The CyberWire Daily Briefing for 2.1.2013
Radio Liberty's Persian-language service, Radio Farda, is under cyber attack in what appears to be a shot from Iran in its ongoing cyber conflict with the US. Anonymous Indonesia defaces Indonesian government websites in retaliation for a hacker's arrest last month. Uzbekistan's state-owned radio and television website is defaced by a hacker protesting that "the news you spread are lies."
US aerospace and defense firms suffer a "highly believable" spearphishing campaign. The emails appeared to be familiar offers of an industry outlook report, but the pdf made available for download carries a malware payload that opens a permanent backdoor on the machines it infects.
Advise on closing UPnP security holes appears, along with new reports of particularly risky vulnerabilities in the Broadcom UPnP stack.
Malvertising campaigns continue to exploit unpatched Java flaws. Laptop docking stations are shown vulnerable to hardware hacking.
The attack on the New York Times appears to have sought the identities of Chinese sources for unflattering stories about China's former premier. The Wall Street Journal reveals it was the victim of similar attacks. Symantec sticks to its guns, saying that no one should rely solely on antivirus tools for security (and most observers agree).
US Federal budget sequestration approaches, and it's threatening US Cyber Command's projected expansion. Accuvant expands its Maryland presence with a new facility near Fort Meade. Verint gets a breathless profile from Slate.
Anyone wishing to educate customers or employees to better security awareness could profit from viewing Belgian financial association Febelfin's mind-reading video.
Notes.
Today's issue includes events affecting Australia, Belgium, China, European Union, Indonesia, Iran, Russia, United Kingdom, United States, and and Uzbekistan..
Cyber Attacks, Threats, and Vulnerabilities
Radio Farda Journalists Under Cyber Attack (Radio World) Radio Farda, part of Radio Free Europe/Radio Liberty, has reported that many of its journalists have been under cyber attack. The suspected culprit is Iran. Acting RFE/RL President Kevin Klose said, "These attacks against our Radio Farda journalist
'Anonymous Indonesia' Launches Cyber Attack on Government Sites (Voice of America) Hackers have defaced more than 12 government websites in Indonesia following the arrest of an alleged hacker in East Java this month. Analysts say weak security and strong solidarity among underground hacker networks is at the heart of the
Uzbeki State Television And Radio Companys Website Hacked by Clone-Security Hacker (Hack Read) The official website of Uzbekistans National Television and Radio Company (mtrk. uz) has been hacked by a hacker going with the handle of Clone Security for operation #OpAntiLAGMON and #OpWhereisSecurity. On January 30, the hacker announced this hack his official Twitter account which soon made a breaking news in Uzbekistan
Aerospace and defense firms targeted with clever spear phishing (Help Net Security) Directors, vice presidents and other top management of companies in the aerospace industry and U.S. government and defense contractors have recently been targeted with a highly believable spear phishing campaign…According to Symantec researchers, the content of all the sent out emails was the same, and the attackers aimed at making it seem as though the email originally came from the company that authored the report, then forwarded by employees
Email attack exploits vulnerability in Yahoo site to hijack accounts (CSO) The vulnerability is located in an old WordPress version used on the Yahoo Developer Network Blog site, Bitdefender researchers say. Hackers behind a recently detected email attack campaign are exploiting a vulnerability in a Yahoo website to hijack the email accounts of Yahoo users and use them for spam, according to security researchers from antivirus vendor Bitdefender
High-risk Broadcom UPnP stack remote root vulnerability (Help Net Security) Recently, DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. Further research revealed that the vulnerability is even more dangerous, since the same vulnerable firmware component is also used by numerous other router manufacturers. The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset
How to fix the UPnP security holes (ZDNet) The US Department of Homeland Security is urging everyone to disable the common networking Universal Plug and Play (UPnP) protocol. This is being done because Rapid7 security researchers have found that tens of million devices worldwide are wide open to attack because of flaws in the network protocol and its implementations. While the US Computer Emergency Readiness Team (US-CERT) specifically talks about devices that use versions of libupnp, the open-source portable software development kit (SDK) for UPnP earlier than 1.6
Malvertising Campaigns Get a Boost from Unpatched Java Zero-Day Exploits (SpiceWorks) In the wake of the recent Java zero-day vulnerability (CVE-2013-0422) being exploited in the wild, our research team has investigated malvertising campaigns that distribute Blackhole Exploit kits that utilize this vulnerability to compromise user endpoints. Malvertising (from "malicious advertising") is the use of online advertising to spread malware. Malicious advertising content, which can be inserted into high-profile reputable websites, provides an opportunity to "push" exploits to web users. Trusteer's research team recently recorded a malvertising campaign in which hackers used the Clicksor Ad Network to distribute the Blackhole exploit kit
Hacking The Laptop Docking Station (Dark Reading) You know that docking station you snap your laptop into at the office? It can be hacked, too. A British researcher next month at Black Hat Europe will show just how valuable those seemingly benign devices can be to a determined attacker targeting an organization or group of users. Andy Davis, research director for UK-based NCC Group, built a prototype hardware device that can easily be placed inside a laptop docking station to sniff traffic and ultimately, steal sensitive corporate communications information from the laptop
Time To Ask Your Cloud Provider About Physical Security (Dark Reading) Data-center operator Rackspace takes the physical security of its facilities seriously. In a post on the topic earlier this month, the company, which declined to be interviewed for this article, outlined some of the standard security procedures it takes to make sure that outsiders, and even rogue employees, do not have unaudited access to their customers' data. Among the measures are biometric two-factor authentication, video surveillance in all its facilities and monthly access reviews."Security in the cloud is not just virtual," Jim Battenberg, cloud evangelist for Rackspace, writes in the post
The New York Times exposes a cyber attack, for whatever that's worth (Los Angeles Times) The New York Times published a chilling report Wednesday that its computer network had been under prolonged, sophisticated attack by hackers apparently based in China. I say "chilling" because the hackers' most likely goal was to identify the sources
Did Chinese Hackers Hit NY Times? (InformationWeek) Some evidence suggests Chinese involvement in recent attack on The New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers
Wall Street Journal says it too was hit by Chinese hackers (Computer World) The Wall Street Journal said Thursday it had been targeted by hackers trying to monitor the newspaper's coverage of China, less than a day after a similar revelation from its competitor The New York Times. The Journal, which is owned by News Corp., said it finished an overhaul of its IT systems on Thursday aimed at strengthening its networks."We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources," the Journal said in a statement
Symantec defiant after New York Times hackers evade antivirus defences (TechWorld) Symantec has offered a carefully-worded but defiant response to the news that one of its customers, the New York Times, was attacked by Chinese hackers with barely any intervention from its software. Earlier today, the newspaper revealed that hackers probably connected to the Chinese military had spent four months trying to hack into the email accounts of dozens of its journalists, entering the network via compromised PCs
Symantec denies blame after Chinese gov. hacks The New York Times (ZDNet) After The New York Times slyly pointed the finger at Symantec for failing to protect it from a four-month long series of attacks by Chinese hackers, the anti-malware and security firm has fired back with its own critical rhetoric. Arguably one of the world's most well-regarded and well-known newspapers, The Times exclusively reported yesterday that its own networks have been "persistently attacked" by Chinese hackers, and that they infiltrated computer systems and acquired passwords for its reporters and other employees
Inside the Targeted Attack on The New York Times (Threatpost) The Chinese group behind the targeted attack on the New York Times was laser focused on accessing the email of a reporter and the newspaper's former Beijing bureau chief to the point that it used an inordinate number of custom malware samples to get the job done
China, The New York Times and the Value of Self-Shaming (Threatpost) There aren't many things that count as surprises anymore in the security industry. And the news today that The New York Times was penetrated by a team of Chinese attackers who apparently had access to large amounts of employee emails for several months certainly doesn't fall into that category. It would be news if these attackers weren't targeting The Times and other large media companies. What's interesting and novel is that the company decided to out itself as a victim, signing up for what may be a large dose of public scorn and derisive laughter
Lesson learned in cyberattack on The New York Times (CSO) There is no one technology to combat a sophisticated attack like the one against the media company -- so think layers, say security experts
A short history of hacking attacks against the media (Naked Security) The revelation of the Chinese hacking campaign against reporters working for the New York Times has raised awareness of targeted malware attacks, but what does the history of cyberattacks against media agencies look like? Graham Cluley takes a trip down memory lane
Chinese Cyber Hackers a Growing Threat (Cyberwarzone) Chinese hackers have conducted a growing number of attacks against foreign companies and government institutions in recent years, leading a recent U.S. congressional report to call China the "most threatening actor in cyberspace." Although the attacks are difficult to trace to a specific source, many suspect the hackers are targeting overseas business, media, political and security institutions at the direction of, or with the permission of, the Chinese government or military
'Programmer Bob': Latter-Day Tom Sawyer or Massive Security Risk? (IEEE Spectrum) At first I thought this was one of those IT urban legends, like the "disappearing warehouse" story, but according to Verizon's IT security risk team, it's all true. A few weeks ago, Verizon wrote on its IT security blog that it was asked to perform a security assessment for a U.S.-based client after the latter was "startled" to discover a live "open and active VPN [virtual private network] connection from Shenyang, China!" What made the client thoroughly worried about this surprisingly open communication port to China was first that it was a U.S. critical infrastructure company; second, it had two-factor authentication for its VPN connection, which had obviously been breached and, third, "the developer [given the pseudonym "Bob"] whose credentials were being used was sitting at his desk in the office"
Security Patches, Mitigations, and Software Updates
Ruby on Rails Patched Again (eSecurity Planet) It's the third security update this month for the open source Web framework. For the third time this month, the developers of Ruby on Rails have released an update to patch a serious vulnerability
Cyber Trends
Cyber War and the Threat of the Boomerang Effect (Security Week) Cyber weapons may be cheaper to make than tanks and nuclear arms, but they come with a dangerous caveat once they are discovered, the target-er can become the targeted. At Kaspersky Lab's Cyber Security Summit today in New York City today, the pros and cons of developing cyber-weapons such as Stuxnet and Duqu and how their use can impact corporate environments was front and center. While it may not be possible to disassemble and reassemble a cruise missile after it is used, that is entirely possible when it comes to cyber-weapons, Kaspersky Lab CEO Eugene Kaspersky observed in a panel discussion
Cheers to Coviello for 'Cyber Pearl Harbor' rebuke (CSO) Truth be told, I haven't always agreed with Art Coviello's take on the security industry's future. One of the best examples came from RSA Conference 2007, when he predicted in his keynote that the stand-alone security industry would cease to exist within three years. Six years later, we've seen many security companies integrated into the larger IT providers. But there are still many stand-alone security companies
Social media has eroded workplace privacy (Help Net Security) More than half of adults (53 percent) believe privacy in the workplace has been eroded with the proliferation of social media, reveals AVG. The seventh installment in AVG's Digital Diaries series includes responses from 4,000 adults in ten countries in relation to cyberbullying in the workplace
Scareware trends and expected developments (Help Net Security) While malware such as viruses, worms and Trojans strives to remain hidden from view for as long as possible, scareware (rogueware and ransomware) aims to be as noticeable and intrusive as it can possibly be
The Internet: A dream deferred (Fierce Big Data) Idealists (and I admit to being one) fell easily for the lie that the Internet was somehow the people's Internet, that it would expose the best of people from all parts of the world to each other and help them win respect and appreciation for their cultures, their ideas, and in doing so, overcome the social barriers built by governments and maintained in the name of competition, fear and otherness
The Cyber Security Security Challenge: The Risk of Inaction (APCO Forum) The challenge we face as a global community in addressing the cyber threat was the topic of discussion as APCO's International Advisory Council (IAC) and Global Political Strategies convened its monthly meeting on January 17
Marketplace
Pentagon Policy Chief: Furloughs Are Not A Sure Thing (GovExec.com) The Defense Department's top policy administrator on Thursday assured colleagues in a memo that media reports of coming furloughs in the civilian workforce "included many inaccuracies," reiterating that Defense Secretary Leon Panetta is working closely with the White House and Congress to avoid furloughs
Workers Prepare Budgets Because Congress Won't (Washington Times) Civilian workers in the Defense Department are bracing themselves for layoffs and furloughs that could cost them a chunk of their paychecks with the automatic spending cuts set to begin March 1
Carter On Sequestration Tightrope At DoD (Politico Pro) Deputy Defense Secretary Ash Carter would be exempt from Pentagon furloughs if they happened under sequestration, but he said Wednesday he'd be willing to give back a fifth of his pay each month as a gesture of solidarity with his department's 800,000 civilian workers. His willingness to admit he's considering such a thing reflects the change in mood at the Pentagon
Cyber Command Expansion Threatened by Budget Cuts (Heritage.org) The Pentagon has approved a 500 percent personnel increase for Cyber Command—which protects the Pentagon's information networks and engages in cyberspace operations—according to The Washington Post. In a world where cyber is becoming an
Navy delays NGEN decision to May (Fierce Government IT) The Navy says it will now likely make a decision about its Next Generation Enterprise Network acquisition in May rather than by Feb. 12, as previously announced
Cybersecurity firm expanding near Fort Meade (ABC 2 News) The cybersecurity firm Accuvant Inc. says it expects to add 180 jobs as it moves its Maryland office from Hanover to nearby Dorsey. The privately held Denver-based company joined state and Howard County officials in announcing the move Thursday
Salient Federal Wins $17M for OPM Software Life Cycle Support (ExecutiveBiz) Salient Federal Solutions Inc. has won a $17 million systems support, maintenance and development contract to support the U.S. Office of Personnel Management's benefits systems division, according to a company statement
WANdisco move into big data a big plus for stock value (Fierce Big Data) Bloomberg said today that the valuation on U.K.-based software company WANdisco Plc (WAND), rose to its highest level after it won a patent award in the states and joined a platform for storing and processing large volumes of data. Two months ago, the company also made its official move into the big data market with the acquisition of AltoStor for $5.1 million
Meet the American Company Helping Governments Spy on 'Billions' of Communications (Slate) Every day, billions of emails and phone calls flow through communications networks in countries across the world. Now, one American company has built technology capable of spying on them all—and business is booming. Verint, a leading manufacturer of surveillance technologies, is headquartered in Melville, N.Y., in a small cluster of nondescript buildings that also includes the office of a multinational cosmetics supplier and some electronics companies
D.C. Capital Partners Acquires CompSec (Govconwire) D.C. Capital Partners has acquired McLean, VaDepartment of Veterans Affairs.-based Computer Security Solutions Inc., according to a Washington Technology article. D.C. Capital expects the move to boost its intelligence capabilities and insight into customers within the intelligence community. Thomas J. Campbell, company founder and president, considers the acquisition "a significant strategic enhancement" for its portfolio company
Citrix Promotes 2 Executives to Lead DoD, State and Local Markets (Govconwire) Citrix Systems (CTXS) has promoted two new executives to lead sales at the Defense Department and manage partnerships in the state and local market, according to a Washington Technology article. Former business development manager for Defense Mark Neustadt has been named DoDDelivery Order sales director and will lead the sales effort in that market
Products, Services, and Solutions
Military-Grade iOS Secure Messaging App Gets User-Friendlier (Dark Reading) Wickr now sends secure and self-destructing PDFs and images. A messaging app that self-destructs all text, video, and picture messages for privacy purposes now comes with features that make finding friends and sharing media easier—but still ultra-privately
Cisco pushes ahead with context-aware security vision (CSO) Using the network as the platform for security enables organisations to evolve with the threat landscape. Cisco made two significant security announcements at its Cisco Live conference in London this week, reiterating its commitment to offering an integrated platform for defence, discovery, and remediation of threats
F5 Networks introduces application delivery firewall (Help Net Security) F5 Networks announced new security offerings designed to safeguard organizations' network and application infrastructures. When deployed with F5's new VIPRION 4800 hardware, the F5 application
Microsoft Surface Pro Storage Snafu: Does It Matter? (InformationWeek) Windows 8 takes up about 70% of the 64-GB Surface Pro's storage. Will this factor into the tablet's BYOD potential
Technologies, Techniques, and Standards
Amazing mind reader reveals his 'gift' (Febelfin) Random people were invited to have their mind read. They were told it was for a TV program
Big Data Security Discussion (Dark Reading) Last week I participated in 'a "tweet jam" to discuss security of big data clusters. That use of social media is pretty interesting as it's an open forum to any/all who have interest. It's a great way to get some community involvement and buzz, but at the same time, 140 characters is insufficient to answer complex questions. You can portray an idea, or a facsimile of an idea, but it's insufficient to flesh out the nuances of a subject as complex as securing bi data clusters
PCI Delivers Security Guidance as PCI-DSS 3.0 Looms (eSecurity Planet) How secure is your PCI-compliant deployment? There is a big different between compliance and security. The PCI-DSS (Payment Council Industry Data Security Standard) is the measure against which e-commerce security is measured and it is now in the
Breach Prevention: Beyond Technology - How Security Pros Can Address the Human Factor (Healthcare Information Security) Too many organizations fail to adequately address data security issues until after a breach occurs. But even those that proactively address data security may only be dealing with a part of the solution. From my geek prospective, I have to admit it is more interesting to talk about firewalls, router security, mobile device management, encryption and the like
OVF 2.0 Takes On Cloud Lock-In Worries (InformationWeek) DMTF standards body updates its vendor-neutral virtual machine file format. The goal: Make it easier to leap from cloud to clou
Design and Innovation
How A Trash Can Proves The Competitive Advantage Of Design (Fast Company) An iconic Danish garbage bin from the 1930s illustrates how design can help build a brand around just about anything. We are often asked if everything can be designed. Is it possible to differentiate a product, command higher prices, and build a brand through design in any type of product category? The answer is yes. All products, even digital ones, have a presence that people can feel and appraise. And not only does design act as a potential brand builder for all products, it's probably also the most effective and cheapest--though obviously not the only--way to build a brand
What Will Alicia Keys Actually Do As BlackBerry's New Global Creative Director? (Fast Company) Polaroid's got Gaga. Beats has Dr. Dre and its own rockstar creative director Trent Reznor. Today, BlackBerry unveiled its own celebrity exec. Today, BlackBerry unveiled its latest operating system along with two new products. But the company also announced a major new hire for the technology giant: singer, songwriter, and activist Alicia Keys will be joining BlackBerry as its global creative director
Research and Development
Quantum crypto still not proven, claim Cambridge experts (The Register) Two killjoy researchers from the University of Cambridge have cast doubt on whether quantum cryptography can be regarded as provably secure and are asking whether todays quantum computing experimentation is demonstrating classical rather than quantum effects. Computer scientists Ross Anderson and Robert Brady have published their discussion at Arxiv, here. In the paper, they examine two key issues in quantum research
Don't forget about long data (Fierce Big Data) Historically, among societies with no possibility for technological contact, those with larger initial populations have had faster technological change and population growth. We know this not just from big data analysis, but from something Samuel Arbesman said--in Wired this week--we need more of: long data
These Goofy-Looking Glasses Could Make You Invisible to Facial Recognition Technology (Slate) The rapid rise of facial recognition technology has prompted widespread privacy concerns. But now Japanese researchers have developed a tool aimed at countering the surveillance tactic—the world's first "privacy visor." In recent years facial recognition has been integrated into security cameras and databases and Facebook, even used to covertly monitor consumers and track shopping habits
Academia
Colleges Are Going To Start Going Out Of Business (Business Insider) I've been getting a lot of questions from High School kids asking whether or not they should go to college. The answer is yes. College is where you find out about yourself. Its where you learn how to learn. Its where you get exposure to new ideas. For those of us who are into business you learn the languages of business, accounting, finance, marketing and sales in college. The question is not whether or not you should go to school, the question for the class of 2014 is what is your college plan and what is the likelihood that your college or university you attend will still be in business by the time you want to graduate. Still in business? Yep. When I look at the university and college systems around the country I see the newspaper industry
Legislation, Policy, and Regulation
Proposed EU data protection reform could start a 'trade war,' US official says (Ars Technica) Activist: "Nothing, not even ACTA, caused the US to lobby on this scale." Back in 1998, British comedian Eddie Izzard quipped on his Dress to Kill tour that the European Union was "500 million people, 200 languages. No one's got a clue what they're saying to each other. It's the cutting edge of politics in a very extraordinarily boring way." 15 years on, it's easy to understand how prescient his words were
Kroes warns of cyber security's 'rising threat' (The Parliament) EU commissioner Neelie Kroes has warned that "rising threats, rising vulnerabilities, and lack of trust" currently stand in the way of the economic benefits generated by the internet
Australia must become a regional cyber-security leader (Sydney Morning Herald) Julia Gillard has named "integrated cyber policy and operations" one of three key national security strategy priorities for the next five years. As part of this strategy we will see the establishment of the Australian Cyber Security Centre by the end of this year. This is a commendable move, but should serve only as a first step in the government's efforts in cyberspace
Why Hacking Is Good for Democracy (Wired) On the day I sat with Stewart Brand in his Sausalito office, he told me about the early days of white-hat hackers At the time, with personal computers just starting to penetrate the consumer market, software was ballooning into a hugely lucrative business. But these guys wanted it to be free, an idea that would have sounded crazy to anyone not in that room. And we did it
Carper: Expect White House cyber security order after State of the Union (The Hill) Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) said the White House has signaled that it will likely introduce its cybersecurity order in the second half of February, following President Obama's State of the Union address. After the White House releases the cyber order which it has been crafting over the last several months Carper said he plans to hold a joint hearing with the Commerce and Intelligence committees to discuss the measures included in the order. Carper said he wants to hear from administration officials and stakeholders' feedback
Cyberthreats Need Resources (Omaha World-Herald) Neither outgoing Secretary Leon Panetta nor nominee Chuck Hagel are alarmists, so their assessments are important as the nation decides how to best confront its vulnerability to foreign computer hackers
ODNI: updated NCTC guidelines include privacy and civil liberty protections (Fierce Government IT) New guidelines for the National Counterterrorism Center are in place that should safeguard civil liberties and protect privacy, according to an information paper released by the Office of the Director of National Intelligence. The ODNI paper states that the updated guidelines "carry forward the same three-track framework from the 2008 Guidelines, while adding specificity on how data is obtained, retained, and disseminated, and providing for enhanced safeguards and oversight mechanisms to protect important privacy and civil liberties"
Federal Gun Control Requires IT Overhaul (InformationWeek) White House plan will work only if the IT systems and databases used for background checks and gun tracing get the improvements needed to support stepped-up oversight
China's GitHub Censorship Dilemma (InformationWeek) Censorship becomes more difficult when communication gets combined with code
Largest cyber security exercise 'Cyber Europe 2012' report published in 23 languages (ENISA) ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial
Rockefeller: Fortune 500 companies back voluntary cybersecurity standards (The Hill) Leading U.S. companies will support a voluntary program enabling the government and industry to develop a set of cybersecurity best practices, according to a memo from Senate Commerce Committee Chairman Jay Rockefeller (D-W. Va.). The report released by Rockefeller's staff on Wednesday conflicts with claims raised last year by the U.S. Chamber of Commerce that establishing the voluntary standards was opposed by business and could be a backdoor to new burdensome regulations
Litigation, Investigation, and Law Enforcement
Google Submits Proposals To EU Antitrust Regulator To Allay Biased Search Concerns (TechCrunch) A European Union antitrust investigation into Google, launched in November 2010, is still ongoing but Google has now submitted detailed proposals to the EU's competition commissioner, Joaquin Almunia, according to Reuters. The EU has the power to levy a fine of up to 10 per cent of a company's annual turnover if they are found to have breached its rules
How to do something about the phone unlocking fiasco (IT World) Announcing that people now faced fines of up to $500,000 and imprisonment of up to five years for trying to use their phone on a competing cellular network certainly stirred the pot
Apple accused of bribing Russian officials (CSO) Apple suspected of attempting to bribe Russian ministers with a trip to London. A report from a Russian news agency is claiming that Apple is suspected of attempting to bribe Russian ministers with a trip to London. Apple is said to have held a week-long seminar for Russian regional ministers of education and other officials at a venue in London
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.