The CyberWire Daily Briefing for 11.25.2013
An unusually large amount of cyber-rioting is reported from the usual parts of the world. Australian sites continue to draw attention from Indonesian hacktivists. In Columbia, FARC insurgents call for a regional campaign to drive out US bases: since FARC explicitly recognize such a campaign would have to be asymmetric, it's reasonable to expect cyber attacks.
More signs emerge of a global man-in-the-middle cyber crimewave.
Concerns about Chinese cyber espionage surface in the US and elsewhere. These include renewed warnings of "pre-hacked" hardware. Many observers suggest leaks about US surveillance have emboldened Chinese government cyber operators, but it seems very unlikely the PLA needed any such disinhibition. Oh, also, China blames the US for stalled talks over duty-free IT trade.
Allegations of US-government spyware planting operations surface from Snowden via the Netherlands press. Australian intelligence agencies are reported upset at the US NSA, not for surveillance, but for poor internal security.
Analysts continue to warn of security problems with the troubled US Healthcare.gov program. At least one state site (Vermont's) reports a privacy breach. Conventional (legacy?) healthcare providers continue to report familiar breaches—mistakenly posted documents, lost unencrypted physical media—even as the drive towards increased medical data automation and sharing seems inexorable.
CryptoLocker remains a threat, and perhaps a harbinger of worse ransomware to come.
Preliminary results of GridEx II are under discussion. Much of this North American power grid cyber drill concentrated on, predictably, effective attack-information sharing.
A UN resolution on surveillance proceeds, for now largely undiluted by Anglo-American objections.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Colombia, European Union, France, India, Indonesia, Iran, Israel, Japan, Republic of Korea, Netherlands, Palestinian Territories, Syria, Taiwan, Thailand, Tunisia, Turkey, United Kingdom, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
UWI's 'Stop Iran' Initiative Hit by Cyber-Attack (Arutz Sheva) Successful 'Stop Iran' petition site targeted in internationally coordinated cyber-attack, 1 year after UWI Pillar of Defense site attacked
370 Israeli Websites Hacked and Defaced by CapoO_TunisiAnoO in Support of Palestine (Hack Read) The famous Tunisian hacker CapoO_TunisiAnoO is back in news by hacking and defacing 370 Israeli websites in support of Palestine. Hacker has left different deface pages with different messages on all sites hacked between 21st Nov to 24th Nov 2013
Protest Against Spying: Indonesian Gantengers Crew Hacks Australian National University Domain (Hack Read) Indonesian based hackers from Gantengers Crew has hacked and defaced an official sub-domain of Australian National University today against Australian spying activities over Indonesian government as reveled by NSA's whistleblower Edward Snowden. The targeted domain belongs to Australian National University's Deepening Histories of Place Project, which is now displaying a deface page along with a message
Z Company Hacking Crew Defaces 2 'Billabong International' Domains against Drone Strikes in Pakistan (Hack Read) The online hacktivists from Z Company Hacking Crew (ZHC) have hacked and defaced 2 official sub-domains of Australian based Billabong International Limited against drone CIA led drone strikes over Pakistani soil. Z Company hackers have left a deface page along with a message on both hacked domains against NATO and drone strikes on Pakistan
Pakistani hacker hacks and defaces official India's Armed Forces Tribunal Website (Hack Read) A breaking news where the official website of India's Armed Forces Tribunal (Regional Bench Jaipur) has been hacked and defaced by a Pakistani hacker
Indonesian Hacker Defaces Fairfield Police, NJ and Jasper County Police, IN Websites (Hack Read) An Indonesian hacker going with the handle of Maniak k4sur has hacked and defaced the official website of Fairfield Police Department, NJ and Jasper County Police, IN websites
New York State Government Sub-Domain Hacked by Indonesian Hacker (Hack Read) An Indonesian hacker going with the handle of Jje Incovers has hacked and defaced a sub-domain of New York State Government information portal. The defaced domain belongs to Hudson River Valley Greenway which is now displying a .txt deface page uploaded by the hacker with a simple note. However, the reason for targeting Hudson River Valley was not mentioned anywhere
RedHack Hackers Post Apology on PM's Behalf on Website of Political Party (Softpedia) Just as the 14 individuals suspected of being involved with RedHack and Anonymous were presented before the Ankara Courthouse, RedHack hackers were busy breaching the official website of Turkey's Justice and Development Party
FARC–EP Calls to Arrange Campaign vs. US Military Bases (Prensa Latina) The Revolutionary Armed Forces of Colombia-People''s Army (FARC-EP) described as urgent and a necessary task the arrangement of a campaign in all Latin America and Caribbean countries against U.S. military bases
Large–scale net traffic misdirections and MitM attacks detected (Help Net Security) Man-In-the-Middle BGP route hijacking attacks are becoming regular occurrences, but it's still impossible to tell who is behind them, and what their ultimate goal is, warns Jim Cowie, co-founder and CTO of Internet intelligence company Renesys
Aussies hit in global 'man–in–the–middle' hacking scam (News.com) Australians have been caught up in a new international hacking scam that has repeatedly diverted all of the internet traffic for companies and organisations through suspicious locations in Europe
Inside The Clever Hack That Fooled The AP And Caused The DOW To Drop 150 Points (Business Insider) Back in April, agents of the Syrian Electronic Army took control of the Associated Pressofficial Twitter account and punched out a single tweet
China's Cyber War (Newsweek) For more than a decade, a relentless campaign by China to steal valuable, confidential information from U.S. corporations flourished with barely a peep from Washington. And now it might never be stopped
Chinese Hackers Seen Exploiting Cloud to Spy on U.S. (Bloomberg) China-based hackers may target Internet-based e-mail, data storage and other services provided overseas by such companies as Microsoft Corp. (MSFT) to spy on the U.S., a congressional commission found
Chinese hackers spying on American cloud (PCWorld) With the National Security Agency spying on pretty much everyone inside and out of this country, we can't be too surprised, or offended, to find out that other countries are spying on us
Pre–Hacked Electronics Come Straight From China's Factories (Epoch Times) A simple tea kettle could open the door to cyber crime in one's own home
In Securing Your Supply Chain, Don't Forget To Lock The Back Door (Manufacturing Business Technology) Over time, business has gotten a lot smarter when it comes to protecting enterprise technology from the hackers and viruses that are constantly fighting to get in
EU Parliament investigating hacking of MEPs' personal email (EurActiv) A Parliament spokesperson said the institution was concerned about how easily an anonymous hacker broke into MEPs' personal emails, as was revealed yesterday (21 November) by French investigative journal Mediapart
NSA infected 50,000 computer networks with malicious software (NRC Handelsblad) The American intelligence service — NSA — infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA–employee Edward Snowden and seen by this newspaper, prove this
Facebook reveals friends list even when it's set to private (Naked Security) Don't want the entire Facebook–using and –abusing population to see your friends list? You can always change the setting to private — a setting labeled, for some strange reason, "only me", chosen in response to the "who can see your friends list?" setting. Fat lot of good it will do you, though
LG caught red-handed spying on viewers via Smart TVs (FierceBigData) Jason Huntley, U.K. ICT consultant, accidently discovered his LG Smart TV was sending extensive information about his viewing habits to the Korean manufacturer. He gives a full account of the unsettling details in his DoctorBeet's Blog. Readers should consider carefully what this means to them beyond using LG or other brands of Smart TVs
LG decides its TVs *don't* steal personal information — "viewing info" isn't personal (Naked Security) Last week, we wrote about how a UK blogger named DoctorBeet became suspicious that his LG Smart TV was phoning home with more information about his use of the TV than he might have liked
Personalized ads no excuse for privacy invasion, no benefit to consumers (FierceBigData) According to big corporations, personalized ads are a 'must have' for consumers. Therefore everything must be done--everything--to meet that demand as fast as possible. What a load of bull
Tech experts: HealthCare.gov not secure (FierceHealthIT) At a Nov. 19 hearing of the House Committee on Science, Space, and Technology, four technology experts--including two university representatives--all testified that they thought HealthCare.gov was not a secure website, Reuters reported. What's more, three of the four experts said they thought that the site should be shut down until it is secure
Report highlights several security issues within HealthCare.gov (CSO) TrustedSec report cites vulnerabilities including open redirection, XML injection
Vermont reports privacy violation on health care exchange (ZDNet) A single consumer received a copy of his application from an unknown third party
Thousands of California doctors impacted in Anthem breach (SC Magazine) Thousands of doctors at Anthem Blue Cross of California are being notified that their personal information was mistakenly posted online
Redwood Memorial Hospital Admits Data Breach (eSecurity Planet) 1,039 patients' personal information may have been exposed when an unencrypted thumb drive was lost
Faked LinkedIn job offers on the rise (USA Today) Social networks interconnect people with common interests in near real time on a global scale. That's the power of social media. And it's also a beacon to cyberscammers
Have you heard of the Happy Hour virus? (Naked Security) Vigilant Naked Security reader Betty Kann has alerted us to an online service that she felt security-conscious sysadmins ought to be made aware of
Racing Post website hacked, customer information stolen (Graham Cluley) Racing PostThe website of the Racing Post, a daily newspaper obssessed with horse racing, greyhound racing and other sports betting, has been hacked by criminals who managed to access customer information
Evernote tells some users to change their passwords. (Psst! It's Adobe's fault…) (Graham Cluley) EvernoteJust like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe
The importance of the User–Agent in the Botnets connections (Behind the Firewalls) The RFC 1945 says in the 10.15 section: "The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. Although it is not required, user agents should include this field with requests"
Asia Chats: Analyzing Information Controls and Privacy in Asian Messaging Applications (Citizen Lab) Across Asia, a new class of instant messaging (IM) mobile applications are rapidly growing in popularity and amassing enormous user bases. These applications encompass more than text, voice, and video chat as they offer social networking platforms that include expressive emoticons and stickers (known as "emoji"), photo and video sharing, e-commerce, gaming, and other features that provide a more sophisticated user experience than previous generations of IM clients
CryptoLocker Could Herald Rise Of More Sophisticated Ransomware (Dark Reading) A smarter approach to encryption is what separates CryptoLocker from other ransomware — but that might not last long
How to fight back against CryptoLocker (ComputerWorld) As early as 2007, if not earlier, Windows users encountered the very first rogue antivirus programs. Even today, end users are easily fooled by this vicious type of malware
Security Patches, Mitigations, and Software Updates
Secunia fixes PSI to work with Windows 8.1 and IE11 (Info World) Secunia has just released an update to its popular Personal Software Inspector that works with IE11 on any version of Windows
Cyber Trends
Large Organizations Need Open Security Intelligence Standards and Technologies (NetworkWorld) Enterprises want choices, integration, and specific types of data feeds. Will vendors acquiesce
Data Breaches May Be Worse Than Reported (Baseline Magazine) Despite the growing awareness of cyber-attacks and the increasingly sophisticated tools and technologies available to combat data breaches, the problem is getting worse. What's more, organizations face steep challenges in dealing with cyber-attacks, and many are underreporting incidents, according to a recently released research report from ThreatTrack
Under pressure: Most hospital CIOs have knowingly launched error–filled projects (FierceHealthIT) A majority of hospital CIOs said they have felt pressure at one time or another to continue launching a project that was not ready for go live, according to new survey results published this week
Only half of healthcare IT pros use formal risk assessments (Help Net Security) Tripwire and the Ponemon Institute evaluated the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. One hundred seventeen health and pharmaceutical sector respondents from the U.S. and U.K. participated in the healthcare portion of the survey
The risks of having a false sense of security (Help Net Security) Organizations are overwhelmingly confident in their readiness to combat security threats, but may not be prepared for dangers linked to new technology models and increasingly sophisticated threats, according to CompTIA
Post Prism: The new meaning of spyware (BBC) It may not just be the cybercriminals accessing your computer. If you thought you were pretty clever knowing that spyware refers to pieces of malicious code put on computers in order for cybercriminals to steal your passwords and other IDs, think again
'Big data, mobility threats too complex for one company to handle' (Business Standard) US-based Verizon projected that the dynamic nature of breaches will lead to a rise in spendings by firms on cyber security
Survey: Most Europeans fear cybercrime but fewer take security measures (CSO) Half of those surveyed have not changed online passwords in the past year
Cyber–attack at a major port could cost $1 billion per day (GSN) At a time when the nation's infrastructure faces a growing threat from cyber-attacks, maritime and homeland security officials say they are making significant progress in protecting the nation's ports, which handle more than 2 billion metric tons of cargo annually and are critical to the global economy
SMBs need help to better understand cyber attack threats (TechDay) Many SMBs are potentially putting their organisations at risk because of uncertainty about the state of their security and threats faced from cyber attacks
Cyber attacks — up close and personal (Computing) Absolute security is an absolute impossibility - and getting more impossible by the year
The Danger Of Laissez–Faire Security Attitudes (TechCrunch) A door lock does not have the same status as a modern, wall-mounted television or a couch from a world-class designer. It's not like you invite a friend over to check out the new double bolt on the front door: "Hey, you should come by and check out my new door lock! I also bought a new television and a couch, but forget that. This new door lock is awesome!" But if you did buy that $2,000
Marketplace
Case, Cleveland Clinic and University Hospitals team up for data–sharing venture (Crain's Cleveland Business) Case Western Reserve University, the Cleveland Clinic and University Hospitals have launched a venture designed to allow scientists and physicians from the three health care powerhouses to share clinical data that could be used to improve patient care
Surveillance as a Business Model (Schneier on Security) Google recently announced that it would start including individual users' names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached--without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website
BlackBerry's executive exodus: Three more depart in management shakeup (VentureBeat) Ailing smartphone maker BlackBerry announced a slew of management changes on Monday morning
Products, Services, and Solutions
Twitter upping security to thwart government hacking (C/Net) The microblogging site adds a new security measure designed to make it harder for organizations like the National Security Agency to uncover its data
Technologies, Techniques, and Standards
Simulated attacks on electrical grid show strengths, weaknesses in system (Foster's Daily Democrat) Rolling blackouts, widespread power outages, damaged infrastructure and hijacked substations. These were just some of the scenarios that bulk-power companies throughout North America were dealt in a recent 48-hour mock security exercise known as GridEx II
NTRU public key crypto released to open source community (Help Net Security) RSA and ECC are the two most common public-key crypto systems in use today. At the 2013 Black Hat conference, researchers declared that the math for cracking encryption algorithms could soon become so efficient that it will render the RSA crypto algorithm obsolete. Coupled with the recent NSA tampering allegations on ECC, this mistrust could set up a "cryptopocalypse" with organizations scrambling to retrofit systems with new, yet trusted, public-key crypto systems. Today, Security Innovation announced the availability of NTRU crypto for free use in open source software
How certificate pinning improves certificate authority security (SearchSecurity) I saw that Microsoft is going to include something called certificate pinning in version 4.0 of its EMET tool. EMET is already in use at my company, but I'm curious if you could describe what certificate pinning is and the potential benefits? And how can we use EMET for certificate pinning
From 1,024– to 2,048–bit: The security effect of encryption key length (SearchSecurity) Google is changing the length of its encryption keys from 1,024-bit to 2,048-bit, including the root certificates that sign all SSL certificates. What are the practical effects of such a switch from a security perspective, including how enterprises can plan for the switch
'Honey pot' utility trap lures hackers in show of cyberthreats (EE News) The small city water company in Arnold, Mo., went online last November. Seventeen hours later, a hacker using the SHODAN attack search engine had identified and penetrated an internal computer address leading to the control system that operated the pumps at the heart of Arnold's operation
Unofficial guide to Tor: Really private browsing (Help Net Security) The issue of privacy on the Internet has long been a difficult one: there are a lot of good reasons that you might be leery of strangers reading your emails or spying on the websites you visit
DISA's EOC Shines at Annual Cyber Flag Exercises (Federal News Radio) The Defense Information Systems Agency's new Enterprise Operations Center played a big role in the 3rd annual U.S. Cyber Command-sponsored joint exercise Cyber Flag 14-1 The training exercise was held at Nellis Air Force Base the first week in November
At AppSec USA, A Call For Continuous Monitoring (Dark Reading) Speakers, experts at AppSec conference say periodic scanning for application vulnerabilities is no longer enough
Design and Innovation
The Internet of Things, Unplugged and Untethered (Technology Review) A startup called Iotera wants to let you track your pets, your kids, or your belongings without relying on commercial wireless networks
Emerging Central And Eastern European Startups Showcased At How To Web (TechCrunch) I went to an event last week that exemplifies the enormous sea-change in tech startups that is sweeping across the Central and Eastern European region. I'll be writing about this more depth in due course. For now, suffice it to say that there is a real explosion occurring. Startups from all over the CEE region are now exhibiting or entering startup competitions in multiple locations
Half an operating system: The triumph and tragedy of OS/2 (Ars Technica) IBM doesn't make consumer, desktop operating systems anymore for a reason
Research and Development
The internet mystery that has the world baffled (The Telegraph) For the past two years, a mysterious online organisation has been setting the world's finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301
Legislation, Policy, and Regulation
UN surveillance resolution goes ahead despite attempts to dilute language (Jopurnal of Law and Cyber Warfare) The US, UK and their close intelligence partners have largely failed in their efforts to water down a United Nations draft resolution expressing deep concern about "unlawful or arbitrary" surveillance and calling for protection for the privacy of citizens worldwide
Spooky silence until next Snowden bomb (Sydney Morning Herald) The ability of American whistleblower Edward Snowden to poach the Western intelligence community's most explosive secrets while working as a government contractor in Hawaii has left security experts around the world gobsmacked
House intel bill adds $75 million to NSA budget to stop future Snowdens (Ars Technica) Senate version also adds money to NSA's budget to stop "insider threat"
NSA deputy director skeptical on sharing data with FBI and others (The Guardian) John Inglis appears at University of Pennsylvania to argue legality of bulk surveillance and indicates stance on Feinstein bill
New Document Shows NSA Wanted More, More, More Power (TIME) A 2012 strategy paper says U.S. laws inadequate to meet agency's needs
Snowden and His Fellow Fantasists (Wall Street Journal) Declassified NSA documents disprove his claim that he could legally wiretap anyone
Why the U.S. needs a cyber doctrine (USA Today) How will the United States lead in this new era of cyber technologies
Zuckerberg: Government 'blew it' on data collection (Politico) Facebook co-founder and CEO Mark Zuckerberg says the government "really blew it" on the surveillance tactics used by the National Security Agency
NSA Chief Offered to Resign After Leaks (Government Executive) According to an National Security Agency official quoted by The Wall Street Journal, recent leaks have been "cataclysmic" for the organization and forced a large-scale reevaluation of its policies. They were so devastating that Gen. Keith Alexander offered to resign from his position as head of the NSA after Snowden came forward about the agency's domestic surveillance
Beijing hits back at US: Don't you DARE blame China for collapse of duty–free IT talks (The Register) Irate commerce minister: 'US is unwilling to make any concessions'
India Debates Establishing Cyber Command (DefenseNews) Top India military commanders meeting here have discussed establishing an independent Cyber Command. Addressing the Combined Commanders Nov. 22, Indian Prime Minister Manmohan Singh highlighted the need for developing capacities to counter what he described as "global surveillance operation"
Meet the man who'll TAKE OVER if UK faces CYBER ATTACK (The Register) Chris Gibson to head up UK's national Computer Emergency Response Team
President's tech council plays sad trombone for federal cybersecurity (Ars Technica) Report finds that government "rarely follows accepted best practices"
Arms regulations urged for internet surveillance systems (Engineering and Technology Magazine) New arms sale regulations urgently need to be introduced to clamp down on the export of electronic surveillance technology similar to that used in the highly controversial monitoring by GCHQ, a Labour MP has claimed
Increased space, cyber threats top concerns for AF Space Command (Air Force News Service) There are increased threats to the Air Force's space and cyber capabilities, said an Air Force senior leader during Air Force Association's 2013 Pacific Air & Space Symposium, Nov. 21
Google's Vint Cerf to FTC: "Privacy may actually be an anomaly" (FierceBigData) Google's chief internet evangelist, Vint Cerf said in a speech given before the Federal Trade Commission (FTC) last week that "privacy may actually be an anomaly." Apparently he doesn't think privacy a basic human right, but rather an "anomaly" created by the industrial revolution. Therefore, reverting to a state of no privacy at all for citizens might be a natural thing. Though his argument sounds convincing, his premise is completely wrong
Litigation, Investigation, and Law Enforcement
Leaker Snowden asked for more dirt (The West Australian) Indonesian politicians plan to quiz former US National Security Agency contractor Edward Snowden in Russia about revelations Australia tapped the phone of President Susilo Bambang Yudhoyono
Internet security chief lashes out at Snowden, calls him a criminal (Times of India) Internet Security Alliance (ISA) chief Larry Clinton, in an interview with TOI on Friday, lashed out at whistleblower Edward Snowden, calling him a "criminal who must be prosecuted". He compared Snowden's actions to instances of Mahatma Gandhi 'breaking the law' and said that what Snowden did was not honourable
Lavabit Strikes Back at Feds in Key Internet Privacy Case (Wired) Lawyers for secure email provider Lavabit just filed the reply brief in a case that will determine whether an internet company can be compelled to turn over the master encryption keys for its entire system to facilitate court-approved surveillance on a single user
Judge Appears Receptive to Critics of NSA's Collection of Phone Data (Wall Street Journal) A federal judge on Friday appeared receptive to the idea that Americans enjoy some level of privacy in their phone records, in the first court challenge to the National Security Agency's bulk collection of data from telecommunications companies. The U.S. Supreme Court held in 1979 that Americans have no expectation of privacy in who they are calling, because they knowingly give that information to phone companies
How BYOD Puts Everyone at Legal Risk (CIO) If your BYOD policy goes too far, you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD
Commentary: Sir Bernard Hogan—Howe on new cybercrime push (London Evening Standard) Over the next month more Londoners than ever before will go online and take part in what retailers hope will be a £10 billion Christmas internet spending spree. The world wide web has given consumers an unprecedented opportunity to conduct our shopping, banking and other financial activities
Newegg trial: Crypto legend takes the stand, goes for knockout patent punch (Ars Technica) Taking a bet on Whit Diffie, as the trial against "patent troll" TQP wraps up Monday
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
New Resources to Grow Cyber Security Companies in Maryland (Rockville, Maryland, USA, Nov 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program for qualified Maryland cybersecurity companies (QMCC). The Maryland Department of Business & Economic Development (DBED) will begin accepting applications from QMCC on December 9 - so now is the time to apply to be eligible for a portion of the $3 million program that offers a refundable tax credit to QMCC that seek and secure investment from in-state or out-of-state investors. Information will also be available regarding the Maryland Employer Security Clearance Cost (ESCC) Tax Credit for security clearance administrative expenses, SCIF costs and first year leasing and get the latest update on the new National Cybersecurity Center of Excellence at NIST.
Oil and Gas Cyber Security 2013 (London, England, UK, Nov 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their 3rd annual Oil and Gas Cyber Security 2013 conference.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
DefCamp 2013 (Bucharest, Romania, Nov 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public representatives in the high energy atmosphere of Bucharest, Romania.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.