The CyberWire Daily Briefing for 10.11.2013
news from CyberMaryland
This issue concludes our coverage of CyberMaryland. We wrap up with a look at a recurring theme at the conference: the importance of education and training to the rising cyber generation and its place in the workforce. Yesterday we interviewed conference participant Haden Land, Vice President of Engineering and Chief Technology Officer, Information Systems and Global Solutions-Civil, Lockheed Martin. And don't miss Dark Reading's interview with 2013 National Cyber Security Hall of Fame inductee Eugene Spafford, linked below.
China opens a campaign against Mongolian agencies and organizations. Designed to satisfy curiosity about what a joint US-Mongolian military exercise ("Khaan Quest 2014") augurs for US relations with Mongolia, the campaign seeks (as the Register puts it) "to see who [China's] friends are". It's noteworthy that intelligence about the campaign was developed by crowd-sourced, collaborative ThreatConnect.
Cyber vandals hit and deface a web-hosting service in Argentina. Google's Malaysia site is the latest victim of a DNS attack. Metasploit pages were defaced via a spoofed fax order to its registrar.
Two IE vulnerabilities (both patched by Microsoft) are being actively and successfully exploited in the wild. Security analysts offer dissections of both.
Forbes publishes a rundown of the Bash tactic, how it succeeds, and what it means for Linux security.
Low-grade cyber criminals continue their petty monetization of botnets. The crooks responsible for the recent Adobe hack offer another opsec lesson: they were themselves careless enough to expose stolen source code on an unprotected server.
It's worth noting that cyber threats can function much the way traditional disinformation operations do. See last night's bogus press release that Samsung had acquired Fingerprint Cards, and the effect it had on the markets.
US budget issues bite BAE employees. Trend Micro buys Taiwan's Broadweb. Analysts have more to say about Cisco's security market play.
In the US Congress, Rep. Sensenbrenner introduces a bill to curb NSA surveillance. NSA defenders complain about tepid Administration support.
CIA says it flagged Snowden as a risk in 2009.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Ireland, Japan, Republic of Korea, Latvia, Luxembourg, Malaysia, Mongolia, Russia, Taiwan, United Kingdom, United Nations, and United States..
Baltimore: the latest from CyberMaryland
'Spaf' On Security (Dark Reading) Internet security pioneer Eugene Spafford talks about why security has struggled even after its first big wake-up call 25 years ago, the Morris worm
Teens hone hacking skills in contests (Plattsburgh Press Republican) Computer-savvy teenagers are testing their skills in cyber-contests designed to teach them how to protect the government and private companies from hackers…At Baltimore's Loyola Blakefield prep school, a team of students meets twice a week after classes to practice for the Maryland Cyber Challenge, which is being held this week at the Baltimore Convention Center. At the event, they'll have to debug viruses from their computer and defeat mock attacks by cybercriminals played by IT professionals
Lockheed Martin and Tech Council of Maryland Host Cyber Security Awareness Day for Local High Schools (MarketWatch) For the fourth consecutive year, Lockheed Martin, in partnership with the Tech Council of Maryland (TCM) and the National Cyber Security Alliance (NCSA), will bring together more than 200 top performing Science, Technology, Engineering and Mathematics (STEM) high school students to raise cyber security awareness and to promote education and careers in the field
Cyber Attacks, Threats, and Vulnerabilities
Khaan Quest: Chinese Cyber Espionage Targeting Mongolia (ThreatConnect) The ThreatConnect Intelligence Research Team (TCIRT) has identified a weaponized Microsoft Word document that contains a Concept Development Conference (CDC) announcement for the joint US and Mongolia military exercise called Khaan Quest 2014. Retrospective TCIRT research identified additional decoy documents, written in Mongolian, themed around events like the Mongolian presidential election, held in June 2013. This activity represents Chinese Computer Network Exploitation (CNE) activity against Mongolian entities and others that have economic, military, or diplomatic relations with Mongolia. Mongolia's attempt to steer a more independent path by reaching out to what it calls "third neighbors," such as the United States, Japan, South Korea, and the European Union, is possibly prompting China to conduct CNE. This would help China maintain awareness of changes in Mongolian relations with the US and other Western influences and protect their national interests in Mongolia
Spies launch hack attacks on Mongolia…to see who its friends are — report (Register) Like checking up on your kid's Faceboo…well, not really…Cyber-spies are targeting Mongolian businesses and government agencies to keep the attackers "aware" of the land-locked country's relationships with "Western influences" like the US and the European Union, according to a recent report
China Conducts Cyber Espionage Campaign Against Mongolia (Softpedia) Security researchers from ThreatConnect's Intelligence Research Team (TCIRT) say they've identified a cyber espionage campaign launched by China against Mongolia. More precisely, it appears that China is trying to learn as much as it can about Mongolia's relations with the European Union and countries such as the United States, South Korea and Japan. The campaign targets not only entities from Mongolia, but also ones that have economic, diplomatic or military relations with the country
Argentina web hosting server hacked by x0x0 hacker (Hackers Post) Argentina web hosting server has been hacked and defaced by a hacker with the handle x0x0. For now, Website are restored and working properly. A total of 850+ website were hosted on the server and all website has been hacked. There is no specific reason mentioned by the hacker on the defaced page
Google's Malaysia site latest to be felled in DNS attacks (CIO) Google is the latest victim of an ongoing spate of attacks on DNS records. Google's website for Malaysia was briefly tampered with on Friday, underscoring continuing weaknesses in entities administering crucial website address database records
Phony Order Faxed to Registrar Leads to Metasploit Defacement (Threatpost) Metasploit creator HD Moore confirms that a spoofed fax order sent to its registrar led to the defacement of the Metasploit and Rapid7 homepages
Further Information on That Second IE 0–Day (InfoSecurity Magazine) Microsoft's monthly patch sequence this week held a surprise - a surprise second Internet Explorer zero-day vulnerability in addition to the widely expected fix for CVE-2013-3893. More information is now slowly emerging on the new vulnerability, CVE-2013-3897. Websense is a member of the Microsoft Active Protections Program (MAPP) which provides early warning on vulnerabilities so that security firms can apply protection as early as possible. This data enabled Websense to detect and track an instance of CVE-2013-3897 being exploited in the wild, and from that determine both the source of the attacks and the geographic location of the targets
The Technical Aspects of Exploiting IE Zero-Day CVE-2013-3897 (Trustwave SpiderLabs) Just two days ago we announced the discovery of in-the-wild attacks that used the zero-day which is now known as CVE-2013-3897. At that time we also promised to provide a more detailed analysis of the exploit. Now we have the opportunity to provide a fully and detailed analysis of the vulnerability (CVE-2013-3897) itself that has been used by the attacker, and examine the patterns used by the attacker comparing to the previous zero-day attack (CVE-2013-3893)
Anatomy of an exploit — inside the CVE–2013–3893 Internet Explorer zero–day — Part 1 (Naked Security) As you are probably aware, Microsoft's October 2013 Patch Tuesday includes an update for Internet Explorer that closes no fewer than ten RCEs, or Remote Code Execution holes. This sort of vulnerability means that merely looking at a booby-trapped web page could infect you with malware, even if you don't click on anything on the page. Unfortunately, an exploit that takes advantage of one those ten holes, CVE-2013-3893, is known to be in the wild
Patched IE zero–day and older flaw exploited in ongoing targeted attacks (Help Net Security) With this month's Patch Tuesday, Microsoft has delivered the patch for the infamous Internet Explorer zero-day (CVE-2013-3893) that has been spotted being used in attacks that date as back as three or four months ago and have been tied to the Chinese hacking group that hit Bit9 earlier this year
Unpatched flaws still favourite attack vector: IBM X–Force (IT World Canada) Zero day exploits and custom malware pack deadly punches and frequently grab the headlines, but many cyber criminals are focusing on less sophisticated methods to bypass security, according to a recent report from IBM's X-Force security research team
CSAM Some more unusual scans (Internet Storm Center) Most of us who regularly look at firewall and other logs get to know the usual targets, 22, 5900, 5060, etc. Most of the time these are fairly obvious and self explanetory. However on occasion you do see some that are a bit more unusual. For example this morning a scan was detected along these lines
How They Popped The Penguin: The Bash Tactic And What It Means For Linux Data Security (Forbes) Data security is something that most people don't want to think about. In our age of persistent connectivity, most data users, whether they are on a desktop, laptop or cell phone, connect to their data without thinking of the security risks of transmitting their data by connecting to a public network or an unsecured network of any kind. And most users think of data security in terms of malicious hacks on Windows and maybe a Mac once in a while. No one would ever think of screwing with Tux, he's so cute and all, and everyone loves good old open-sourced Linux, right? Well, no, yes and yes, but
Bogus Facebook page uncovered spreading Infostealer malware (V3) Security researchers have spotted a bogus Facebook page duping victims into downloading data-stealing malware. Symantec researchers Avdhoot Patil and Daniel Regalado Arias reported uncovering the scam in a public blog post, warning the criminals are using the site to mount a two-pronged attack against their victims
Stanford researchers discover 'alarming' method for phone tracking, fingerprinting through sensor flaws (SFGate) One afternoon late last month, security researcher Hristo Bojinov placed his Galaxy Nexus phone face up on the table in a cramped Palo Alto conference room. Then he flipped it over and waited another beat. And that was it. In a matter of seconds, the device had given up its "fingerprints"
Novice cyberciminals offer commercial access to five mini botnets (Webroot Threat Blog) With the increased public availability of leaked/cracked DIY malware/botnet generating tools, cybercriminals continue practically generating new botnets on the fly, in order to monetize the process by offering access to these very same botnets at a later stage in the botnet generation process. In addition to monetizing the actual process of setting up and hosting the botnet's C&C (command and control) servers, novice cybercriminals continue selling direct access to their newly generated botnets, empowering other novice cybercriminals with the foundations for further disseminating and later on monetizing other pieces of malicious software, part of their own arsenal of fraudulent/malicious tools
Adobe cyber attack a wake–up call — security firm (News24) The hacker attack on Adobe Systems may increase the vulnerability of all computers running the company's software, a security firm has said. Hackers hit Adobe a week ago and made off with source code along with credit card numbers relating to three million of its customers
Adobe's source code was parked on hackers' unprotected server (TechWorld) The files were encrypted but still sitting on an open Web server, security expert says. Hackers capitalize on other people's mistakes. But they make their own as well. Case in point: A massive breach of Adobe Systems' network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker's unprotected Web server open to the Internet
Twitter Still Being Used By Shady Hackers (TrendLabs Security Intelligence Blog) Recently, Twitter made public financial statements related to its upcoming initial public offering (IPO). Part of these statements including how many active users it has: Twitter said it has 218 million monthly active users, three-quarters of which have accessed the site from a mobile device. It's not a surprise that some of these users are malicious. What is uncommon is that some of these malicious accounts do try to "engage" with other accounts — even those of security vendors like Trend Micro. Too bad for these users — we are one step ahead of them, as we have previously blocked the dubious sites they offer
'Bulletproof' Hoster Santrex Calls It Quits (Krebs on Security) Santrex, a Web hosting provider that has courted cybercrime forums and created a haven for a nest of malicious Web sites, announced last week that it is shutting its doors for good, citing "internal network issues and recent downtime." Couldn't have happened to a nicer company
Vigilance saves Avast anti–virus from having its website pwned (Graham Cluley) It has been revealed that WhatsApp, AVG and Avira weren't the only companies to be targeted by a pro-Palestinian hacking gang this week
Bogus AmEx "Unusual activity detected" email leads to phishing (Help Net Security) An extremely thorough phishing campaign is currently targeting American Express customers by trying to make them believe that access to their account will be restricted within 48 hours if they don't update their account information
Nordstrom Finds Cash Register Skimmers (Krebs on Security) Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida
Open Enrollment Is Phishing Season (GovInfoSecurity) Open enrollment has begun for Obamacare as well as for health insurance plans offered by many employers. And that means it's prime time for fraudsters to target consumers with phishing scams, disguised as official-looking open enrollment messages, in an attempt to steal personal information
Tech Support Scams: Coming to a Mac near you (Malwarebytes) You may be familiar with cold calls where someone pretending to be from Microsoft is telling you that your computer is infected and needs to be repaired ASAP. In most cases, if you said you were running a Mac instead of Windows, the scammers would hang up and move on to the next victim
Samsung and Fingerprint hoax underlines power of internet rumours (Financial Times) The rapid spreading of false information via new online channels was brought sharply into focus on Friday after a fake press release was distributed claiming Korea's Samsung Electronics had paid $650m to buy Sweden's Fingerprint Cards. Shares in Fingerprint rose as much as 51 per cent on the news, before both companies denied the story. Fingerprint shares have been suspended, and Cision, a Swedish distributor of press releases, is investigating why it published the "incorrect" statement. It has also issued an apology
The 'autonomous,' hackable car (CSO) Driverless cars are coming, with almost magical convenience
Cyber Trends
Security Ratings Proliferate As Firms Seek Better Intel (Dark Reading) Scoring services seek to measure the security of almost every step of the business supply chain, from suppliers and transactions to applications and services
Comment: Beware the Nascent Cyber Insurance Market (InfoSecurity Magazine) As security incidents grow in number and severity, organizations are not only relying on their own defenses to guard against losses, but are increasingly looking to insure themselves against those losses. However, all should be aware that the cyber insurance market is still in relative infancy, as Colin Tankard outlines. Security breaches are mainstream occurrences, and every organization should assume that they are a victim. According to recent research published in conjunction with Infosecurity Europe in April, 93% of large organizations state that they experienced at least one breach in the previous year. They also reported that the number of breaches is growing rapidly as organizations experienced, on average, 50% more breaches than in the previous year
The Security Odyssey (CSO) How do we know if we're doing information security well? How far along the journey to information security nirvana are we and what does that place even look like? George Arronis, the Head of ICT Risk and Security for Serco Asia Pacific has some views on positive and negative trends he's seeing. "Three key things that the industry has done well is that there is a growing security awareness, we've adopted security frameworks to guide our security thinking, and we've tackled major threat themes over the last while. Although attacks are still happening the industry has developed multi-layered countermeasures to those threats" he said
4 Ways the Security Community is Changing for the Better (Duo Bulletin) For the casual observer of information security, it may look like everyone is after the next one-off vulnerability and not trying to affect actual change upon larger problems. While there are certainly exceptions to this which should be celebrated (such as OWASP), these have been typically few and far between. Meet-up groups (ISSA, city-sec, etc.) are great, too, but don't often impact much in the grander sense of information security. Just over the past few months, though, there have been some interesting initiatives that are taking off and improving information security in remarkable ways beyond the daily break-fix security lifestyle
Amid NSA Outrage, Big Tech Companies Plan to Track You Even More Aggressively (Wired) Thanks to former NSA man Edward Snowden, we now know a fair amount about the NSA's ability to collect data about what people do online, and it's all rather disturbing. But the future looks even more worrisome. Some of the biggest companies in tech are assembling new forms of online tracking that would follow users more aggressively than the open technologies used today. Just this week, word arrived that Microsoft is developing such a system, following, apparently, in the footsteps of Google
Quarter of mobile users fell victim to cybercrime last year (Telegraph) While nearly half of all smartphone users care enough about their mobile devices to sleep with them, 48 percent do not take even basic security precautions such as using passwords, having security software or backing up files from their mobile devices, according to a new report
Consumers Looking for Convenience In Mobile Security Measures (Bank Systems & Technology) Consumers are not taking basic steps for securing their mobile devices, but show an interest in more convenient security methods like biometrics, a new PayPal study found
Internet freedom declining, says Freedom House (FierceGovernmentIT) A Freedom House assessment of Internet freedoms in 60 countries finds the number of "free" countries vastly outnumbered by countries in which freedom restrictions range from partial to nearly absolute
Gartner Reveals Top Predictions for IT Organizations and Users for 2014 and Beyond (FierceITSecurity) Gartner, Inc. has revealed its top predictions for IT organizations and IT users for 2014 and beyond. Gartner's top predictions for 2014 combine several disruptive topics — Digital Industrial Revolution, Digital Business, Smart Machines and the Internet of Things — that are set to have an impact well beyond just the IT function
Rand Secure Archive Releases North American Survey Results on Data Governance (FierceITSecurity) Rand Worldwide (OTCBB: RWWI), a global leader in providing technology solutions to organizations with engineering design and information technology requirements, today announced the results from its Rand Secure Archive (RandSA) division's 2013 Rand Secure Archive Data Governance Survey
Mobile users give thumbs up to biometric security (FierceITSecurity) More than half of mobile users are comfortable using biometrics as a security measure to prevent unauthorized access to their mobile devices, according to a survey of 1,000 U.S. adults by Zogby Poll on behalf of PayPal and the National Cyber Security Alliance
Farzad Mostashari: Let me be blunt (FierceHealthIT) No longer constrained by the talking points that are part and parcel of life in public office, Farzad Mostashari, M.D., took the stage at the annual CHIME CIO forum in Scottsdale, Ariz., on Wednesday and spoke frankly about barriers to care transformation, limits of healthcare technology and other worries he has about the healthcare system
Big data use misaligned, mangled between healthcare providers, payers (FierceBigData) Immediate savings in healthcare costs from big data use are at risk given only 47 percent of healthcare providers are investing significantly in analytics. Further, 40 percent of providers said they had no plans at all to use big data and analytics tools. By comparison, 80 percent of payers are investing in analytics--although 14 percent of them won't use big data either. Providers, then, are likely to fail to deliver optimum savings and payers are likely to run into difficulties in getting actionable results from their big data findings since providers are apparently unwilling or unable to play ball
Marketplace
US shutdown hits BAE as 1200 staff in have pay frozen (London Evening Standard) Defence contractor BAE Systems became the first major British victim of the US government shutdown today as it stopped paying 1200 staff in the US and warned of the damage of a "protracted" closure
BlackBerry co–founders considering bid for business (Reuters) BlackBerry co-founders Mike Lazaridis and Douglas Fregin are considering a bid to buy the struggling smartphone maker, according to a securities filing on Thursday, raising the prospect of an alternative to a $4.7 billion (£2.93 billion) offer led by its top shareholder
Google Offer OSS Patch Bounty to Fixers (InfoSecurity Magazine) More and more software companies — including Google — have started to offer bug bounties to independent security researchers who find and responsibly disclose software flaws. Now Google will offer a bounty to OSS developers who also fix them
Swedish fingerprint sensor firm retracts claim it has been purchased by Samsung (update) (The Verge) Update: Fingerprint Cards has denied that the acquisition is taking place, blaming it on a fake press release. After posting news of the purchase on its own site, Fingerprint Cards has now issued a full retraction
Trend Micro Buys Broadweb (Softpedia) IT security giant Trend Micro has acquired Broadweb, a network security solutions provider based in Taiwan. Trend Micro wants to enhance the capabilities of its Custom Defense Solution with Broadweb's deep packet inspection and real-time malicious packets blocking technologies
Cisco Touts Security Boost From Sourcefire Deal (TechWeek Europe) Cisco closes the acquisition of Sourcefire, which will enhance its firewall and intrusion-detection capabilities
Procera Networks Joins the Global Network Initiative (ITBusiness) Supports GNI's Efforts to Protect Internet Users' Freedom of Expression and Privacy
Lookout Closes $55M In Strategic Financing (Dark Reading) Capital from Deutsche Telekom, Qualcomm, Greylock Ventures, and Mithril Capital Management will be used to continue international expansion
Lockheed Martin Opens New Cyber Security Intelligence Center (Scientific Computing) Lockheed Martin has opened its fourth Security Intelligence Centre (SIC) in Australia's national capital, Canberra, continuing the company's international extension of its cyber defense network. The Centre was opened October 3, 2013, by Sondra Barbour, executive vice president of Lockheed Martin's Information Systems and Global Solution
HealthCare.gov debacle a symptom of poor federal health IT processes (FierceHealthIT) Software developers have concluded the requirement that users sign up at HealthCare.gov before looking at information on health insurance "choked" the website, which already was hobbled by limited server capacity, the Washington Post reported
Persistent Obamacare troubles raise questions about proper online tests (MarketWatch) Troubles in signing up for online Obamacare applicants have persisted well into their second week, and the main HealthCare.gov site remains unable to get many seeking coverage into first gear
Products, Services, and Solutions
Facebook Privacy Feature Gone for Good (Threatpost) Late last year the world's largest social network announced that it would begin removing a popular privacy feature that let users regulate whether other users could search for and locate their profiles with the Facebook search function
Behold (And Maybe Fear) The New Self-Updating Online Address Book (Forbes) When entrepreneur Bart Lorang met his future wife in 2010, he fell in love with her address book, too. "She had pruned and preened it every week, and it had updated titles and photos and e-mails and phone numbers for pretty much everyone she knows," he says. "I wanted that address book. I wanted a perfect address book that just worked." So he created a startup called FullContact
Tamper–resistant jailbreak detection from Arxan (Help Net Security) Arxan announced new tamper-proof jailbreak detection security and environmental sensing technology. In addition to Arxan's pre-existing Guards, which are running on over 200 million devices, these new capabilities deliver enterprise-grade app and mobile environment security to prevent revenue loss, fraud and brand compromise
Apple's iWatch Will Let You Control Your Home, Says Analyst (Softpedia) A research note from Cantor Fitzgerald analyst Brian White suggests Apple has much bigger plans with the iWatch than originally projected. According to White's sources, it will be a multi-purpose tool that can even control home appliances
GFI Software launches cloud-based web protection service (Help Net Security) GFI Software announced the addition of its Web Protection service to GFI Cloud, which enables SMB IT managers to reduce exposure from Web-based security risks and productivity loss by managing Internet
Microsoft to Roll Out Government-Focused Cloud For U.S. Agencies (GovConWire) As part of a larger company release of cloud computing-based products, programs and partnerships, Microsoft announced this week it will roll out a public cloud environment for data, applications and infrastructure designed exclusively for use by U.S. federal, state and local government agencies
Technologies, Techniques, and Standards
Is the Breach Quadrilateral the Key to Understanding Security? (eSecurity Planet) The security business is full of different terms and methodologies for describing the threat model. In a presentation at the SecTor conference this week, Chris Pogue, director of Digital Forensics
Security essentials: What is two-factor authentication? (Naked Security) This October is National Cyber Security Awareness Month (NCSAM). So I thought I would write my inaugural Naked Security article on a topic near and dear to my heart: two-factor authentication
Passwords May Never Die for Legal Reasons (Enterprise Efficiency) "Passwords are dead," a Google information security manager decreed at last month's TechCrunch Disrupt. Other pundits have come to the same conclusion. However, these reports are greatly exaggerated
Waking Shark in second attack on UK banks (SC Magazine) The attack has been ordered by The Treasury and Bank of England to stress-test the security and resilience of the UK's banking and online payments system, which transfers trillions of pounds a day. The exercise will take place on an unspecified date in mid-November and is likely to involve the major high-street banks, Tier 2 and online banks like the Co-op, Virgin Money and Tesco Bank, the stock market and the big credit and debit card providers, Visa, MasterCard and American Express
Air Gaps (Schneier on Security) Since I started working with Snowden's documents, I have been using a number of tools to try to stay secure from the NSA. The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible. I also recommended using an air gap, which physically isolates a computer or local network of computers from the Internet. (The name comes from the literal gap of air between the computer and the Internet; the word predates wireless networks.) But this is more complicated than it sounds, and requires explanation
Breaches happen, so be prepared (CSO) Rik Ferguson, the Vice President Security Research for Trend Micro, has a sobering warning. Your security will be breached. You can't stop it, you have to be ready. "You build your infrastructure on the assumption that a breach is going to happen. Your goal is to find out immediately and respond accordingly." In the past, security was all about creating barriers around your critical resources so that no one could get to them. While that remains a central plank of any security strategy, a more modern operational environment also focuses on mitigating the effects of a breach
Do what's right — an interview with Dr Hugh Thompson (CSO) With a background as a teacher at Columbia University and a sought after security expert, Dr Hugh Thompson of Blue Coat systems gained notoriety in 2006 when he hacked the electronic voting system in Florida for a PBS TV special. He has founded security companies and written several books on information security that have become required reading at many software companies
Goodbye, tracking cookies? Don't celebrate just yet (InfoWorld) Microsoft and Google are both rumored to be working on replacement ad-tracking technologies, but maybe cookies are the lesser of two evils
3 essential techniques to protect your online privacy (InfoWorld) Two–factor authentication, encrypted remote storage, virtual private networks: These are your weapons in the fight for Internet security
10 successful big data sandbox strategies (FierceBigData) Testing in a safe sandbox environment is just as crucial for big data and queries as it is for any other technology if IT is to keep oopsies from becoming enterprise-wide owies. However, sandbox testing of big data is very different from testing other technologies. Fortunately there are many strategies to perfect the effort and ten in particular will get you safely started
Design and Innovation
Cambridge High Tech Cluster Backed By New £50M 'Long–Term Finance' Fund (TechCrunch) There's a bit more money sloshing around the U.K.'s high tech Cambridge cluster, thanks to a new fund that's just been set up. The Cambridge Innovation Capital (CIC) fund has launched with an initial £50 million to invest, and a remit to help tech startups focus on developing their ideas and technology -- rather than having to divert energy in the short term to worrying about raising funding
Research and Development
Applied Communication Sciences Receives Department of Energy Grant for Groundbreaking Cyber Security Energy Infrastructure Research (Digital Journal) The US Department of Energy (DOE) has awarded Applied Communication Sciences (ACS) a grant to accelerate the development of advanced security monitoring capabilities in ACS's SecureSmart(TM) Monitoring Solution to help protect the nation's new Smart Meter infrastructure against cyber attack. The grant is part of $30 million in recently announced DOE awards to research, develop and demonstrate new tools and technologies to bolster the defense of the nation's energy delivery systems
Academia
New cybersecurity training program launched (Hometown Focus) Addressing the rising need for IT and cybersecurity professionals in Minnesota and across the country, Inver Hills Community College launched the Minnesota Cyber Aces State Championships, an online cybersecurity education and training program. Minnesota is one of six states hosting Cyber Aces, with over 6,500 people having participated in the program nationwide
NYU-Poly Cyber Security Judges Tap Top Student Teams in Hardware Hacking and Protection (Sacramento Bee) Eleven international collegiate teams have been chosen to compete in the final round of contests that will challenge their knowledge in one of the newest and most difficult fields within cyber security: testing and protecting electronic hardware. The teams will progress to the finals of the largest student events of its kind: Polytechnic Institute of New York University's (NYU-Poly) Cyber Security Awareness Week (CSAW), to be held on the school's Brooklyn campus November 14-16, 2013
Sypris Expands Purdue University Research Center (Wall Street Journal) Sypris Electronics LLC, a subsidiary of Sypris Solutions, Inc. (Nasdaq: SYPR), announced the grand opening today of its newly expanded Sypris Research Center. Sypris Electronics will be hosting a ribbon-cutting ceremony on Thursday, October 10, 2013 at its location in the Purdue Research Park in West Lafayette, Indiana
Legislation, Policy, and Regulation
Patriot Act author introduces bill to block NSA's use of the Patriot Act (Daily Dot) Now that it's 2013, can you imagine how embarrassing it must feel to have authored the Patriot Act a dozen years earlier? Especially considering that we live in an age where Americans are increasingly outraged that the National Security Agency tracks their phone calls--an act made legal through a secret court interpretation of that very law. The Patriot Act's author, Congressman Jim Sensenbrenner (R-Wis.), is going to try and fix it. He's introducing the USA FREEDOM Act, a bill specifically aimed at countering the portions of the Patriot Act that were interpreted to let the NSA collect telephone metadata in bulk
NSA Veterans: The White House Is Hanging Us Out to Dry (Foreign Policy) 'There has been no support for the agency from the President, and this has not gone unnoticed.' Gen. Keith Alexander and his senior leadership team at the National Security Agency are angry and dispirited by what they see as the White House's failure to defend the spy agency against criticism of its surveillance programs, according to four people familiar with the NSA chiefs' thinking. The top brass of the country's biggest spy agency feels they've been left twisting in the wind, abandoned by the White House and left largely to defend themselves in public and in Congress against allegations of unconstitutional spying on Americans
Intelligence in the Digital Age — The NSA PRISM Program (Defense Media Network) With all the discussion about the NSA's digital surveillance activities, the "Big Brother" analogy is becoming as trite as it is inaccurate. NSA systems analyst Edward Snowden's illegally disclosed information made the public keenly aware that the NSA gathers troves of metadata and digital content about foreign nationals and occasionally, U.S. citizens. This kind of surveillance has led many to liken the NSA's activities to the dictatorial menace in George Orwell's 1984. Yet this is a faulty comparison
How Snowden Might Help Cybersecurity (Lawfare) A few weeks ago the NYT had a piece by David Sanger about how the Snowden revelations will hurt if not kill the NSA's ambitious plans for cybersecurity defense in the U.S. homeland. "Administration officials say the plan, championed by Gen. Keith B. Alexander, the director of the National Security Agency and head of the Pentagon's Cyber Command, has virtually no chance of moving forward given the backlash against the N.S.A. over the recent disclosures about its surveillance programs."
Watchdogs call for surveillance authority changes (FierceGovernmentIT) Watchdog groups and information technology experts submitted comments to the Obama administration's National Security Agency surveillance review group as the deadline to do so closed Oct. 4
NSA tactics no better than a CYBERCRIME GANG, says infosec'er (Register) The NSA operates like a state-sponsored cybercrime gang using much the same tools and techniques as miscreants slinging banking trojans, one cynic has suggested. Anyone following the Snowden revelations knows by now that the NSA uses exploits and malware to spy on the online activities of targets, but ponytailed infosec expert Bruce Schneier has put together the clearest explanation to date on its methodology for running such attacks
Electronic Frontier Foundation bails from Global Network Initiative (Register) The Electronic Frontiers Foundation (EFF) has resigned from the Global Network Initiative (GNI), citing the presence of GNI members who co-operated with the NSA as making its ongoing involvement untenable
Obama's Efforts to Control Media Are 'Most Aggressive' Since Nixon, Report Says (Wired) The President Barack Obama administration has "chilled the flow of information on issues of great public interest," according to a Thursday report that amounts to an indictment of the president's campaign pledge of a more open government
Litigation, Investigation, and Law Enforcement
Lavabit Files Opening Brief in Landmark Privacy Case (Wired) Secure email provider Lavabit just filed the opening brief in its appeal of a court order demanding it turn over the private SSL keys that protected all web traffic to the site
U.S. shutdown forces delay in U.N. scrutiny of rights record (Chicago Tribune) The U.S. government shutdown has forced the postponement of U.N. scrutiny of its rights record, including over accusations of suspected abuses by the National Security Agency, immigration reform and access to abortion, activists said on Thursday
Legitimate users of Tor need not worry, says NCA (ComputerWeekly) The newly launched National Crime Agency (NCA) says criminals cannot hide on the hidden internet, but legitimate business users of anonymity software Tor are safe. The NCA has vowed to pursue criminal users of the hidden internet, known as the deep web or dark web, following the arrest of four UK men in connection with the Silk Road illegal online drugs market
The CIA Suspected Snowden Was Trying To Break Into Classified Computer Files In 2009 (Business Insider) In 2009 the CIA sent Edward Snowden home from Geneva amid suspicions that he was trying to break into classified computer files, Eric Schmidt of The New York Times reports. A supervisor wrote a derogatory report about Snowden in which he noted distinct changes in the CIA technician's behavior and work habits
First Picture Of Snowden In Russia Emerges (Sky News) Edward Snowden gets an award for "integrity in intelligence", in the first image of him to emerge since he left Moscow airport
NSA leaker Edward Snowden deserves a Nobel Prize, his father says (CNN) The father of NSA leaker Edward Snowden told reporters in Moscow that he thinks his son deserves a Nobel Peace Prize. He arrived there Thursday for his first visit with his son since the former government IT contractor fled the United States after leaking National Security Agency spy program details to the media
Canadian operator EasyDNS stands firm against London cops (Register) What's a UK crime unit doing messing around with DNS? Comment EasyDNS was the just the first of a number of global DNS operators who will be invited by a London IP crime unit to make one of their customer's domains, er, disappear. But the Canadian operator is standing firm
Skype under investigation in Luxembourg over link to NSA (Guardian) Ten years ago, the calling service had a reputation as a tool for evading surveillance but now it is under scrutiny for covertly passing data to government agencies
LulzSec Hackers Evade Irish Jail Time (Dark Reading) In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines — but so far no extradition to face charges in the U.S. Two men charged by authorities in Ireland with hacking the website of one of the country's biggest political parties have been spared jail time and will have their criminal records cleared
Latvian Accused of Creating Gozi Virus Released from Jail (Softpedia) On Thursday, the Latvian Prosecutor's Office announced that Deniss Calovskis, the man accused of being involved in the development of the Gozi virus, was released from jail. Calovskis was charged in the United States back in January 2013, along with two other individuals allegedly responsible for the creation and distribution of the malware
Nearly 50k patient credit cards compromised by insider (SC Magazine) As many as 46,000 patients of Arizona-based Scottsdale Dermatology may have had personal information compromised, but two suspects — one of them an employee of the medical practice's billing firm — have been arrested
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Forensics and Incident Response Summit EU (Prague, Czech Republic, Oct 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to make the most of this event from attending the Summit to registering for one or more of the post-summit training classes taught by SANS' top-rated instructors and course authors. Additional events such as DFIR Netwars, evening talks and the SANS Community Night will be taking place during that week too. This event promises to bring together the leading minds in digital forensics and incident response in the EU, as well as many other practitioners from a wide cross section of industries and company sizes. You will be able to share with all of them your challenges and find out new solutions that work, techniques and approaches you didn't even know existed.
International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, Oct 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through cyber-enabled data mining and knowledge discovery, distributed and parallel computing, cyber security, cloud computing, pervasive computing, mobile computing, Internet, wireless networks, cognitive systems, cyber information process, information discovery, e-health via cyber network, e-science, web technology, and network performance and tools. The research and development in these areas have received extensive attention in both the academia and industry to provide ubiquitous services for users. Various hardware and software designs, algorithms, protocols, simulations, and test-bed, and implementations are developed for distributed computing in an interconnected and distributed network environment. The purpose of CyberC is to provide a forum for presentation and discussion of innovative ideas, research results, applications and experience from around the world as well as highlight activities in the related areas.
VizSec 2013 (Atlanta, Georgia, USA, Oct 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.
Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, Oct 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.
USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, Oct 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit topics will focus on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security..
SNW Fall 2013 (Long Beach, California, USA, Oct 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.
Hexis Exchange (Athens, Greece, Oct 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.
Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, Oct 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.
NSU Healthcare Cyber Security Summit (Fort Lauderdale, Florida, USA, Oct 17, 2013) In today's modern healthcare systems, data is everywhere, including sensitive patient data that needs to be secured and monitored. Join top healthcare security professionals from Nova Southeastern University, AccessData, and RSA to hear about current regulations that affect healthcare companies of all sizes, ways to protect sensitive data, and learn techniques to monitor access for suspicious activity. If you are responsible for the privacy or security of your company's healthcare data, you will benefit from presentations from these leading experts in the field. NSU's Chief Information Security and HIPAA Security Officer, John Christly, will examine the threats to the privacy and security of todays' modern healthcare operations. You will also hear from experts from AccessData and RSA on how to detect and prevent data breaches. RSVP at the link.
Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, Oct 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.
Securing the Internet of Things Summit (San Francisco, California, USA, Oct 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.
13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.
Cloud Connect (Chicago, Illinois, USA, Oct 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.
cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, Oct 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.
Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, Oct 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.
Hack.lu 2013 (Luxembourg, Oct 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.
Joint Federal Cyber Summit 2013 (Washington, DC, USA, Oct 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.
NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, Oct 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security of information technology most of these products are not designed for the specific needs of small businesses. The techniques that will be discussed in the presentation are designed to address the most common threats encountered by small businesses without requiring significant expertise and expense. RSVP at the link.
BREAKPOINT 2013 (Melbourne, Australia, Oct 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.
FIRST Energy Symposium (Leesburg, Virginia, USA, Oct 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been greater. Many control systems are already networked and are target of sophisticated attacks. Organizations will benefit from having a specialized team to work on detection and handling of cyber attacks, analyzing incidents and sharing information with other security organizations. The FIRST Symposium will focus on lessons learned from attacks and technology and sector specific security aspects. Strong emphasis will be given to organizational issues like creation and operation of incident response teams.
SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.
RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..
NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.