The CyberWire Daily Briefing for 8.9.2013
Analysis Intelligence believes it sees coordination of attacks among the Iranian Cyber Army, Parastoo, and the al-Qassam Cyber Fighters; this suggests common direction by Tehran.
Several exploits are in play at week's end, as more malware attacks the Android "Master Key" vulnerability, Google Play apps have issues with "overly aggressive" adware, compromised Twitter accounts become malware vectors, and phony Apple Store emails deliver client-side exploits.
Researchers offer interesting unpacking of JavaScript malware and the China Chopper web shell. Webroot warns grimly of an increased sophistication in the crimeware black market (which, incidentally, is turning to Perfect Money as its digital currency post-Liberty-Reserve-takedown).
Cisco and OpenX release fixes; Microsoft previews its Patch Tuesday offerings.
The Economist offers dueling viewpoints on active defense. A hot market reputation can evanesce swiftly: witness the withdrawal of two secure, private email services (possibly under US Government legal pressure). Thus a sector other than cloud services feels a Snowden-driven pinch.
Other industry news suggests the cyber labor market is ripe for technology-driven de-skilling. Systems administrators appear to be the first targets of labor-force contraction as NSA bruits its intention of doing without some 90% of its own. General Alexander hints that they'll be replaced by a "thin virtual cloud structure." Cyber talent is scarce and pricey, so replacing labor with capital is unsurprising. We'll see if the technology is up to it.
Congressional scrutiny of US electronic surveillance continues. The New York Times reports such programs are bigger than hitherto believed; NSA insists it respects privacy.
Notes.
Today's issue includes events affecting Canada, China, Ethiopia, Iran, Russia, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
The Convenient Timing of Iran–Linked Hacker Operations (Analysis Intelligence) We enjoy revealing patterns in cyber activity on this blog, as you might recall from our hacker workday research. And whether or not you believe the al-Qassam Cyber Fighters (QCF) are tied to the Iranian government, its ramping up phase 4 of Operation Ababil calls for a novel look at alleged associations with Tehran
Android "Master Key" vulnerability — more malware exploits code verification bypass (Naked Security) Researchers at SophosLabs have come across samples of Android malware exploiting the so-called "Master Key" vulnerability
'Hack Facebook' works great — on YOU, not your intended victim (Naked Security) Hack not lest ye be hacked yourself, says researcher Josh Long. The "Facebook Hacking Site" actually leads hacker-wannabes into receiving premium SMS texts that jack up their phone bills and may also collect login details, he's found
Zscaler finds a 'big number' of Google Play apps with overly aggressive adware (CSO) One or more antivirus vendors flagged 22% of 8,000 popular apps as having issues
BANKER Malware Found Hosted on Google Code (TrendLabs Security Intelligence Blog) Google Code is Google's official open source site meant for developers to host their program's source code and related files, mostly in text format. However, using our sourcing system in Brazil, we were able to capture a malware written in Java that downloads BANKER malware from a recently created project called "flashplayerwindows". Of course, this bogus project has nothing to do with Adobe
Compromised Accounts Tweeting Links to Malware (Symantec) It is not uncommon to see social media accounts, specifically Twitter accounts, directing users to malicious sites such as the ones hosting Android.Opfake, an issue we blogged about last year. Recently, we discovered that the accounts of innocent users were being compromised to tweet these types of malicious links to their followers
Fake 'Apple Store Gift Card' themed emails serve client-side exploits and malware (Webroot Threat Blog) Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they've successfully received a legitimate 'Gift Card' worth $200. What's particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails
Daily Mail's new motto: All the personal news that's fit to disclose (FierceITSecurity) The U.K. Daily Mail newspaper appears to have been doling out personal information along with the daily news and conservative commentary, according to a report by The Register
The Mother of All Suspicious Files (explainxkcd) The save dialogue shows a download from 65.222.202.53, an IP address that hosted JavaScript malware during a recent attack on the TOR anonymity network, with a very long file title. Many of the extensions used inside there indicate executable code; multiple file extensions are sometimes used to disguise a trojan program as a document
Breaking Down the China Chopper Web Shell — Part I (FireEye) China Chopper: The Little Malware That Could. China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher Keith Tyler, we could find little useful information on China Chopper when we ran across it during an incident response engagement. So to contribute something new to the public knowledge base -- especially for those who happen to find the China Chopper server-side payload on one of their Web servers -- we studied the components, capabilities, payload attributes, and the detection rate of this 4 kilobyte menace
Breaking Down the China Chopper Web Shell — Part II (FireEye) In Part I of this series, I described China Chopper's easy-to-use interface and advanced features -- all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version, 4 kilobytes on disk. In this post, I'll explain China Chopper's platform versatility, delivery mechanisms, traffic patterns, and detection. My hope is that armed with this information, you can eradicate this pest from your environment
One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers (Webroot Threat Blog) In a series of blog posts, we've been highlighting the ease, automation, and sophistication of today's customer-ized managed spam 'solutions', setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis
Cisco TelePresence hole — I always feel like somebody's watching me (FierceITSecurity) Cisco (NASDAQ: CSCO) is warning about a security hole in its TelePresence immersive videoconference system that could enable an attacker to remotely gain control of the system. An attacker could exploit the hole created when default credentials are used to create a user account, the firm warned in a security advisory
SAP's Backdoor (Positive Research Center) SAP security research is one of my basic duties in Positive Technologies. Moreover, I had to think of what I would speak about to the participants of our PHDays III forum. Thus, I came to the following subject of research: how to hide a user with the SAP_ALL profile (i.e. all possible authorizations) in the system. If a malicious user manages to log in to the system and get the authorization to create users and assign privileges to them, then his next most probable step is to create a new account for himself, of course with all authorizations in the system. However, this user is listed in the results of internal checks and external audits, and there is zero chance that a user with SAP_ALL authorizations will not arouse any interest
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisory (US-CERT) Cisco has released a security advisory to address a vulnerability in the Cisco TelePresence System. This vulnerability may allow a remote attacker to access the web server via a user account created with default credentials, which gives the attacker full administrative rights to the system
OpenX Releases Security Update (US-CERT) OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad servers could be used in combination with various types of drive-by download, watering hole, and phishing attacks on web browsers and plug-ins
Microsoft to Clean Up After Oracle's Patch Mess Again Next Week (CIO) Slates eight security updates for next week, including critical fixes to Exchange likely stemming from Oracle's Outside In technology
Cyber Trends
Lost In Translation: Hackers Hacking Consumer Devices (Dark Reading) New grassroots movement aims to fill the gap between security researchers and the consumer industries that are the subject of their hacking projects
Cyber attacks: drilling down into the financial system's newest threat (Financial News) A white paper from the Depository Trust and Clearing Corporation, one of the world's largest post-trade services operators, identified cyber attacks as one of the
Organizations ignore social media when it comes to business continuity planning (CSO) New study finds while many organizations are incorporating business continuity management into their risk program, they are still failing to use social media channels as part of their plan
Firewalls and firefights (The Economist) A new breed of internet-security firms are encouraging companies to fight back against computer hackers. "If someone is shooting at you, the last thing you should focus on is the calibre of the bullet," says George Kurtz, the boss of CrowdStrike, a young tech company. Seated at a coffee table at Black Hat, a conference for the cyber-security industry held in Las Vegas recently, Mr Kurtz is expounding on the fundamental flaw he sees in the way many firms deal with cyber-intrusions. Most, he says, spend too much time trying to work out what hit them and far too little trying to understand the motivations of their attackers and how to counter future assaults
A byte for a byte (The Economist) Letting companies strike back at computer hackers is a bad idea. Security experts like to say that there are now two types of company: those which know they have been hacked and those which have been hacked without realising it. An annual study of 56 large American firms found that they suffered 102 successful cyber-attacks a week between them in 2012, a 42% rise on the year before. Rising numbers of online attacks are stoking a debate about how best to combat cyber-crooks. One emerging school of thought holds that companies should be allowed to defend themselves more aggressively by "hacking back"--using hacker-like techniques to recover stolen intellectual property and frustrate their assailants
Passcodes Pervasive On BYOD — But Not Strong (Dark Reading) 85 percent of enterprise smartphones and tablets require passcode-protection on smartphones and tablets, but only 7 percent employ secure ones. It's a classic balance-of-security-and-convenience story: an overwhelming majority of businesses today force their employees to passcode-protect their mobile devices, but most only with simple and less secure PINs
Enterprises are feeling the 'need for speed' in network firewalls (FierceITSecurity) Enterprises are being driven to buy faster firewalls in order to keep pace with network upgrades, according to a survey by Infonetics Research. More than three-quarters of the 104 large enterprises in North America surveyed said that upgrading to high-speed network interfaces on security appliances was the number one driver for investing in high-end firewalls
Marketplace
Security-Cleared Pros Don't Like Leaks — Or Wait Times (Nextgov) There is broad consensus among security-cleared professionals that the disclosures of Edward Snowden, the former National Security Agency contractor now
Cyber-crime and punishment: how to spot security winners (CityWire) Euro Stars AA-rated duo Yves Kramer and Frédéric Dupraz co-run the Pictet-Security fund, which is designed to tap worldwide companies dedicated to the maintaining the health, security and freedom of individuals, companies and governments
Go Long Cyber Security Companies (Seeking Alpha) We've seen one of the most groundbreaking intelligence scandals in history. Leaked to sources such as the Guardian, whistleblower Edward Snowden released a trove of files showing the NSA among others is not only spying on Americans, they are also monitoring conferences such as political negotiations, foreign diplomatic offices, and more
Snowden's e–mail provider is closing, cannot legally say why (Washington Post) The e-mail service used by National Security Agency (NSA) leaker Edward Snowden is suspending operations. And they can't tell us why -- although this cryptic post heavily suggests it has something to do with a government request for information
Secure webmail service Lavabit suspends operation, citing legal issues (Naked Security) If you're interested in webmail security, you've probably heard of Lavabit. It's a boutique webmail provider based in Texas, USA
To Our Customers [re: Silent Mail] (Silent Circle) We designed our phone, video, and text services (Silent Phone and Silent Text) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious -- the less of your information we have, the better it is for you and for us
Cybersecurity Pros in High Demand, Highly Paid and Highly Selective (PC Advisor) Experts in cybersecurity are among the most sought-after professionals in the tech sector, with demand for workers in that field outpacing other IT jobs by a wide margin
U.S. NSA To Cut System Administrators By 90 Pct To Limit Data Access (Reuters) The U.S. National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said Thursday it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information
NSA Will Replace Potential Snowdens with Computers (Nextgov) The NSA will eliminate 90 percent of the system administrators who maintain the agency's networks, according to the agency's director Keith Alexander. Speaking on Thursday to a cybersecurity conference, the NSA chief said that most of the current work done by staff and contractor system administrators — Snowden's old job — could be replicated by automated technology
It's now or never for old sysadmins to learn new tricks (The Register) Watch out for your jobs, says Trevor Pott. In most fields of human endeavour the complete invalidation of a person's formal training and skillset generally takes decades, if not generations
The InsideIQ Building Automation Alliance Partners with Cylance (AutomatedBuildings) "Long time InsideIQ member McKenney's, Inc. of Atlanta partnered with Cylance to bring to market an advanced understanding of physical, social and cyber
BlackBerry 'mulls going private' to fix problems amid turnaround blues (ZDNet) The smartphone maker is considering pulling out of the stock market and going private in a bid to fix its problems. It could be just what the company needs to secure further investment for its BlackBerry 10 platform. Or, it could pave the way to a split-up and sell-off
Big Mike shoots email to Dell staff: My backers and I are your best bet (The Register) Founder tries to drum up support for takeover bid
Defense Contractors Aren't Ready to Comply with Anti–Counterfeit Rule (Nextgov) Many contractors admit they will be unable to immediately comply with a rule, taking effect by March 2014, that would require contractors to either develop a new system for detecting counterfeit electronic parts or forego payment. The Pentagon is under pressure to address congressional concerns about the risk of weapons systems failing if adversaries or sloppy suppliers slip in unauthorized components. That's because the deadline for carrying out a 2011 defense authorization law calling for anti-counterfeit regulations was almost two years ago
Building a Cybersecurity Startup in Maryland (Light Point Security Blog) I was invited to speak last week at Technically Baltimore's event on Growing Maryland's Cybersecurity Industry. They invited a series of speakers to give 4 - 5 minute lightning talks on a variety of topics that explore the growing cybersecurity industry in Maryland. The goal was to discuss how we can grow Maryland's cybersecurity industry to create more jobs
Cyber Standouts: Light Point Security LLC (Baltimore Business Journal) Light Point Security featured as Cyber Standout
Finding Maryland's Next Cyber Security Darling (Baltimore Business Journal) Maryland may have sold its shares of Sourcefire Inc. years ago, but the state still stands to win big from the Columbia cyber security firm's $2.7 billion sale
Cyber Standouts: Finding Maryland's Next Sourcefire (Baltimore Business Journal) Success of Columbia cyber security firm Sourcefire Inc. is a sign of the potential for companies in Maryland's cyber industry
Big Data Market Sees CSC Buy Infochimps, NICE Buy Causata (eWeek) "Infochimps and CSC share leadership values of intellectual honesty and…for the U.S. Government Intelligence Community (IC) and the Department of Defense
Harris Corporation Awarded U.S. Air Force NETCENTS-2 (DailyFinance) Harris IT Services designs, deploys, operates and maintains secure communications…and Cyber Security/Information Assurance -- on time and on budget
Products, Services, and Solutions
Maltego Gets More 'Teeth' (Dark Reading) New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
SafeNet Partners With Senetas to Protect Data in Motion (PRNewswire) "SafeNet's technical and commercial expertise with our products, its own vast…Senetas has experience in the vulnerabilities and risks of cyber-attacks, data
Statement by Tailored Solutions and Consulting (TSC) on FBI's iGuardian Platform for Cyber Threat Reporting (SFGate) While U.S. Executive Order 13636 represents a new policy emphasis on public and private sector coordination on cyber threats, the FBI's recent launch of iGuardian is a complementary initiative dedicated to the mutual benefit of government and industry. It is a mechanism designed to expedite and augment the cyber security dialogue between private industry and the FBI. It also extends to private industry actors that are not officially designated as critical infrastructure, which is the primary scope of E.O. 13636. More importantly, however, it demonstrates the FBI's commitment to establishing cyber programs that create value for participating US businesses
Norman Shark Announces Malware Analyzer G2 v4.0 and Updated Network Threat Discovery (Dark Reading) Now Featuring 32-bit and 64-bit Support for Windows 7 and 8, Leads the Automated Malware Analysis Market
Cicada Security Technology Inc. Delivers Technology to Eliminate Data Exposure from Computer Theft or Tamper (PRWeb) Preventing the Next Big Data Breach by Closing the Security Blind Spot Exploited by Manning and Snowden
Google introduces Android app for remote wipe, locating lost devices (SC Magazine) A new app called "Android Device Manager" will help users locate or remotely wipe their lost or stolen phones
General Dynamics Launches Online Community to Match Advanced Technical Capabilities with Evolving Customer Requirements (General Dynamics Advanced Information Systems) GDNexus is an online portal where users collaborate to help customers reduce risk and accelerate time-to-mission by leveraging proven technologies from a diverse supplier base
Technologies, Techniques, and Standards
Achieving Security Compliance In Small And Midsize Businesses (Dark Reading) How can smaller businesses meet compliance requirements with limited resources? Here are some tips
Digital Certificate Dangers, and How to Fight Them (eSecurity Planet) While digital certificates play a vital security role, they also present security risks. A certificate management system is a good way to mitigate many of those risks
Building a panopticon: The evolution of the NSA's XKeyscore (Ars Technica) How the NSA went from off-the-shelf to a homegrown "Google for packets."
Security intelligence through configuration auditing (Help Net Security) Modern systems have a multitude of configuration elements that, ideally, meet the IT business requirements of the organization. The danger of having poorly configured systems in place is real
Security Metrics Are Undervalued, Misunderstood (CIO Insight) Keeping your corporate network secure is arguably the most important aspect of any CIO's job. But a new study from risk-based security compliance company Tripwire seems to indicate that determining the metrics for security and conveying to the business side what it takes to keep a company safe is quite difficult. And when security and its importance cannot be conveyed to the business side, security itself suffers. "Chief Information Security Officers talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies," says Rekha Shenoy, vice president of marketing at Tripwire
Google, Mozilla Lead Web's Mobile Renaissance (InformationWeek) Google and Mozilla are blurring the distinction between Web apps and native apps. That could have profound implications for Apple and Microsoft
Design and Innovation
Fail Week: When Mark Suster Believed His Own Startup's Hype, And Everything Came Crashing Down (TechCrunch) To very loosely paraphrase Tolstoy, all successes are alike, but each epic failure fails in its own unique way. But here in the tech industry, we don't discuss failure stories nearly as much as success stories — and that's a shame, because even the biggest winners in the world of entrepreneurship have had their fair share of missteps
Research and Development
The future of big data: cognitive computing (FierceBigData) The holy grail in big data is context plus causation. Companies and governments alike seek information that reveals relationships, causes of action, and is steeped in meaningful context
Academia
Training the next generation of cyber security warriors (University of Hawai'i) Teachers from ?Aiea, ?Iolani, Kaimuk?, Leilehua, McKinley, Mid-Pacific and Sacred Hearts Academy spent four intense days participating in a CyberPatriot Boot Camp, the first of its kind at Honolulu Community College. They learned the basics of cyber security including understanding the anatomy of a cyber attack, cryptography, digital forensics
Cyber still largely missing from military graduate programs (FierceGovernmentIT) Although the Defense Department has acknowledged that future military conflicts will have a cyber component, graduate programs at military academies still lack adequate information technology and cybersecurity curriculum
The kids code alright: Inside Young Rewired State's Festival of Code (ITProPortal) I had a relatively privileged upbringing when it comes to technology. Way back in the prehistoric 90s, my school had dedicated IT classes and we learnt a number of key skills. Mavis Beacon helped me become a reasonably adept typist and I acquired an average level of competency with Microsoft applications like Word, Excel and PowerPoint. I even stuck my head into basic HTML and built an Angelfire page dedicated to the New England Patriots. Coupled with a fondness of Sierra's fantasy RPGs and the advent of Sid Meier's early strategy games, you the makings of a veritable geek
Legislation, Policy, and Regulation
Scope of NSA Internet surveillance even larger than already known (FierceGovernmentIT) The scope of Internet surveillance conducted by the National Security Agency is even larger than already revealed through leaks from former intelligence community contractor Edward Snowden, the New York Times is reporting
NSA cites case as success of phone data-collection program (Washington Post) Under pressure from Congress, senior intelligence officials have offered it as their primary example of the unique value of a National Security Agency program
NSA Data Collection Only For National Security (Forbes) The National Security Agency (NSA) has come under intense criticism in recent months for collecting Americans' phone and Internet data. This week, the New
DEA, NSA Teamwork: 6 Privacy Worries (InformationWeek) Government agents investigating criminal cases reportedly are tapping into NSA-furnished intelligence. Legal experts cry foul. A secretive U.S. Drug Enforcement Agency unit is taking information gathered by intelligence agencies and using it to prosecute Americans, sometimes for minor offenses, according to a Reuters report. Furthermore, DEA agents have been instructed to obfuscate how they came into possession of the information and reverse-engineer the evidence trail to make it appear as if the information was obtained through other means, Reuters reported
Don't Call It A Cold War (Philadelphia Inquirer) Canceling the meeting with Putin doesnt mean Obama isnt interested in improving relations with Russia. Secretary of State John Kerry and Defense Secretary Chuck Hagel still planned to sit down with their Russian counterparts today to discuss Syria, Iran, Afghanistan, and Snowden
Breaking Through Limits On Spying (New York Times) Apparently no espionage tool that Congress gives the National Security Agency is big enough or intrusive enough to satisfy the agencys inexhaustible appetite for delving into the communications of Americans
War By Wordplay (Washington Post) Well, it makes a difference, first, because truth is a virtue. Second, because if you keep lying to the American people, they may seriously question whether anything you say for example, about the benign nature of NSA surveillance is not another self-serving lie. And third, because leading a country through yet another long twilight struggle requires not just honesty but clarity
Piercing The Confusion Around Phone Program (Washington Post) The program that collects metadata has been referred to in shorthand as the 215 program after the section in the law that governs it. It is a search for a needle in a haystack of unimaginable proportions, and administration officials can point to few successes
NSA's Need To Keep Database Questioned (Washington Post) Critics say court orders could secure phone data one case at a time
Pentagon 'Information Operations' Chief Moves On (USA Today) The Pentagon's point man for "information operations," Austin Branch, is moving on to the National Counter Terrorism Center. Branch has led military's IO effort -- referred to by some as propaganda -- during a period of rapid expansion and, of late, criticism from Capitol Hill. He will be replaced by Mike Banaszewski, who is chief of staff for the deputy assistant secretary of Defense for Special Operations and Counter Terrorism, according to Navy Cmdr. Amy Derrick-Frost, a Pentagon spokeswoman
Ethiopia needs cyber security law urgently: experts (Sodere) Ethiopia was urged to speed up its proposed laws on cyber security to upgrade its banking Information technology (IT) infrastructure, and to fully utilize its IT potential
Litigation, Investigation, and Law Enforcement
Young Android Users At Risk, Won't Someone Think of the Children? (PC Magazine) While the Bitdefender report also sounds a warning about younger Android users seeking out adult content (read: porn), becoming victims to sexual predators
Witness In Manning Case Says Leaks Could Help Al Qaeda (New York Times) A prosecution witness in the sentencing phase of the court-martial of Pfc. Bradley Manning told a military judge on Thursday that Al Qaeda could have used WikiLeaks disclosures, including classified United States government materials provided by Private Manning, to encourage attacks in the West, in testimony meant to show the harm done by his actions
Ukrainian Carder in $5 Million Ring Sentenced to 14–Plus Years in Prison (Wired) Between 14 and 40 years in state prison following a 10-week trial in New York. State sentences, unlike federal, offer parole, and the parole board would determine the exact sentence once his case comes up for review
Hackers switch to new digital currency after Liberty Reserve (Reuters) Three months after a team of international law enforcement officials raided the digital currency firm Liberty Reserve, cyber experts say criminals are increasingly turning to another online currency called Perfect Money
Employee fired for emailing health data to herself (SC Magazine) Emailing protected health information (PHI) to a personal email address cost one Rocky Mountain Spine Clinic employee her job last week
E–Reader Coalition Seeks Waiver of Disabled Access Requirements (Telecom Law Monitor) On August 1, 2013, the Federal Communications Commission ("FCC" or "Commission") released a Public Notice seeking comment by September 3, 2013 on a petition for waiver from the disabled access requirements filed by a coalition of e-reader manufacturers (Amazon, Kobo and Sony Electronics). In late 2011, the FCC released a Report and Order implementing provisions of the Twenty-First Century Communications and Video Accessibility Act of 2010 ("CVAA") to ensure that people with disabilities have access to advanced communications services ("ACS")
UK ISPs might not have to block websites under Digital Economy Act rules for much longer (TNW) UK ISP subscribers may not have to suffer being blocked from accessing certain websites, like The Pirate Bay and KAT.ph, following an unexpected about-turn from the government which has proposed dropping the clauses that regulate the blocks
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
Security in Government (SIG) (Canberra, Australia, Aug 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy Division in the Attorney General's Department, Robyn Devin said the SIG conference attracted protective security professionals from both the public and private sector.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.
Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.