The CyberWire Daily Briefing for 11.1.2013
Finland's Foreign Ministry was hacked in an evident case of foreign espionage. Finnish authorities are investigating, but say that Russia and China are the suspects.
Moroccan Ghost hacktivists vandalize Nigerian Defence Ministry sites, apparently over ongoing disputes concerning Sahara territory.
Anonymous protests Singapore Internet censorship by defacing the Straits Times' site and promising "to go to war" if the government fails to apologize and modify its policies. (In this context it's worth noting that Solutionary reports increases in both suspicious traffic and TOR usage. The last such TOR spike presaged Mevade exploits, and this warning appears a week before Anonymous-adopted holiday Guy Fawkes Day.)
Security analysts look into some very large claims for a virus called "BadBIOS," which allegedly does remarkable stuff, including jumping air gaps to compromise firmware. Seems implausible: the jury's still out.
Adobe apparently erred in encrypting passwords compromised in its recent breach: the encryption appears reversible.
You who remember Robin Sage, meet Emily Williams. Penetration testers created the catfish to test an unnamed "U.S. government agency with a high level of cybersecurity awareness." "Emily" built LinkedIn connections, distributed an online Christmas card (with Java applet) to her colleagues, opened a reverse shell, and then launched privilege escalation exploits.
The Atlantic Council warns that "overlapping pools of systemic risk" endanger the cyber sector the way sub-prime risk took down financials in 2008.
Surveillance accusations spread: Australian ambassadors are called onto Asian carpets. US Secretary of State Kerry says NSA surveillance went too far and will be corrected.
Notes.
Today's issue includes events affecting Australia, Bahrain, Canada, China, European Union, Finland, Germany, Indonesia, Republic of Korea, Morocco, Netherlands, Nigeria, Romania, Russia, Singapore, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Finland government network hit by serious cyber–attack (MyBroadband) Finland's foreign minister said foreign intelligence agents had carried out large-scale hacking into government communications
Finland Probes Hacking of Foreign Ministry Network (Bloomberg) Finland's Security Police is investigating the infiltration of the Foreign Ministry's data network by spies, Foreign Minister Erkki Tuomioja said
Moroccan Ghosts Defaces Nigerian Ministry of Defence Website over Sahara Dispute (HackRead) The official website of Nigerian Ministry of Defence has been hacked and defaced by world renowned hackers from Moroccan Ghosts hacking group. The site was hacked just few minutes ago, where the home page was left with a deface page along with a message. The page shows that site was defaced for an ongoing Sahara desert dispute between Morocco and Nigeria
Hacker Group Anonymous Targets Singapore with Cyber Attack Over Censorship (TIME) Group says it will be "forced to go to war" with Singaporean government
'Anonymous' hack puts Singapore on alert (Rappler) Activist group Anonymous hacked a Singapore newspaper website Friday, November 1, and threatened wider cyber attacks over Internet freedom, with government agencies reportedly on alert after the group said it would "wage war" with the city-state
Spike in suspicious traffic and TOR usage, says threat report (Help Net Security) Solutionary has released its Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q3 2013, providing intelligence on key security threats observed and intelligence gathered over the period
Know Your Enemy: Tracking A Rapidly Evolving APT Actor (FireEye Blog) Between Oct. 24–25 FireEye detected two spear-phishing attacks attributed to a threat actor we have previously dubbed admin@338.[1] The newly discovered attacks targeted a number of organizations and were apparently focused on gathering data related to international trade, finance, and economic policy. These two attacks utilized different malware families and demonstrate an ability to quickly adapt techniques, tactics, and procedures
The "BadBIOS" virus that jumps airgaps and takes over your firmware — what's the story? (Naked Security) "BadBIOS" is an unfolding story about a virus that is claimed to have some remarkable characteristics - such as jumping airgaps, spreading using sound waves, and taking over your firmware
Eavesdropping near-field contactless payments: a quantitative analysis (Journal of Engineering) This paper presents an assessment of how successful an eavesdropping attack on a contactless payment transaction can be in terms of bit and frame error rates, using an easily concealable antenna and low-cost electronics. Potential success of an eavesdropping attack largely depends on the correct recovery of the data frames used in the ISO 14443 standard. A near-field communication inductive loop antenna was used to emulate an ISO 14443 transmission. For eavesdropping, an identical inductive loop antenna as well as a shopping trolley modified to act like an antenna were used. The authors present and analyse frame error rates obtained with the authors equipment over a range of distances, up to 100 cm, well above the official maximum operating distance depending on the magnetic field strength
How an epic blunder by Adobe could strengthen hand of password crackers (Ars Technica) Engineers flout universal taboo by encrypting 130 million pilfered passwords. Four weeks ago, Adobe disclosed a sustained hack on its corporate network that threatened to spawn a wave of meaner malware attacks by giving criminals access to the raw source code for the company's widely used Acrobat and ColdFusion applications. Now, researchers are warning the same breach could significantly strengthen the password-crackers' collective hand by revealing a staggering 130 million passcodes used over the years by Adobe customers, many of them from the FBI, large corporations, and other sensitive organizations
Fake social media ID duped security–aware IT guys (IT World) Penetration testers used a faked woman's identity on social networks to break into a government agency with strong cybersecurity defenses
Think twice before you accept that 'friend' request (CSO) Human nature leads people to form communities and help each other—and that human nature can be turned against you with a fake social network account
Hacking a Reporter: Writing Malware For Fun and Profit (Part 1 of 3) (Trustwave SpiderLabs) Pando Daily editor Adam Penenberg recently published a story about my coworkers and I hacking his life entitled "I challenged hackers to investigate me and what they found out is chilling". If you haven't already, I strongly recommend that you read it. Pando Daily also published a follow-up blog post, "A reporter asked us to hack him, and here's how we did it", explaining our perspective on the project this week. We thought that some of our friends and readership might appreciate even more technical details about the infiltration. So we've decided to publish a three-part series of posts on the topic
Does healthcare.gov violate their own privacy policy? (ZDNet) Developer Ben Simo raises a number of security concerns about healthcare.gov, the Federal health care exchange site. In particular, he describes serious privacy problems in violation of the site's own policy
Healthcare.gov Faced Security Risks, Feds Were Told (InformationWeek) As HHS secretary Sebelius testified to Congress about the flawed rollout, a memo surfaced that predicted security risks due to inadequate testing
Personal cyber security, privacy protection: Read fine print in 'I Agree' (Fort Hood Sentinel) Web email and Internet applications can affect your privacy. How many times have you downloaded a free app or registered for a free email account and have had a dialog box to an End User Agreement to agree to before you can reap the benefits — five, 10 or a 100 times
How do spies bug phones? (The Economist) America's spooks are under attack from all sides. Leaks from Edward Snowden, a systems administrator turned whistleblower at the National Security Agency (NSA), America's signals-intelligence agency, have confirmed what the professionally paranoid long suspected: that the internet is insecure, and that modern spy agencies can—and do, on an industrial scale—tap virtually any form of online communication. But perhaps the most acute embarassment so far has been caused by the revelation that the NSA may have been listening to phone calls made by the leaders of America's allies, most notably those of the German chancellor, Angela Merkel. That it is possible to intercept mobile-phone calls will not surprise anyone who has watched a modern crime drama. But how exactly is it done
Boone Hospital Suffers Data Breach (eSecurity Planet) 125 patients' birthdates, Social Security numbers, medical diagnoses and prescribed treatments may have been inappropriately accessed
Genesis Rehabilitation Services Acknowledges Security Breach (eSecurity Planet) The names, addresses or e-mail addresses and Social Security numbers of 33 employees, agency employees, and applicants may have been exposed
Security Patches, Mitigations, and Software Updates
Google Chrome to Automatically Block Malicious Downloads (Threatpost) Google is panning to add a new feature to its Chrome browser that will block malicious downloads automatically, helping to prevent drive-by downloads and the kind of malware that rides along with supposedly legitimate software
Cyber Trends
Security misconceptions among small businesses (Help Net Security) More than 1,000 SMBs participated in a joint McAfee and Office Depot survey last month, and the majority (66 percent) felt confident that their data and devices are secure and safe from hackers, with 77 percent responding that they haven't been hacked
Call security to foil the cyber crooks (Sunday Times) Companies need information security officers more than ever, but they are in short supply
Romania registers 20 million cyber–attack alerts in first six months (actmedia) Romania registered 20 million cyber-attacks alters in the first six months of 2013, according to the Cert.ro data, the body registering the cyber security complaints and alerts.'The number of alerts is also increasing because the market of Romania also grew very much, because the servers and the other pieces of equipment enhanced very much in number and capacity and that is where this temptation came from,' Information Society Minister
Marketplace
Feds to take on greater role in procuring foreign investments (FierceGovernment) Administration officials laid out a plan to bolster the government's role in recruiting foreign investment into the United States through federal agency coordination during a Wednesday evening call for reporters
Cyber must avoid a 'sub–prime' situation, says Healey (FierceGovernmentIT) Cyberspace today looks much like the financial sector looked before 2008, said Jay Healey, director of the Atlantic Council's Cyber Statecraft Initiative. It's complex and interconnected but risk has not been fully assessed, said Healey, who spoke Oct. 23 at an event at the Atlantic Council in Washington, D.C
IBM ends legal fight against CIA cloud computing award to AWS (FierceGovernmentIT) IBM has dropped its legal case against the CIA's award of a cloud computing contract to Amazon Web Services, with Court of Federal Claims Judge Thomas Wheeler granting on Oct. 29 the company's motion to withdraw an earlier motion to stay his ruling that the CIA should procede with the AWS contract
Pulsant Awarded STAR Certification (SYS-CON Media) Cloud computing, managed hosting and colocation expert, Pulsant, has achieved the newly launched CSA STAR certification. The CSA STAR certification has been developed especially for cloud providers by Cloud Security Alliance (CSA) and BSI (British Standards Institution) and measures vendor security capability levels
Raytheon Starts UK Cyber R&D Competition for Small Businesses (ExecutiveBiz) Raytheon UK has started a contest for small- to medium-sized enterprises in the U.K. to research and develop ideas for defending against cyber threats
Cybersecurity Skills Gap Beginning to Have Real Effects on Business (InfoSecurity Magazine) The fact that there are not enough skilled cybersecurity workers is becoming an increasing drumbeat for those tasked with improving the security posture of both public and private sector businesses. A new study underscores that while it's essential that organizations continually evolve their security strategies to keep pace with the changing threat ecosystem, resource-strapped IT staffs are more often than not too bogged down by tactical activities to keep up
Cyber Security Executives Raise More Than $327,000 for Children (White Hat) The inaugural White Hat Gala raised more than $327,000 for children treated at Children's National Health System. Approximately 300 guests attended the festive black-tie optional gala at the Ronald Reagan Building in Washington, DC. Cyber security experts, leaders in the field, Government heads of the industry, VIPs, and Federal contractor executives, as well as Children's National friends and staff attended this exciting evening of food, entertainment, casino events, networking and inspiration
Products, Services, and Solutions
Salesforce.com Enables Private App Stores (InformationWeek) Salesforce Private AppExchange lets you put IT-approved applications in a customizable corporate app store. There's one catch, though
ViaSat, Green Hills Software team on 'military–grade' security for Android (FierceMobileIT) ViaSat Secured is integrating with Green Hills' Integrity Multivisor data protection platform
Dropbox Not So Spooky After All (Wired) Dropbox seems to be the poster child for all that is bad and scary about the cloud. IT is haunted by Dropbox (and really all file sharing apps for that matter) as it discovers that enterprise employees increasingly upload and share corporate content in the app. By nearly all accounts, Dropbox has the highest penetration into enterprises today
IPERC's Intelligent Microgrid Control System Selected as Cyber–Secure Microgrid Solution of Choice for DoD Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) (Sacramento Bee) IPERC's solution will help reduce the "unacceptably high risk" of extended electric grid outages in mission-critical environments
Blue Ridge Networks Launches AppGuard® Zero–Day Malware Protection (Herald Online) Blue Ridge Networks announced the launch of its latest version of AppGuard®, its revolutionary new zero-day malware protection software product for PC users. AppGuard has been a trusted security solution used successfully by discriminating enterprises and security professionals for some years to protect against zero-day malware
Meet The Company That Tracks More Phones Than Google Or Facebook (Forbes) Picture this scenario. A bored woman sits waiting in an airline lounge. She scrolls through her iPhone and taps on a brightly colored square to launch a free mobile game. In the instant before the app loads something extraordinary happens behind the scenes: an auction for her eyeballs, run by a company you've probably never heard of, called Flurry
Technologies, Techniques, and Standards
Forensic Software in Child Protection Cases (Forensic Focus) According to recently released statistics from ICAC, an agency whose aim is to make the internet safer for children, only 2% of reported child protection cases are investigated in the United States each year. Often the media seize every opportunity to disparage forensics organisations, child protection charities and law enforcement agencies for not coming up with more effective solutions to these cases, but the reality is that the investigation of illicit image distribution is a wide-ranging and complex area, fraught with difficulties
ForGe — Computer Forensic Test Image Generator (Forensic FOcus) Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer forensic tools and report results. Having already analysed test images by Brian Carrier over and over again, I found myself creating images manually, which appears to be the best and only way of doing this. One of my lecturers, Sean Tohill, confirmed this is indeed the case and a test image generator is long overdue
The threat within: How SMEs can protect themselves from light–fingered staff (Help Net Security) It hasn't been an easy time for small businesses. Where once cybercriminals shunned SMEs in favour of larger corporates, the threat landscape has changed drastically in recent years. According to the 2013 Information Security Breaches survey, 87 percent of small businesses had a security breach in the past year. However, while the threat from external attacks is undoubtedly rising - and SMEs are growing increasingly aware of it - another equally serious threat is silently lying in wait: the insider threat
ENISA Publishes Crypto Recommendations (InfoSecurity Magazine) In a technical report designed for technologists rather than consumers, the European Network and Information Systems Agency has produced a list of 'appropriate cryptographic protective measures', with recommendations for their use
Once–A–Year Risk Assessments Aren't Enough (Dark Reading) Why experts believe most organizations aren't assessing IT risks often enough. While it may be important that security organizations employ effective methods to walking through an IT risk assessment, the frequency with which they go through that process is almost as important as the means of carrying them out. Unfortunately, even when security organizations cover all of their bases in an IT risk assessment, if they don't assess often enough they could still be keeping themselves open to a great deal of risk
Continuous Monitoring and Mitigation (DataBreachToday) What are some of the unique challenges organizations face when they move into continuous monitoring and risk mitigation? Scott Gordon of ForeScout and Ken Pfeil of Pioneer Investments offer insight
That needle in the haystack of useful big data may be smaller than we thought (Gigaom) New research analyzing the log data churned out by applications developed on the Heroku platform as a service shows just how little of that data is actually useful to developers or devops personnel running those applications
Design and Innovation
Federal Cybersecurity Champions Honored (InformationWeek) National Institute of Standards and Technology senior scientist Ron Ross honored for creating risk management framework. The federal cybersecurity community on Tuesday honored some of this year's outstanding achievers who have helped improve computer security in the government, including one of its own for his work establishing cybersecurity requirements for federal agencies
Innovation Stalled? Bad Culture Defeats Good Strategy (InformationWeek) Your project managers' focus on meeting budgets and deadlines may be the root of your innovation stagnation. Here's how to change that culture
Academia
Class helps military children be safe, secure online (Belvoir Eagle) Military youth learned how to stay safe in cyberspace during the community's first "Safe and Secure Online" class for children Oct. 22 at the USO Warrior and Family Center. The event was sponsored by Booz Allen Hamilton as part of Holding Down the Homefront, a series of USO programs focused on taking care of military Families
'Centers of excellence' in information assurance education and research (Washington Post) Here are schools in Maryland, Virginia and the District that the National Security Agency and Department of Homeland Security have identified as "national centers of excellence" in information assurance education at the two- or four-year level. Those also identified as centers of excellence in IA research are noted with an R
Legislation, Policy, and Regulation
Australia said to play part in NSA effort (New york Times) Australia, a close ally of the United States, has used its embassies in Asia to collect intelligence as part of the National Security Agency's global surveillance efforts, according to a document leaked by the former agency contractor Edward J. Snowden and published this week in the German newsmagazine Der Spiegel
Australia ambassador summoned amid Asia US spying reports (BBC) Indonesia has summoned Australia's ambassador amid reports that Australian embassies have been used as part of a US-led spying network in Asia
Germany hopes for Snowden meeting on US spying (BBC) The German government says it is keen to hear directly from NSA whistleblower Edward Snowden about the US spy agency's activities
How Edward Snowden Escalated Cyber War (Newsweek) For more than a decade, a relentless campaign by China to steal valuable, confidential information from United States corporations flourished with barely a peep from Washington. And now it might never be stopped
US surveillance has gone too far, John Kerry admits (The Guardian) Kerry says certain practices occurred 'on autopilot' and vows to meet allies to repair damage caused by NSA spying revelations
Lawmakers Head To Europe To Address NSA Concerns (Huffington Post) U.S. lawmakers will head to Europe to help address concerns abroad about alleged U.S. spying and convince the Europeans of the need to continue joint anti-terrorism efforts with the U.S., the chairman of a Senate subcommittee on European affairs said Thursday
Hayden: Obama 'Rebalance' of US Intel Could Harm National Security (Newsmax) The National Security Agency (NSA) is being relentlessly pilloried by resentful detractors abroad -- and strident critics on the left and right at home -- which could force the Obama administration to weaken the intelligence community's ability to protect critical U.S. interests, former CIA head Michael Hayden wrote Thursday in a Wall Street Journal op-ed
Senate panel OKs limited surveillance rollbacks (Deseret News) Leaders of a Senate panel that oversees U.S. intelligence issues said Thursday it has approved a plan to scale back how many American telephone records the National Security Agency can sweep up. But critics of U.S. surveillance programs and privacy rights experts said the bill does little, if anything, to end the daily collection of millions of records that has spurred widespread demands for reform
Senate Committee Votes in Favor of NSA Phone–Records Snooping (Wired) A key Senate committee approved today a measure that would give congressional blessing to the NSA's bulk collection of domestic telephone metadata, and bolster the legal underpinnings of the controversial snooping program
Feinstein debuts NSA "reform" bill that's really about the status quo (Ars Technica) Senator Dianne Feinstein (D-CA) has been one of the most stalwart defenders of widespread NSA surveillance since leaks with information about the programs started seeping out nearly five months ago. Civil libertarians and reformers have been none too pleased with her rhetoric—and they're not going to get any happier after reading the bill she introduced today
USA Freedom Act Would Leash the National Security Agency (Bloomberg BusinessWeek) Edward Snowden's leaks revealing the National Security Agency's eavesdropping on U.S. citizens and foreign leaders have led members of Congress to demand greater limits on government spying. The USA Freedom Act, introduced on Oct. 29 in the House and Senate, would "rein in" the NSA's ability to gather information about unsuspecting citizens, say its authors, Democratic Senator Patrick Leahy of Vermont and Wisconsin Republican Representative Jim Sensenbrenner
Amid NSA spying revelations, tech leaders call for new restraints on agency (Washington Post) Mounting revelations about the extent of NSA surveillance have alarmed technology leaders in recent days, driving a renewed push for significant legislative action from an industry that long tried to stay above the fray in Washington
After NSA leaks, Google and others scramble to lock down security (The Verge) Relations between tech companies and law enforcement have frayed after it was revealed this week that the NSA tapped into private networks at Google and Yahoo. But a new report from The New York Times reveals how seriously many companies have taken the revelations, and what they're planning to do about it. Twitter has already moved to encrypt its direct messages, a measure that designers once thought unnecessary, and Google is already scrambling to secure their private network. As one security pro told the Times, "A lot of the things everybody knew they should do but just weren't getting around to are now a much higher priority"
NSA director says he's 'not wedded' to surveillance programs (Baltimore Sun) In a public appearance in Baltimore on Thursday, National Security Agency director Keith Alexander forcefully defended surveillance methods that have come under scrutiny this year but acknowledged that some of them may need adjustments
NSA Director Keith Alexander defends data collection during Baltimore visit (Baltimore Business Journal) Two things worry the director of the National Security Agency more than anything else: terrorism and cyber attacks. Gen. Keith Alexander on Thursday addressed members of the Baltimore Council on Foreign Affairs at the Hyatt Regency Hotel. Throughout his remarks, Alexander emphasized that protecting the United States is the NSA's top priority and insisted concerns over data collection have been overblown. "If you poll Americans, they believe that we are listening to their calls and that we are reading their emails," he said. "But that is not factually correct."
A historic opportunity to change how we spy (The Independent) This is about more than bugging allied foreign leaders — it's about public accountability
Two options for big data privacy: limit collections, or audit searches (FierceGovernmentIT) The advent of big data leaves federal policymakers with at least two opposite ways to ensure privacy--limit data collection, or allow agencies to store everything and later limit and audit database searches, as the National Security Agency has done with telephony metadata
Security Think Tank: Prism fallout could be worse than security risks (ComputerWeekly) In considering whether the data collected by Prism puts the US government at risk, it is worth considering whether the vulnerability comes as a result of it being apparent that all of this data has been collected and therefore presents a target, or the reaction to the will on the part of the US to collect it
EU Petition Seeks to Restrict Export of 'Digital Arms' (Threatpost) A Dutch member of the European parliament is supporting a grass-roots effort to restrict the export of surveillance software such as FinFisher and others, which are used by some governments and law-enforcement agencies to monitor their citizens' activities
Navy expands 'cyber warrant' program to attract more tech–savvy sailors (Navy Times) The Navy is increasing its ranks of cyberwarfare sailors — about 1,000 more could join Fleet Cyber Command by fiscal 2016. But those sailors need leaders, and a program designed to build the Navy's "cyber warrant" corps stumbled out of the gate. The Navy's not getting enough qualified applicants for designator 7430, cyber warrant officer, to supply the dozen or so cyber warrant billets it wants filled in the next two years
Violators of PII will Have AFNET Accounts Locked (Aurora Sentinel) "Beginning Oct. 24, we began locking out the AFNET account of individuals who were found to be inappropriately transmitting PII data via the AFNET," explained Major General J. Kevin McLaughlin, the Commander of 24th Air Force and Air Forces Cyber
Litigation, Investigation, and Law Enforcement
Spy agency, cyber command jointly meddled in presidential poll: lawmaker (Yonhap) The state spy agency and the defense ministry's cyber warfare command were jointly involved in an alleged campaign to sway public opinion in favor of the ruling party ahead of last year's presidential election, an opposition lawmaker claimed Thursday
EFF Makes Case That Fifth Amendment Protects Against Compelled Decryption (Threatpost) The Electronic Frontier Foundation, along with the American Civil Liberties Union, filed an amicus brief yesterday explaining the Fifth Amendment privilege against self-incrimination prohibits compelled decryption
Investigator told executive how to hack royal's phone, court told (The Telegraph) Private investigator employed by News of the World sent one of the paper's executives email explaining how to hack phone of royal, trial hears
Supermarket Chain Settles Massive Data Breach Lawsuit (eSecurity) Schnucks customers will be paid up to $10 per compromised credit or debit card
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
TrustED 2013 (Berlin, Germany, Nov 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.
OKTANE 13 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
CyberInnovation Briefing (Baltimore, Maryland, USA, Nov 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.