The CyberWire Daily Briefing for 9.16.2013
Minor hacktivist cyber vandalism affects South Asian sites from Turkey through Iran to Pakistan, India, and Bangladesh.
China's Huawei in high dudgeon (although probably with private cheer) accuses the US NSA of cyber espionage. Belgium's big telecom firm, Belgacom, finds and cleans malware on its internal systems amid speculation about a state-sponsored attack. NASA has recovered from last week's NSA-protesting cyber vandalism.
Der Spiegel alleges NSA monitoring of international credit card transactions; both Threatpost and InformationWeek reality test NSA-centric paranoia.
The Pushdo botnet makes inroads into Practical Malware Analysis. A new variant of ransomware appears, unusually objectionable because it first misdirects victims to illegal sites, and then takes their systems hostage.
Security researchers detail issues with Dropbox previews. Google appears to know an awful lot about people's Wi-Fi passwords.
IT security managers are struggling to (1) maintain their credibility while (2) grappling with an increasingly unmanageable threat intelligence load amid (3) a tight cyber labor market.
Cyber security firms are hot acquisition targets right now. The emergence of highly desirable niche capabilities strongly contributes to buyers' interest.
BYOD policies continue to lag the pull of rogue IT (with its attendant risk of insider compromise).
Recent IT problems on financial exchanges expose a problem: automated trading outstrips effective management.
Argentina and Brazil conclude a cyber defense agreement. Current and former US intelligence officials consider serious electronic surveillance policy overhaul. (DNI Clapper expresses nostalgia for the Soviet Union—you get that all the time from Volodya, but the DNI means it differently.)
Notes.
Today's issue includes events affecting Argentina, Bangladesh, Belgium, Brazil, Brunei, Cambodia, Canada, China, Finland, France, Germany, India, Indonesia, Israel, Laos, Japan, Malaysia, Myanmar, Netherlands, Pakistan, Philippines, Saudi Arabia, Singapore, South Africa, Thailand, Turkey, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Turk Hack Team Defaces 750 Websites for #OpNoWar (HackRead) Turkish hackers from Turk Hack Team going with the handle of Black-Spy and WhooLe have hacked and defaced total 750 random websites from all over the world under the banner of #OpNoWar. A member of team contacted me via email explained that purpose for targeting these sites was to deliver message of peace all around the world. The deface page on all hacked websites shows following message: General interest
Bangladeshi Hackers defaces 60 Indian websites, declare Cyber War against Border Security Forces (HackRead) A group of Bangladeshi hackers going with the handle of Bangladesh Black HAT Hackers (BBHH) have hacked and defaced 60 Indian websites, declaring cyber war against Indian Border Security Forces (BSF)'s allege brutality. Hacking contacted me via email in which the reason for starting a cyber war was explained as a form of press release. The release can was expressed in following words: We are Bangladesh
Facebook Account of Iran's Minister of Foreign Affairs Hacked (Softpedia) The official Facebook account of Mohammad Javad Zarif (facebook.com/jzarif), Iran's current minister of foreign affairs, has been hacked. Zarif has issued a statement explaining that someone has hacked into his Facebook account and changed the password
OpCambodiaFreedom: Anonymous Hackers Threaten Cambodian Government (Softpedia) Hacktivists of Anonymous Cambodia have issued a video statement threatening the Cambodian government. "Government of the once great Kingdom of Cambodia, It has come to our attention that despite our continued warnings you have decided to disregard our requests to assist the people of this country, and have persisted in running a one-way system which only shows to benefityourselves," the hackers said
Huawei accuses NSA of illegal practices after spying revelations (The Age) The US National Security Agency (NSA) appears to have been caught spying on Chinese technology company Huawei — and Huawei is furious about it. Earlier this week a host of new documents leaked by former NSA contractor Edward Snowden were revealed on Brazilian TV network Globo. The new files offer a significant amount of fresh details about surveillance programs operated by the NSA and its British counterpart, GCHQ. One of the documents, reportedly taken from an NSA training presentation dated May 2012, showed a number of surveillance targets. They included a Saudi bank, the French Ministry of Foreign Affairs, the financial cooperative SWIFT and Huawei
Ban Porn says 3xp1r3 Cyber Army by hacking 30 Pornography websites (HackRead) A Bangladeshi hacker going with the handle of ExpirED BraiN from 3xp1r3 Cyber Army has hacked and defaced 30 pornography websites, deleting entire database of all hacked sites
Belgacom takes actions related to IT security (Belgacom Group) This weekend, Belgacom successfully performed an operation in the light of its continuous action plan to protect the security of its customers and their data and to assure the continuity of its services. Previous security checks by Belgacom experts reveiled traces of a digital intrusion in the company's internal IT system. Belgacom has taken all appropriate actions to protect the integrity of its IT system and to further reinforce the prevention against possible incidents
Belgian Telecoms Company Belgacom Hacked, Spy Agencies Blamed (Softpedia) Belgacom, the largest telecommunications company in Belgium, has been hacked. The company's representatives said they found a piece of malware on a number of internal IT systems. According to a statement published by Belgacom, the unknown virus found on servers and workstations has been cleaned up. Authorities have been called in to investigate the incident
"Stop spy on us!" 14 NASA sites hacked (Naked Security) As of Friday afternoon, a notice on NASA's kepler.arc.nasa.gov website was reading "Down for Maintenance: The requested webpage is down for maintenance. Please try again later." The site is only one of what appear to be 14 hacked subdomains, hosted in the heart of Silicon Valley, that were defaced on Tuesday and stayed offline for some time
NSA Allegedly Spies On International Credit Card Transactions (TechCrunch) Germany's Der Spiegel newspaper - increasingly joining the NSA revelations train - reports today that the intelligence agency is interested in international credit card transactions and may have found a way to monitor payments processed by companies including Visa. Spiegel alleges it has even set up its own financial database to track money flows. The paper says that in 2011, the NSA possessed 180 million records via its "Follow the Money" branch dubbed 'Tracfin', according to information acquired by former NSA contractor and whistleblower Edward Snowden. The vast majority of information is from credit card transactions
Unanswered Questions on the NSA Leaks (Threatpost) The flood of documents regarding the NSA's collection methods and capabilities that have been leaked this summer has produced thousands of news stories and several metric tons of speculation about what it all means. But for all of the postulating, analysis and reporting, there are still a lot of questions left unanswered in all of this. Let's try to address some of them
The NSA And Your Cloud Data: Navigating The Noise (InformationWeek) Revelations about the reach of the National Security Agency have made waves, but don't get overwhelmed. In the past few months, we've seen more and more coverage of how existing laws have been used to gain access to cloud-based data without the data owner's knowledge or consent. What's different with the latest revelation, as highlighted in The New York Times recently, are reports of the National Security Agency actively trying to undermine encryption technology and standards, including those adopted by National Institute of Standards and Technology, such as the Dual EC DRBG standard
Pushdo botnet spams malware analysis site, researchers find (SC Magazine) Saboteurs behind the Pushdo botnet are sending spam to a website meant to educate users on malware, researchers have found. Blue Coat Systems researchers Chris Larsen and Jeff Doty co-authored a blog post on Wednesday, which detailed how the site, PracticalMalwareAnalysis.com, was being targeted with Pushdo-related spam
Aggressive ransomware scam redirects to child porn (Help Net Security) Getting denounced for viewing or owning child pornography is a huge deal in most Western world countries, so it's no wonder that ransomware peddlers are using that specific - and in this case true
How stalking has been made easier by the internet, mobiles and social networks (Graham Cluley) Most victims don't immediately think "I have a stalker". It starts off much more subtly. The victim may just think this person is acting a bit odd, then they find them annoying, being a nuisance; they don't take hints or respond to a direct request for them to leave the victim alone
Three Reasons Why Dropbox Previews Are Security & Privacy Nightmares (ThreatAgent) This is a follow up from my last post Who's That Peeking in My Dropbox. I also want to say that I love the Dropbox service and use it daily. This post is from a pure security perspective. So the short story is every time you upload Word Documents (.DOC) to Dropbox they open the files in LibreOffice. This was discovered by Daniel McCauley who used our HoneyDocs.com service and noticed the behavior. Daniel wrote a blog post that went viral
Google knows nearly every Wi–Fi password in the world (ComputerWorld) If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide
Email contains personal data on thousands of insurance agents (SC Magazine) Thousands of agents with state online health insurance exchange MNsure in Minnesota may have had personal data compromised when an employee inadvertently sent out an email attachment that contained the information
North East expert warns following cyber attack (Sky: Tyne and Wear) A North East expert has today warned that companies across the region are at major risk from cyber criminals in the wake of the computer attack on a branch of Santander. Steve Nelson (pictured), solutions architect at Newcastle-based Calibre Secured Networks Limited and an expert in ethical hacking and an offensive security professional, is urging companies to review their systems and procedures to ensure they are properly protected
Finnish hacker swipes thousands of usernames, passwords in massive cyber attack (Washington Post) Helsinki Police say they detained a hacker last weekend suspected of accessing thousands of usernames and passwords of visitors to more than
Security Patches, Mitigations, and Software Updates
Mac users: You have to patch too (ZDNet) OS X and Mac applications have security vulnerabilities too; some people still don't believe it, but it's true. Here are the latest ones and why you need to take them seriously. The release yesterday of OS X 10.8.5 caps a a fairly busy security update season for Mac users. Yes, you thought Windows users were getting all the grief? In fact, Mac users have a lot of work to do too to keep their systems safe. And it's not just updates from Apple you need. Along with 10.8.5, Apple released Security Update 2013-0004 for OS X 10.7 (Snow Leopard) and for 10.8 (Lion) and a separate security update for Safari for Mac on Lion (10.6), bringing it to version 5.1.10
Oracle finally adds whitelisting capabilities to Java (ComputerWorld) Java 7 Update 40 allows system administrators to define which specific Java applets should be trusted and executed
Cyber Trends
For Security Pros, Maintaining Credibility Means Walking A Fine Line (Dark Reading) In the old fable, the Boy Who Cried Wolf was capricious and stupid. He cried "wolf" the first two times because he wanted to see who would come. The third time, when the wolf actually appeared, he cried out and no one came. He became wolf chow
Italian information Security Association 2013 Report (CLUSIT) We are well-aware of the task we enrolled when writing the annual report on ICT security in Italy: a task of contents, precision, and information. A task we can fulfill thanks to the diligence of our Clusit members which represent, at the highest level, the various professionalities which build the complex supply chain of the information security world
Consumer ignorance drives big jump in medical ID fraud (CSO) Medical records contaminated by the perpetrator 'could actually have severe impact,' says study's sponsor, Medical Identity Fraud Alliance
Why Are Hackers Flooding Into Brazil? (Bloomberg) The answer, to channel notorious bank robber Willie Sutton: Because that's where the money is. In recent years, Brazil has become a major source of malware that steals online banking passwords, a development that may surprise you given the attention paid to attacks originating in Eastern Europe and Asia. To understand why Brazil is a magnet for hackers, it helps to consider the country's long history in electronic banking, according to a report by Trend Micro, a Tokyo-based security firm
IT pros lack support to manage security intelligence (Help Net Security) SolarWinds, in conjunction with SANS, today released the results of a security survey of more than 600 IT professionals representing a broad range of industries and organization sizes. The survey was conducted to identify the impact of security threats and the use of security analytics and intelligence to mitigate those threats
New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data (Forbes) My congratulations and condolences to the nation's CIOs for being responsible for data security. There's now more job security but now there's less information security too. Because, according to a new survey from uSamp , 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices
Cyber security: The new arms race for a new front line (Christian Science Monitor) The Pentagon — and a growing cyber industrial complex — gears up for the new front line: cyberspace. Cyber defense is necessary. But it could cost us
Most companies choose on-premise private cloud deployments (Help Net Security) 87 percent of IT professionals currently leveraging private cloud solutions indicate that their companies host clouds on-premises rather than with third-party providers, according to Metacloud
IT pros lack support to manage security intelligence (Help Net Security) SolarWinds, in conjunction with SANS, today released the results of a security survey of more than 600 IT professionals representing a broad range of industries and organization sizes
US Internet users less vigilant than ever about their online safety (Help Net Security) As the Internet has become a ubiquitous part of life, US consumers are less vigilant about protecting their safety online, says this year's Microsoft Computing Safety Index (MCSI) for the US
Cryptographers Have an Ethics Problem (MIT Technology Review) Mathematicians and computer scientists are involved in enabling wide intrusions on individual privacy. Last week, I visited the MIT computer science department looking for a very famous cryptographer. As I made my way through the warren of offices, I noticed a poster taped to the wall--the kind put up to inform or inspire students. It was the code of ethics of the Association for Computing Machinery, the world's largest professional association of computer scientists
Marketplace
Cyber Security Ablaze in M&A World (Fox Business News) Fueled by a rapidly intensifying cyber battleground, the deals market has turned red hot for boutique security firms. As enterprises better arm themselves, there has been a flurry of investment for specialized security firms both on and off Wall Street. "This industry is so large there are now all sorts of new specializations," said Tenable Network Security CEO Ron Gula, who has participated in the deals market
How a little–noticed factory fire disrupted the global electronics supply (Quartz) It was an industrial mishap barely noticed outside the arcane world of electronics supply chains. On Sept. 4, a fire engulfed a substantial portion of an SK Hynix production plant in Wuxi, China. The plant produced between a tenth and a sixth of the world's supply of dynamic random access memory (DRAM), a sort of memory chip used in all computing electronics from laptop computers to mobile phones. Hynix is the world's second-largest maker of the stuff, supplying everybody from Apple and Dell to Lenovo and Sony
Economy needs 300,000 digital workers by 2020 to reach full potential (ComputerWeekly) The digital sector will need nearly 300,000 new recruits by 2020 if the industry is to reach its full potential, according to a report published today (16 September 2013). The Technology and Skills in the Digital Industries report suggests the lack of digital skills in the UK is hampering economic growth
Merlin International Awarded DHS FirstSource II Contract (Marketwired) Merlin International, a leading Cyber Security and IT solutions provider to the U.S. Federal Government, today announced the company has been awarded a prime contract for the Department of Homeland Security's (DHS) FirstSource II contract. The Merlin award is part of a suite of multiple Indefinite Delivery/Indefinite Quantity (IDIQ) contracts for commercial items. Each FirstSource II contract will have a base ordering period of five years, with two one-year option periods (7 years total if all option periods are exercised)
The NSA Effect: Scandal Casts $35B Shadow Over U.S. Cloud Computing (Ad Age) Many execs in the digital media and marketing industries cringe at the notion that the National Security Administration surveillance scandal has any ties to their consumer data-collection practices. As that debate rages on, a bedrock of the consumer data explosion — cloud computing — could be at risk in the U.S
Meet Hacking Team, the company that helps the police hack you (The Verge) Hacking Team may not have any clients in the US yet, but it's not for lack of trying. In 2001, a pair of Italian programmers wrote a program called Ettercap, a "comprehensive suite for man-in-the-middle attacks" — in other words, a set of tools for eavesdropping, sniffing passwords, and remotely manipulating someone's computer. Ettercap was free, open source, and quickly became the weapon of choice for analysts testing the security of their networks as well as hackers who wanted to spy on people. One user called it "sort of the Swiss army knife" of this type of hacking
Email & Social Media 'In Bed': Zuly's Day (Wall Street Journal) Light Point Security co-founder Zuly Gonzalez says her typical "day in the life" starts and ends with email and social media in bed. In between, she and co-founder Beau Adkins are out-and-about, meeting and networking with potential customers. Oh, and walking the dog!
Why a Killer Twitter IPO Could End Up Killing Twitter (Wired) Brands want their ads on social networks, which is great news for Twitter. But if that demand means more ads in your stream, that's bad news for everyone else
BlackBerry buyers may break up company, claim sources (ITPro) Smartphone maker could be broken up by potential bidders, with its patent portfolio and services business attracting much investor interest
China's 3rd, 4th largest search engines merge in $448M deal (ZDNet) Chinese Internet giant Tencent's Soso will combine with Sohu's Sogou, as it looks to steal a bigger slice of the local search engine market dominated by Baidu, already under pressure from new player Qihoo
Products, Services, and Solutions
Adobe announces major update to cloud testing tool, emphasis on mobile (Fierce CMO) Adobe Systems has directed its attention toward digital optimization with a major update of its testing tool, which the company promises will "help CMOs maximize marketing budgets by optimizing across all of their digital properties, including websites, email, mobile sites, and mobile apps." The upgrade includes a touch-based mobile interface and a process that lets marketers more easily test digital promotions and personalize Web content for specific audiences
Box aims for NSA–resistant cloud security with customers holding the keys (Ars Technica) After eight years of existence, file sharing service Box has built a huge user base—claiming 180,000 businesses, including 97 percent of the Fortune 500—by offering cloud storage and collaboration tools with top-notch security and regulatory compliance
Will the iPhone 5S's fingerprint technology help enterprise security? (ComputerWeekly) A fingerprint sensor has been built into Apple's latest iPhones, but what will this mean for enterprise security? Apple's influence on the smartphone market is undeniable, and this technology addition may lead to a revolution in smartphone security as others adopt similar technologies. But what does fingerprint security mean for the enterprise
Fury as Facebook erases Social Fixer's page (with 340,000 fans) without explanation (Graham Cluley) Social Fixer, formerly known as Better Facebook, is a tool that over half a million Facebook members use to enhance the look, feel and functionality of the world's most popular social network
SolarWinds Server & Application Monitor 6.0 released (Help Net Security) SolarWinds released SolarWinds Server & Application Monitor (SAM) 6.0, designed to deliver agentless performance and availability monitoring, alerting and reporting for over 150 applications and serve
Algorithm Protection Software prevents reverse engineering (Thomasnet) CodeSEAL™ provides software protection mechanisms that can be inserted into desktop and embedded software applications using code insertion engine. Through drag-and-drop interface, users can augment insecure applications with configurable protection mechanisms that fortify deployed applications against software reverse engineering vulnerabilities, debugging, tampering, and code-lifting attacks. Mechanisms detect and react to dynamic attacks, and issue/error system provides immediate feedback
USB Condoms (int3) Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?". We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking"
Apple Hackers Rate iPhone 5s Security (InformationWeek) Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off
How to safeguard your smartphone (Sydney Morning Herald) Bitdefender and F-Secure are good options for people who use the Google Chrome browser on their mobile device. Beware of fake security apps that appear to
Tenable release Passive Vulnerability Scanner 4.0 (Help Net Security) Tenable Network Security's Passive Vulnerability Scanner (PVS) 4.0 is now generally available as a standalone product. Already available as part of Tenable's SecurityCenter continuous monitoring
Technologies, Techniques, and Standards
How To Cushion The Impact Of A Data Breach (Dark Reading) For five years now, a Ponemon Institute annual report has tried to put a number on the cost of data breaches. It creates benchmarks for direct costs such as regulatory fines and the cost of notifying customers, alongside estimates of indirect costs such as customer churn and lost business. In 2013, Ponemon pegged the cost of a data breach at $136 per lost record on average across the globe. Ponemon estimated the cost in the U.S. at $188 per record, and $277 per record when the breach came at the hands of malicious and criminal attacks such as outside hacking or insider theft
Ten Things To Consider When Developing An Enterprise BYOD Security Policy (Dark Reading) Is there a safe way to let employees access corporate data from their own mobile devices? Here are some things to think about. BYOD, or bring-your-own-device, is a trend that is not going away. In InformationWeek's 2013 State of Mobile Security report, based on a survey of 424 business technology professionals, 68% of respondents said their mobility policy allows employees to use personal mobile for work, with 20% saying they are developing such a policy
Eyeing Next-Generation Biometrics (SIGNAL Magazine) The FBI is on schedule to finish implementing next-generation biometric capabilities, including palm, iris and face recognition, in the summer of next year. New technology processes data more rapidly, provides more accurate information and improves criminal identification and crime-solving abilities
Five More Hacker Tools Every CISO Should Understand (The State of Security) As we mentioned in the first article, Top Five Hacker Tools Every CISO Should Understand, the role of the CISO continues to evolve within organizations towards that of an executive level position. Nonetheless, CISOs need to keep on top of the best tools and technologies available that can benefit their organization's security posture
How to Keep NSA From Getting Between You and Your Googling (Nextgov) One of the documents leaked by Edward Snowden indicates that the NSA uses "man in the middle" attacks to hijack your interactions with Google servers. Here's how such attacks work, and how to protect your browsing. Tech website Techdirt appears to have been the first to notice the reference to the attack, which appeared on a slide which aired during a Brazilian newscast. A section of that slide is below
How to Stop the In–House Data Thief (Wall Street Journal) Technology can help counter the growing threat of information theft by company insiders. Edward Snowden has triggered a blizzard of media coverage with his revelations of classified intelligence information he stole while working as a U.S. National Security Agency contractor. That should serve as a warning to corporate executives: It could happen to you. The highly networked computer technology that has made companies more efficient has also left them more vulnerable to threats from insiders intent on stealing information or sabotaging a company's operations. And those vulnerabilities are regularly exploited
The Geeks on the Front Lines (Rolling Stone) Inside a darkened conference room in the Miami Beach Holiday Inn, America's most badass hackers are going to war - working their laptops between swigs of Bawls energy drink as Bassnectar booms in the background. A black guy with a soul patch crashes a power grid in North Korea. A stocky jock beside him storms a database of stolen credit cards in Russia. And a gangly geek in a black T-shirt busts into the Chinese Ministry of Information, represented by a glowing red star on his laptop screen. "Is the data secured?" his buddy asks him. "No," he replies with a grin. They're in
Cyber Risk Management for Lawyers (LegalTalkNetwork) Lawyers hold some of their clients' most private communications, which makes them a top target of all hackers. As technology competence becomes the required norm, lawyers need to understand not only how to protect their clients' information but how to react if a cyber attack does happen. On this episode of Digital Detectives, Sharon D. Nelson, Esq. and John W. Simek invite Steven Chabinsky to discuss cyber-risk management for lawyers
Net Optics' CEO on leveraging network security to stymie cyber 'hit teams' (FierceCIO: TechWatch) …We spoke with Bob Shaw, President and CEO of Net Optics Inc, about the role of security-centric software defined networking in defending the network, and about what steps enterprises can take to deter or frustrate hackers. Net Optics is a leading provider of network solutions that delivers real-time network monitoring and security--within physical, virtual and private cloud environments
Secure Domain Name System (DNS) Deployment Guide (NIST) The Internet is the world's largest computing network, with hundreds of million of users. From the perspective of a user, each node or resource on this network is identified by a unique name--the domain name--such as www.nist.gov. However, from the perspective of network equipment that routes communications across the Internet, the unique identifier for a resource is an Internet Protocol (IP) address, such as 172.30.128.27. To access Internet resources by user-friendly domain names rather than IP addresses, users need a system that translates domain names to IP addresses and back. This translation is the primary task of an engine called the Domain Name System (DNS)
Apple Touch ID Fingerprint Scanner Unlocks Biometrics Debate (Dark Reading) Apple's new fingerprint scanner may help biometrics gain popularity, but challenges mean passwords aren't going anywhere any time soon. Giving the finger - so to speak - to Apple's Touch ID feature may unlock the iPhone 5s and allow users to authorize purchases on iTunes, but whether the fingerprint scanning technology will push biometrics deep into the mainstream remains to be seen. "Fingerprint readers, or biometrics, will not replace passwords in the near future for two reasons," says Gene Meltser, technical director of security services firm Neohapsis
Understanding insider threats (FCW) What: A Preliminary Examination of Insider Threat Programs in the U.S. Private Sector, from the Intelligence and National Security Alliance. Why: The intelligence community has been exploring ways to reduce access to sensitive information, even since before Edward Snowden dished on the National Security Agency's secret surveillance and cryptography programs to reporters. A presidential memorandum from November 2012 tasked government agencies with implementing minimum standards for threat detection, including audits of user activity on government networks, background checks and other personnel security evaluations for government employees and contractors, as well as having threat monitors trained in counterintelligence and security
Design and Innovation
In Silicon Valley start–up world, pedigree counts (Reuters) The notion that anyone with smarts, drive and a great idea can start a company is a central tenet of Silicon Valley's ethos. Yet on close inspection, the evidence suggests that scrappy unknowns striking rich are the exceptions, not the rule
How Adobe's Chief Security Officer Made Security a Product Priority (eWeek) There was a time when Adobe Systems' products, particularly its Flash and PDF Reader applications were constantly attacked and exploited with a seemingly endless stream of zero-day flaws. Those days are now mostly in the past, as Adobe has made security an embedded part of its development process and rebuilt Flash and Reader to be more resilient and secure. Leading the charge for Adobe's product security efforts is Chief Security Officer Brad Arkin. In a video interview with eWEEK, Arkin explains how he transformed his organization from being in constant damage-control mode, to now being on a more sane and stable, security footing
Research and Development
25–GPU cluster cracks every standard Windows password in less than six hours (WBITT) A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours
Cryptography breakthrough could make cloud more secure (CloudPro) Idea once considered "Alice in Wonderland" stuff now a reality, thanks to efforts of university research teams. Scientists in Bristol and Denmark have made a cryptography breakthrough that may boost the security of cloud computing environments. Multi-party computation (MPC) is a subset of cryptography that enables two or more people to compute any function choosing secret inputs, without actually revealing the contents of those inputs to either party
Trading bots create extreme events faster than humans can react (Ars Technica) Our algorithms now show collective behavior that we do not control. High–frequency trading is the practice where automated systems search for minor differences in price of stocks that can be exploited for small financial gains. Executed often enough and with a high enough investment, they can lead to serious profits for the investment firms that have the wherewithal to run these systems. The systems trade with minimal human supervision, however, and have been blamed for a number of unusually violent swings that have taken place in the stock market
Academia
Academics decry Hopkins' removal of professor's blog post (Baltimore Sun) In recent weeks, Green thought his contributions to the growing public discourse surrounding the National Security Agency, including the recent revelations that
Is Trademark Infringement The Real Key To National Security? The NSA Thinks So — Johns Hopkins Agrees (Or Maybe Not So Much) (Forbes) It looked this week as if Johns Hopkins University was intent upon offering a course that could be entitled "How to Create a Media Crisis Without Really Trying." The University took the unprecedented step of asking a professor to remove a blog post citing both national security and trademark concerns. The topic, not unexpectedly, was the NSA. The story has taken several twists throughout the week, each adding a more ominous feel, rather than clarifying matters. The incident began when Matthew Green, a cryptography expert and research professor at Johns Hopkins, laid out his opinions on the most recent NSA revelations. The news revolved around circumventing encryption. A natural and valuable addition to a crucial public discussion point, or so you would you think
Legislation, Policy, and Regulation
Pakistani Activists Smell A Mole In Government's Proposed YouTube Filtering Plan (TechCrunch) After ignoring repeated requests to appear in a court case challenging the Pakistan government's year-long YouTube blackout, the country's elusive IT minister is expected to appear at a hearing later this month to outline plans to drop the blanket ban — and instead selectively restrict "blasphemous" and "offensive" material on the video-sharing site. However, activists have decried the move as a
Argentina, Brazil agree on cyber–defense alliance against US espionage (Russia Today) Defense ministers of Brazil and Argentina have pledged to cooperate closely to improve cyber defense capabilities following revelations of the scale of US spying on Latin American countries. "We need to reflect on how we cooperate to face these new forms of attack," Brazil's defense minister, Celso Amorim, said at a conference in Buenos Aires
Dutch govt response to revelations by Edward Snowden (Cyberwar Blog) The government is closely following the response of the United States to the revelations by Mr. Snowden. The government is committed, as previously stated, to highly meticulous and adequate protection of personal data. Hence, where national security and privacy protection meet, maximum transparency about procedures, powers, safeguards and oversight measures is a necessity. The government considers it encouraging that US Congress Members are specifically debating about those topics, and are submitting proposals for changing legislation, and that President Obama also declared, in his press conference of August 9th, that he is seeking more transparency and oversight. It is also gratifying that the US government has already acted by providing more insight into the powers and by publishing a legal substantiation for a few programs. The Netherlands is in conversation with the US about this
What do we know about Canada's eavesdropping agency? (CBC News) Revelations about the extent of surveillance by the National Security Agency (NSA) in the U.S. have sparked interest in the activities of Canada's own, highly secretive agency
£27bn UK cyber crime wave prompts AGCS cyber policies (Post Online) The European Union is expected to introduce new legislation over the next two years to significantly increase the costs of losing data in a cyber attack, he added
Japan, ASEAN to fight cyber–attacks (Japan News) Japan and the 10 member countries of the Association of Southeast Asian Nations agreed Friday to collaborate further on research to predict cyber-attacks. They also agreed on Friday that Japan will provide the ASEAN countries with warnings about computer viruses
IDF Hackers Test Israeli Preparedness for Cyberattacks (Al Monitor) "An army hacker does not sit all by himself with a pizza and a Coke," says Lt. Col. M. and Capt. A., two senior officers serving in the Israeli Defense Forces (IDF) cybersecurity lineup. "We must work together, and we have to practice brainstorming and to allocate tasks. Ultimately, we are running against the clock. These are the qualities we are looking for in our soldiers — teamwork and the ability to think outside the box"
Intelligence Officials Admit That Edward Snowden's NSA Leaks Call For Reforms (Forbes) The intelligence community's reaction to National Security Agency contractor Edward Snowden's leaks has moved through the typical stages of denial, anger, and depression. Now it seems to be coming to acceptance. Over the past week, two high-level intelligence officials have now acknowledged that the still-widening scandal around Snowden's disclosures of classified information have actually led to a worthwhile public debate and warrant legal reforms. In an opinion released Friday by the Foreign Intelligence Surveillance Court (FISC) that oversees the NSA, Judge Dennis Saylor wrote that the Court should in fact make more of its rulings public in response to the public's demand for greater transparency around foreign and domestic surveillance following the Snowden leaks
NSA cryptanalyst: We, too, are Americans (ZDNet) ZDNet Exclusive: An NSA mathematician shares his from–the–trenches view of the agency's surveillance activities. Many voices — from those in the White House to others at my local coffee shop — have weighed in on NSA's surveillance programs, which have recently been disclosed by the media. As someone deep in the trenches of NSA, where I work on a daily basis with data acquired from these programs, I, too, feel compelled to raise my voice. Do I, as an American, have any concerns about whether the NSA is illegally or surreptitiously targeting or tracking the communications of other Americans? The answer is emphatically, "No." NSA produces foreign intelligence for the benefit and defense of our nation. Analysts are not free to wander through all of NSA's collected data willy–nilly
Review, Release, Repeat (Washington Post) Nothing has demonstrated a J. Edgar Hoover-style conspiracy to abuse the extraordinary amount of information the NSA can access. But the revelations have underscored the importance of imposing more meaningful checks on the agency's activities
What Keeps James Clapper Up at Night? (National Journal) Today's current-events whirlwind, the director of national intelligence says, "kind of makes you miss the Soviet Union." As someone who is charged with overseeing the 17-agency U.S. intelligence community, which includes the CIA, NSA, and FBI, James Clapper often gets asked, "What keeps you up at night?" His answer? "What I don't know," Clapper told the Intelligence and National Security Alliance summit Thursday. "Things you know, even if you don't have all the information, you can work with them, you can get more information"
Former NSA Director Pans Recommended Changes To Surveillance Court As 'Cosmetic' (Think Progress) Former National Security Agency Director Gen. Michael Hayden on Sunday dismissed recommended changes to the Foreign Intelligence Surveillance Court as "cosmetic," including the idea of adding an adversarial system into the court's workings. One potential solution to what has been seen as the court's "rubber-stamping" administration requests for warrants to target persons with the U.S. for eavesdropping includes adding an adversarial process to the court, one in which judges will have to hear opposing views on why a warrant should or shouldn't be granted. Hayden, however, doesn't see much value in such a change. "There are some things that people are calling for that I think will make people feel better, but they're largely cosmetic," he said. "They want an advocate at the [Foreign Intelligence Surveillance Act] court? Okay, but I don't know if that changes anything"
Former NSA and CIA director says terrorists love using Gmail (Washington Post) Former NSA and CIA director Michael Hayden stood on the pulpit of a church across from the White House on Sunday and declared Gmail the preferred online service of terrorists. As part of an adult education forum at St. John's Episcopal Church, Hayden gave a wide ranging speech on "the tension between security and liberty." During the speech, he specifically defended Section 702 of the Foreign Surveillance Intelligence Act (FISA), which provides the legal basis for the PRISM program. In doing so, Hayden claimed "Gmail is the preferred Internet service provider of terrorists worldwide," presumably meaning online service rather than the actual provider of Internet service. He added: "I don't think you're going to see that in a Google commercial, but it's free, it's ubiquitous, so of course it is"
Reforming the NSA (Schneier on Security) Leaks from the whistleblower Edward Snowden have catapulted the NSA into newspaper headlines and demonstrated that it has become one of the most powerful government agencies in the country. From the secret court rulings that allow it collect data on all Americans to its systematic subversion of the entire Internet as a surveillance platform, the NSA has amassed an enormous amount of power
Don't blame the corporations for the surveillance state (ZDNet) If the law of the land requires Microsoft or Google or Facebook to surrender data about their customers then that's what they have to do. They're victims of the situation. They're spying on us! But who are "they"? Usually it's not the FBI or the NSA directly monitoring our communications, but the private corporations with which we intend to do business. Read the privacy policy — whatever else it says about protecting your data, it also says that they will respond to proper legal requests from law enforcement and other government authority
NSA has long role as top US locksmith, lock–picker (Worcester Telegram and Gazette) Years ago, back when computer users were dialing up the Internet, civilian government scientists already were expressing concerns about the National Security Agency's role in developing global communication standards, according to documents reviewed by The Associated Press. The records mirror new disclosures, based on classified files 24 years later, that the NSA sought to deliberately weaken Internet encryption in its effort to gather and analyze digital intelligence
US snooping scandal risks stunting internet's growth (Bangkok Post) The US is at a key crossroads, trying to regain the trust of its citizens and friendly nations around the world even while it continues to lie and dissimulate in defence of National Security Agency (NSA)
Google's Eric Schmidt says government spying is 'the nature of our society' (The Guardian) Tech giant's executive chairman calls for greater transparency but declines to 'pass judgment' on spying operations. Eric Schmidt, the executive chairman of Google, reiterated the tech industry's call for greater transparency from the US government over surveillance on Friday, but declined to "pass judgment" on American spying operations
Four Principles for a Libertarian National Security State (Daily Beast) You know what libertarians are against: unnecessary foreign wars, the growing surveillance state. But what sort of national security state do libertarians support? Nick Gillespie lays out four principles, and Rand Paul's 2016 team should be taking notes
DHS Uses Social Media To Enhance Information Sharing and Mission Operations, But Additional Oversight and Guidance Are Needed (OIG, Department of Homeland Security) We audited the Department of Homeland Security's (DHS) efforts to implement Web 2.0 technology, also known as social media. The objective of our audit was to determine the effectiveness of DHS' and its components' use of Web 2.0 technologies to facilitate information sharing and enhance mission operations
Litigation, Investigation, and Law Enforcement
Two Men Arrested in India for Stealing Source Code from Tech Firm (Softpedia) A couple of men from India were arrested for stealing and selling source code from MIC Electronics limited, a Hyderabad-based tech company that specializes in the design, development and manufacturing of LED video displays and high-end electronics and telecoms equipment
Millions in Germany have data compromised in Vodafone hack (SC Magazine) Authorities have identified an attacker suspected of carrying out a sophisticated hack against Vodafone Germany. The individual was able to obtain information – including names, addresses, dates of birth, genders and banking details – on roughly two million of the mobile phone company's customers, a company spokesperson said, adding there was no access to credit card information, passwords, PIN numbers or mobile phone numbers
Joburg hacking case: why you may get angry (My Broadband) The City of Joburg may be wasting valuable state resources to try to cover up its own incompetence, online commentators say
The Beijing cop behind China's online crackdown wields a "heavy fist" (Quartz) Fu Zhenghua, China's recently-named vice minister of public security, once promised to apply a "heavy fist" to police corruption as the head of the Beijing Police. But in recent weeks, he has taken aim at a softer target: a string of well-known internet commentators and personalities, part of a nation-wide push to control information and rumor-spreading on the internet. Since Fu, a career policeman, got the new public security ministry post, China has detained or arrested several high-profile individuals with big followings on the internet, known as "Big V's" for their "verified" status on Sina Weibo, the Twitter-like microblogging platform
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack (Wired) It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control
Court: UK govt can eye items taken in Snowden case (Times Herald) A British court ruled Thursday that if national security issues are at stake, the U.K. government may look through items seized from the partner of a journalist who has written stories about documents leaked by former National Security Agency contractor Edward Snowden
Spy court rulings unveiled in a 'rebuke' for surveillance (MSNBC) The secret court that oversees the National Security Agency surveillance programs ruled on Friday that court opinions regarding the agency's use of the Patriot Act must be released. The ruling is potentially a major victory for the ACLU, which had sued for the release of the opinions
Government must declassify court opinions on phone surveillance after ACLU legal victory (The Verge) The US FISA Court has ordered the government to declassify some aspects of its phone and internet surveillance program, the most recent of several disclosures in the past month. In the wake of leaks over the summer, the ACLU and many others have filed suit against the US government, looking for everything from more transparency to a way to take down a powerful surveillance program. The latter goal is still far from fruition, but the ACLU and Yahoo have both made progress in the former with a pair of recent court decisions
Cyber Crime Growing Priority for FBI (Memphis Daily News) Glankler Brown PLLC attorneys on Wednesday, Sept. 11, welcomed FBI Supervisory Special Agent Scott E. Augenbaum as the guest speaker for a cyber crime seminar for staff and clients at its East Memphis office. Augenbaum hopes to spread the word about cyber crime by demonstrating how anyone that has a computer or mobile device, who banks online or has a database that holds sensitive financial information is at risk
Markey expands probe into police access to cellphone data (The Hill) Sen. Ed Markey (D-Mass.) is expanding his investigation into how often police acquire personal data from cellphone carriers. Last year, as a member of the House, Markey sent letters to the major cellphone carriers to gather statistics about police access to cellphone data. He discovered that in 2011, police made 1.3 million requests for information, such as text messages, location data, call logs and "cell tower dumps," in which the wireless carriers provide police with all of the phone numbers that connected to a particular cell tower in a period of time
When it mattered most, invasive surveillance programs didn't work, say reporters (CNN) Thursday marks a dubious anniversary — September 12, the day the United States woke up to a different world, one where the Patriot Act, digital surveillance, and secret data collection programs routinely bend individual liberties in the name of national security
How the cops watch your tweets in real-time (Ars Technica) Products like BlueJay search all your tweets, then present results to cops
Anonymous hacker @ItsKahuna sentenced to 3 years for hacking police sites (Naked Security) John Anthony Borell III, aka "@ItsKahuna", admitted to attacking a slew of police sites in an operation that included exposing the personal details of thousands
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
GovConnects Business Breakfast: Surviving Sequestration (Elkridge, Maryland, USA, Sep 17, 2013) This Business Breakfast will feature presentations by seasoned professionals in the field of government contracting as they share best practices for dealing with current challenges of doing business in the time of sequestration, and answer CEOs' questions from legal and accounting perspectives. [Editors' note: this event is expected to be devoted essentially entirely to cyber contracting.]
Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, Sep 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National Cybersecurity Education Interstate Highway".
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Strange Loop (, Jan 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and where we're not. Topics include emerging languages, concurrent and distributed systems, new database technologies, front-end web, and mobile.
ISSA Cyber Security Forum at Ft Belvoir (Fort Belvoir, Virginia, USA, Sep 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber security and information technology products/services available today. This is an excellent opportunity for exhibitors to network with key decision makers, cyber, technology, communications and contracting personnel from various commands and tenant units at Fort Belvoir.
CISO Executive Summit (Atlanta, Georgia, USA, Sep 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind of change that is sweeping through the IS community motivating today's information guardians to develop a new way of thinking to ensure success in protecting their respective organizations. (At Hacker Halted USA.)
CCBC Leadership Seminar Luncheon: Cyber Awareness: What Employers Need To Know (Owings Mills, Maryland, USA, Sep 20, 2013) , no later than September 13, 2013.
cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, Sep 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With modern technology and tools, it's now possible for junior security analysts to gather detailed malware indicators to craft defense and alert signatures. More enticing, all of this can be done with free tools and applications, some written by this presenter.
2013 Cyber Security Summit (New York, New York, USA, Sep 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be held September 25th at the Hilton in New York City, will showcase the latest tools and resources available to defend against cyber crime on both corporate and government levels. Keynote addresses and interactive panel discussions lead by notable security experts will highlight strategic priorities, risk factors, threats and provide inspirational guidance to prepare and protect from attacks.
4th Annual Cybersecurity Summit (Washington, DC, USA, Sep 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote at the 4th Annual Cybersecurity Summit on September 25, 2013 at the National Press Club in Washington, D.C.Michael Daniel, White House Cybersecurity Advisor, and Gen. Keith Alexander, Commander U.S. Cyber Command, and Director, NSA, are confirmed to keynote. Cybersecurity topics to be addressed include: the White House Cybersecurity Executive Order, the Cybersecurity Framework and New Emerging Standards for Critical Infrastructure, information sharing, mobile security and BYOD, legislative developments in cybersecurity, big data and cloud cybersecurity, continuous monitoring, cyber situational awareness, and the JIE rollout active defense and cyber warfare. Organized by Billington CyberSecurity™.
The Monktoberfest (Portland, Maine, USA, Oct 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.
Suits and Spooks NYC 2013 (New York, New York, Oct 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state aggressors in cyberspace. About twenty speakers will present briefings over two days on hackers, citizen militias, and other non-state entities operating in the Middle East, China, Russia, Pakistan, India, Iran, Africa, South America, the United States (yes - we have non-gov threat actors domestically), and other parts of the world. One of our panel moderators will be Joel Brenner (former National Counterintelligence Executive at the Office of the Director of National Intelligence and former Senior Counsel at the NSA).
Forensics and Incident Response Summit EU (Prague, Czech Republic, Oct 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to make the most of this event from attending the Summit to registering for one or more of the post-summit training classes taught by SANS' top-rated instructors and course authors. Additional events such as DFIR Netwars, evening talks and the SANS Community Night will be taking place during that week too. This event promises to bring together the leading minds in digital forensics and incident response in the EU, as well as many other practitioners from a wide cross section of industries and company sizes. You will be able to share with all of them your challenges and find out new solutions that work, techniques and approaches you didn't even know existed.
CyberMaryland 2013 (Baltimore, Maryland, USA, Oct 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for networking and idea sharing amongst the many cyber leaders and professionals across the country, including: federal, state and local government agencies, academic institutions, cybersecurity entrepreneurs, and industry leaders of research and development. CyberMaryland 2013 will address the biggest challenges facing America, including future innovation to meet the security challenges facing our country; collaboration across industry, government and educational institutions; and the development of a generation of cyber-warriors. Surrounding all of these issues is a constantly evolving business framework to provide efficient and effective solutions in a time frame that anticipates and mitigates current and future threats.
2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, Oct 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school, college, and professional. Orientation sessions for teams in each of three divisions -- high school, collegiate and industry and government professionals -- will be held at UMBC in July and August. Two qualifying rounds will be conducted online using SAIC's Cyber Network Exercise System.
AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, Oct 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo some of the latest cyber security and information technology products/services available today..
International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, Oct 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through cyber-enabled data mining and knowledge discovery, distributed and parallel computing, cyber security, cloud computing, pervasive computing, mobile computing, Internet, wireless networks, cognitive systems, cyber information process, information discovery, e-health via cyber network, e-science, web technology, and network performance and tools. The research and development in these areas have received extensive attention in both the academia and industry to provide ubiquitous services for users. Various hardware and software designs, algorithms, protocols, simulations, and test-bed, and implementations are developed for distributed computing in an interconnected and distributed network environment. The purpose of CyberC is to provide a forum for presentation and discussion of innovative ideas, research results, applications and experience from around the world as well as highlight activities in the related areas.
VizSec 2013 (Atlanta, Georgia, USA, Oct 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.
Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, Oct 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.
USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, Oct 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit topics will focus on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security..
SNW Fall 2013 (Long Beach, California, USA, Oct 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.
Hexis Exchange (Athens, Greece, Oct 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.
Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, Oct 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.
Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, Oct 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.
13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.
Cloud Connect (Chicago, Illinois, USA, Oct 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.
cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, Oct 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.
Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, Oct 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.
Joint Federal Cyber Summit 2013 (Washington, DC, USA, Oct 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.
2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.
SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..
NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.