The CyberWire Daily Briefing for 1.31.2013
The Izz ad-Din al-Qassam Cyber Fighters appear to have suspended their denial-of-service campaign against US banks. The group says it's satisfied by the disappearance of "The Innocence of Muslims" from YouTube.
Back in October the New York Times published a story about the wealth questionably accumulated by the family of China's premier. Chinese hackers (possibly under state direction or influence, possibly simply "patriotic") quickly initiated a four-month cyber campaign against the paper. Mandiant, which the Times hired to remediate the attacks, found the malware infestation largely bypassed Symantec tools the Times had relied on for protection. (Symantec points out that it's unwise to rely on signature-based defenses alone.)
Familiar bad actors return to the news. Moroccan Ghosts attack Vietnamese government sites, the Reveton Trojan introduces encryption to make it harder for ransomware victims to remove it, the architects of China's Great Firewall may have been responsible for recent GitHub attacks, and prominent American knuckleheads NullCrew give an interview in which they (sort of) explain what passes for the reasoning behind their attacks ("the system is run by rich ***holes").
Chinese Android users suffer from "Bill Shocker" malware, which induces a phone to send costly messages. Bill Shocker is likely to spread globally.
Firefox, in an effort to deflect drive-by attacks, will now default to refusing plug-ins. Cisco finds legitimate sites serving more malware than traditionally dodgy ones.
IBM introduces a big-data security tool designed to flag and stop insider threats. The FBI's pursuit of Stuxnet leakers arouses press freedom concerns.
Today's issue includes events affecting Antigua and Barbuda, Australia, China, Czech Republic, Estonia, European Union, Iran, Israel, Morocco, NATO, New Zealand, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Muslim vid protest hackers turn web-flood hosepipe away from US banks (The Register) Islamist hackers busy blasting bank websites with network traffic have suspended their assault after a controversial anti-Muslim video ceased to be available through YouTube. The Izz ad-Din al-Qassam Cyber Fighters crew launched a series of distributed denial-of-service (DDoS) attacks in September and December, with the stated aim of protesting against extracts of the Innocence of Muslims film appearing on Google's video clip site. The search giant restricted the availability of the video in some countries following a wave of protests across the Middle East.
US, Israel constantly conducting cyber attacks against Iran: Eric Draitser (PressTV) An analyst says the United States, Israel and Western imperial powers have a long-standing policy of using cyber attacks as a form of aspersion particularly against the Islamic Republic of Iran
Chinese Hackers Target New York Times In Four-Month Cyber Attack (Fast Company) The cyber attacks date back to when the newspaper published an expose detailing the wealth accumulated by the previous Chinese
Symantec Statement Regarding New York Times Cyber Attack (Marketwire) As a follow-up to a story run by the New York Times on Wednesday, Jan. 30, 2013 announcing they had been the target of a cyber attack, Symantec ( NASDAQ : SYMC) developed the following statement
Moroccan Ghosts Hack and Deface 12 Vietnamese Government Websites (Softpedia) Hackers of the Moroccan Ghosts group have breached and defaced 12 websites belonging to various Vietnamese government institutions. The affected sites include the ones of the CC TH Y Department of Animal Health, the National Committee on Ageing, the Ho Chi Minh Communist Youth Union of the Ninh Binh Province, and the Vinh Ho Chi Minh City Youth Union. Many of the sites are hosted on the main domain of the Ministry of Labour Invalids and Social Affairs
Data encryption adds twist to ransomware (CSO) Reveton Trojan now encrypts images, documents and executables to thwart victims from removing the malware
FedEx-themed malicious emails bombarding inboxes (Help Net Security) FedEx customers are constantly targeted with malicious emails supposedly coming from the global courier delivery service, but since the start of the year, FedEx-themed spam has become more plentiful
Malware controls 620,000 phones, sends costly messages (Help Net Security) A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the "Bill Shocker" (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide
God Horses are Floating Clouds: The Story of a Chinese Banker Trojan (Threatpost) In China these days, e-commerce has become an important part of daily life, especially among young people. According to a report from CNNIC (China Internet Network Information Center), the number of Chinese e-commerce users reached 242 million at the end of the December 2012. This is nearly half of all Chinese internet user
Critical vulnerability affects latest VLC media player version (CSO) Versions 2.0.5 and earlier of the popular VLC media player software contain a critical vulnerability that can be potentially exploited by attackers to execute malicious code on computers
Great Firewall architects fingered for GitHub attack (The Register) The Chinese computer scientists who helped build the countrys infamous Great Firewall may have been responsible for a man-in-the-middle attack on users of GitHub after they were named and shamed on the social code sharing site. This is the theory put forward by GreatFire. org, a not-for-profit organisation which monitors and reports on online censorship in China
Hackers unveil latest Apple iOS 6 jailbreak website (CSO) The untethered jailbreak software will go through testing before it is released. Apple software hackers unveiled a website late Wednesday where the latest untethered jailbreak is expected to be released soon. An elite team of hackers has been working for months to develop an untethered jailbreak for iOS 6, Apple's latest operating system, which would allow users to customize their phones and install applications not vetted by Apple
Feds stumbling after Anonymous launches 'Operation Last Resort' (ZDNet) The U.S. Department of Justice still has two Federal websites down since Friday when Anonymous launched 'Operation Last Resort' demanding legal reform. The U.S. Department of Justice still has egg on it face after hacktivist group Anonymous launched 'Operation Last Resort' commandeering Federal websites, threatening to release government information, and demanding legal reform. Late evening Friday, January 25, U.S. Sentencing Commission website was hacked and government files distributed by Anonymous in what the group calls "Operation Last Resort" in response to the recent, tragic suicide of hacktivist Aaron Swartz
E Hacking News Interview with The hacker group NullCrew (E Hacking News) Today, EHN had an interview with the hacktivist group NullCrew who recently leaked the data from UN Wasatch and Wisconsin University site. In the past , the group breached the World Health Organization(Who) , PBS, UNESCO Etxea , Ford, DHS's Study in the States and Sharp Electronics UK, University of North Carolina , Yale University, South Africa's Leading ISP Directory site and more sites. Why did you attack those sites
How Yahoo allowed hackers to hijack my neighbor's e-mail account (Ars Technica) Web bugs can have serious risks, especially when they fester for eight months. When my neighbor called early Wednesday morning, she sounded close to tears. Her Yahoo Mail account had been hijacked and used to send spam to addresses in her contact list. Restrictions had then been placed on her account that prevented her from e-mailing her friends to let them know what happened
Facebook Killed Off 37% Of Spammers Since June 2012 (TechCrunch) If you've ever gotten a fake friend request, you know Facebook has spammers. But it's winning the fight against them. Facebook's estimate of the total percentage of monthly users that are "undesirable" or spammer accounts dropped to 0.9 percent from 1.5 percent in June 2012. That means there's only around 9.5 million of these trouble-makers on the site, down 37 percent from 15.1 million in
Security Patches, Mitigations, and Software Updates
PayPal plugs SQL injection hole, tosses $3k to bug-hunter (The Register) PayPal has fixed a security bug that could have allowed hackers to compromise the payment website's databases using an SQL injection attack. Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing list explained the scope of the vulnerability, which was fixed this month
Firefox will block by default nearly all plugins (Help Net Security) Following the recent debacle of the critical Java 0-day that was being actively exploited in the wild, in an attempt to minimize its users' attack surface Mozilla has enabled "Click To Play" for recent
Nearly Half Of IT Staff Fear Unauthorized Access To Virtual Servers (Dark Reading) Varonis research reveals virtualization is still black box for IT security. Research conducted by Varonis, the leading provider of comprehensive data governance software, found that data security in virtualized environments is often neglected by IT organizations, with 48% either reporting or suspecting unauthorized access to files on virtualized servers. The study, conducted at VM World conferences[i], suggests that there is a limited awareness of security matters when it comes to virtualized servers, with 70% of respondents having little or no auditing in place on virtual servers
Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says (Dark Reading) About a third of all malware is encountered in the U.S., Cisco annual security study finds. Legitimate sites and advertisements on the Web are much more likely to deliver malware than "shady" sites, according to a new study released Wednesday. According to the Cisco 2013 Annual Security Report, the highest concentration of online security sites does not come from "risky" sites such as pornography, pharmaceutical, or gambling sites, but from everyday sites
Service Disruption or Destruction: Which is Worse? (Threatpost) Outcomes in security tend to be about data loss; stolen pharmaceutical formulas, jet fighter blueprints, patient records, credit card numbers etc. All of these come with a great cost to the victim and make for sexy headlines. But far too little is dissected and analyzed about service disruptions
BSIA Research Underlines The Strong Demand For The Security Systems In The Middle East Marketplace (Source Security) The results of new research carried out on behalf of the British Security Industry Association's Export Council, to coincide with the recent Intersec 2013 event in Dubai, underlines the strong demand being seen in the Middle East marketplace for the latest security systems from UK businesses, despite increased international competition, and also brings into sharp focus the key technology trends such as HD CCTV, PSIM and hybrid solutions that have been center stage over the past 12 months. The vast majority of the Export Council's member companies (87%), who responded to the survey, confirmed that they are active in this pivotal region. Of those questioned, 40% reported that they had witnessed a notable increase in revenues derived from the Middle East over the past 12 months
U.S. Growth Halted As Federal Spending Fell In 4th Quarter (New York Times) The federal government helped bring the economic recovery to a virtual halt late last year as cuts in military spending and other factors overwhelmed the Federal Reserves expanded campaign to stimulate growth
Defending Against Defense Cuts (USA Today) As Washington debates "sequestration" -- automatic budget cuts that threaten to slash $600 billion from the Pentagon budget by 2023, beginning March 1 -- the defense industry, and cities relying on it, know sequestration isn't half the problem
Let The Sequesters Begin, Some Republicans Say (Washington Times) Congressional Republicans are preparing to let $85 billion in automatic spending cuts begin to bite March 1, saying they have become convinced that letting the "sequesters" take effect is the only way they will be able to wrangle real spending cuts from President Obama
Contractors Keeping Their Cool As They Close In On Sequester (Washington Post) The next few months could look even scarier than the last few for defense contractors already battered by federal budget cuts, thanks to the threat of automatic reductions looming in March. But industry executives had a surprising message for shareholders this week: Don't worry about it
NATO Chief To Warn Defence Cuts Could Endanger Alliance's Power (Reuters.com) NATO's military power and global influence could be put at risk if allies continue to slash their defence budgets while emerging powers boost theirs, NATO's chief will warn on Thursday
ManTech, SAIC Vet Terry Ryan Joining VT Group As CEO (Govconwire) VT Group has appointed Terry Ryan, formerly chief operating officer of ManTech International's (NASDAQ: MANT) emerging markets group, to succeed the retiring David Dacquino as CEO. The Arlington, Va.-based defense contractorAny person who enters into a contract with the United States for the production of material or or the performance of services for the national defense. said Ryan will assume the chief executive role Monday
Deloitte's Robin Lineberger to Co-Chair Industry Commission on Improving Federal Procurement (Government Computer News) The Professional Services Council has announced the creation of a commission that will identify the barriers to effective and innovative government procurement, according to an FCW article
Cisco buys Czech cyber security firm (Biz Journals) Cisco Systems is beefing up its security by picking up Cognitive Security, a Prague-based that uses artificial intelligence to detect cyber threats. Cognitive Security was founded in August 2009 and is led by CEO and founder Martin Rehak, who is also a researcher at the Czech Technical University. The Czech company opened a branch office in Silicon Valley in April 2010
Sierra Wireless to use $100 million from AirCard sale to acquire M2M firms (Fierce Mobile IT) Sierra Wireless plans to put the $100 million it plans to clear from the sale of its AirCard business to NetGear into acquisitions of machine-to-machine communications firms, according to Jason Cohenour, the firm's president and chief executive officer. Cohenour told FierceMobileIT that Sierra Wireless has decided to focus its business solely on the M2M market. The sale of its consumer-focused AirCard mobile broadband device unit to networking firm NetGear is a key step in that effort, he said
Lockheed Helping AF Run Mission Planning Software (Govconwire) Lockheed Martin (NYSE: LMT) has won a $49.6 million contract to help the U.S. Air Force sustain and maintain software applications for mission planning and analysis. The Defense Department said the Air Force received two offers for the indefinite-delivery/indefinite-quantity contract through an open competition. Under the IDIQIndefinite Delivery Indefinite Quantity, the company will help run
Report: Dell Nearing Buyout Deal, Microsoft Involved (Govconwire) Dell (NASDAQ: DELL) is nearing a deal for a buyout led byBudget Year California-based private equity firm Silver Lake Management LLC, Bloomberg reports. Microsoft (NASDAQ: MSFT) could provide some funding and Michael Dell could contribute between $500 million and $1 billion of equity financing for the deal, the report said. Michael Dell currently holds a
Michael Dell needs to make sure he's not getting a sweetheart deal for his own firm (Quartz) Michael Dell is trying to take back control of the company he founded—but he'd better be careful about how he does it. Dell, who is teaming up with private equity firm Silver Lake and Microsoft to take the eponymous PC maker private, is reportedly seeking a majority stake. He owns about 16% of the company now, and is willing to kick in at least $4 billion in equity as part of a deal that could be worth at least $22 billion
Apple customers less confident about data security, claims survey (CSO) Apple first entered the Trusted Companies list in 2009 ranking at number 8. This year Apple didn't make the cut
Products, Services, and Solutions
New GreenSQL 2.3 Version Strengthens Underlying Database Security Technology While Further Simplifying User Experience (Dark Reading) Version 2.3's database security policy automatically detects SQL injection attempts
ServerSpace Launches UK's First Enterprise-Level DDoS Protection For SMBs (Dark Reading) New solution incorporates two levels of behavior analysis
Ticketmaster's New CAPTCHA Security Is Solve Media, Replaces Google (Dark Reading) Fans will be presented with phrases, questions, or ads from Solve Media instead of hard-to-read mix of characters
Data-Loss Prevention? There's A Service For That (Dark Reading) Companies have started offering pay-as-you-go services for data-loss prevention to reduce the complexity and the upfront costs
IBM security tool can catch insider threats, fraud (CSO) IBM today rolled out a tool it says can cull massive terabytes of data, including email -- to help customers detect external attacks aimed at stealing sensitive information or insider threats that might reveal corporate secrets. The tool, called IBM Security Intelligence with Big Data, is built on top of two core IBM products: the IBM enterprise version of open-source Hadoop database with analytics tools known as InfoSphere BigInsights, plus the IBM QRadar security event and information management (SIEM) product that IBM obtained when it acquired Q1 Labs back in 2011
Kaspersky Lab adds mobile and system management to its business security offering (CSO) 'Kaspersky Endpoint Security for Business' includes tools for data encryption, mobile device management, system administration and more
Panda Adds Anti-Exploit To Cloud Solution (Channelnomics) Panda Security Inc. is still solidly on board the advanced threat bandwagon with the beta launch of its Panda Cloud Office Protection Advanced 6.50
SaaS mobile device, application and data management solution (Help Net Security) AppSense released MobileNow, a SaaS based mobile device, application and data management solution designed for Enterprise and Mid-Market organizations that bridges application/data access, corporate
RSA Security Analytics leverages big data (Help Net Security) RSA released RSA Security Analytics – a transformational security monitoring and investigative solution designed to help organizations defend their digital assets against internal and external threats.
IBM Expands Enterprise Cloud Services (InformationWeek) IBM SmartCloud Enterprise+ can host SAP, other enterprise apps, and offer uptime rates of 99.7%
MS Office 2013 Upgrade: 4 Points to Consider (InformationWeek) Microsoft Office 2013 offers some compelling new features, especially for mobile users. But how will buyers respond to the new version's license shake-up and cloud emphasis
Technologies, Techniques, and Standards
Going Green With Your Ones and Zeros (Dark Reading) For better security, use less data. I know what you're thinking. "This is the same person who wrote Log All The Things, right?" And of course everyone wants to Log All The Things, because Big Data. But there's another angle to logging and monitoring, along with all the rest of your enterprise data, and that's what I'm calling the principle of least use
Practical steps to minimize data privacy threats (Help Net Security) Google comes across 9,500 new malicious websites each day and responds by sending notifications to webmasters. Nevertheless, these websites are just one of the many dangers threatening data privacy
How do you protect your phone and your data? (Help Net Security) Given the risks we run in not securing our phones, you'd be forgiven for thinking it must be a task requiring a doctorate in computer science. In reality, however, securing a smart phone can take only
Design and Innovation
Hold The Phone, I Want My Dick Tracy Watch (TechCrunch) A few days ago, I read Nilay Patel's review of the Pebble smartwatch for The Verge. Like many others, I bought a Pebble on Kickstarter, and I can't wait to try it out myself. But one part of Patel's review stuck out at me in particular: Any incoming notification will quietly buzz the Pebble and light up the screen. Frankly, it's great — being able to see who's texting, emailing, or
Research and Development
Researchers use Twitter to track flu outbreak (CSO) As influenza remains elevated across the U.S., Johns Hopkins builds tracking tool
Mark Cuban's Awesome Justification For Endowing A Chair To 'Eliminate Stupid Patents' (TechCrunch) Outspoken billionaire, Mark Cuban, is fed up with America's patent system. "Dumbass patents are crushing small businesses. I have had multiple small companies i am an investor in have to fight or pay trolls for patents that were patently ridiculous," he says in an email to TechCrunch
You can't learn life's most important lessons in an online classroom (Quartz) Would you rather attend a local live concert with music performed by a fine, amateur orchestra, or listen to a masterful rendition of the same music recorded by a world-renowned musician? That was the question a colleague posed to me recently as we were debating the merits of online education
Legislation, Policy, and Regulation
Senators Seek Permanent Extension Of Internet Tax Ban (TechCrunch) Congress is looking to keep popular Internet-only services, such as email and social networks, permanently free of taxes. Sen. Kelly Ayotte and Sen. Dean Heller are seeking a permanent extension of the original 1998 Internet Tax Free Act, which is set to expire in November 2014. "E-commerce is thriving largely because the Internet is free from burdensome tax restrictions. Unfortunately, tax
EU plan to voluntarily remove 'terrorist content' finally concludes (Ars Technica) Lawmaker says after two years CleanIT "won't lead to an acceptable result." If CleanIT has its way, ISPs and web hosts will agree to a voluntary set of guidelines to "reduce terrorist use of the Internet." During the last two years, CleanIT, the European Commission-funded project group to "reduce terrorist use of the Internet," has met on a regular basis trying to come up with a set of voluntary general principles to achieve that vague goal. Earlier this month, the group published its "final report," in which it called for a "flag this as terrorism" content button in your browser
National Security Strategy considers risk management (ethos Corporation) The National Security Strategy which discusses the means of increasing the country's safety over the next ten years, has officially been launched by prime minister Julia Gillard. The document complements the Asian Century white paper and will strive to ensure Australia takes advantage of the opportunities it is presented with, while keeping focused on national security efforts. Gillard emphasised that policies need to be updated as new threats arise, showing how important it is for those in risk management jobs at government level to constantly be aware of external pressures.
Estonias DM Stresses EU-NATO Cyber Cooperation (Defense News) Estonian Defense Minister Urmas Reinsalu strongly supported EU-NATO cyber defense cooperation at the Jan. 30 Global Cyber Security Conference here. Noting that NATO had agreed on a policy in 2011 and the EU is about to come up with a cybersecurity strategy, he said it would be unreasonable to duplicate efforts, and called for a strategic-level vision of goals and measures. Possible actions could include EU-NATO exchanges on standards and regulations plus cyber defense pooling and sharing, for example, in relation to cyber incident management
After leaving Senate, Jon Kyl softens on cyber-defense order (Politico) Former Arizona Sen. Jon Kyl has backed off his staunch objection to a presidential executive order aimed at beefing up the nations cyberdefenses a prospect he only months ago asserted would be unconstitutional overreach. The former GOP whip complained that both Senate Democrats and the U.S. Chamber of Commerce long one of his key allies have been unbending and unreasonable. The government is vulnerable, our information technology infrastructure is vulnerable, the electric grid is obviously vulnerable as is the banking system, Kyl said during an interview with POLITICO in a barren office at the American Enterprise Institute, where he is holding fort as he decides which Washington law firm to join
Litigation, Investigation, and Law Enforcement
Is It Illegal To Unlock a Phone? The Situation is Better - and Worse - Than You Think (EFF) Legal protection for people who unlock their mobile phones to use them on other networks expired last weekend. According to the claims of major U.S. wireless carriers, unlocking a phone bought after January 26 without your carrier's permission violates the Digital Millennium Copyright Act (DMCA) whether the phone is under contract or not. In a way, this is not as bad as it sounds
Activists Flood Government Agencies With FOIA Requests in Tribute to Aaron Swartz (Wired) In honor of the transparency fights that coder and internet activist Aaron Swartz led while alive, an online records processing service has submitted more than 100 public records requests on behalf of members of the public. Muckrock, a site that processes public records requests for a fee on behalf of journalists, lawyers, activists and others, decided to waive its fee (generally $20 for five requests) last week and offer to submit federal Freedom of Information Act requests for free to honor Swartz, who committed suicide earlier this month
Court Upholds Conviction in Dead Sea Scrolls E-Mail Impersonation Case (Wired) A New York appeals panel is upholding the e-mail impersonation conviction of the son of a famous Dead Sea Scrolls scholar setting aside contentions that the e-mails were constitutionally protected satiric hoaxes or pranks. Defendant Raphael Golb, who was sentenced to six months, is the son of historian Norman Golb. The younger Golb, unhappy with scholastic attacks on his fathers research, faked e-mails of his fathers vocal rivals, sent them to New York University and University of California, Los Angeles administrators, faculty and even some students
New legal safe haven for file-sharing: Antigua and Barbuda (Quartz) The World Trade Organization just made it legal to be an online pirate of the Caribbean, provided you're based in Antigua and Barbuda
First pirate prosecution in New Zealand under 'three strikes' law (Naked Security) The New Zealand copyright tribunal has imposed its first penalty under the country's "three strikes" file sharing regulations. Paul Ducklin explains what happened
FBI pursuit of Stuxnet leaks reignites whistleblower debate (CSO) Critics say Obama administration is seeking to quash freedom of the press with efforts to find out who leaked information about the worm
For a complete running list of events, please visit the Event Tracker.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.