The CyberWire Daily Briefing for 8.15.2013
Pakistani and Indonesian hacktivists continue opIsrael with nuisance-grade cyber vandalism. OxAlien releases login credentials of "Iranian defacers." The Atlantic Council outlines Iran's cyber capabilities and how these could be used in war with the United States. Turkish hacktivists protest Chinese government repression of Uyghur Muslims by attacking 1600 websites.
Last week's precautionary embassy closings were prompted, says the Washington Post, by interception of al-Qaeda traffic in darknet or deep-web chat rooms and encrypted message boards. (Not accessible by conventional search engines, these regions of the Internet are nonetheless quite open to inspection, and any suggestion that they're private or secure in any strong sense is misleading. InfoWorld coincidentally has an article on the difficulty of achieving genuine privacy online.)
Other stories address various vulnerabilities and threats currently active in the wild, but it's worth noting that outages at both the New York Times and the United States' .gov domain were the result of mishandled software upgrades, not cyber attacks.
Google has acknowledged and patched the Android flaw that enabled Bitcoin wallet theft. Microsoft has pulled one of its Patch Tuesday fixes: a security update for Exchange 2013.
The UK's Ministry of Defence partners with key companies to improve the cyber security of its supply chain. Cisco is cutting 4000 jobs. IBM will acquire Trusteer for an undisclosed sum. Blackberry seems headed for piecemeal sale, and Michael Dell's plans to take his eponymous company private remain up in the air.
Researchers find a flaw in encryption mathematics—using the wrong entropy.
Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Germany, Indonesia, Iran, Ireland, Israel, New Zealand, Pakistan, Philippines, Portugal, Switzerland, Taiwan, Turkey, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
#OpIsrael: Pakistani hacker H4x0r HuSsY celebrates independence by hacking 650+ Israeli websites (Hack Read) A Pakistani hacker going with the handle of H4x0r HuSsY has hacked and defaced 650+ Israeli websites on the eve of Pakistan's independence day. Hack was conducted for #OpIsrael where hacker left a deface page along with a message on all hacked websites displaying message against Israel and in support of Palestine. The deface message was expressed in following words
OpIsrael Reloaded: Official Mazda Motors and 20 Israeli Porn websites hacked by Indonesian SultanHaikal (Hack Read) Well known Indonesian hacker going with the handle of SultanHaikal has hacked and defaced the official website of Mazda motors club
Iran's Web Defacement Archive Website Hacked, database and thousands of accounts leaked by OxAlien (Hack Read) OxAlien, known for his high profile Virgin Radio Dubai hack is back in news by breaching into an Iranian based cyber crime and events archive website, as a result the database and 2000+ login accounts have been leaked online. The site is not government owned yet contains massive data, exposing login details of site users. The hacker contacted me on Twitter and explained why the site was targeted, a similar
Iran: How a Third Tier Cyber Power Can Still Threaten the United States (Atlantic Council) When most people think of the "military option" against Iran, they imagine a US attack that takes out Iran's most important known nuclear facilities at Natanz, Fordow, Arak, and Isfahan. They expect Iran to retaliate by closing the Strait of Hormuz, sending missiles into Israel, and/or supporting terrorist attacks on US personnel in Iraq and Afghanistan
1600 Websites hacked by TurkHackTeam against Chinese Uyghur Muslims Massacre (Hack Read) Turkish hackers from Turk Hack Team have hacked and defaced more then 1600 websites against alleged killings of Uyghur Muslims in China. All sites were left with deface pages along with different deface messages, protesting against the Chinese government for conducting massacre against Chinese based Uyghur Muslims
Al–Qaida threat that closed US embassies was discussed by leaders in online jihadi chat room (Washington Post) Al-Qaida fighters have been using secretive chat rooms and encrypted Internet message boards for planning and coordinating attacks -- including the threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week
Terrorists Turn To Secretive Forum To Evade U.S. (Miami Herald) Al-Qaida fighters have been using secretive chat rooms and encrypted Internet message boards for planning and coordinating attacks including the threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week
Online forums provide key havens for terror plots (WLOS) One expert calls it a cat-and-mouse game between terrorist groups that can buy commercial technology and intelligence agencies that are trying to find ways to
Osama Bin Pwned: Al Qaeda mocked in Twitter counter–jihad (The Register) Terror group asks world+dog to suggest a PR strategy. And thousands reply. Al Qaeda has come under attack from a massive troll army after asking Twitter users for ideas on how jihadis could run a PR campaign
Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability (Trend Micro Security Intelligence Blog) About a month ago, the Apache Software Foundation released Struts 220.127.116.11, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers
Hackers find new way to stuff malware in Android mobile devices (FierceMobileIT) Firewall vendor Palo Alto discovered recently that hackers are using ad networks to deliver malware to Android devices. InformationWeek's Mathew J. Schwartz says, "they've discovered a series of attacks that have been serving up malicious code by hacking into an ad network's software development kit (SDK). Developers add these SDKs to their Android apps to tie into mobile advertising networks and earn referral fees"
New ransomware threat 'Browlock' freezes computers and demands payment (SC Magazine) Security firm F-Secure is tracking a new ransomware family known as Browlock, which spreads by tricking unsuspecting web surfers into believing the police are after them
Joomla exploit doing rounds, users advised to update (Help Net Security) Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content
Is that YouTube Video Downloader browser plugin safe? Beware! (Graham Cluley) Cybercriminals have created YouTube video downloading plugins for your browser which can lead to your computer being infected with malware, or help them earn money by messing with your browser's search results or displaying unauthorised adverts
How Attackers Target And Exploit Social Networking Users (Dark Reading) A look at the security issues surrounding the use of social networks in the workplace -- and what you can do about them
Facebook phishing: manual session hijacking (zscaler) We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" session hijacking attack whereby the user is fooled into copying and pasting a Facebook URL containing the session ID or other credentials into a malicious page. I'll describe such an example that I spotted this past weekend
Java — The Gift That Keeps On Giving (F-Secure) I bet vulnerability researchers love Java. It seems that especially the 2D sub-component of Java has felt their love lately: since the out-of-band patch for CVE-2013-0809 and CVE-2013-1493 in March 2013, 2D has been the most patched sub-component with a total of 18 fixed vulnerabilities. Fortunately, CVE-2013-1493 has been the only one of these exploited in the wild
Targeted Attacks Delivering Fruit (Symantec) Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT
Google confirms Bitcoin–theft vulnerability in Android (ZDNet) An initialisation flaw within the Java Cryptography Architecture has been patched, but not before leaving Android vulnerable to attacks resulting in Bitcoin theft
Kaspersky warns on offline cyber attacks through USB drives (Human IPO) Kaspersky Lab has warned users they need to protect themselves from threats facing their computers and digital devices from offline sources
Lost flash drive compromises data for thousands of students (SC Magazine) More than 20,000 students across 36 schools in the Boston Public School (BPS) system had their data compromised when the district's ID card vendor Plastic Card Systems lost a flash drive containing the information
Cogent Healthcare Acknowledges Data Breach (eSecurity Planet) Approximately 32,000 patients' personal health information may have been exposed
Baby monitor hack highlights manufacturers' security shortfalls (CSO) In addition to lax passwords, manufacturer lacks a effective way to get its patches and updates out to customers
Hackers not responsible for New York Times website wipeout (The Register) Hours-long outage attributed to internal systems fault
DNSSEC administration likely cause of .gov outage (FierceGovIT) A government website outage that lasted for hours the morning of Aug. 14 was likely caused by a failure to update a cryptographic key necessary for DNSSEC, says cybersecurity researcher Johannes Ullrich
Security Patches, Mitigations, and Software Updates
Microsoft Starts Countdown on Eliminating MD5 (Threatpost) Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm
Google patches Android after Bitcoin wallet issue (CSO) Applications that used the random number generator within Android could be at risk
Microsoft pulls faulty Exchange 2013 patch HOURS after release (The Register) Patch Tuesday's fudged fix: Sysadmins, quick - turn Outside In inside out. Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release
Rise in data breaches drives interest in cyber insurance (CSO) Companies became much more interested in insurance policies after an incident affected them, study found
Is cyber the new gunpowder and corruption the spark? (Reuters) A 2013 report by Kroll Advisory Solutions suggests that more than two-thirds of all cyber cases involving theft of data stem from corrupt corporate insiders - but that companies' desire to deal with incidents quietly and internally means they rarely reach the public eye
Anonymous is not anonymous (InfoWorld) At this point, most of us would welcome shelter from the gaze of government cyber spies. Here are six reasons why that may be unattainable
Putting an end to 'strike back' / 'active defense' debate (Curmudgeonly Ways) The concept of "hack/strike back", under any of its names, is decades old. Every year or three it surfaces again and makes news. Almost every time, it is a result of a new company claiming they do it to some degree. This extends to the related idea of "active defense", which is equally absurd. Not only because it is used as a cop-out fallback when a company is challenged on notion of "hack back", because the term is misleading at best
A Prescription for Cloud Data Security for Healthcare Service Providers (Help Net Security) Cloud services are here to stay, and practically everybody is embracing them. In fact, the cloud computing industry is growing at the torrid pace of nearly 30% per year right now, according to Pike Research
Cyber: Protecting Britain's national security and the defence supply chain (Defence Management) The Ministry of Defence has boldly set out to boost the UK's cyber security, in partnership with a handful of the UK's leading defence firms. Peter Armstrong, director of cyber security at Thales UK, one of the firms involved, outlines the partnership's key priorities for the year ahead
How A 'Deviant' Philosopher Built Palantir, A CIA–Funded Data–Mining Juggernaut (Forbes) Since rumors began to spread that a startup called Palantir helped to kill Osama bin Laden, Alex Karp hasn't had much time to himself
Meet The American Dealer Of Swiss Data Secrecy (Forbes) The Swiss reputation for low taxation and secrecy is well known when it comes to money, but it's also becoming a popular place to store data, thanks to the country's strict, data-protection laws that are at odds with those of the European Union. While U.S. encryption services like Silent Circle are planning to establish servers in Switzerland for that reason, a scrappy startup called PrivacyAbroad has begun promoting itself as a rare conduit to Swiss data services
Cisco to Slash 4,000 Jobs (SecurityWeek) Just days after announcing that it would pay $2.7 billion to acquire network security firm Sourcefire, Cisco said Wednesday that it would cut 4,000 jobs, or roughly five percent of its workforce in an effort to cut costs. Cisco executives said the cuts were in response to a weaker-than-expected economic recovery
Desperate Obama Not Helping Tech Leaders (MoneyNews) The law of unintended consequences reached Silicon Valley this summer. Thanks to Edward Snowden, the whole world knows not to trust U.S. Internet companies with private data. The cost will likely be huge
Watchful Software Recognized as CRN Emerging Vendor for 2013 (MarketWatch) Watchful Software, a leading provider of data-centric information security solutions, today announced it has been named a 2013 Emerging Technology vendor by UBM Tech Channel's CRN Magazine. The annual list highlights hot tech startups making an impact on the channel and an impression on the tech industry as a whole. These up-and-coming technology vendors have recently introduced a new product or technology that is not only innovative, but addresses a key strategic issue that solution providers require answers for in today's competitive marketplace
4 Things VMware Must Do At VMworld (InformationWeek) VMware CEO Gelsinger needs to show customers a new leadership team and a company that understands how to compete in a multi-hypervisor marketplace
BlackBerry forms special committee to 'explore strategic alternatives' (FierceMobileIT) BlackBerry looks like it's decided to stop bailing water and just abandon ship altogether. After flailing around for the past few years, the Canadian mobile device maker announced it has assembled a special committee to "explore strategic alternatives."
BlackBerry's patents could be worth $5bn if it finds a single buyer (ZDNet) While BlackBerry's future is still to be decided, the value of its patents is looking more certain
BlackBerry: It's the end–to–endness, stupid (The Register) RIM's miracle impossible to recreate - but that won't stop people trying. Going private still looks the most likely next step for BlackBerry, with Prem Watsa, the largest shareholder in the company, resigning from its board this week, apparently to put together a deal. Watsa still holds almost 10 per cent of BlackBerry stock
As Dell battle drones on, operating challenges escalate (FierceFinance) In the thick of a private equity show down, priorities tend to get inverted. In the Dell buyout drama, for example, various reports about the poor state of the PC market have dribbled out amid the Michael Dell vs. Carl Icahn back and forth. Those reports attest to terrible market conditions, yet the reports have been seen as good news, at least for Team Dell-Silver Lake
Proofpoint Buys Armorize Technologies (eSecurity Planet) California-based Proofpoint recently announced the acquisition of Taiwanese cloud-based anti-malware solutions developer Armorize Technologies for approximately $25 million in cash. The deal is expected to close in the third quarter of 2013
IBM to acquire endpoint security company Trusteer (CSO) IBM is also setting up a cybersecurity software lab in Israel
Products, Services, and Solutions
Intigua: Automate the provisioning of management technologies (Help Net Security) CIOs today are asking their IT teams to build private clouds that reflect the on-demand simplicity and agility that Amazon Web Services delivers in its public cloud. Unlike with public clouds
MS SQL Agent facilitates the collection of MSSQL audit records (Help Net Security) SNARE for MSSQL allows a security administrator to remotely set up, control and monitor the application through a standard web browser and a self-contained installation package, including Setup Wizard
Kaspersky updates its security solutions for home users (Help Net Security) Kaspersky Lab released Kaspersky Anti-Virus 2014 and Kaspersky Internet Security 2014. Both products now include ZETA Shield antivirus technology, which performs an in-depth scan of files and
Free Android anti–virus for mobile devices (Help Net Security) Avira Free Android Security reached 2.0 and offers antivirus scanning and removal, as well as retaining the remote lock, wipe and 'scream' features available in the original version
Secure rugged Android tablet for the government (Infosecurity Magazine) Becrypt announced a new technology partnership with Getac to provide the first secure Android tablet solution suitable for military, defence and government and wider public sector markets based on Getac's ruggedized devices
Identify unknown internal email-enabled systems (Help Net Security) Sendmail today introduced Sentrion Rogue Email Application Control (REAC) 2.0, the first inside-threat protection application with new Big Data search capabilities to further protect organizations against the growing internal threats posed by machine-generated email, which accounts for more than 50% of all corporate email traffic
Circumventing Communications Blackouts (Schneier on Security) Rangzen looks like a really interesting ad hoc mesh networking system to circumvent government-imposed communications blackouts. I am particularly interested in how it uses reputation to determine who can be trusted, while maintaining some level of anonymity
Technologies, Techniques, and Standards
Imaging LUKS Encrypted Drives (Internet Storm Center) This is a "guest diary" submitted by Tom Webb. We will gladly forward any responses or please use our comment/forum section to comment publically. Tom is currently enrolled in the SANS Masters Program. When imaging a live system there are several factors to be taken into account. But this post is going to cover encrypted Linux systems. Use of the logical drive for imaging encrypted systems is critical if you do not have the decryption password
Researchers Put a Dent in the Twitter Underground (Threatpost) A USENIX paper presented yesterday explains how a team of researchers was able to disrupt a small portion of the underground merchants selling fraudulent Twitter accounts
DKIM: Useless or just disappointing? (ZDNet) Now that DKIM is established as the leading method for sender authentication, it's clear that it doesn't really claim to do all that much, and fails even at that. Spam is perhaps the oldest of security problems affecting Internet users widely. A lot of effort has been put into fighting it, and yet it persists. Even the most advanced of standards for combating spam fails in the face of a simple spoofing attack. There's probably nothing that standards bodies can do that will make a real difference
Don't Get Hacked — Tools to Fight Cyber Attacks (Entrepreneur) Here's an unfortunate and immutable fact: You will never be 100 percent immune to hacking. If someone targets and wants to get something from you, they'll figure out a way in. Even if your small business judiciously focuses on tightening security, you have a countless number of cyber doors to protect, and the bad guys only need to access one. It's a battle of asymmetry
Covert Tops (Washington Post) Fed up with surveillance, activists are designing ways to thwart prying eyes and ears
Dear CSO, do you know how to build security culture? (Help Net Security) What do you really know about security culture? I am going out on a limb here and claim you know very little, if anything at all. Your day job is about security, and like most CSOs out there, you
Why isn't RAM analysis part of every computer forensic investigation? (Digital Forensic Investigator) To the analyst, RAM is just a large blob of data with minimal structure, at least not the structure that we are expecting to see when it comes to operating systems
Video: How private companies can do self-defense (SC Magazine) Robert Clark, attorney for the U.S. Army Cyber Command, discusses how private companies can perform "active defense" during this press conference at this year's Black Hat conference in Las Vegas
Design and Innovation
The Trouble With Smartphone Kill Switches (InformationWeek) To fight smartphone theft, public officials tell smartphone makers to add remote-deactivation, tracking and recovery features. But manufacturers may not do the job right
Research and Development
Encryption is less secure than we thought (MIT News) For 65 years, most information-theoretic analyses of cryptographic systems have made a mathematical assumption that turns out to be wrong
Legislation, Policy, and Regulation
Brazil Mulls Taking Complaints on U.S. Spying to U.N. (Wall Street Journal) Brazil is considering taking its complaints on the U.S. National Security Agency's surveillance of Brazilian Internet data for discussion at the United Nations, Brazilian Communications Minister Paulo Bernardo said Wednesday
An Educated Guess About How the NSA Is Structured (The Atlantic) Want to understand how an organism really works? Take a look at its plumbing. Figure out where the pipes fit together. That's the approach I take to national security and that's the spirit behind this look at the structure of one of the most important institutions in U.S. intelligence: the National Security Agency
Intelligence committee urged to explain if they withheld crucial NSA document (The Guardian) Critics demand answers from chairman Mike Rogers after claims that committee failed to share document before key vote
The Other Side Of The Surveillance Story (Washington Post) It's time for the intelligence community to have its side of the debate over the National Security Agencys collection programs explained
The Job Of Protecting Security And Privacy ((McClatchy Newspapers) Many Americans probably don't know that there is a senior official whose job by law is to help ensure that civil liberties and privacy protections are built into intelligence programs. I am that official - the "Civil Liberties Protection Officer." I engage with the director of national intelligence and other intelligence officials to oversee and guide intelligence activities
The Snowden Revelations and Cybersecurity (Lawfare) One immediate consequence of Snowden's various revelations about massive USG surveillance - at home and especially abroad - was to put a chill on the loud U.S. campaign against Chinese cyber-snooping. (The hypocrisy in the U.S. position, and the fecklessness of mere complaints about the Chinese practice, was something that I and others have been pointing out for a while.) Yesterday David Sanger reported on another cybersecurity-related casualty: The NSA's ambitious plans to screen all Internet traffic in the United States for malicious cyber agents
Bitcoin laws are coming: US Senate launches virty currency probe (The Register) Who can regulate it and how? The heat is on for Bitcoin and other virtual currencies in the US, with lawmakers at the highest levels of government now actively investigating how to regulate the upstart digital monies
Think tank wants dedicated infosec minister, 'modern' data retention (The Register) Australian Strategic Policy Institute says government lacks infosec focus. The Australian Strategic Policy Institute (ASPI) has issued an "Agenda for Change" (PDF) that suggests data retention is a necessary centrepiece of Australia's future homeland security needs
Government urged to put up customised defence to combat cyber attacks (Computer News Middle East) Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake. This was what Trend Micro security experts said as they urged the Philippine government to draw up a defence plan against cyber attacks. "Look at what your neighbours are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software
DIRECTIVE 2013/40/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA (European Parliament) The objectives of this Directive are to approximate the criminal law of the Member States in the area of attacks against information systems by establishing minimum rules concerning the definition of criminal offences and the relevant sanctions and to improve cooperation between competent authorities, including the police and other specialised law enforcement services of the Member States, as well as the competent specialised Union agencies and bodies
Aggressive defence needed against cyber threats, expert says (Ottawa Citizen) Canada must aggressively deploy its spies and other intelligence capabilities against accelerating cyber threats to the country's vital digital infrastructure, says a leading expert. Angela Gendron, writing in the Canadian Foreign Policy Journal, delivers a meaty 11,000-word assessment of the risks and dangers that digital technologies have wrought for the country's critical infrastructure, from the machinery of government to public utilities, communications, transportation, energy and finance
Litigation, Investigation, and Law Enforcement
Users Have No Expectation of Privacy in Gmail Says Google (Infosecurity Magazine) In filing a motion to dismiss a class action that it illegally intercepts and reads emails, Google lawyers have invoked a ruling from a 1979 court case (Smith vs Maryland) that originally referred to telephony
NSA, DEA, IRS Lie About Fact That Americans Are Routinely Spied On By Our Government: Time For A Special Prosecutor (Forbes) It seems that every day brings a new revelation about the scope of the NSA's heretofore secret warrantless mass surveillance programs. And as we learn more, the picture becomes increasingly alarming. Last week we discovered that the NSA shares information with a division of the Drug Enforcement Agency called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies - in particular, the Internal Revenue Service, which, as you might imagine, is always looking for information on tax cheats
Fired flight attendant forced to give employer access to Facebook and bank accounts (Naked Security) A flight attendant was forced to allow her employer to examine her Facebook activity and bank account after she was fired over her activity while on sick leave
For a complete running list of events, please visit the Event Tracker.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.
Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.