The CyberWire Daily Briefing for 1.24.2013
As Red October finishes rolling up its command-and-control infrastructure, security engineers discuss the technical elements of attack attribution, why attribution is so difficult, and whether it's even worthwhile.
DDOS campaigns mounted through botnets will continue to give banks headaches, and here's another headache, not confined to banks: "Distributed Spam Distraction"—a heavy influx of spam messages—can serve as cover for online theft.
Oracles recent Java patches have included some third-party toolbars, industry observers note with disapproval. A phishing campaign is using bogus DocuSign messages to target enterprises through their employees.
Cyberwarzone discusses Blue Coat and Fin Fisher, and what they mean for online anonymity. Mega (Megaupload rebranded and repurposed as a storage service) scrambles to fix vulnerabilities.
FaceWash offers university students a way of cleaning up their social media history before they hit the job market. ReVuln is developing a hot-patching service for SCADA systems.
DARPA's "Plan X" sponsors research into targeted attack analysis. Google recently hired Ray Kurzweil, who in an interview says he'll focus on computers' natural language capabilities. Natural language is also of interest to password crackers: researchers at Carnegie Mellon and MIT introduce grammar-recognition into a cracking tool they've added to John the Ripper.
Dawson College's expulsion of Ahmed Al-Khabaz shows the cultural gap that persists between the academic and industrial worlds. Dawson expelled the student (who understood himself as a white hat hacker) for "unprofessional conduct," yet Al-Khabaz is now sought-after by companies who value his skills (and apparently agree he's a white hat).
Notes.
Today's issue includes events affecting Australia, Canada, China, Germany, Malaysia, New Zealand, Russia, Singapore, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Red October malware attacks highlight attribution problems (TechTarget) The Red October malware attacks announced by Kaspersky Labs on Jan. 14 came with their own built-in clues as to the source of the unusually complex botnet. Modules used in Red October appear to have been coded by Russian-speaking developers, whereas the exploits used to target Microsoft Word and Excel vulnerabilities are thought to have been created by Chinese hackers, according to analysis by Kaspersky Labs. However, such speculation highlights the difficulties in attack attribution -- and at least a few forensics experts believe the efforts to find "whodunit" may be wasted
Flood of spam email? It may be a screen for fraud (CSO) 'Distributed Spam Distraction' designed to cover the tracks of online thieves
'Botnets' Run Wild (Washington Post) These have not been easy days for cybersecurity experts at some of the nation's leading banks. A barrage of attacks on bank networks has intensified since September, clogging Web sites with traffic, slowing or crashing them. The banks have not lost data, but their online services have been interrupted.
Oracle, please stop sneakily foisting third-party toolbars on us with your Java updates (Naked Security) If you're installing a critical security update on your computer, caused by the software vendor's sloppy code quality, you probably wouldn't dream that your software vendor is trying to make some money out of the inconvenience
Employees targeted with fake DocuSign 'confidential message' (Help Net Security) An email purportedly sent by the DocuSign Electronic Signature Service on behalf of the administrative departments of a wide variety of organizations and businesses is hitting the inboxes of their employees
Blue Coat the program that is used by your government to filter your web (Cyberwarzone) Are you sure that you are Anonymous when you are using a VPN? Well, you could be if your country is not listed in the 61 countries that are using the Blue Coat software or Fin Fisher. Blue Coat got in the news when the Hacktivist cluster Telecomix released a 54GB censorship log that had been found on the Syrian domain
Mega responds to security concerns; promises some changes (CSO) Representatives of the Mega file-storage service acknowledged that some of the issues raised by security researchers are valid
What Are Zero-Day Exploits? (Fearless Web) There has been a lot discussion on the Internet recently about the Java 7 zero-day exploit, which has affected many computers worldwide. But what exactly is a zero-day exploit and how does it differ from other types of threats
Security Patches, Mitigations, and Software Updates
Kim Dotcom's coders hacking on Mega's cryptography even as we speak - true 'perpetual beta' style (Naked Security) Kim Dotcom's new file sharing storage venture, Mega, wants to shield itself from accusations of failing to take action against piracy. It does so by using cryptography to make sure it doesn't see, and indeed cannot tell, what you've uploaded
Cyber Trends
What Antivirus Shortcomings Mean For SMBs (Dark Reading) Accepting the risks that come with relying solely on AV not only puts data at risks, it could kill future earning potential. As criminals continue to hone their digital attacks against SMBs, smaller organizations will have to do more than put up token cybersecurity defenses if they want to protect their intellectual property, their customers and their cash flow, experts warn. And step one in giving up the security charades is admitting that there needs to be more to an annual security budget than a few dollars squirreled away for antivirus software renewals
Supply Chain Uncertainties Make Security Difficult (Dark Reading) Supply-chain security has become a growing concern for national governments and large enterprises, but the degree to which compromised technology is a threat remains uncertain, especially since backdoors are hard to detect and, once found, deniable. In November, the acting chief information officer of Los Alamos National Laboratory reported in a letter to the National Nuclear Security Administration that the lab's technicians had removed two network switches made by a subsidiary of network giant Huawei Technologies based in Hangzhou, China, according to a Reuters report published earlier this month. The letter came after the House Armed Service Committee requested information on supply-chain risks from the Department of Energy
Are China's economic ambitions the reason why cyber-attacks from China are rising? (Quartz) The quarterly "State of the Internet" report from consultancy Akamai Technologies (we've also reprised some of its other findings) confirms something about China that the US government has already flagged: The nation is a huge and growing source of cyber-attacks. As this table from Akamai's report shows, the share of the world's "attack traffic" originating from China more than doubled in the third quarter of last year over the previous three months
The cloud will impact the way security is consumed (Help Net Security) Increased adoption of cloud-based computing is expected to impact the way security is consumed as well as how key government agencies will prioritize security of public cloud infrastructures
Embrace BYOD or die (Help Net Security) Dell Quest Software announced the results of a global survey of IT executives to gauge the level of organizational maturity with existing BYOD strategies, along with realized and anticipated benefits
The arrival of the post-PC threat era (Help Net Security) With the release of its 2012 Annual Roundup and Mobile Security reports, Trend Micro documents how cybercriminals have moved beyond the PC, targeting Android, social media and even the Mac OS X with
Marketplace
U.S. Army Combines Key Acquisition Directorates (SIGNAL Magazine) Over the past month, the U.S. Army has consolidated two directorates in an effort to continue improving agile acquisition
Marine Corps looks to smart devices for warfighters (Fierce Government IT) Rather than, for example, build a new system to capture photographs of possible improvised explosive devices for analysis with dedicated hardware and software, "they can leverage a mobile device that will take that picture and send it back to the server, and all [the Marines on patrol] are focused on is the application," said Capt. Josh Dixon, project officer for technology transition within the Marine Corps Systems Command
California M&A Activity Reaches Highest Level Since 2009, With Tech Deals Leading The Way (TechCrunch) California saw about $91.1 billion worth of mergers and acquisitions last year, the strongest level seen since 2009, according to Mergermarket. The fourth quarter saw a 10.4 percent increase over the third quarter and about a 25 percent increase over the same time a year earlier. The fourth quarter alone was the best one for mergers and acquisitions since 2007. Naturally, the technology sector led
Linux pros saw a giant salary leap in 2012: Dice (IT World) IT professionals enjoyed their biggest salary jump in more than a decade last year, but for those using Linux, it was even better
General Dynamics posts $2.1 billion quarterly loss, citing challenges in technology group (Captial Business) Falls Church-based General Dynamics reported Wednesday that its fourth-quarter earnings plummeted to a loss of $2.1 billion, suggesting that some of the area's top local contractors may be hitting tougher times. General Dynamics attributed much of the dramatic fall to a $2 billion goodwill impairment charge the company took in connection with its information systems and technology group, which it said is being hurt by "slowed defense spending"
Symantec Announces New Strategy; Streamline and Simplify (Dark Reading) Will focus on 10 key areas that combine existing products and services. Symantec Corp. (Nasdaq: SYMC) today announced a new strategy that will streamline and simplify the company so it can deliver significantly improved performance for customers and partners
NDi completes merger with BitSec Global Forensics (IT News Online) Beginning immediately, BitSec will operate as a division of NDi, expanding NDi's cyber solutions to the commercial and government market. The merger brings
RIM's 7 days in January (Fierce Mobile IT) Research in Motion (NASDAQ: RIMM) kicked off its BlackBerry 10 launch with the unveiling of the BlackBerry Enterprise Service 10 on Wednesday. It will culminate in the long awaited launch of BlackBerry 10 operating system and handsets on Jan. 30
Cisco's Private Cloud: Pain And Profit (InformationWeek) Cisco's four-year effort to reduce costs and increase agility through a private cloud deployment pays off
GTRI Names 17-Year Tech, Consulting Vet Eric Toler CFO (Govconwire) Global Technology Resources Inc. has appointed Eric Toler, former chief financial officer at cloud computing firm T3Media, to serve as CFO at GTRI. GTRI said Toler will oversee financial operations, accounting, budgeting, banking, corporate governance and merger and acquisition activities. Glenn Smith, GTRI chief operating officer, said Toler brings experience in both business modeling and
TASC Names 15-Year SAIC Vet Amanda Brownfield Mission Analysis VP (Govconwire) TASC has appointed Amanda Brownfield, a 15-year veteran of Science Applications International Corp. (NYSE: SAI), to serve as vice president of TASC's mission analysis business unit. The company said Brownfield will lead and manage work for two intelligence customers and oversee program-protection services to other government customers. "Amanda's leadership, energy and customer focus have enabled
Capgemini Promotes Douglas Charles to Govt Solutions CEO (Govconwire) Capgemini has promoted Douglas Charles, a vice president for North American applications services, to serve as CEO for its U.S. government solutions division. The company said Charles, a five-year Science Applications International Corp. (NYSE: SAI) veteran, will be responsible for Capgemini's strategy and growth in U.S. public sector markets of areas of unemployment insurance, business
Products, Services, and Solutions
Nokia Confirms The PureView Was Officially The Last Symbian Phone (TechCrunch) Symbian is now officially dead, Nokia confirmed today. In the company's earnings announcement that came out a little while ago, Nokia confirmed that the 808 PureView, released last year, was the very last device that the company would make on the Symbian platform: "During our transition to Windows Phone through 2012, we continued to ship devices based on Symbian," the company wrote. "The Nokia 808
Amazon Gets Into Voice Recognition, Buys Ivona Software To Compete Against Apple's Siri (TechCrunch) Amazon today announced that it is acquiring Ivona Software, a specialist in voice technologies that competes with Nuance and is already used in the Kindle Fire. The terms of the deal were not disclosed. "IVONA's exceptional text-to-speech technology leads the industry in natural voice quality, accuracy and ease of use. IVONA is already instrumental in helping us deliver excellent accessibility
Microsoft won't release study that challenged success of Munich's Linux migration (IT World) Microsoft and Hewlett Packard won't share a study claiming that the German city of Munich had its numbers wrong when it calculated switching from Windows to Linux saved the city millions -- although an HP employee did provide the data to a German publication that reported on the results
'Actual Facebook Graph Searches' Tumblr highlights social network's bizarre new feature (IT Proportal) Facebook chief Mark Zuckerberg last week introduced Graph Search, the social network's "next big thing." But the feature comes with a few drawbacks for Facebook users, a collection of which one blogger has compiled in an amusing new Tumblr page. Tom Scott's Actual Facebook Graph Searches includes screenshots from the more bizarre and entertaining Facebook Graph search results, including a search for "mothers of Jews who like bacon" (fewer than 100 people found)
FaceWash web app promises to cleans up users' Facebook history (IT Proportal) Most Facebook users have embarrassing comments or status updates hidden in the depths of their social network profile - long forgotten but not gone. So why not tidy up a little with the new FaceWash web app? The service, which is geared primarily toward recent graduates, aims to delete your seedy Facebook history before you enter the professional world
Microsoft's Project Online takes PPM to the cloud (TechRepublic) While Project 2013 desktop application is coming out with a number of improvements for project managers and their teams, Microsoft hasnt forgotten the cloud. Project Online, Microsofts cloud-based Project Portfolio Management (PPM) solution, is rolling out with improvements and is a better fit into the new world of SharePoint 2013/Office 2013 than Microsoft Project. It comes with 25 user licenses, and your team can access project information from a range of browsers and mobile devices
Who's to blame for Windows 8 flop? PC makers, says Microsoft (Quartz) It appears that the finger-pointing over the slow start of Windows 8 has begun. PC makers ignored Microsoft's advice to make large numbers of high-end tablets that would show off Windows 8′s new interface and touch capabilities, which left Microsoft executives fuming, reports The Register
Securing SCADA systems still a piecemeal affair (CSO) Security company is working on a product that can allegedly mitigate entire classes of vulnerabilities in SCADA systems
Popularity of Chinese version of Twitter growing in China (Fierce Government IT) A Twitter-like platform in China has surpassed 400 million registered accounts, generating 150 million posts per day and serving as a "vigorous virtual public square" and "steam valve for discontent" for the world's most populous country, said David Wertime, co-founder and co-editor of Tea Leaf Nation, an English-language online magazine that synthesizes and analyzes Chinese social media
Technologies, Techniques, and Standards
10 Criteria for an Enterprise MDM Solution (eSecurity Planet) Companies don't lack choices when it comes to enterprise mobile device management (MDM) solutions. In fact, too many choices can make it tough to focus on criteria that matter. The mobile device management (MDM) space is quickly consolidating, with Citrix's recent acquisition of MDM vendor Zenprise the most recent example. Despite this consolidation, however, the functionality
Video: History of the JavaScript security arsenal (Help Net Security) In 2006 we had the first JavaScript port scanner. The same year we saw the incarnation of more advanced tools such as AttackAPI, Carnaval and Backframe. A year later we saw several decent attempts
Cloud Standards: Bottom Up, Not Top Down (InformationWeek) One relatively bright spot is security, thanks to the Cloud Security Alliance. CSA member organizations, including most large cloud providers, work together
Design and Innovation
How to know when the founder should give way to a professional CEO (Quartz) Twenty years ago, the classic startup model was to have young founders start a breakthrough company, then bring in "grey hair" in the form of experienced executives once it was time to scale the business. Key examples included Cisco, Yahoo, eBay, Google, and many smaller companies. In the last decade, however, that common wisdom has shifted, at least for consumer internet companies. The new received wisdom is that the best entrepreneurs can stay CEO through the entire growth cycle of the company. Think of Jeff Bezos, Larry Ellison, or the late Steve Jobs. My partners at Greylock and I have invested in a number of young founding CEOs who match this pattern and are doing a fantastic job leading their companies through hypergrowth, such as Brian Chesky of AirBnB and Drew Houston of Dropbox. The question is, why has this shift occurred
The Optimizer (Slate) How Google's Jeff Dean became the Chuck Norris of the Internet…Jeff Dean facts aren't, well, true. But the fact that someone went to the trouble to make up Chuck Norris-esque exploits about Dean is remarkable. That's because Jeff Dean is a software engineer, and software engineers are not like Chuck Norris. For one thing, they're not lone rangers—software development is an inherently collaborative enterprise. For another, they rarely shoot cowboys with an Uzi
Steve Jobs' Unfortunate Contribution to Product Development (Team Treehouse) We're all very well aware of Steve Jobs' contributions to technology and society. Without Steve, and Apple, we would all be using Motorola Razors or some other "cool" phone (ah, those were the days) or tablets would be just a failed Microsoft project. You know the story, iPods, iTunes, the whole thing. All of it is great – it spawned categories of devices, created competition, and now everyone's benefiting. And it's not just devices – Steve Jobs proved that the integration of hardware and software was possible and helped create an entirely new economy through app stores, which has created millions of new jobs
Research and Development
DARPA Seeking Help With Targeted Attack Analysis (Threatpost) DARPAThe networks of government agencies and the military are under constant attack from a variety of sources, and the U.S., like most other countries, relies on those networks to not just run daily operations, but to support missions around the world. In the face of those attacks, the Department of Defense's advanced research group, DARPA, is looking for new technologies that can collect and analyze massive amounts of network data and enable security teams to get quick reads on attacks happening across a broad, department-level network
Grammar badness makes cracking harder the long password (Ars Technica) Password crackers get an English lesson. When it comes to long phrases used to defeat recent advances in password cracking, bigger isn't necessarily better, particularly when they adhere to grammatical rules. A team of Ph.D. and grad students at Carnegie Mellon University and the Massachusetts Institute of Technology have developed an algorithm that targets passcodes with a minimum number of 16 characters and built it into the freely available John the Ripper cracking program
Q&A: Futurist Ray Kurzweil discusses his work at Google, reverse engineering the brain and more (Las Vegas Weekly) I know you were recently snatched up by Google. What are you working on at the moment? I'll be working on enabling computers to understand natural language. When you write a news article or a blog post you're not just creating a bag of words, you're creating semantic meaning
Academia
Update: Student's Expulsion Exposes Computer Science Culture Gap (Security Ledger) The expulsion of a 20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the real world of application development. In the wake of news stories that have drawn attention to the case, Dawsons faculty and administration have stood by their decision, saying that hacking of the type Ahmed Al-Khabaz was engaged in was an example of unprofessional conduct by a computer sciences engineer. This, even as private sector firms including the company whose software Al-Khabaz exposed have come forward with job offers and scholarships
Legislation, Policy, and Regulation
Waiting For REAL ID? Take a Seat, It'll Be a While (IEEE Spectrum) There's an interesting story in next month's National Defense magazine on the long gestation of the REAL ID Act. As you may remember, eight years ago the U.S. Congress passed the REAL ID Act of 2005. It would have forced states to start issuing tamper-proof driver licenses and identify cards by 11 May 2008. The reason for the act, a brainchild of Congressman Jim Sensenbrenner of Wisconsin, was to make it harder for terrorists and other criminals to be able to pass off fake IDs in the commission of their crimes. And a REAL ID card would be required to enter a federal building or board a commercial airline flight
Could Obama 2 Deliver Better Cybersecurity? (AC Democracy) In January 2009, Obama presented his first cyber security strategy plan. That plan, however, mirrored the Bush Administration's blueprint to better protect the nation's federal and commercial cyber security. That plan was followed each successive year with new strategies
Calls for a pan-Asia cyber crime centre (Acumin) Calls are being made for Asia to have a central cyber crime centre resembling that set up in Europe in order to help provide a more unified approach to the problem. Myla Pilao, director of core technology at Trend Micro's TrendLabs, has said that since crime committed online is without borders, such an agency in Asia-Pacific is necessary to share information and many of those in IT security jobs are bound to agree
Cyber security funding cautiously welcomed by industry (Computerworld Australia) Trend Micro Australia and New Zealand managing director Sanjay Mehta said the funding sent a "strong signal" that the Australian government viewed cyber
Leahy: electronic communications privacy a top priority for Senate Judiciary Committee (Fierce Government IT) Updating the Electronic Communications Privacy Act by requiring law enforcement to obtain a warrant before reading people's stored emails and other forms of electronic communication is among the Senate Judiciary's top technology priorities for the new 113th Congress, says committee Chairman Patrick Leahy (D-VT). He spoke Jan. 16 at the Georgetown University Law Center
Litigation, Investigation, and Law Enforcement
Why Facebook Data Tends to Condemn You in Court (Wired Threat Level) U.S. courts have a structural bias against "guilty" verdicts, but when it comes to Facebook data the situation is reversed: Social media activity is more readily used to convict you in a court of law than to defend you. That's because prosecutors generally have an easier time than defense attorneys getting private information out of Facebook and other social networks, as highlighted in an ongoing Portland murder case. In that case, the defense attorney has evidence of a Facebook conversation in which a key witness reportedly tells a friend he was pressured by police into falsely incriminating the defendant
Steve Jobs threatened Palm with patent suit if it objected to no-poaching pact (IT World) Former Apple CEO Steve Jobs threatened Palm with a patent lawsuit if it did not enter into an agreement in which the companies pledged not to hire employees from each other, unsealed court documents show
Google Complied With 88 Percent of U.S. User Data Requests (Threatpost) Google reportGoogle received more than 8,000 requests for user data from the U.S. government in the second half of 2012, and nearly all of them were the result of a subpoena or search warrant. The number of those requests that the company complied with by producing some or all of the data in question is still relatively high, at 88 percent, but declined slightly from the first half of last year
Google stands up for Gmail users, requires cops to get a warrant (Ars Technica) As e-mail privacy laws stall in Congress, Google pushes for stronger standard. Under current law, there's a fairly low standard for law enforcement to access your e-mail. The United States remains far ahead of all governments who request user information from Google according to the company's latest Transparency Report (July through December 2012) which was released on Wednesday
Sony fined 250,000 pounds after hackers gained access to millions of gamers' details (Naked Security) "There's no disguising that this is a business that should have known better," says ICO director. How many headlines do there have to be before companies take data security more seriously
Gozi malware arrests, report highlight Russian cybercrime (CSO) Feds charge Russian national over the Gozi Trojan that hit banks, new report shows 70% of exploit kits released or developed in Russia
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, Jan 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.
Data Privacy Day (Various locations, Jan 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy Day (DPD), is collaborating with many educational institutions, corporations, government and non-profit organizations across the world to make Data Privacy Day on January 28th a success. Data Privacy Day is an international day of awareness to educate everyone to respect privacy and safeguard personal information.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.