The CyberWire Daily Briefing for 1.29.2013
Java's recent patches have been breached: new security settings are readily bypassed. Oracle resolves to "fix Java," but observers doubt this remains possible.
Distributed denial-of-service attacks continue, and their victims find traditional criminals behind them about as often as hacktivists.
Sophos finds a variant of the Citadel kit infecting point-of-sale devices and banks. Symantec identifies a new Trojan—"Spachanel"—that exploits the Sender Policy Framework (SPF) to cloak communication with command-and-control servers.
Networked devices are again found open to exploitation: printers and security cameras (and by extension other networked cameras) offer ways into enterprise infrastructure. Exploited cameras also enable serious privacy breaches.
Apple updates iOS, addressing twenty-seven vulnerabilities and the TURKTRUST revocation. WordPress 3.5.1 closes thirty-seven bugs in previous versions of the product.
Mid-sized businesses are said to fall into a "security no-man's land," big enough to attract attacks but too small to afford effective security. Lost paper and portable storage devices account for most data breaches. CIO's breathless "All-Out Cyber War" headline opens a useful summary of cyber conflict between the US and Iran. (In a related story, the FBI has reopened its investigation into Stuxnet leakers.)
The US Department of Defense intends, budget and labor market permitting, a great expansion of its cyber forces. VMWare reorganizes to shed 900 jobs. AV-Test releases test results for nine security products.
China makes a rare acknowledgement of the People's Liberation Army's cyber capabilities. Tim Berners-Lee thinks government monitoring of citizens' online activities will backfire by creating a large, soft, espionage target.
Notes.
Today's issue includes events affecting Antigua and Barbuda, Australia, Canada, China, Czech Republic, European Union, Germany, Iran, Israel, Netherlands, Philippines, Saudi Arabia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
New bug makes moot Java's latest anti-exploit defenses, claims researcher (IT World) Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday
Oracle: 'We Have to Fix Java' (eSecurity Planet) After a series of missteps, Oracle aims to improve Java security -- but is it too little, too late? Over the course of the last two years, Oracle's Java has been exploited time and again as hackers eviscerate the technology, seemingly at will. As each exploit emerges against Java, Oracle typically responds
High-Bandwidth DDoS Attacks as Much About Cyber-Crime as 'Hacktivism' (EWeek) Criminals looking to extort money from financial institutions continue to hit firms. Even the "hacktivists" have questionable motives, say security firms. In late 2011, trading services firm Henyep Capital Markets came under a distributed denial-of-service (DDoS) attack that disrupted many of the company's service portals
DDoS attacks, mobile traffic visibility top security concerns: Arbor (Computer World) More than 90 per cent of data centre operators are experiencing distributed denial of service (DDoS) attacks, according to Arbor Networks 8th Annual Worldwide Infrastructure Security Report. A further 60 per cent of mobile providers have no visibility of traffic on their mobile evolved packet core, the framework for providing converged data and voice services on their 4G LTE networks, the report said. Arbor surveyed 130 security professionals across different market segments globally, 20 per cent which are in the Asia-Pacific region, and found 83
Point of sale devices and Canadian banks targeted by Citadel malware variant (Naked Security) A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke
Browser-hijacking malware talks to attackers using SPF email validation protocol (Computer World) A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog post
Pirates target iOS enterprise loophole to spread fake iPhone apps (V3) Chinese cyber crooks are exploiting a loophole in Apple's iOS enterprise deployment procedures to release pirated apps onto iPhones. Trend Micro reported detecting a new influx of pirated apps appearing on iOS over the past few weeks in a blog post. "In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services," said Warren Tsai, product manager for Trend
86,800 network printers open to the whole internet - is one of them yours? (Naked Security) Last week, it was programmers uploading their private keys to public websites. This week, it's private printers left openly on the public internet. In the words of a famous software company, "Where do you want to print today
What if your security camera were an insecurity camera? (Naked Security) An occasional security blogger named someLuser, who has an interest in embedded devices, recently wrote up the results of some hacking he did a security review he carried out on a popular brand of network-enabled security camera
Security Patches, Mitigations, and Software Updates
Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation (Naked Security) Apple has released updates for users of the iPod Touch, iPhone, iPad and Apple TV products that fix critical vulnerabilities. Apple users should update their devices to iOS 6.1 as soon as possible
WordPress 3.5.1 fixes 37 bugs (Help Net Security) WordPress 3.5.1, now available for download, is a maintenance and security release for all previous versions that fixes 37 bugs
Cyber Trends
Security No-Man's Land (Dark Reading) As the industry descends on the RSA Conference to discuss the latest and greatest in security, the underserved midmarket continues to struggle with basic blocking and tackling. The industry machinery is not built to solve that problem…In the security practice, we have our own version of no-man's land, and that's midsize companies. Wendy Nather refers to these folks as being below the "Security Poverty Line." These folks have a couple hundred to a couple thousand employees. That's big enough to have real data interesting to attackers, but not big enough to have a dedicated security staff and the resources they need to really protect anything. These folks are caught between the baseline and the service box. They default to compliance mandates like PCI-DSS because they don't know any better. And the attackers seem to sneak those passing shots by them on a seemingly regular basis
Report: Lost Documents, Portable Memory Devices To Blame For Majority Of Data Breaches (Dark Reading) Nearly two-thirds surveyed suffered data breaches according to HCCA, SCCE survey. Lost paper files and portable memory devices account for 65 percent of data breaches according to "Data Breach Incidents & Responses," a just released survey conducted by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA). The compliance and ethics department, according to 69 percent of respondents, led the remediation effort following the last data breach
China loses US$46B to cybercrime in 2012 (ZDNet) Online crimes such as fraud and personal information theft have cost China 289 billion yuan (US$46. 4 billion) in 2012, but the lack of legal support makes it tough for local authorities to reduce the losses. Citing a study by the People's Public Security University of China on Internet crimes in the country, Global Times reported Tuesday that local public security departments investigated more than 118,000 Internet crimes last year, with many cases involving multiple victims
Unseen, All-Out Cyber War on the U.S. has Begun (CIO) Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet. There's a war going on, and it's raging here at home -- not in the streets or the fields, but on the Internet. You can think of it as a war on the digital homeland. If you work for a power company, bank, defense contractor, transportation provider, or other critical infrastructure type of operation, your organization might be in the direct line of fire. And everyone can become collateral damage
A couple of infographics & useful resources to mark Data Privacy Day (FraudTube) A couple of infographics and useful resources to mark Data Privacy DayIdentity fraud contributes more than 50% of 2012 UK fraud: A blog from miiCard, exploring the latest fraud figures from CIFAS along with some advice on how to check your social media footprint. Fraud: I wont be a victim will I? When setting up and growing a new business there are many things to be done: Identifying potential suppliers, targeting customers, establishing presence with online market places, implementing a social media strategy the task list is endless
Events that defined the European information security landscape in 2012 (Help Net Security) The past 12 months have been, to say the least, an active time for the information security landscape in Europe. Hacktivism stories dominated mainstream media outlets, the public has been learning
Virtualization, SDN to speed up mobile broadband offerings, says Strategy Analytics (Fierce Mobile IT) Verizon official predicts SDN will 'change the cost structure of network services, servers, network deployment'. Virtualization and software defined networking will speed up mobile broadband service offerings by reducing mobile operator costs, predicted research firm Strategy Analytics
Gartner: The age of the 'personal analytic assistant' is fast approaching (Fierce Mobile IT) By 2016, a full 70 percent of business intelligence vendors will offer natural-language and spoken word capabilities for their mobile BI applications, leading to the age of the "personal analytic assistant," predicted research firm Gartner
Marketplace
Pentagon plans massive surge in Cyber Command staff (The Register) The US military is planning a massive increase in the capabilities of its Cyber Command online-warfare department as it seeks to exert dominance over the digital battlefield. "Given the malicious actors that are out there and the development of the technology, in my mind, there's little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point," William Lynn III, a former deputy defense secretary, told the Washington Post. "The only question is whether we're going to take the necessary steps like this one to deflect the impact of the attack in advance or . . . read about the steps we should have taken in some post-attack commission report," he said. Currently there are around 900 uniformed and civilian staff employed by the Pentagon in its Cyber Command, which is separate from the National Security Agency - at least in principle. In practice, however, the two work side-by-side, and both are headed by the same man, General Keith Alexander. A senior defense official told the paper that the Pentagon would primarily focus on online activity outside of US domestic borders, and would only be involved in major online attacks, not minor hacking and phishing annoyances. US companies and those international companies that use American-hosted services won't be touched. "There's no intent to have the military crawl inside industry or private networks and provide that type of security," the official said
Cyber Command to grow workforce by 500 percent, adopt offensive mission (FierceGovernmentIT) The Defense Department will expand its cybersecurity force fivefold as the military moves to add offensive cyber operations to its repertoire of tactics, reports the Washington Post in a Jan. 27 article. Under the multi-year plan, DoD's Cyber Command
Killer Apps: DoD: No formal decision on expanding cyber command, yet (Foreign Policy (blog)) While U.S. Cyber Command has been working with the Pentagon since last April to define the cyber capabilities it wants from each of the armed services, no final decision has been made on the numbers of troops, where they will be drawn from, and what
U.S. DoD's cybersecurity force to increase fivefold (Help Net Security) The Pentagon is poised to start searching for more than 4,000 new employees for the Defense Department's Cyber Command, in a bid to boost its cyber defensive and offensive capabilities
Pentagon Cyber Force Turns To Hackers To Meet Growing Demand (Huffington Post) Faced with growing fears of potentially crippling cyber attacks and not enough skilled technicians to combat the threat, the Defense Department has launched a massive recruitment drive that's tapping an unlikely group: computer hackers. The Pentagon plans to dramatically boost the ranks of U.S. cybersecurity forces, expanding its number of cyber warriors more than five-fold, the Washington Post reported Sunday. But that strategy immediately confronts a critical shortage of those with the required skills
VMware To Cut 900 Jobs As Outlook Disappoints, But Will Still Pursue M&A (TechCrunch) VMWare plans to cut about 900 jobs, or 7 percent of its workforce, as part of a restructuring. The company also issued cautious 2013 forecast, due to a decline in U.S. federal government bookings and continuing concerns about the sluggish economy in Europe
CEO hot seat: Dave Hansen (Help Net Security) Recently SafeNet announced the appointment of Dave Hansen, an information security and cloud veteran, as the company's new President and CEO. Help Net Security put him in the hot seat to learn more about
Marissa Mayer's 3 Goals for Yahoo: A Better UI, Bigger International Reach And Broader Demographics (TechCrunch) Considering the long-standing struggles of Yahoo as a business, its board of directors battles, and Scott Thompson's "ResumeGate", Yahoo (and its investors) have been in sore need of some good news. When beloved Google exec Marissa Mayer took the helm as CEO back in July, finally Yahoo had a cause for optimism
Who hacks the hackers? Meet CrowdStrike (Fox News) Crowdstrike even offers an on-call tactical response team to investigate incidents - a sort of cyber SWAT team. For the company that wishes to go on the
Startup Taasera Offers Defense Against Zero-Day Attacks (American Banker (subscription)) As startup Taasera opens its doors today, it is launching software designed to detect zero-day attacks -- threats from malware that exploits a previously unknown application vulnerability. Financial services companies are primary potential customers
U.S. Online Reputation Management Firm Reputation.com Acquires U.K.'s Reputation 24/7 To Expand Internationally -- Will Invest 'Millions' In U.K. Operation (TechCrunch) Redwood City-based online reputation management company Reputation.com has announced it's acquired Liverpool, U.K.-based Reputation 24/7 to bolster its international business. Terms of the deal were not disclosed. Reputation 24/7 has been rebranded Reputation.com (U.K.) and will sell Reputation.com's suite of consumer and business online reputation management offerings to European customers
Huawei Becomes Third Largest Smartphone Maker (InformationWeek) Huawei pushed past ZTE and Sony to become the third-biggest maker of smartphones in the world during the fourth quarter of 2012, after Samsung and Apple
Blackberry Comeback: RIM Must Win Developer Support (InformationWeek) Against odds, BlackBerry 10 is gaining hype and converting skeptics. To compete, though, it needs to attract developers. Does RIM have the app for that
VA Picking Up To Three Small Firms For $5B IT Products Award (Govconwire) The Department ofVeterans Affairs plans toTask Order award up to three companies positions on a potential $5 billion contract for information technology products, the Washington Post reports. For this award, Kathleen Miller writes the VA (Department of Veterans Affairs) will reserve prime positions for companies that have up to 150 employees on
Booz Allen Begins Work on $5.6B Intelligence Support Contract (Govconwire) Booz Allen Hamilton (NYSE:BAH) has begun work on a defense intelligence contract awarded in the summer of 2012, according to a company statement. Bob Noonan, a Booz Allen senior vice president, said the company is looking forward to providing the government with mission critical intelligence that will help agencies address challenges to the country's emerging security
Alion To Analyze Defense Dept Spectrum Usage (Govconwire) Alion Science and Technology has won a $1.5 million task order contract from the U.S. Defense Department to study potential affects ofOptional Form reassigning or sharing spectrum used for communications, the company said Friday. The company will analyze radio frequency spectrum used byBudget Year the military that the commercial sector wants to acquire
NJVC Wins Option On $379M NGA IT Services Contract (Govconwire) NJVC has won an option on a re-issued National Geospatial-Intelligence Agency information technology services contract potentially worth $379,945,641. NGA re-issued the contract for administrative reasons and awarded the company an $11,632,110 option for continue providing enterprise operations and sustainment support worldwide, the Defense Department said. The Chantilly, Va-based company will perform
Products, Services, and Solutions
CounterTack Awarded Patent For Next-Generation Cyberattack Detection Technology (Dark Reading) CounterTack's approach enables data collection and intelligence gathering from deep within operating systems. CounterTack, the industry's first and only provider of in-progress cyber attack intelligence and response solutions, today announced that the U.S. Patent and Trademark office has allowed the patent application for its unique cyber attack detection technology, which was developed at the company's research and development center in Santa Monica, California
Security software showdown! 9 antivirus suites empirically tested (IT World) If you're like a lot of people, when it comes time to renew your security software, you may ask yourself, "Do I really need to upgrade to the latest version?" The answer is yes. Keeping up-to-date is generally a good idea, as new threats surface constantly. And if you value mobile security or use a social network, this year's crop of security suites is worth paying attention to
Microsoft can 'start printing money' as soon as it launches Office for iOS (IT World) The opportunity won't last forever, says IDC analyst, because 10-in. tablets are getting swamped by smaller devices, where Office won't matter
Facebook's Graph Search Is the Future of Social Recruiting (ERE) You've probably heard the hype about Facebook's new search utility, which it calls Graph Search. Unveiled just a couples weeks ago, it's already being described as everything from a LinkedIn killer to a privacy killer, and a recruiter's new best friend. For every one of those you can find an article -- or 100 -- that says the opposite
HP launches security service for after the horse has bolted (The Register) HP is getting into the lucrative security remediation sector with a consultancy service designed to minimize the effects of a successful attack, collect evidence for prosecution, and help recover what has been stolen or corrupted."It's nearly impossible for organizations to prevent a breach, but they can take control of how they respond," said Andrzej Kawalec, CTO of enterprise security services at HP in a statement."Combining HP's portfolio of services and software, the HP Breach Management Solution arms clients with the tools and resources to monitor, manage and respond to breaches head on, minimizing their impact while readying for the next attack
Google offers $3.14159 MILLION in prizes for hacking Chrome OS (The Register) Google has announced the target for its third Pwnium hacking contest, to be held at this year's CanSecWest security conference, with $3. 14159m in prize money for the researchers who can successfully crack its Chrome OS operating system. And yes, that figure is derived from the first six digits of . The contest, to be held on March 7, will see hackers trying to subvert the operating system on a base specification Samsung 550 Chromebook running Wi-Fi
How LinkedIn could be a serious threat to Bloomberg (Quartz) Have you ever used a Bloomberg terminal? If the answer is no, you have to understand one thing. It's amazing. The terminal is such a remarkable tool with nearly limitless possibilities. But, to quote a Bloomberg sales person, "if you want to drive a Porsche, you have to pay Porsche prices." And that's the hook. Bloomberg is not only market leading in quality, but it's also market leading in pricing. As in, it's very, very expensive
Vormetric Vault: Manage certificates, keys and security objects (Help Net Security) Vormetric announced Vormetric Vault, an all-in-one scalable solution for protecting and managing digital certificates, encryption keys and other security objects such as password files
AV developer Avast starts bug bounty program (Help Net Security) Avast, the Prague-based maker of the popular eponymous AV software, has announced the introduction of a bug bounty program. Rewards are offered only for security-related bugs in the software
Encrypted video and texting for iPhone and iPad (Help Net Security) ZipaClip is a secure mobile video and texting application for iOS devices. The free version of ZipaClip allows users to send and receive fully-encrypted texts and video clips up to 30 seconds in length
Facebook's CPO tackles privacy policy questions (Help Net Security) When late last year Facebook changed its Statement of Rights and Responsibilities and Data Use Policy, the social network's users lost their right to vote on future proposed changes, but retained that of commenting on them when they are made public and influencing their final form
Facebook Blocks Vine, Wonder Apps (InformationWeek) If you take our data, you must let your users share on Facebook, say Facebook's new rules
Technologies, Techniques, and Standards
Big goals for Big Data (CSO) Many organizations are still in the dark when it comes to using big data to improve security. But for Zions Bancorporation, it's old ha
Combatting Advanced Threats in 2013 Through Basics (Dark Reading) A large majority of successful attacks depend on organizations failures to maintain age-old security fundamentals, undermining other investments. Tom Parker explores why you should focus on fixing the problems of a past generation, before focusing on the next
Common Sense Guide to Mitigating Insider Threats (CERT (Carnegie Mellon Software Engineering Institute)) Cybersecurity Analyst for the CERT Program, with the twelfth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so
'Fair data' logo sets ethical standards for collecting consumer data (TechWorld) Consumers worried about how their personal data might be misused by private and public sector organisations can from today look for a new Fair Data logo to calm their worries, the Market Research Society (MRS) has announced. Launched on Data Privacy Day, 28 January, with the enthusiastic endorsement of the Information Commissioner, the MRS claims its 10-point set of principles [PDF] will set a new benchmark for the ethical handling of data
How taxpayers can protect themselves against identity theft (Help Net Security) ThreatMetrix has identified the top precautions taxpayers should take when e-filing to protect their returns against cybercriminals. According to Forbes, more than 80 percent of taxpayers filed electronically
Zero Day Initiative shares top software vulnerability trends (kloctalk) The list of vulnerabilities submitted to HP TippingPoint's Zero Day Initiative (ZDI) is extensive, but many of attacks featured are familiar, according to program
9 Bandwidth Hogs: Reality Vs. Myth (InformationWeek) Which user activities are actually eating up your bandwidth and clogging the network, and which can you ignore
Design and Innovation
Stop treating your phone like a pocket watch (Quartz) We have been so distracted by all of the features of smart phones that we failed to notice the absurdity of the way we use them. If anything, usage of the quintessential 21st century technology is more reminiscent of a distinctively obsolete 19th century device: the pocket watch. Perhaps, not for much longer
Startup Culture And Innovation, Defended (InformationWeek) Pointing to startup failures is a lame excuse for clinging to the status quo and mediocrity in an IT organization
Amazon Startup Contest Winners Strut Stuff (InformationWeek) Amazon Web Services challenge spotlights companies using AWS as a mobile application development environment
Research and Development
Suicidal Sensors: Darpa Wants Next-Gen Spy Hardware to Literally Dissolve (Wired Danger Room) The Pentagon's mad scientists don't want to pick up all the sensors the military leaves in warzones. It wants to fabricate them out of materials that literally cease to exist on command
Academia
To Avoid Nasty Surprises, Higher Ed Turns To Prediction (InformationWeek) Colleges are turning to predictive analytics for a variety of uses
Legislation, Policy, and Regulation
The EU-funded plan to stick a 'flag this as terrorism' button in your browser (Ars Technica) CleanIT has some odd ideas on stopping online extremism. Under CleanIT's rules, the Irish ultra-nationalist "32 County Sovereignty Movement" site (an alias of the terrorist group the "Real IRA") couldn't be touched, as it's hosted in the US. Terrorists, beware! The European Union-funded "CleanIT" project has just wrapped up its work, aimed at preventing online terrorist propaganda and recruitment within Europe. In the run-up to the final CleanIT conference in Brussels on Wednesday, the group published its final report, (PDF) a 30-page document outlining its final recommendations. This document and the conference are the culmination of a two-year, ?400,000 ($428,000) study grant from the EU's Prevention of and Fight against Crime Programme. (Ars editor Cyrus Farivar will be moderating this conference, and his travel and lodging have been paid for out of CleanIT's budget.)
Hague signs UK up to global Cyber Resilience Partnership (Computing) The UK has joined 25 countries in committing to a set of principles intended, they claim, to make digital networks more secure and resilient. Foreign secretary William Hague signed the World Economic Forum's Partnering for Cyber Resilience initiative, which means that the UK will join more than 70 companies and other government bodies across 15 sectors in practising good "cyber hygiene" - easy-to-follow steps intended to reduce the risks to their organisations and customers. The principles include:Ensuring that the organisation recognises the "interdependent nature of our hyperconnected world" and its own role in contributing to a secure shared digital environment; Management recognition of its leadership responsibilities in making cyber resilience a priority; Organisational recognition of the importance of integrating cyber risk management within its other risk practices; and, For the organisation to encourage suppliers to adopt these principles and guidelines, too
China admits cyber warfare unit in Peoples Liberation Army (Hack Read) The Chinese government for the first time admitted that it has highly skilled group of hackers in its army; supported, equipped and trained by the government officials. Channel4 reports that an intelligence source inside the army shared the secret information which confirms the presence of hackers in Chinese army that are will be used at the time of cyber warfare. The group of elite hackers in the Chinas Peoples Liberation Army is known as cyber blue team that will be working as a defensive wall against any kind of cyber attack against the country
Privacy Crusaders - Their Own Worst Enemies (Infosec Island) Why nihilistic philosophies of patient-privacy advocates are bad news for patient-privacy. If the electronic health records industry has a nemesis, it's Deborah Peel, the founder of Patient Privacy Rights. At a time when doctors and hospitals are digitizing their paper medical records as mandated by the government, Peel, a psychiatrist, has been the most vocal agitator against loss of patient privacy. In Peel's world, malefic forces in the U.S. government and corporations prey on unsuspecting patients by rummaging through their history/physical. "Once your information is released, it's like a sex tape that lives in perpetuity in cyberspace," she once told The Dallas Morning News
Berners-Lee says snoop law could see spies blackmail soldiers (The Register) World Wide Web inventor Sir Tim Berners-Lee has declared government collection of data on citizens web surfing and telephony activities a very bad idea after outlining a scenario in which he feels national security could be compromised by caches of armed forces' members online activities. Speaking in Sydney at the launch of Australia's new Digital Productivity and Services Flagship, a think tank designed to boost productivity through cunning use of technology, Berners-Lee suggested that if governments are allowed to track citizen's use of phones and the internet, foreign spies will find it an irresistible hacking target
Litigation, Investigation, and Law Enforcement
AMD Suit Offers Lessons On Punishing Insider Thieves (Dark Reading) Theft of 150,000 documents by AMD employees defecting to nVidia and subsequent lawsuit shows value of monitoring and forensics spend
World Trade Organization approves new site full of 'pirated' material from US (Ars Technica) America's ongoing dispute with Antigua and Barbuda created bizarre situation. The United States government has been known to respond rather aggressively towards individuals and foreign entities it believes are violating American intellectual property law. (Ask Kim Dotcom.) But relatively few countries have responded by seeking (and receiving) international authorization to directly, openly flaunt American copyright
Netherlands, Canada Say WhatsApp Still Violates Privacy Laws (Threatpost) Dutch and Canadian officials say the popular mobile text messaging app WhatsApp violates their countries' privacy laws because it rifles through users' contacts to find other devices hooked up to the service
Court: Government Need Not Justify Warrantless Data Requests (Threatpost) A Virginia appeals court on Friday denied a right-to-access order filed by the Electronic Frontier Foundation and the American Civil Liberties Union on behalf of Icelandic parliamentarian Birgitta Jonsdottir and computer security researchers Jacob Appelbaum and Rop Gonggrijp. The denial confirms a lower court's ruling that neither those individuals nor the public has the right to see the documents a court uses to justify its warrantless acquisition of information. The right-to-access order sought to obtain an unknown number of documents obtained from Twitter that government prosecutors submitted to the courts during the investigation of Wikileaks
17 Chinese held in Philippines for Cyber-crime (Hack Read) The Philippine police last week arrested a group of 15 Chinese women and 2 men. This group was arrested on behalf of a fraudulent activity they carried out over the internet successfully. After week of thorough investigations the police declared this group criminals after which the Chinese police was after
Twitter transparency report shows government data requests on the rise (Computer World) Twitter has released new numbers showing that the social network complied with government data requests 69 percent of the time in the U.S., as government requests for user information worldwide continue to rise. The total number of information requests increased to 1,009 during the second half of 2012, up from 849 during the first half of the year, according to Twitter's transparency report. Government requests for content removal also increased to 42 from just six."All signs suggest that these government inquiries will continue to climb into the foreseeable future," Twitter said
FTC Online Privacy Protection Campaign Kicks Into High Gear (CIO) As the Federal Trade Commission continues its work in evaluating the privacy practices of businesses in the Internet age, agency staffers are focusing not only on what personal information companies are collecting and how they're using it, but also on the security measures in place to keep that data out of the hands of would-be identity thieves and other bad actors. Speaking here at an event to mark Data Privacy Day, an annual initiative led by the nonprofit National Cyber Security Alliance, Commissioner Maureen Ohlhausen stressed that the FTC's privacy work is closely coupled with its consideration of industry security practices
FBI turns up heat in hunt for Stuxnet leakers (ZDNet) US federal investigators are applying pressure on senior government officials suspected of leaking details about the US government's role in developing the Stuxnet malware, according to a report by the Washington Post. The FBI and US prosecutors are analysing email accounts and phone records as well as interviewing current and former officials in a search to find links to journalists, according to the report on Saturday. The investigation is likely to centre on a small circle of senior officials, given the highly classified nature of the cyberattacks against Iran, details of which were published in a report by The New York Times in June 2012
Google faces UK legal action over secret Safari tracking claims (IT Pro) UK law firm enlisted by Apple users who claim search giant used web browser to track their online activities. Web giant Google could be subject to the UKs largest ever group legal challenge, following claims the firm has been snooping on Apple users web browsing habits. The company has been accused of circumnavigating Apples security controls to monitor the online habits of Apple users, who access the web using the Safari browser
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.