The CyberWire Daily Briefing for 1.30.2013
Universal Plug and Play (UPnP), a common networking technology, is found vulnerable on several fronts, especially with respect to multiple buffer overflow vulnerabilities. The US Department of Homeland Security advises users to disable UPnP on their devices.
Ruby on Rails is found vulnerable to a new parsing attack, distinct from the flaws found earlier this month. A social engineering Trojan steals Facebook login credentials from players of Zynga Poker. Phony Windows 8 activators are stealing private information from those who download them.
HP disputes recent reports of printer vulnerabilities. Nonetheless printers that don't need Internet connectivity continue to open their networks to attack—they're often easy to locate through a simple Google search. Users are advised to secure them.
Alabama authorities release more information on the mid-January attack the state sustained, reassuring citizens that private information wasn't compromised.
The US economy unexpectedly contracted last quarter, and the news is expected to affect business purchasing, inventories, etc. The US Congress and Administration make little progress in avoiding budget sequestration, which the Pentagon regards as "more likely than unlikely." Michael Dell moves toward purchasing a controlling interest in his company. RIM renames itself "BlackBerry" as it launches BlackBerry 10. HP rolls out a suite of cyber security services.
Germany proposes requiring that search engines pay publishers for short blocks of text typically regarded as open to fair use.
The FBI intensifies its hunt for those who leaked information about Stuxnet last year. Congress asks Justice to justify its prosecution of Aaron Swartz.
Notes.
Today's issue includes events affecting Australia, China, Germany, Indonesia, South Africa, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP (CERT: Software Engineering Institute, Carnegie Mellon University) The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet…Universal Plug and Play (UPnP) is a set of network protocols designed to support automatic discovery and service configuration. The Portable SDK for UPnP Devices (libupnp) has its roots in the Linux SDK for UPnP Devices and software from Intel (Intel Tools for UPnP Technologies and later Developer Tools for UPnP Technologies). Many different vendors produce UPnP-enabled devices that use libupnp. As part of a large scale security research project, Rapid7 investigated internet-connected UPnP devices and found, among other security issues, multiple buffer overflow vulnerabilities in the libupnp implementation of the Simple Service Discovery Protocol (SSDP). Rapid7's report summarizes these vulnerabilities
Warning: New Hack Threat Leaves Millions at Risk of Cyber Attack (CNBC) The US Department of Homeland Security urged computer users on Tuesday to disable a common networking technology feature, after researchers warned that hackers could exploit flaws to gain access to tens of millions of vulnerable devices. The U.S. government's Computer Emergency Readiness Team advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack (Threatpost) Ruby on Rails flawA vulnerability exists in Ruby on Rails' JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL code, inject and execute arbitrary code and perform a denial of service attack on a Ruby on Rails app
Trojan stole over 16,000 Facebook credentials (Help Net Security) ESET discovered a social engineering Trojan horse that managed to steal the login credentials of more than 16,000 Facebook users. The "PokerAgent" Trojan targeted Zynga Poker, the most popular
Bogus Windows 8 activators collect users' private info (Help Net Security) Despite Windows 8 sales being not as good as Microsoft hoped, there is considerable interest in the new OS version. Still, not everybody wants to pay to try it out, and malware pushers are taking
Indonesian hackers protest hacker's arrest…by hacking (The Register) Hackers have been hard at work in Indonesia, defacing web sites left right and center in protest at the treatment of a local hacker who defaced the presidents web site earlier this month and could now face a 12 year jail term. Internet caf worker Wildan Yani Ashari, 22, was cuffed by police last Friday just over a fortnight after he replaced the home page of president Susilo Bambang Yudhoyono (SBY) with the message: This is a PayBack From Jember Hacker Team. Ashari, who hails from the East Java district of Jember, has been charged under local laws which could land him 12 years in the slammer and a maximum fine of IDR 12bn (784,000), according to local news site Detik
11 Sub-domains of University of New South Wales UNSW Hacked by s13doeL (Hack Read) A hacker going with the handle of s13doeL has hacked and defaced 11 sub-domains of Australias University of New South Wales. The hacker seems to found some kind of vulnerability on universitys server, allowing him to get it and hacked only the sub-domains but not the main domain. The hacked sub-domains belong to different departments and labs of the university such as Coastal and Regional Oceanography Lab, Neilan Laboratory of Microbial and Molecular Diversity, Water Information System for the Environment, The Australian Wetlands & Rivers Centre (AWRC), School of Computer Science and Engineering, Community Eye Health Program, Test domain of Physics Science, School of Materials Science and Engineering, Workshop & Conferences on Science program and sub-domain of Department of Psychology
Woolworths SA in cyber attack (iafrica.com) A website belonging to Woolworths South Africa has been subjected to a cyber attack. User data from the firm's media relations firm, including names, addresses, dates of birth and matric marks, was posted on the dumpz.org website
Cheyney University Admits Security Breach (eSecurity Planet) Cheyney University of Pennsylvania recently announced that an e-mail sent to university students on January 24 included an attachment containing current and former students' names, mailing addresses and Social Security numbers."Investigators say the employee in the Thornbury Township college's Bursar's Office sent the email but inadvertently attached more than 241 pages of personal information," writes NBC 10's Danielle Johnson. According to the AP, approximately 2,100 current and former students were affected
Anonymous threatens the US government with WikiLeak style revelations (Generation-NT) Late last week, the USSC governmental site was hacked by Anonymous, signalling the start of a hacking operation similar to WikiLeaks whereby they aim at revealing secrets sensitive to the United States of America. While citing the recent death of Aaron Swartz, Anonymous explains "With the death of Aaron, we couldnt wait any longer. The time has come to show the United States Justice department and their affiliates the real meaning of the word infiltration."Aaron Swartz was facing up to 50 years in prison and a 4 million dollar fine for having made 4 million scientific articles taken from universities public
The dangers of third-party code for cloud security (Help Net Security) Imperva announced a new report which examines the dangers of third-party code in cloud computing. In December 2012, a hacker breached Yahoo! with an SQL injection attack that took advantage of a vulnerability
48 percent of IT staff fear unauthorized access to virtual servers (Help Net Security) Data security in [virtualized] environments is often neglected by IT organizations, with 48% either reporting or suspecting unauthorized access to files on [virtualized] servers, according to Varonis
Cross-site scripting attacks up 160% (Help Net Security) Each quarter, FireHost reports on the Superfecta - a group of four cyberattacks that are the most dangerous - and warns that both Cross-Site Scripting and SQL Injection attacks have become even more
DDoS attack sizes plateau, complex multi-vector attacks on the rise (Help Net Security) Arbor Networks released its 8th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today's network operators
Internet-facing printers remain a huge risk (Help Net Security) Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search
HP Disputes Printer Security Vulnerabilities (InformationWeek) Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says
ALDHS details cyber intrusion of Alabama IT system (WSFA) Alabama Department of Homeland Security Director Spencer Collier on Tuesday discussed the recent cyber intrusion at the Alabama Information Services Division (ISD) and outlined action items he said the state is currently following as part of a
Alabama Department of Homeland Security: At this point, no personal data believed lost during cyber attack on state computers (al.com) The director of Alabama's Department of Homeland Security said today he believes, at this point, no personal information was lost during a Jan. 16 cyber attack on state computers, though he would not comment on who was behind
20 notorious worms, viruses and botnets (IT World) The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame
Security Patches, Mitigations, and Software Updates
iOS 6.1 Fixes 27 Vulnerabilities (Dark Reading) 20 remote code execution errors in the WebKit browser engine, a staple of Apple security updates, are fixed in the new release for iPhones, iPads, and iPod Touches. Some of the bugs fixed are quite old, with one reported in 2011
Serious security holes fixed in Opera - but Mac App Store users left at risk again (Naked Security) It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible. But…what if you didn't get your copy of Opera from the official website? What if, instead, you acquired your version of Opera for Mac from Apple's Mac App Store
Cyber Trends
Internet, social media least trusted industries for privacy (CNet) Internet and social media ranked at the bottom on a list of the most trusted industries for privacy, according to the Ponemon Institute. Released yesterday, Ponemon's "2012 Most Trusted Companies for Privacy" was compiled from a survey of U.S. adults asked to name the five companies they trust the most to protect the privacy of their personal information. Based on more than 6,700 responses, the Top 20 list did not include several tech players that had been on it in past years
RSA Security Analytics: Art Coviello on why Big Data is a big deal (CSO) If an event at RSA's Burlington, Mass., headquarters yesterday was any indication, attendees at RSA Conference 2013 can expect to hear a lot about Big Data as a security tool
The Two Classes of Cyber Threats (Slate) Against this backdrop, it is interesting to consider a recent report that the government plans to add 4,000 people to the Department of Defense's Cyber Command, which currently comprises only 900 personnel. In the current era of tightening federal
Video Surveillance Feeds Big Data (InformationWeek) For tasks including security and retail optimization, video increasingly meets data analytics. It's one more pressure on enterprise storage needs
Marketplace
US Economy Unexpectedly Contracts in Fourth Quarter (Wall Street Journal) U.S. economic momentum screeched to a halt in the final months of 2012, as lawmakers' struggle to reach a deal on tax increases and budget cuts likely led businesses to pare inventories and the government to cut spending
No Deal In Sight To Stop Sequester (Washington Post) Less than a month after averting one fiscal crisis, Washington began bracing Tuesday for another, as lawmakers in both parties predicted that deep, across-the-board spending cuts would probably hit the Pentagon and other federal agencies on March 1
Automatic Defense Cuts 'More Likely Than Unlikely,' Carter Says (Bloomberg Government) Deputy Defense Secretary Ashton Carter said today it is more likely than unlikely that automatic defense cuts of as much as $45 billion will be triggered March 1
Oil and gas infrastructure cybersecurity spending to increase (Help Net Security) As a highly critical sector, the oil and gas infrastructure should be one of the most secure, both physically and digitally. This is not the case
DoD's plans to boost cyber workforce could hit snags (FederalNewsRadio.com) The staff-up involves three tiers of cyber pros: Those to protect critical ... director of research for the SANS Institute on an interview with the Federal
Fort Meade commander Rothstein to leave in August (CapitalGazette.com) Chad Jones, spokesman for Fort Meade, confirmed Monday that Rothstein will be reassigned Aug. 8 at the end of his two-year tour of duty. The Army has not announced his next post, and isn't expected to name a successor to head the massive military
IBM, SAP team up on big data, cloud (Fierce Big Data) After thumbing its nose at Oracle recently by building its own in-memory database for big data called HANA, SAP expanded its long-time partnership with IBM (NYSE: IBM), in which IBM announced the launch of new new global cloud and big data services as part of the IBM SmartCloud Enterprise
Actian builds big data portfolio with Pervasive Software merger (Fierce Big Data) Actian Corp. a big data management solutions provider and owner of the analytic database Vectorwise, and Pervasive Software Inc. have announced that they are merging today. Actian will acquire all of Pervasive's outstanding shares for $9.20 per share or approximately $161.9 million
Oracle Wants Cloud Cake And Hardware Wins (InformationWeek) Oracle hopes infrastructure-as-a-service (IaaS) plan will help the company have its cake and eat it, too -- boosting Oracle hardware use and increasing cloud subscription revenue
Michael Dell Seeking Majority Control Of Dell Inc., Contributing As Much As $1 Billion Of His Own Personal Funds (TechCrunch) Michael Dell is trying to get control of Dell, Inc. with as much as $1 billion of his own personal funds. His goal: shift the company's focus from PC sales to a more enterprise focused company that can operate without the pressures of being a publicly traded company
Battelle Experts to Support U.S. Army Cyber Security (MarketWire) Battelle has won a contract to conduct in-depth information assurance research supporting the United States Army's Identity Management and Cryptographic initiatives. The $22. 4 million contract has a base of 10 months with two option years."Battelle is focused on delivering high-impact technical cyber solutions to address mission needs," said David Fisher, Vice President of Battelle's Cyber Innovation business
RIM changes its name to BlackBerry, launches BlackBerry 10 (Ars Technica) Can the new OS win the hearts of BlackBerry loyalists and new customers alike? It's been leaked and previewed and speculated about for months now: the only thing left to do with the BlackBerry 10 operating system is release it, and RIM—now formally known as BlackBerry—finally did that today at its press event in New York City
Why the new BlackBerry 10 phones won't stop RIM's dramatic contraction (Quartz) Tomorrow (Jan. 30), Research in Motion announces a handful of new BlackBerry 10 phones. The world already knows what they will look like and how they'll function, thanks to copious leaks. But that won't lessen enthusiasm for a slick new alternative to the mobile duopolists, Apple's iPhone and Google's Android. And doubtless it will inspire yet more breathless accountsof RIM's resurgence
BlackBerry 10 Has This CIO Singing Taylor Swift (InformationWeek) My enterprise will give the new BlackBerry 10 and BES careful consideration, but it appears our RIM romance is over
CRGT Names ICF, Northrop Vet Sal Fazzolari Strategic Development SVP (Govconwire) CRGT has appointed 30-year information technology industry veteran Sal Fazzolari senior vice president of strategic development, the company said Tuesday. He will report directly to Tom Ferrando, CEO and president, and have responsibility for identifying and developing strategies to grow revenue in the defense, intelligence and civilian government markets
Products, Services, and Solutions
SpiderOak To Release Open Source 'Zero Knowledge' Privacy Framework For The Cloud (Dark Reading) Framework can be applied on top of any existing application
F5 Enhances Application Delivery Security And Adds Cloud-Scale Capabilities (Dark Reading) BIG-IP Advanced Firewall Manager provides 640 Gbps of firewall throughput
Can RIM persuade Indonesians to keep loving their BlackBerrys? (Quartz) The gym inside Royal Condominium, an upscale apartment and leisure complex in Medan, a fast-growing city on the island of Sumatra, has a safety problem. People are reluctant to let go of their BlackBerrys while they exercise. At the start of spinning classes, instructors say, "Remember to drink water, and no BBM!"
Seagate teams up with Virident on next-gen PCIe SSDs (FierceCIO: TechWatch) Hard disk drive maker Seagate Technology and NAND flash memory specialist Virident Systems on Monday announced a partnership to work jointly on next-generation NAND flash-based storage products for the enterprise storage market. This includes both hardware and software components that can be deployed in data centers
Panda Security Launches Beta Version of Panda Cloud Office (Broadway World) This technology leverages Panda's Collective Technology to block Blackhole and Redkit exploit malware by analyzing its behavior. The solution is capable of
Lastline Announces New On Premise Solution That Detects Today's Rapidly Evolving Malware Threats (Dark Reading) Company launches actionable threat intelligence in the privacy of an organization's personal cloud
cPacket Networks unveils network performance and monitoring solution (Help Net Security) cPacket Networks announced a new network performance and monitoring solution that radically simplifies the way in which cloud and data center professionals pinpoint issues. This means they can find an
HP helps organizations define a security strategy (Help Net Security) HP announced a new set of security services that help organizations respond to, remediate and mitigate the impact of security breaches as they occur. Security breaches are increasingly disruptive
Technologies, Techniques, and Standards
Are Your Databases Audit-Ready? (Dark Reading) Development of policies, configuration management, encryption implementations, access control and monitoring all contribute to databases passing compliance checks
OMB releases Section 508 strategy (Fierce Government IT) Among the deliverables called for by OMB are for all agency chief information officers to appoint by March 25 a Section 508 coordinator and for CIOs and chief acquisition officers to by May 24 develop a plan and a schedule for completing a baseline assessment of Section 508 compliance on their websites and in IT procurement. The results of those assessments are due in December
Keep it secret, keep it safe: A beginner's guide to Web safety (Ars Technica) Understanding encryption is key to protecting yourself on the Web.My family has been on the Internet since 1998 or so, but I didn't really think much about Internet security at first. Oh sure, I made sure our eMachines desktop (and its 433Mhz Celeron CPU) was always running the latest Internet Explorer version and I tried not to use the same password for everything. But I didn't give much thought to where my Web traffic was going or what path it took from our computer to the Web server and back. I was dimly aware that e-mail, as one of my teachers put it, was in those days "about as private as sticking your head out the window and yelling." And I didn't do much with that knowledge
Implementing a Data De-Identification Framework (Infosec Island) Growing numbers of organizations are trying to figure out the benefits of anonymizing, or as HIPAA (the only regulation that provides specific legal requirements for such actions) puts it de-identifying, personal information. Healthcare organizations see benefits for improving healthcare. Their business associates (BAs) see benefits in the ways in which they can minimize the controls around such data
Surface Mapping Pays Off (Infosec Island) You have heard us talk about surface mapping applications during an assessment before. You have likely even seen some of our talks about surface mapping networks as a part of the 80/20 Rule of InfoSec. But, we wanted to discuss how that same technique extends into the physical world as well
H.265 video standard approved (FierceCIO: TechWatch) Work on a new video compression technology has been completed, heralding the promise of even higher quality video in the near future. The new High Efficiency Video Coding standard, or H.265, has been designed as a successor to the current H.264 standard, which is heavily used in online video streaming and Blue-ray discs today
Privacy tips for social networking, apps and geolocation (Help Net Security) Many people confuse data privacy and data security. While there are similarities, privacy and security are not the same thing. Data security focuses on the confidentiality, integrity and availability
The effectiveness of bug bounty programs (Help Net Security) Veracode released an infographic that examines the success of bug bounty programs. The past decade has witnessed major growth in demand for bug hunters, with online giants such as Google, Mozilla, Facebook
Practical steps to minimize data privacy threats (Help Net Security) Google comes across 9,500 new malicious websites each day and responds by sending notifications to webmasters. Nevertheless, these websites are just one of the many dangers threatening data privacy
Doing evil with data: a beginner's guide (Fierce Big Data) The concept of evil has been co-opted by spiritualists and makers of horror films to represent something otherworldly, an amoral force impressing its will from beyond. But evil is often simply a choice. It is a choice among humans deciding how they want to wield a new-found power or advantage. Big data presents such an advantage and there will be those who choose to use it for public and private benefit, and those who purposely choose to apply it in ways that harm others and benefit only themselves
Design and Innovation
Superb Realtime 3D Cyber-Attack Alert System in Japan (Hacker News) In the movies we always see mega bunkers with screens covering entire walls, all displaying ridiculous hacker related information. As the Internet grows larger, the cyber-attacks get ever more sinister and elaborate. Keeping an eye on all of them is of course an impossible task.
Research and Development
City Authorities Confirm Apple R&D Center Will Open In Shanghai This Summer (TechCrunch) According to a report in the China Business News (link via Google Translate), the Shanghai Municipal Commission of Commerce has confirmed that Apple will open an R&D and procurement management facility in the city this summer. Apple has been emailed for comment
Wanted: 40 trillion gigabytes of open storage, stat! (IT World) The world's storage needs are growing at an alarming rate, but are existing technologies ready to meet the challenge
Academia
Linganore High seniors team up, create FBI logo (Frederick News Post) Three Linganore High School seniors can now say they've done work for the FBI. Helen Snell, Alex McCaslin and Kate Russo teamed up to design a logo for the Baltimore bureau's newly formed Cyber Task Force. Their finished work will be featured on staff uniforms, letterhead and ceremonial items. "It's unreal," McCaslin, 18, said Monday during an interview at Linganore. "I feel like it does look professional." The badge features an eagle holding the state flags of Maryland and Delaware, which the Baltimore bureau encompasses, and binary code
Legislation, Policy, and Regulation
German Proposal For Search Engines To Pay For Displaying Publishers' Text Snippets Gets Expert Hearing (TechCrunch) Google is sounding a warning klaxon about a proposed law change in Germany which aims to strengthen copyright law for publishers by requiring search engines and online news aggregators to pay a royalty to display snippets of copyrighted text — such as the first paragraph of an article displayed within a Google News search. If the law passes, fines would be imposed for unlicensed use of snippets Text Snippets Gets Expert Hearing. Google Dubs It "Bad Law"
Partnering for Cyber Resilience (PCR) (World Economic Forum) The ability to provide a trusted environment for individuals and business to interact online is a critical enabler for innovation and growth. Digital transformation makes the protection and resilience of our shared digital environment a critical enabler for the economic growth of companies and countries. In recognition of this, and in response to the growing threats and risks in a digitally interconnected world, over 70 companies and government bodies across 15 sectors and 25 countries have joined forces to create the Partnering for Cyber Resilience initiative
Senate Democrats Outline Cyber-Security Intentions (Security Defence Agenda) Senate Democrats have released their cyber-security legislative agenda for the forthcoming Congress. With no reference to the Federal government regulating industries responsible for critical national infrastructures, the proposals stop short of the more ambitious Cyber-security Act 2012, which was defeated by Republicans. Keen Washington observers note that sense of Congress bills typically serve as a starting point, from which more comprehensive legislation can be introduced further down the line
Calling for a spectrum of intent in prosecuting hackers (Fierce Big Data) Not having a spectrum of intent for prosecuting and even pursuing hackers--that ranges from the innocuous to the most malicious--is like having only one murder charge that doesn't take into account manslaughter or self-defense. Christina Gagnier, a lawyer leading the Intellectual Property, Internet & Technology practice at Gagnier Margossian LLP, says it is time we created such a spectrum
Litigation, Investigation, and Law Enforcement
FBI intent on sniffing out those who leaked possible US Stuxnet role (Naked Security) Federal investigators in the US are tightening the screws on former senior government officials who might have leaked info about the Stuxnet worm
Congress Demands Justice Department Explain Aaron Swartz Prosecution (Wired) The two leaders of a congressional committee have sent a letter to the Department of Justice demanding a briefing on why the department chose to so fervently pursue charges against coder and internet activist Aaron Swartz, who committed suicide earlier this month. The committee leaders asked the Justice Department to explain what factors influenced its decision to prosecute Swartz and whether his advocacy against the Stop Online Piracy Act played any role in that decision
Hacker blackmailed over 350 women into stripping on their webcams, FBI says (Naked Security) The FBI has arrested a 27-year-old man, who they claim hacked the accounts of Facebook users, and coerced hundreds of women into stripping while he watched via Skype. Learn more about this case, and a history of other hackers who have spied on their victims via webcams
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.