The CyberWire Daily Briefing for 11.4.2013
Anonymous frontruns Guy Fawkes Day (tomorrow, November 5), claiming weekend exploits in Australia, Singapore, and Estonia. Singapore denies having sustained any attacks, but has stiffened its cyber defenses.
Newly observed malware appears to be targeting SAP users—it checks infected systems for installation of SAP client applications. CryptoLocker offers its victims more sophisticated ways of paying ransom. Analysts continue to examine the very large claims made for badBios; they remain interested but skeptical. Webroot follows the ongoing commodification of products offered in the cyber black market.
Lloyd's publishes an opinion piece entreating the shipping industry to take its cyber threats more seriously. Internet analysts see "ghettoization" of poor countries as threatening both security and commerce.
Huawei acknowledges it's got a security image problem. Swisscom, in a national tradition of privacy, offers cloud services to customers leery of US providers in the wake of NSA surveillance allegations. BlackBerry fails to find a buyer, changes its leadership, and seeks loans.
Google improves Chrome security features and remediation for compromised websites.
NIST plans to review its cyber guidance with a view to recovering some trust it fears it's lost. Security experts advise companies to monitor the deepweb: the opposition certainly does.
Germany and Brazil lead the trend toward—perhaps "wish for" is more accurate—Internet autarchy. US electronic surveillance policy continues to provoke chilly reactions internationally (tu quoque embarrassment aside) and domestically. NSA and State find themselves at odds over surveillance, Congress seeks to mollify European allies, and Defense may itself separate NSA from Cyber Command.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Estonia, France, Germany, India, Indonesia, Israel, Japan, Republic of Korea, Malaysia, Pakistan, Philippines, Russia, Singapore, Spain, Sweden, Switzerland, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Hackers launch major cyber attack on websites in Australia and Philippines (Independent) Hackers claiming links to international activist group Anonymous defaced dozens of websites belonging to Australian businesses and Philippine government agencies
Southeast Asian Websites Hacked Before Global Protest (Bloomberg) The Anonymous hacker group stepped up cyber attacks across Southeast Asia, targeting websites in the Philippines and Singapore before a global protest tomorrow against censorship and government corruption
Singapore Boosts Cyber Defenses After Anonymous Threat (SecurityWeek) The Singapore government said Monday it was on "heightened vigilance" following threats from the activist hackers' group Anonymous, but denied that any of its websites had already been compromised
Defense ministry site hit by cyber attack (Baltic Times) The web site of the Estonian Defense Ministry was hit by a cyber attack at round 9.30 a.m. on Nov. 1, while the rest of the ministry's IT systems work fine, reports Public Broadcasting
AIADMK website comes under cyber attack from Pakistan (India Today) The official website of AIADMK, the ruling party in Tamil Nadu, was hacked on Friday
New malware variant suggests cybercriminals targeting SAP users (CSO) The malware checks if infected systems have a SAP client application installed, ERPScan researchers said
CryptoLocker ransomware crooks offer "late payment penalty" option (Naked Security) The crooks behind the CryptoLocker malware seem to have introduced a second chance option for victims who change their minds about paying up
New trojan variant from fraud@aexp.com hidden in two different email formats (mxlab) MX Lab started to intercept a new trojan distribution campaign by email with the subjects "Successful Receipt of Online Submission for Reference 3649531? and "New Case"
The badBIOS Analysis Is Wrong. (RootWyrm's Corner) Look, I'm not known for pulling punches and I'm not about to start now. The fact is that everything I have read about #badBIOS is completely and utterly wrong; from the supposed "escaping air gap" to well.. everything. And I should know. I've dealt with malicious BIOS and firmware loads in the past. I've also dealt with BIOS development and modification for two decades. It's a very important skill to have when you regularly build systems that are well outside manufacturer 'recommended' areas
BadBIOS: Next–gen malware or digital myth? (InfoWorld) Security researcher's ongoing investigation into disturbingly stubborn malware infection inspires curiosity — and skepticism
badBIOS (Schneier on Security) Good story of badBIOS, a really nasty piece of malware. The weirdest part is how it uses ultrasonic sound to jump air gaps
Cybercriminals differentiate their 'access to compromised PCs' service proposition, emphasize on the prevalence of 'female bot slaves' (Webroot Threat Blog) From Bitcoin accepting services offering access to compromised malware infected hosts and vertical integration to occupy a larger market share, to services charging based on malware executions, we've seen multiple attempts by novice cybercriminals to introduce unique value propositions (UVP). These are centered on differentiating their offering in an over-supplied cybercrime-friendly market segment. And that's just for starters. A newly launched service is offering access to malware infecting hosts, DDoS for hire/on demand, as well as crypting malware before the campaign is launched. All in an effort to differentiate its unique value proposition not only by vertically integrating, but also emphasizing
Deceptive ads lead to the SpyAlertApp PUA (Potentially Unwanted Application) (Webroot Threat Blog) Whenever a user gets socially engineered, they unknowingly undermine the confidentiality and integrity of their system, as well as any proactive protection they have in place, in exchange for quick gratification or whatever it is they are seeking. This is exactly how unethical companies entice unsuspecting victims to download their new "unheard of" applications. They promise users the moon, and only ask in return that users install a basic free application. Case in point, our sensors picked up yet another deceptive ad campaign that entices users into installing privacy violating applications, most commonly known as PUAs or Potentially Unwanted Applications
Google–dorks based mass Web site hacking/SQL injecting tool helps facilitate malicious online activity (Webroot Threat Blog) Among the most common misconceptions regarding the exploitation (hacking) of Web sites, is that no one would exclusively target *your* Web site, given that the there are so many high profile Web sites to hack into. In reality though, thanks to the public/commercial availability of tools relying on the exploitation of remote Web application vulnerabilities, the insecurely configured Web sites/forums/blogs, as well as the millions of malware-infected hosts internationally, virtually every Web site that's online automatically becomes a potential target. They also act as a driving force the ongoing data mining to accounting data to be later on added to some
Hackers Grab VIP and Celebrity Details from Online Limo Service (Gizmodo) A hacker's broken into the databases of an online limousine service, grabbing details of more than 850,000 customers-including Fortune 500 CEOs, lawmakers, and A-list celebrities
The Department of Homeland Security and its obsolete Android OS problem (CSO) DHS warns public safety departments that their out-of-date Android devices are a security risk, but updating them is not always easy or simple
Cyber Trends
INTERNATIONAL: Shipping must wake up to the risk of cyber attack (Lloyd's List Australia) The shipping industry must mitigate the risk of its growing reliance on technology, which increases the vulnerability of both vessels and ports to hacking and cyber-attacks, PGI cyber and technology director Sebastian Madden has warned
The danger of cybersecurity 'ghettos' (CSO) Expert warns that without 'harmonization' of security standards among rich and poor nations, the global economy will decline and cyber risks will increase
Enterprise defenses lag rising cybersecurity awareness (CSO) Increased executive involvement and higher spending not enough, says study
Cyber war, what is it good for? A lot more than you might think (PRI) Cyber terror may sound like a good premise for a Hollywood blockbuster, but defense officials in Israel say cyber attacks are one of the biggest threats facing their country
We're About to Lose Net Neutrality — And the Internet as We Know It (Wired) Net neutrality is a dead man walking. The execution date isn't set, but it could be days, or months (at best). And since net neutrality is the principle forbidding huge telecommunications companies from treating users, websites, or apps differently — say, by letting some work better than others over their pipes — the dead man walking isn't some abstract or far-removed principle just for wonks: It affects the internet as we all know it
Marketplace
GAO Tosses Harris Protest Against $3.5 Billion Navy Network Contract (Nextgov) The Government Accountabilty Office denied Harris Corp.'s protest of the award of a $3.5 billion contract to HP Enterprise Services for the Navy's Next Generation Enterprise Network designed to serve 800,000 Navy and Marine users located in the United States
Global digital wars take Australia hostage (Australian Financial Review) In a single week the world's largest telecommunications equipment provider, Huawei, has swung from the prospect of being triumphantly welcomed back into Australia's national broadband network to having Prime Minister Tony Abbott humiliatingly reaffirm Labor's ban on China's national champion. Yet one of the most remarkable features of the untold Huawei story is how right up to December 2011 its top Australian executives thought they would be appointed a key NBN supplier when local intelligence agencies had blackballed the company in mid 2008
Huawei needs to overcome the 'image problem' attached to it, says its marketing chief (Economic Times) Huawei's new global marketing chief conceded that there is an image problem for the smartphone maker whose founder was a high-ranking Chinese military official. But it is not about security or espionage
Swiss telco's cloud aims to draw customers who are fearful of spying (Ars Technica) Swisscom's data storage may attract foreign companies wary of NSA
BlackBerry Takes $1B Investment From Fairfax, Others, Replaces CEO Thorsten Heins (TechCrunch) BlackBerry is replacing its CEO and some of its board of directors, according to official PR this morning. The push to replace CEO Thorsten Heins comes as BlackBerry's purchase deal with investor Fairfax Financial Holdings falls through, according to the release. Fairfax had until today to enter into a definitive agreement with BlackBerry, but reportedly had trouble finding the funds
Research, no motion: How the BlackBerry CEOs lost an empire (The Verge) With the now-renamed BlackBerry back in the news for all the wrong reasons, from large layoffs to an investment deal that has a new CEO stepping in, now's a good time to revisit our take on the smartphone pioneer's rise and fall. Published in early 2012, this story covers the company's history right up to the launch of its latest, long-awaited operating system
Products, Services, and Solutions
Google Debuts Nexus 5 With LTE And KitKat (InformationWeek) Google's Nexus 5 smartphone runs Android 4.4 KitKat operating system and starts at $349
Lightbeam shines a light on which websites you're really visiting (Naked Security) Do you really know where your browser goes when you type a URI into its address bar? Do you realise that that your browser not only accesses the site you intended but may also have visited 3rd party websites running connected services? Mozilla's Lightbeam shows you what's going on
'Canary' Chrome chirps when it smells malware (ComputerWorld) Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes
Bitdefender Antivirus Free for Android — Everything you need to know (Android Authority) Android has amazing security. In most cases, you don't need anti-virus or anti-malware app because Android rocks. For those of you that like to remain protected and enjoy peace of mind, we have for you a review of Bitdefender Antivirus Free. The app is provided by a security company called Bitdefender Antivirus who are well known for their anti-virus software
Google improves webmaster tools for hacked site recovery (ZDNet) When Google accuses you of serving malware or spam from your web site it's a humiliating outrage. The company has improved their tools for you to recover your site and its reputation
Researchers Sharpen Spear–Phishing With New Tool Leveraging Social Networks (Dark Reading) A new tool mixes data mining with natural language processing to help pen testers create more attractive spear-phishing messages
Technologies, Techniques, and Standards
Attack security literacy with brute force (SearchSecurity) Most organizations spend thousands of dollars on the latest technology to heighten security and yet overlook one of the lowest cost options available -- increasing security literacy in its employees. The ancient Chinese proverb is true: "Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime"
Note to Enterprises: It's OK to Monitor Computer Activities (SecurityWeek) Privacy advocates and security experts have long argued over whether employee computer-activity monitoring is an infringement of employees' rights or a necessary solution to ensure the security of data and the productivity of workers. Regardless of which side of the debate you are on, it is difficult to argue against the fact that in today's world organizations need to deploy at least some level of activity monitoring to protect themselves against the insider threat, other cyber risks and productivity loss. Without monitoring, it is far too easy for a malicious insider to steal IP or commit fraud, or for workers to visit unapproved and dangerous websites
Cyber–terrorists? Pah! Superhero protesters were a bigger threat to London Olympics (The Register) Seb Coe: Taxi drivers blocked from 2012-only lanes were also a bit testy. Protests from groups such as Fathers4Justice were more of a worry to London 2012 Olympic Games organisers than computer hackers, according to the former chairman of London 2012, Lord Sebastian Coe. He said procedures put in place before the Games to guard its IT systems - including Wi-Fi networks in stadiums as well as the main Olympics website - had worked well
A Conversation with Graydon Mckee on Protecting Intellectual Property and "Keeping Secrets Secret" (CSO) How do you protect the intellectual property of a company — especially in manufacturing — as it moves from groundbreaking idea to reality? That's the challenge Graydon McKee built a career solving. With expertise protecting the "supply chain" — specifically the Intellectual Property (the other IP we need to worry about) for brands most of us use and everyone recognizes
NIST to Review Crypto Guidance Methods (Gov Info Security) Noting that its integrity has been questioned, the National Institute of Standards and Technology has launched a formal review on how it develops cryptographic standards because of concerns that the National Security Agency might have corrupted its cryptography guidance
How do I deal with cyber attacks? (The Telegraph) Never open unexpected attachments, especially if they contain .pdf or .zip files, says Rick Maybury
The complete guide to not being that idiot who got the company hacked (Quartz) Every week there are headlines about a company getting its email, website, Twitter accounts or something else hacked. The reason? In a word: Employees
Protecting Your Family's Computers (Internet Storm Center) If your family members are anything like mine, by default you wind up being the tech support for your entire family just because you are the "techie" guy (or gal) in the family. A number of years ago I became frustrated by how often this role became a malware removal or rebuild role. Although there are no silver bullets to prevent a computer from being infected, I came up with a standard configuration that I apply to all of my family's computers to substantially reduce the likelihood of a serious infection. I have continually tweaked it over the years, but here is my current standard build
How are robots beating my CAPTCHAs? (Ars Technica) Understanding why your custom CAPTCHA just doesn't block spam
Monitoring Where Search Engines Fear to Tread (Dark Reading) The deepweb—anonymized networks that are not indexed by search engines—are hard to monitor, yet companies should seek out signs in their networks
Design and Innovation
The iPad Changes Everything: How Steve Jobs Created the Impossible 'Third Category' (Wired) Jobs laid out his new invention for the world as if he were helping his audience complete a vast jigsaw puzzle. He put up a slide with picture of an iPhone and a Macbook laptop, put a question mark between
Research and Development
Bristol researchers work to secure next generation chip-card payment technology (University of Bristol) Current chip technology used for purchasing items via credit and debit cards in shops was developed in the mid-1990s. EMVCo, the standard body which manages, maintains and advances EMV Specifications, is in the process of designing the next generation payment technology to meet long-term industry requirements. The activity will establish a common, robust technology platform for supporting contact and contactless/mobile interfaces for both online and offline transactions
Academia
The Education Issue: UMUC making a name in cybersecurity (Washington Post) Eight guys with laptops gathered one Saturday in a Prince George's County office park for a hunt. Joined by four companions logged in from elsewhere, these cyber-sleuths split into teams of six. The mission for each: Scour a simulated computer, or virtual machine, to find and neutralize 20 security threats. The game scenario called for them to "harden" the computer's system to ward off thieves and saboteurs
Inver Hills Community College looking for some cyber security aces (Pioneer Press) Inver Hills Community College is looking for a few cyber aces. The Dakota County college with a nationally regarded computer networking technology and security program is one of a handful of schools hosting a series of cyber-security competitions
Legislation, Policy, and Regulation
New secrecy law seen best serving bureaucrats (Japan Times) Yukiko Miki was shocked in 2012 when she received the results of the information disclosure request she filed with the Cabinet Office seeking the minutes of meetings held to discuss the creation of a state secrets bill
Report: US monitored high–priority Israeli military targets (Jerusalem Post) The US National Security Agency tracked "high priority Israeli military targets," a New York Times report said Sunday, citing classified files made public by fugitive former NSA agent Edward Snowden
Germany looks at keeping its Internet, e–mail traffic inside its borders (Washington Post) The news that the National Security Agency has its eye on much of the world's electronic communications has shocked Germans, who have memories of Nazi and Cold War-era spying. Now, an alliance of German phone and Internet companies claims it has a solution: German e-mail and Internet transmitted within German borders
Germany says it doesn't spy on the US (GlobalPost) Germany denied accusations Thursday that it spies on the United States. Germany's foreign intelligence chief denied that Berlin was using its Washington embassy to conduct spying operations
A post–Snowden US had better not SQUEAL about Chinese cyber–spying (The Register) Some countries spy. Get over it, says ex–Marine. Bill Hagestad, a US Marine Corps lieutenant colonel turned cyber conflict author and researcher, takes the view that all countries spy electronically and we should just "get over it"
Visits to Europe planned to counter NSA spying concerns (ABC 36) The chairman of a U.S. Senate subcommittee on European affairs said he is arranging a trip overseas to help address concerns about alleged NSA spying — and convince European leaders to continue anti–terrorism efforts with the U.S
GCHQ and European spy agencies worked together on mass surveillance (The Guardian) Edward Snowden papers unmask close technical cooperation and loose alliance between British, German, French, Spanish and Swedish spy agencies
US Senate committee backs law to continue phone–record collection (Help Net Security) A few days after a bill seeking to end the government's dragnet collection of phone records has been introduced by US Senator Patrick Leahy and Congressman Jim Sensenbrenner, the Senate Intelligence Committee has approved the FISA Improvements Act
NSA's Activities: Valid Foreign Intelligence Targets Are the Focus (IC on the Record) Recent press articles on NSA's collection operations conducted under Executive Order 12333 have misstated facts, mischaracterized NSA's activities, and drawn erroneous inferences about those operations. NSA conducts all of its activities in accordance with applicable laws, regulations, and policies — and assertions to the contrary do a grave disservice to the nation, its allies and partners, and the men and women who make up the National Security Agency
NSA chief Keith Alexander blames diplomats for surveillance requests (The Guardian) Barbed exchange with former ambassador over spying on foreign leaders likely to deepen rift with Obama administration
'Let Me Stress How Shocking These NSA Revelations Are': A View From Inside the Defense World (The Atlantic) "At some point it is wise to ascribe adult levels of understanding to the principal actors in this drama, no matter how impenetrable their deeper motives"
No morsel too minuscule for all-consuming NSA (New York Times) From thousands of classified documents, the National Security Agency emerges as an electronic omnivore of staggering capabilities, eavesdropping and hacking its way around the world to strip governments and other targets of their secrets, all the while enforcing the utmost secrecy about its own operations
Rein in the snoops (Houston Chronicle) Over the past few months, we Americans have discovered to our dismay that the National Security Agency has tentacles that can reach deeply into individuals' private lives, information and business. It's getting creepier by the day. Initial protestations by President Obama that the NSA isn't tapping our phones have proved inaccurate, to put it kindly
Mark Sanford a civil libertarian? (Politix) First big bill back in Congress aims to reign in NSA surveillance. The director of the National Security Agency would need to be confirmed by the Senate, under legislation offered by Rep. Mark Sanford
Troubling disclosures are likely to change how the NSA does its spying (Los Angeles Times) Revelations about National Security Agency snooping on foreign allies and domestic tech giants is expected to lead to new limits on American spying
Hacking is NSA's 'growth area,' Times says in agency profile (CNET) Drawing on thousands of leaked documents, The New York Times and the UK's Guardian offer up lengthy looks at the beleaguered spy agency
Responses to U.S. spying could change structure of the Internet (UPI) Proposals by Brazil, Germany and India to create separate networks to block U.S. spying could cause a breakup of the Internet, experts warn
A Controversial Week For The NSA (WAMC) This week, the National Security Agency fought back against criticism of it's operations following leaks from former contractor Edward Snowden that have revealed some of the scale of the agency's surveillance of Americans and people overseas, including heads of state of U.S. allies. NPR's Larry Abramson has been covering the story and joins us. Larry, thanks so much for being with us
NSA chief likely to be stripped of cyber war powers (The Hill) Senior military officials are leaning towards removing the National Security Agency director's authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions
The NSA and the State Dept. Go to War…With Each Other (Foreign Policy) New revelations that the U.S. has been eavesdropping on world leaders like German Chancellor Angela Merkel aren't simply straining Washington's relationship with Berlin. They're also sparking an increasingly public fight between the State Department and the NSA, with the nation's spies and the nation's diplomats trading shots about who's responsible for the mess
NSA Overreach Awakens Tech Giants (DefenseOne) The most recent round of National Security Agency revelations have prompted major tech firms to publicly take a stronger stance against government surveillance activities, an escalation that could portend a shift in the way Silicon Valley does business in Washington
Google challenges legality of NSA spying (The Telegraph) Google's executive chairman has condemned the NSA spying allegations as outrageous and a violation of the agency's mission
It beggars belief that Barack Obama knew nothing about his National Security Agency spying on world leaders (Mirror) It has left the nation this week asking itself what kind of leader does it want running the country
Slow start for cyber attack rescue service (SC Magazine) The Computer Incident Response (CIR) scheme to rescue businesses who have suffered a cyber attack has failed to get going despite being due since August with eight vendors trying and failing to secure accreditation
FAA Allows Electronics During Takeoff, Landing (InformationWeek) Federal Aviation Administration no longer sees mobile devices as threat to air safety
Europe expected to follow US on in–flight electronics rules (Ars Technica) Soon nary a flight will prohibit breaking out gadgets during takeoff and landing
Litigation, Investigation, and Law Enforcement
Defense chief vows to reform scandal–ridden cyber command (GlobalPost) Kim Kawn-jin made the remark during the parliamentary audit as the cyber command, which was created in 2010 to fend off online security threats, was
Snowden says calls for reform prove leaks were justified (Irish Times) Former contractor says debates about mass surveillance are bringing about change
Snowden publishes 'manifesto' as White House, lawmakers deny plea for clemency (NBC News) A German news magazine published a manifesto Sunday by former U.S. intelligence contractor-turned-runaway Edward Snowden as he pleaded with the U.S. government for clemency. In the statement, titled "A Manifesto for the Truth" Snowden said current debates over mass surveillance in countries across the globe have showed his revelations were helping to bring about change
Clemency for Snowden? U.S. officials say no (New York Times) If Edward J. Snowden believes he deserves clemency for his disclosures of classified government documents because they provoked an important public debate about the reach of American spying, he has failed to sway the White House and at least two key members of Congress
Media Hype Edward Snowden's Request for 'Clemency' — But Did He Even Ask for It? (The Nation) It was another momentous weekend in the months-long series of revelations about NSA spying or snooping or "data gathering" (if you will), highlighted by massive pieces in The New York Times and The Guardian about the agency attempting to secure every "morsel" of information out there, including tapping into Yahoo and Google and so on
Feds: Navy secrets bought with hookers, Gaga tix (Stars and Stripes) Nicknamed "Fat Leonard," the gregarious Malaysian businessman is well known by U.S. Navy commanders in the Pacific, where his company has serviced warships for 25 years
Wisconsin woman accused of posting love rivals' nude pics on Facebook (Naked Security) A woman from South Milwaukee, Wisconsin, faces stalking and identity theft charges after she allegedly hacked into her ex-boyfriend's email and stole information not only on him, but also on his other love interests
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TrustED 2013 (Berlin, Germany, Nov 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.
OKTANE 13 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
CyberInnovation Briefing (Baltimore, Maryland, USA, Nov 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.