The CyberWire Daily Briefing 11.06.13

Cyber Trends

Are anti–virus testers measuring the right things? (Naked Security) Do we measure resilience? What aspects of test sample selection may bias results? What are the methods used in a field-trial of anti-malware? These were among the presentations at the first Workshop on Anti-Malware Testing Research (WATeR), where we looked at the sort of things current tests of

We need to start defining acceptable mobile advertising (Naked Security) Advertising supports a large chunk of the apps we use on our mobile devices. But without oversight, the behaviour of ad frameworks risks crossing all manner of privacy and security lines. A proposed project aims to address this issue and define a standard for acceptable mobile ads

Cyber security capability varies "dramatically" across UK public sector (UKAuthority) John Thorton, Secretary to the Digital Government Security Forum.The ability of UK public sector bodies to combat cyber security threats and the understanding of such threats by senior managers varies "dramatically" across the UK, the head of a new information security forum has told UKAuthority.com

Most users don't trust app developers with their data (Help Net Security) Research by ISACA shows that, of 1,000 employed consumers surveyed in the UK, only 4% named the makers of their mobile phone apps as the entity they most trust with their personal data. Yet, 90% don't always read privacy policies before downloading apps to their devices

IT Security From The Eyes Of Data Scientists (Dark Reading) Enterprises will increasingly employ data science experts to help drive security analytics and risk mitigation

IT pros lack confidence when dealing with server security threats (Search Security) Enterprise servers are among the most tantalizing targets for malicious actors due to the intellectual property and user credentials stored on them, but many IT security pros do not feel confident in their ability to prevent or detect attacks against servers, according to a new survey

Legislation, Policy and Regulation

Rio Expands Surveillance While Pointing Out USA (InformationWeek) Brazil city has set up central surveillance to ward off security threats in the run-up to the Olympics and World Cup

Le Brésil a espionné les services secrets français (Le Monde) Après avoir qualifié d'affront les écoutes de la NSA sur son territoire, le gouvernement brésilien a admis avoir surveillé des diplomates entre 2002 et 2004, au début de la présidence de Lula da Silva. D'après des documents de l'ABIN – l'agence de renseignement du pays – publiés dans le quotidien Folha de Sao Paulo lundi 4 et mardi 5 novembre, le Brésil a surveillé des diplomates russes, iraniens, irakiens, nord-américains et…des espions français de la DGSE, dont "Olivier"

Cyprus: Home of the UK's secret Middle Eastern internet surveillance base (Graham Cluley) An Italian newspaper reveals the top secret location of the GCHQ base, monitoring communications in the Middle East

NSA files — Germans call in British ambassador — live (The Guardian) The Independent says its story on Britain operating a network of "electronic spy posts" near the Bundestag and German chancellor's office is based on "documents leaked by the US National Security Agency whistleblower Edward Snowden"

EU justice chief: Europe should have its own spy agency to counter NSA snooping (ZDNet) Fight fire with fire, suggests EU vice-president and justice chief Viviane Reding, who in an interview with Greek media floated a European spying agency to counter the NSA

Despite Snowden's revelations, a US 'no–spy' pact with Germany unlikely (FirstPost) The United States is working to improve intelligence cooperation with Germany but a sweeping "no-spy" agreement between the two countries is unlikely, a senior Obama administration official said on Tuesday

Senate panel approves intelligence authorization bill (Chicago Tribune) A Senate panel approved its annual authorization of funding for intelligence operations on Tuesday, including measures to increase spy agencies' ability to prevent leaks of classified information like those by former National Security Agency contractor Edward Snowden

What It Takes: In Defense of the NSA (World Affairs Journal) "Freedom must be won anew by every generation." I was reminded of the truth behind these words of my old boss, Jack Kemp, in considering the current debate over Edward Snowden and the collection programs of the National Security Agency

U.S. power to shape global Web seen undermined by NSA spying (Chicago Tribune) Revelations about the scale of U.S. spying on the Internet have badly damaged the country's negotiating power in international talks on cyberspace regulation and law enforcement, analysts and industry leaders said at a conference on Tuesday

The dangers of weakening cybersecurity to facilitate surveillance (Help Net Security) In response to the controversy over the alleged surveillance practices of the NSA, the White House established the Review Group on Intelligence and Communication Technologies, which is expected to provide recommendations to the president next week

Army Cyber seeks command center site at Gordon or Meade (Army Times) Army Cyber Command plans to lead a worldwide corps of 21,000 soldiers and civilians from a proposed 179,000-square foot command center at either Fort Meade, Md., or Fort Gordon, Ga., according to an Army report

Ramsey, Ridge Sound Off on Unknown Homeland Security Nominee (NBC 10 Philadelphia) The White House asked major police chiefs and other local law enforcement to speak with their DHS nominee

South Koreans use Internet Explorer: It's the law (ZDNet) A law passed in the late 90's to facilitate ecommerce security requires using an ActiveX control, and therefore IE, to shop on Korean sites. Some users hack around the restriction

Government Agencies Have No Way of Warning Each Other About a Cyber Attack, IG Says (Defense One) The departments of Homeland Security and Defense, including the National Security Agency, have no way of sharing current alerts about computer breaches with each other or industry, an inspector general memorandum reveals

Products, Services, and Solutions

Patriot Technologies Adds Managed Security Services to Professional Services Offerings (Digital Journal) Patriot Technologies today announced the launch of the Managed Security Services (MSS) practice as part of its Professional Services suite of offerings

Mandiant® Managed Defense™ Expands Capabilities with Off–Network Threat Detection and One–Click Containment (Fort Mill Times) Mandiant®, the leader in security incident response management, today announced new capabilities for its Managed Defense™ service. No system is left unprotected with Mandiant's new Agent Anywhere™ technology, an innovation enabling the search for Indicators of Compromise even when users are highly mobile, behind network address translation (NAT) or not connected to the corporate network. When attacks are confirmed, users can respond immediately and isolate affected systems with a single click from the Managed Defense portal to stop attacks in their tracks

Bitdefender announces significant price drop for Security–as–a–Service for AWS (BWW) Bitdefender, the creator of leading antimalware solutions, today announced a 50% price drop for its solution, Security-as-a-Service for AWS (Amazon Web Services). Bitdefender maintains the AWS philosophy of self-service, flexibility and pay-as-you-go by providing its security solution built to match the economics of AWS on demand and by the hour - to the AWS DevOps, Startup and Enterprise communities

KitKat security has room for improvement — Bitdefender (MobileWorld) There are a number of areas in which the latest version of Android, 4.4/KitKat, could be improved to prevent security incidents, according to Catalin Cosoi, chief security strategist at anti-virus provider Bitdefender

NetCitadel Joins with FireEye for Enterprise Security (CIO Today) NetCitadel, Inc., the pioneer in innovative threat management solutions, today announced that its Threat Management Platform has integrated with the leading threat protection platform from FireEye®, Inc. FireEye is the leader in stopping today's new breed of cyber-attacks, enabling immediate response and comprehensive protection against today's advanced persistent threats (APTs) and zero-day attacks. NetCitadel also announced that it has joined the FireEye Fuel Partner Program

Trend Micro and CSC Partner to Protect Global Enterprises Against Cyber Threats (Wall Street Journal) Trend Micro Inc. (TYO: 4704; TSE: 4704) today announced a partnership with CSC (NYSE: CSC) to provide global threat intelligence through the Trend Micro(TM) Smart Protection Network(TM) infrastructure to keep corporate networks and data safe. In addition, CSC has been confirmed as a member of the Trend Ready for Cloud Service Providers Program to verify compatibility with Trend Micro solutions for its customers. CSC will leverage these capabilities for cloud data, and threat detection and protection both internally and for its customer base in order to identify and mitigate cyber attacks

Triumfant detects and stops in–memory malware attacks (Help Net Security) Advanced Volatile Threats are malware attacks that take place in a computer's RAM or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike APTs that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean

LastPass 3.0 comes with new design and features (Help Net Security) Popular password manager LastPass has reached version 3.0. The new release features an updated, clean design across the LastPass browser addons, the iOS and Android mobile apps, and the website

SQLi has long been unsolved, but has that finally changed? (ComputerWeekly) The Open Web Application Security Project (Owasp) continues to rank SQL injection attacks at the top of its 10 most critical web application risks

Automatic IFS Encryption for IBM i with New Release from Linoma Software (InfoSecurity Magazine) Linoma Software's Crypto Complete data encryption solution is breaking ground on IBM i by providing automatic encryption of files stored on the operating system's integrated file system

Kaspersky Small Office Security Aims at Very Small Businesses (eWeek) Aimed at SMBs with 25 employees or less, the platform offers mobile security and management features, secure data storage and password management

Startup new cloud service beats NSA–style snooping (InfoWorld) Perzo's free communications and collaboration system comes with 2,084-bit encryption

Technologies, Techniques, and Standards

Cloud–based sandboxing beefs up enterprise malware prevention, says Seculert CTO (FierceITSecurity) On-premise sandboxing appliances fall short on targeted attack prevention

Patch first, ask questions later (InfoWorld) You'll never have a perfectly patched environment, so play the odds — patch software hit most by successful exploits first

HUG: Protactive Security (ISS Source) It is very easy to take a fatalistic approach to security because it seems attackers have the upper hand, but it doesn't have to be that way

How to trap malware in a sandbox (RealBusiness) Threat emulation is a key new technique for preventing zero-day and targeted attacks. Check Point explains how this method delivers unmatched protection against both unknown and known threats

Crowdfunded audit of 'NSA–proof' encryption suite TrueCrypt is GO (The Register) Line-by-line code exam will blow hidden backdoor doubts into orbit, hope devs

CRM, ERP security best practices: How to secure aging software (Search Security) Enterprise resource planning (ERP) and customer relationship management (CRM) are two of the most important applications within an organization and critical to day-to-day functioning

Marketplace

Navy Outlines Data Center Closure Goals, Commercial Push (GovConWire) The U.S. Navy plans to consolidate more than 12,000 servers and close 67 data centers, Federal Times reported Monday. Nicole Blake Johnson writes the Navy originally planned to close 4,932 servers by fiscal 2017 and has close-to-tripled its goals

Procera Networks Selected for Embedded Internet Intelligence Engine (MarketWatch) Procera Networks, Inc. PKT -2.33% , the global Internet Intelligence company, today announced that their Network Application Visibility Library (NAVL) has been selected by four leading technology companies for inclusion in their products

Op-ed: Lavabit's primary security claim wasn't actually true (Ars Technica) Ladar Levison stood up for users' privacy—but perhaps a little too late

Security Patches, Mitigations, and Software Updates

Zero–day targeted attacks via boobytrapped Word documents. Microsoft releases temporary fix (Graham Cluley) A previously unknown TIFF remote code execution vulnerability is being exploited by hackers in targeted attacks. Microsoft has released a temporary workaround to protect users

Google Chrome to *finally* protect your passwords a little better (Graham Cluley) It looks like Google may have realised the error of its ways - and is considering a U-turn regarding how it protects passwords in Chrome

Cyber Attacks, Threats, and Vulnerabilities

Indonesians hackers fume at Aussie spooks (TechEye) Indonesian hackers have declared war on Australian businesses and hit more than 100 targets including a major Queensland hospital, a children's cancer association and an anti-slavery charity

Belgian Prime Minister Targeted by Hackers, Investigation Launched (Softpedia) Belgium's Prime Minister Elio Di Rupo has been targeted by cybercriminals on at least two occasions. The federal prosecutor's office has launched an investigation into the matter

Chinese group hacks into Canadian bank's website database (FierceITSecurity) Canadian bank Peoples Trust is sending out letters to customers notifying them of a breach of a website database by a Chinese hacker group

Zero–Day attacks hit Windows, Office, Lync (ZDNet) Certain versions of Windows, Office and Microsoft Lync are being attacked in the wild via a new remote code execution vulnerability, says Microsoft in a disclosure

Fake UK Government Emails Used to Distribute New Trojan Variant (Softpedia) Experts have spotted a couple of malicious emails purporting to come from UK government organizations. The bogus notifications are being used by cybercriminals to distribute malware onto the computers of internauts, particularly ones from the United Kingdom

Chrome Search Leads to Malware (ISS Source) Users who search for "google chrome download" on Yahoo! could very well end up with a malware infection. That is because some of the sponsored ads point to a website called softpack(dot)info/chrome

Malicious "Apple ID Information Updated" notification doing rounds (Help Net Security) An unimaginative but likely relatively successful phishing campaign is targeting Apple users once again, trying to get them to share their login and financial information

Manufacturers building security flaws into Android smartphones (CSO) North Carolina State University study finds that companies like Samsung and HTC create vulnerabilities while customizing phone

Malware Alert: Is 'BadBIOS' Rootkit Jumping Air Gaps? (InformationWeek) Security researcher believes unusually advanced malware might be transmitting stolen data via ultrasonic sounds, but other experts remain skeptical

Researcher skepticism grows over badBIOS malware claims (Ars Technica) Peers have yet to reproduce the odd behavior infecting Dragos Ruiu's computers

Dragos Ruiu on the badBIOS Saga (Threatpost) Dennis Fisher talks with researcher Dragos Ruiu about his years-long struggle with a group of attackers who have infiltrated his network and are using malware that seems to resist all removal attempts and may have the ability to communicate using sound

Anatomy of a file format problem — yet another code verification bypass in Android (Naked Security) Four months ago, the Android platform was stirred, if not shaken, by a pair of code verification holes. Turns out there was a third one, now fixed in Android 4.4, better known as Kit Kat. Paul Ducklin looks at what we can learn from it

Never mind the spies: beware the perils of open wi–fi (4News) Our security agencies are feeling the heat amid revelations about the extent of their surveillance programmes. But as the data baby project can reveal, spying is now cheap and relatively easy

New vendor of 'professional DDoS for hire service' spotted in the wild (Webroot Threat Blog) In a series of blog posts, we've highlighted the emergence of easy to use, publicly obtainable, cracked or leaked, DIY (Do It Yourself) DDoS (Distributed Denial of Service) attack tools. These services empower novice cybercriminals with easy to use tools, enabling them to monetize in the form of 'vendor' type propositions for DDoS for hire services. Not surprisingly, we continue to observe the growth of this emerging (international) market segment

Malicious PDF Analysis Evasion Techniques (TrendLabs Security Intelligence Blog) In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly — and their creators invest in efforts to evade those vendors

Android Banking Trojan Svpeng Goes Phishing (Threatpost) Kaspersky Lab researchers say the Android banking Trojann Svpeng now has phishing capabilities and may be testing the waters to infect devices outside of Russia

Alert (TA13-309A): CryptoLocker Ransomware Infections (US-CERT) US-CERT is aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments

Port of Baltimore ready against threat of cyber attack, officials say (Baltimore Business Journal) Breaches in Europe, Israel raise questions about U.S. ports. Maryland port officials say they have an extensive security plan in place to keep cyber threats at bay

Up to 43,000 customers could be hit after loyalty card cyber attack (The Independent) Up to 43,000 customers who booked getaway breaks could be affected by a security breach at a company which operates a loyalty scheme on behalf of major retailers

What happens when a scammer tries to scam a security researcher? (Help Net Security) I just got off the phone with a very nice gentleman from the "service center for the Windows operating system computers." During the call, he informed me that they had received numerous warnings that my computer was infected

Litigation, Investigation, and Enforcement

British Official: Publishing Snowden Leaks, an Act of Terrorism (Softpedia) The British officials have some hallucinating things to say about the NSA leaks, ranking a lot higher than most things said even by American officials, both from the political and intelligence communities

Rogers claims al Qaeda tipped off by Snowden (TechEye) Mike Rogers, the chairman of the House Intelligence Committee, claims that al Qaeda has changed the way it communicates in the light of Edward Snowden's leaks

Apple says it has 'never received an order under Section 215' (Threatpost) In a new report detailing the number and kind of requests for user information it's gotten from various governments, Apple said it has never received a request for information under Section 215 of the USA PATROT Act and would likely fight one if it ever came

Spanish newspaper says it will hand over spy documents for prosecutor probe (Washington Post) A Spanish newspaper said Tuesday it will hand over to a prosecutor documents it claims show Spain was a target for surveillance by the U.S. National Security Agency

New Subjects Added to Cyber's Most Wanted List (FBI) Five individuals have been added to the FBI's Cyber Most Wanted list for their roles in domestic and international hacking and fraud crimes collectively involving hundreds of thousands of victims and tens of millions of dollars in losses

Torrevieja teenage right–wing hacker arrested (Euro Weekly) A Torrevieja teenager has been arrested for sending death threats to journalists

How the Government Spied on Me (Wall Street Journal) My complaint to the FBI about a stalker was regarded as an invitation to invade my privacy

Masked Philippines hackers arrested for cyber attacks (Gulfnews) Five arrested as hackers hold anti-corruption rally near House of Representatives

Design and Innovation

Disarming Corruptor Can Temporarily Scramble 3D Models To Confuse Snoops (TechCrunch) Fans of outré 3D prints like the Liberator or trademark-protected Mechwarrior robots can now obfuscate their prints using Disarming Corruptor, a system that temporarily scrambles 3D objects and allows authorized users to descramble them with a key. Created by Matthew Plummer-Fernandez, the program is a commentary on the censorship of 3D objects and an interesting way to trip up folks who might be

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.

InfoSec World Conference & Expo 2014 (, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

MIRcon 2013 (Washington, DC, USA, November 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.

KMWorld 2013 (, January 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.

CyberInnovation Briefing (Baltimore, Maryland, USA, November 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.

Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, November 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.

cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, November 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.

Teaching Computer Forensics (Sunderland, England, UK, November 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.

Cyber Education Symposium (Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.