ever since it has been trouble for him it seems. With constant questions about its TOS and privacy as well as the site being flooded by users within its opening hours and now the twitter account has been breached
Video: Hacking Huawei VRP (Help Net Security) Huawei routers are no longer devices only seen in China. Entire countries run their Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of them
Security Patches, Mitigations, and Software Updates
It's really important you update your Foxit PDF Reader, but unfortunately their website is down (Naked Security) There's something to be said for not going with the crowd, when it comes to securing your computer. But you best have your fingers crossed that your alternative providers' websites don't fall over when you need a security update
Cyber Trends
Critical Infrastructure Systems Seen as Vulnerable to Attack (New York Times) The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants. Attackers increasingly use so-called spearphishing attacks, in which they send employees targeted e-mails often from an e-mail address that matches the name of a colleague, supervisor or chief executivethat contains malicious code
DHS: Industrial control systems subject to 200 attacks in 2012 (Homeland Security Newswire) A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on them
Cyber risk is not translating into boardroom discussion (Infosecurity Magazine) It would be reasonable to assume from this that major companies' boardrooms are taking the cyber security threat seriously. Trustwave wanted to confirm this
Marketplace
Sequester Forces DOD To Slow Contracts (Politico) Every day at 5 p.m., when the Defense Department announces the days contracts, its not uncommon for the total sum to exceed $1 billion. But now, with the budget process upended on Capitol Hill, the Pentagon is trying to slow the rate at which money is leaving the building until it has a better sense of what to expect for this years funding
Huawei boosts profits by 33 percent despite US cyber-espionage allegations (IT Proportal) Huawei has revealed details about its 2012 fiscal year, announcing that it boosted its net profits by 33 per cent last year. Despite US security concerns over its products, the Chinese company raked in 15. 4 billion yuan
Huawei Again Mulling IPO As It Hits Back Against Accusations Of Espionage (TechCrunch) Huawei is considering an IPO after disclosing sales figures that may once again put it ahead of Ericsson AB in the race to become the world's biggest telecom equipment maker by revenue. Huawei CFO Cathy Meng said yesterday her company is open to a listing (link via Google Translate) after disclosing details of its 2012 performance.
ZTE predicts major losses for 2012 (Computer Weekly) Chinese telecoms company ZTE has predicted a nosedive in profits for 2012 following a rocky year. In 2011, ZTE recorded net profits of 2m yuan, but forecast the figure to drop by between 220% and 240% representing a loss ranging from 2.5m
Cybersalus, new cybersecurity firm, formed (UPI) A new U.S. company has been created to offer cybersecurity solutions and services to government and private industry. The enterprise is Cybersalus LLC. It is a service-disabled, veteran-owned small business formed through a partnership between John Kiehm, the chief executive officer and president of cybersecurity company SKC LLC, and McLane Advanced Technologies
RIM CEO says company is open to licensing new OS, stock jumps 10 percent (Ars Technica) A week before BlackBerry 10's launch, exec says firm undergoing major "review"
Atari's US operations file for bankruptcy protection (IT World) Iconic video game company Atari has filed for bankruptcy protection in the U.S. in an effort to separate operations from parent company Atari SA, which is based on France and has also filed for bankruptcy
Kim Dotcom talks security and privacy at Mega launch (TechWorld) Founder of Megaupload Kim Dotcom relaunched his empire yesterday with Mega. co. nz, and celebrated with a glitzy launch event at his mansion outside of Auckland. The event featured a performance by local musician Tiki Taane and his father, as well as a dramatisation of an armed offenders squad raid
What makes a good information security professional? (Help Net Security) Information security is a very competitive industry, and one of the very few that kept doing fine even during the recession. It's also a dynamic field that promises a lot of fascinating work, so it's
Products, Services, and Solutions
Firefox OS To Make Hardware Debut With Keon And Peak Developer Preview Smartphones (TechCrunch) Mozilla's Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards, will have its first hardware soon thanks to a developer preview smartphone device, created by Spanish open hardware phone platform manufacturer Geeksphone, in partnership with Telefonica. Two models, the Peak and the Keon, will offer developers different hardware
Western Digital acquires Arkeia to boost SMB storage offering (IT World) Western Digital has acquired data protection company Arkeia Software as it looks to address growing storage demands among small and medium-size companies
Hortonworks releases a Hadoop sandbox (IT World) Those who want to try the much-hyped Hadoop but haven't got a cluster or two to spare can now test the data processing platform on their desktops, thanks to a new release from Hadoop distributor Hortonworks
PowerDNS 3.2 expands DNSSEC support (Help Net Security) The PowerDNS Authoritative Server enables authoritative DNS service from all major databases, including but not limited to
Technologies, Techniques, and Standards
How To Conduct An Effective IT Security Risk Assessment (Dark Reading) Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it
Tech Insight: 5 Approaches to Decaffeinating Java Exploits (Dark Reading) Most enterprises are stuck with Java whether they like it or not, but there are ways reduce the effectiveness of recent and future zero-day exploits
4 Steps For Proactive Cybersecurity (InformationWeek) In our dive into the theory behind offensive cybersecurity, Gadi Evron summarized the legal and ethical problems of fighting back against an attacker. There are also some purely tactical problems: How do you know you're not blasting some grandmother in Akron whose PC is a zombie? Are you prepared to come under the glare of organized criminals
A taxonomy for the National Cybersecurity Doctrine (CSO) Dan Lohrmann recently blogged in another forum about a call for a US cybersecurity doctrine. Having written on a related topic and participated in other national framework initiatives before, this piece further expounds upon the question of doctrine. Or, more precisely, the question should be framed as implicating deeper and prerequisite considerations about an emerging field
Security, DoS attacks and magic tricks (Finextra) Its pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to maybe because I think that Im pretty clever (38 years in IT, etc) but then something simple catches me out. For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately. I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details
Design and Innovation
Spy Bases: 9 Secretive HQs of the World's Intelligence Agencies (Wired Danger Room) Some of the world's intelligence agencies reside in buildings that can appear starkly utilitarian, clean and futuristic, or even frightening and alienating. But they all build their headquarters to invoke their sense of secrecy
Peter Thiel Talks The Future Of Education, The Need For Innovation And Why Facebook Won At DLD (TechCrunch) PayPal co-founder, early Facebook investor and Founders Fund partner Peter Thiel today took the stage at the DLD conference in Munich for a very wide-ranging discussion about the future of philanthropy, education, how we can sustain growth in the developed world and why Facebook won out over MySpace.
Ideas are more valuable than execution (LinkedIn) An interviewer asked me what two lessons she would take away from my book, Mind Over Matter. It's quite difficult to summarize a 340-page book in two lessons, but here's what I said: There is no such thing as a natural resource. Ideas have always and everywhere been more valuable than the physical act of carrying them out
New York is now a better place to start your tech company than San Francisco (Quartz) Why would anyone ever start a company in New York City when talent, capital, and network all favor Silicon Valley? This argument has persisted for a long time but let's look at this from a pure financial and economic perspective for the first-time entrepreneur. If you achieve an exit you can expect a value nearly 40 times greater in the Valley than if you started your company in New York. Take all of the 2012 exits with reported numbers listed in CrunchBase (excludes the biotechnology and pharmaceutical industries)
Academia
Report: 'Connected learning' needed to address inequities in education (Fierce Government IT) There is a disconnect between classroom learning and the everyday lives and interests of many young people, alienating them from their schooling, according to a report from the Connected Learning Research Network.Although the Internet and digital technology has the potential to even the playing field in education, a growing learning divide in public education disproportionately impacts African American and Latino youth, the report finds
Student claims code flaw spotting got him expelled from college (The Register) A Canadian computer science student is claiming he was expelled after identifying a gaping security hole in administrative software his college was using. Ahmed Al-Khabaz, a 20 year-old student at Dawson College in Montreal, told the National Post that he and a friend had been developing a mobile app for students to access their records when they found a hole in Omnivox software the college used. The hole allowed free access to personal information the college held on students, such as social insurance number, home address and phone number and class schedules
City of London School wins National Cipher Challenge (Computer Weekly) A team from City of London School has triumphed over 724 other UK schools to win the 11th National Cipher Challenge. A total of 1,600 teams took part in the competition held towards the end of 2012, up from 200 teams in previous years. The national code-breaking competition is organised by Southampton University, with support from the government intelligence agency GCHQ and commercial partners
Cyber Security Challenge UK announces first University Challenge (Computer Weekly) Four leading UK universities for Computer Science are taking part in a unique code-breaking competition as part of this years Cyber Security Challenge UK. The computer science departments at the University of Bristol, University of Birmingham, University College London and Edinburgh Napier University have accepted the challenge to develop their own cipher or puzzle, based on encrypted messages. The cipher will be released to other participating universities and challenge candidates to break in a four-week virtual tournament, starting 21 January
Legislation, Policy, and Regulation
Cuba opens one lane of Internet superhighway—inbound (Ars Technica) Downloads via Venezuela, uploads via satellite
India developing national cybersecurity architecture (ZDNet) India is in the midst of developing and implementing a national cybersecurity architecture that is aimed at preventing sabotage and espionage of its core IT systems and networks. In a report Monday, the Economic Times said that the system will protect critical information infrastructure and networks by monitoring activities, while designated government agencies will offer certification to vendors and service providers to provide additional safety measures."It will also involve capacity and authority for operations in cyberspace," said Shivshankar Menon, national security advisor for India, in the report
Giving teeth to cyber security (Asia One) A law passed this week gives the Government powers to take pre-emptive steps to prevent potentially crippling cyber attacks on essential services. The new Computer Misuse and Cybersecurity Act grants power to the Home Affairs Minister to order, say, telcos and banks to disclose information to the Government long before a cyber attack hits Singapore. Before this change, the minister could issue a directive only when the attack on Singapore was imminent.
President Putin orders FSB to protect media sites from cyber attack (RT) The Russian President has told the country's federal security service to set up a system that would detect, counter and prevent computer attacks on state information resources. The order defines official resources as information systems and networks
Proposed EU cyber security law will require proactive network security (Help Net Security) Last week, the European Commission proposed new legislation to require major tech firms like Google and Facebook to report any security breaches to local cyber crime authorities or risk sanctions like
Litigation, Investigation, and Law Enforcement
iPad Hack Statement Of Responsibility (TechCrunch) Editor's note: Andrew Auernheimer, also known by his pseudonym weev, is an American grey hat hacker and self-described Internet troll. Follow him on Twitter @rabite. In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker
GitHub blocked in China, 'ticket snatching' plugins seen as possible cause (IT World) China's censors have started blocking access to software collaboration site GitHub, and Internet observers are speculating the government's efforts to regulate the nation's online train ticketing system are to blame
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cybergamut Technical Tuesday: Finding Splunk Before Splunk Finds You (Columbia, Maryland, USA, Jan 22, 2013) Rob Frazier of Whiteboard Federal Technologies will present his talk "Finding Splunk Before Splunk Finds You". Certification letters will be available for PMI PMP PDU' and CISSP CPEs as well as other technical credits as appropriate. The live event will be in Columbia, MD, and there will be a cybergamut node established in Omaha, Nebraska for this event.
TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, Jan 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.
Data Privacy Day (Various locations, Jan 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy Day (DPD), is collaborating with many educational institutions, corporations, government and non-profit organizations across the world to make Data Privacy Day on January 28th a success. Data Privacy Day is an international day of awareness to educate everyone to respect privacy and safeguard personal information.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.