The CyberWire Daily Briefing for 2.4.2013
On Friday Twitter detected unauthorized attempts to access account data. The attack affects some 250,000 users, exposing passwords, usernames, email addresses, and session tokens. Twitter has notified users and is restoring their service. No attribution yet, but note that Twitter is a new media company.
Chinese intrusion into US media networks looks bigger than suspected, with the Washington Post joining the New York Times and the Wall Street Journal among the victims. The campaign's success shows the limitations of signature-based anti-virus products in particular, but also shows that users who rely on anti-virus software alone are dangerously naive. Google describes its own experience with Chinese cyber attacks and takes that nation's government publicly to task as an "IT menace." The US Government weighs options for confronting China.
The Chrome Web Store contains some malicious extensions being promoted on Facebook. A spam campaign spoofing Booking.com warning emails carries a malware payload. Old (but still used) versions of Juniper's Junos OS are vulnerable to TCP flaws. The Citadel Trojan moves from its original banking targets to government and commercial victims. Oracle tries to address Java insecurity with a new patch (but Apple blocks Java on its OS anyway).
Rapidly "morphing" malware, designed specifically to evade signature-based defenses, is expected to become more widespread. The criminal economy now offers sophisticated development services that enable more capable and difficult-to-thwart exploits. Such crimeware is beginning to eclipse venerable social engineering techniques.
Google establishes an innovation fund in France. Fujitsu offers a new data transfer protocol.
Notes.
Today's issue includes events affecting Canada, China, European Union, France, Iceland, India, Israel, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Questions and answers about the Twitter hack (Naked Security) Everything you need to know about the Twitter hack, and how you should respond to it - in simple English
Twitter Hit by Cyber Attack (Voice of America) Social media giant Twitter says it was hacked this week, in a sophisticated cyber attack that exposed the passwords and other information of about 250,000 users. The company said in a blog post Friday that it had detected unauthorized attempts to gain
Malicious Chrome extensions promoted via Facebook (Help Net Security) Malicious Chrome extensions are lurking on the official Chrome Web Store, warns Kaspersky Lab Expert Fabio Assolini, and the campaign for leading users to them starts on Facebook
Fake Booking.com warning leads to tons of malware (Help Net Security) A massive spam campaign impersonating the popular online hotel reservations agency Booking.com is underway, trying to convince recipients to download a document supposedly containing booking details
Juniper's Junos Could Open Routers to TCP Attacks (Threatpost) Some systems running older versions of Juniper Networks' Junos OS software could be vulnerable to a transmission control protocol (TCP) flaw that can enable a hacker to crash and reboot certain routers
Citadel Trojan: It's Not Just for Banking Fraud Anymore (Threatpost) Banking malware has primarily been just that, an attack tool used against financial institutions to steal money from online bank accounts. But what if cybercrime gangs decided to flip that on its head, and use malware such as the Citadel banking Trojan to steal credentials from not only banks, but government agencies and commercial businesses
Oracle admits to security problems with Java in browsers (Fierce CIO: TechWatch) Oracle has finally admitted to security issues with its Java web browser plug-ins, acknowledging in a blog post late last week that users may have been "frustrated with Oracle's relative silence on the issue." The widely deployed platform has been hit recently with a rapid-fire string of security flaws that has resulted in calls from various security vendors for companies to uninstall Java for browsers
Source: Washington Post Also Broadly Infiltrated By Chinese Hackers in 2012 (KrebsonSecurity) The Washington Post was among several major U.S. newspapers that spent much of 2012 trying to untangle its newsroom computer networks from a Web of malicious software thought to have been planted by Chinese cyberspies, according to a former information technology employee at the paper. On Jan. 30, The New York Times disclosed that Chinese hackers had persistently attacked the Gray Lady, infiltrating its computer systems and getting passwords for its reporters and other employees. The Times said that the timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, Chinas prime minister, had accumulated a fortune worth several billion dollars through business dealings
It's time to overhaul our anti-malware defenses (Fierce CIO: TechWatch) Hackers based in China have allegedly broken into the networks of the New York Times, and separately, the Wall Street Journal. In the case of the former, security experts hired to investigate the break-ins found clues that point to the attack being the work of a state-sponsored hit team. According to investigators, these hackers were trying to find the names of those who provided information for a report that placed China's prime minister in a negative light. You can read more about the story here. What caught my attention though, was how 45 different pieces of malware code were apparently used to help the hackers worm their way further into the network. This happened despite the presence of Symantec anti-virus defenses, which were only able to identify and quarantine just one of the deployed malware
New York Times hacking revelations shed new light on China cybercrime (Guardian) Revelations that China apparently targeted the New York Times in a campaign of cyber-espionage have cast a rare spotlight on attempts by Beijing to crack down on any criticism of its ruling elite. The move, which was detected and then monitored by the Times's digital staff, is believed to have been linked to the newspaper's hard-hitting October expos on the vast wealth accumulated by the family of leading communist and outgoing premier Wen Jiabao. Government officials in Beijing have vehemently denied the allegations, though that has prompted scepticism among New York Times executives who devoted long weeks to tracking, checking and ultimately exposing the move
Why Antivirus Software Didn't Save The New York Times From Hackers (Huffington Post) There is a booming industry that sells computer security products to consumers and businesses. But antivirus companies have a problem: Their software often can't prevent hackers from breaking into your computer and snooping around. The New York Times was the latest victim to discover the limitations of antivirus software
Hacking the Old Gray Lady (Slate) The Chinese attack against the New York Times worked to perfection. Journalists are on notice. If you investigate the Chinese government, Chinese hackers will come after you. That's what you should conclude from the New York Times' disclosure that it was hacked for four months by attackers it suspects were associated with the Chinese military. The likely motive, the Times says, was retaliation against the paper for its investigation into the wealth amassed by the family of Wen Jiabao, China's prime minister. But this wasn't the first time Chinese hackers attacked journalists. They infiltrated Bloomberg News last year, the Times reports. They've also gone after the Associated Press, the Wall Street Journal, and other Western news organizations
Google CEO Eric Schmidt Rips China Calling Country an 'IT Menace' (Hot Hardware) Google's Eric Schmidt has written a book in collaboration with fellow Googler Jared Cohen called The New Digital Age, and the Wall Street Journal has been reviewing it and pulled out some interesting bits to share. One of the prevailing themes of the work is that Schmidt sees China as an increasingly major problem in the cyber realm. That view is not at all surprising. China is a growing superpower, and China-based Huawei recently became the world's third-largest smartphone maker, behind only juggernauts Samsung and Apple, and its mobile Internet population is exploding. While China's reach has been growing, so has the scope of its threat to other nations. A U.S. Congressional panel deemed Huawei and ZTE (also a Chinese company) a threat to this country in terms of cyber espionage, and China is alarmingly restrictive on filtering and monitoring Internet usage within its borders
Why Most Companies Won't Admit They Were Hacked (TechNewsDaily) The New York Times, which today (Jan. 31) detailed a massive attack upon its computer systems, is certainly not the first U.S. company to be hit by hackers apparently working for Chinese interests. Hundreds of Western companies, organizations and government agencies have been attacked by hackers from China over the past five years. But the Times is among the few companies Google is another willing both to disclose details of the attack and to accuse Beijing of being behind it
Facebook Class Action email - it looks like a phish but it's the real deal (Naked Security) A number of you have asked about a Facebook-related email that's doing the rounds lately. It certainly has some of the hallmarks of a phish. But is it? And how can you tell
Problems with Israeli cellular networks not cyber-attack, says Pelephone (Haaretz) Problems with Israeli cellular networks not cyber-attack, says Pelephone. Problems with Pelephone network not due to cyber attack, company confirms, but isn't sure yet what the problem was
Security Patches, Mitigations, and Software Updates
Apple (again) washes its hands of the Java mess (Naked Security) Apple's thrown in the towel on the Java mess and has, for the second time in two weeks, blocked all versions of Java on OS X 10.6 (Snow Leopard) and later
Another Java update! Oracle brings Patch Tuesday forward to close in-the-wild hole (Naked Security) "Yet another Java update! Get it while it's hot." This update was planned for 19 Feb 2013. But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers"
Cyber Trends
Malware: The Next Generation (Dark Reading) Zero-day and rapidly-morphing malware is proliferating across the Web. Is your enterprise ready to stop it? If January is anything to go by, then 2013 should be another doozy of a year for malware-plagued businesses. The year started off with the exploitation of a previously unknown Java vulnerability -- a spot-on example of why malware attackers are so successful these days
Media, like critical infrastructure, need better security (CSO) With advanced persistent threats 'security is not longer a product…it's a process,' says expert. Recent Chinese cyberattacks on major U.S. news media shows that the security industry needs to speed up innovation and join the fight against what has become a national problem. The New York Times and The Wall Street Journal disclosed this week that Chinese hackers bent on stealing information pertaining to the newspapers' China coverage had cracked their computer systems. In the case of The Times, the hackers were looking to identify sources of a story on business dealings that enriched the relatives of China's prime minister, Wen Jiabao. The attempt was unsuccessful
Why you should care about cyber espionage (CSO) State-sponsored cyber threats generally don't target private businesses, but that doesn't mean they can't harm you or your company. Malware attacks have taken on new meaning over the last few years. Businesses and consumers are more or less used to the day-in and day-out of Trojans, phishing scams and such, but a new breed of much more complex and sophisticated threats has changed the game
War on terabytes - As banking has gone electronic, it has also become vulnerable (Economist) In THE dusty hills north of Madrid, in low-slung buildings guarded closely like bank vaults of old, are the rows of servers that run the far-flung banking empire of Santander, a big international bank. Ever since the 2001 attacks on the World Trade Centre, banks like Santander have invested billions in safeguarding and duplicating their data centres to protect them from terrorist attacks and natural disasters. The threat against banks has, however, evolved
Cybergangs embracing crimeware over social engineering (Help Net Security) The APWG reports that there was a constant decline in the number of traditional phishing websites through September 2012, counterfeits usually impersonating well-known financial services companies or
'4G will take the enterprise to places it didn't even know it could go,' says Ericsson official (Fierce Mobile IT) "4G will take the enterprise to places it didn't even know it could go," said L. Ken Durand, vice president of business development for solution access media at Ericsson (NYSE: ERIC), during a panel discussion held on Wednesday at the ITExpo East being held here in Miami. Durand explained that the 4G LTE network will make it "far simpler" for employees to move large amounts of data to cloud storage services, raising data security risks for the enterprise
Indian smartphone users are gobbling up mobile data (Quartz) Blame the country's frequent electricity blackouts. As smartphones get cheaper, Indians are increasingly using their phones as home entertainment centers. And that means the country's 44 million smartphone users are gobbling up internet data. (There are many more users of older cell phones on top of that.
Federated single sign-on to dominate by 2016 (Help Net Security) A well-executed single sign-on (SSO) strategy reduces password-related support incidents and provides users with improved convenience and more-efficient authentication processes, according to Gartner
Marketplace
CEO Linda Hudson Stresses Impact of Sequestration in Letter to BAE Systems Employees (ExecutiveBix) In a letter to the employees of BAE Systems, CEO Linda Hudson warned the upcoming sequester could have a large potential impact on the aerospace and defense industry
GTRI Names Steve Foster COO, Glenn Smith President In Reorganization (Govconwire) GTRI has appointed information technology executive Steve Foster chief operating officer as part of a reorganization effort aimed at increasing transparency for business functions in its 2013 roadmap. Glenn Smith, the company's current COO, will assume the role of president and also be responsible for marketing and partner management, GTRI said
DigitalGlobe, GeoEye Complete Merger (Govconwire) DigitalGlobe (NYSE: DGI) and (NASDAQ: GEOY) have completed their $900 million cash-and-stock merger, DigitalGlobe said Thursday. Both companies announced the transaction in July 2012, saying they are aiming to grow in the commercial and international markets and depend less on the U.S. government for revenue. "I look forward to working closely with our board of directors
Exelis Completes Comm Software Firm Buy (Govconwire) ITT Exelis (NYSE: XLS) has completed its acquisition of Australia-based communications software firm C4i Ltd. for $16.8 million, Exelis said Thursday. Exelis will integrate C4i into its information systems business area and does not expect the transaction to materially affect its 2012 fiscal year results or its results for first quarter 2013. C4i, headquartered in Melbourne
CRGT makes third acquisition in three years (Washington Post) Reston-based technology contractor CRGT, backed by private-equity firm Veritas Capital, made its latest purchase last month in Herndon-based Guident Technologies, the company's third buy in less than three years. The purchase is one indication of how Veritas, one of the more active private-equity companies in the contracting industry, is reshaping what was a small defense-focused IT business. CRGT now has seven times the employees it had in 2008, and it has rights to offer services under two dozen contracting programs
How Capitalism Changed Facebook's 'Hacker Way' (Wired) At Facebook's ninth anniversary, it looks like going public has actually made the social network more hacker-ish and aggressive
Products, Services, and Solutions
StormFly Wants To Childproof Your Computer With Its Ubuntu-Booting USB Bracelet (TechCrunch) When I was but a wee lad, I hosed my share of family computers simply because I wanted to help out — once I tried to free up space on a 6GB hard drive by deleting anything larger than 1MB. You can imagine how well that played out
Dotcom Offers 10,000 Euro Reward For Breaking Mega's Crypto (Threatpost) MegaOf all the problems that entrepreneur Kim Dotcom has faced in the last decade, including several arrests, insider trading charges and even a raid on his New Zealand home involving black helicopters and dozens of agents in body armor, the criticism of the cryptography employed by his new Mega cloud-storage service would seem to be fairly low on the list. However, Dotcom is taking that criticism rather personally, if the €10,000 reward he's offering to anyone who can break the service's crypto is any indication
HP to scale up TippingPoint network security with SDN (CSO) The company's Sentinel software would run on an SDN controller and tap into TippingPoint's intelligence. Hewlett-Packard plans to use its recently announced SDN controller to distribute its TippingPoint intrusion prevention system across networks, overcoming the scale limitations of dedicated appliances
Woman says her iPhone suddenly overheated and melted. It's not the first time (Quartz) content
Facebook is turning facial recognition back on - so here's how to check your "photo tagging" settings (Naked Security) Facebook is turning its controversial facial recognition feature back on so that your "friends" can tag you more easily in photographs. Now would be a good time to revisit your photo tagging security settings - here's how
UnboundID releases new identity data platform (Help Net Security) UnboundID released cersion 4.0 of the UnboundID Identity Data Platform, providing data unification, new levels of security, and real-time scalability to manage identity data. With the rapid growth
ESET releases Mac security products (Help Net Security) ESET launched new products for the OS X platform: ESET Cyber Security Pro and ESET Cyber Security. According to a recent Macworld magazine poll, only half of Mac users employ antivirus software
IE 10 is more secure, so here's a Microsoft tool to prevent you updating by mistake (Naked Security) Ironically, Microsoft is making sure that as soon as IE 10 is ready on Windows 7, you're already ready to avoid it. A sort-of "lesser of two evils" solution for change control conservatives
Technologies, Techniques, and Standards
Tech Insight: How To Build An IT Security Budget (Dark Reading) For most security professionals, building a budget is unfamiliar territory. Here are a few tips to help you navigate
NTIA may reconsider .us registration policies (Fierce Government IT) The NTIA requires registrants have a connection--a "U.S. nexus"--with America, such as a bona fide presence or residence. Current policy also prohibits private registration, requiring registrant contact info to be listed in the WHOIS database. The .us suffix has gained little online traction, having a market share within the United States smaller than .info, according to data from Webhosting.info
Is The Government Telling The Truth When It Says Your Data Is Secure? (TechCrunch) Modern encryption systems are, in theory, exceptionally secure. The Advanced Encryption Standard, for example, is so sophisticated that all known attacks are considered computationally infeasible. It is no surprise then, that the NSA
Is it Really an Attack? (Internet Storm Center) In today's world, compromised systems as well as attacks and probes against our networks are sadly becoming the norm. Because of this, when we see network traffic that violates "normal" behavior, our first reaction is that someone is doing reconnaissance, we have been compromised or we are under attack. We all want to be proactive and stop the activity, but we also don't want to become the "Boy who cried wolf". Sometimes the traffic can be outside of what is "normal" but be completely legitimate traffic. Taking a deep breath and remaining calm while doing the analysis is important. Ask yourself if the traffic could have a legitimate purpose. Here are a couple of examples of products that generate traffic that appears threatening, but really are the normal behavior of the system
Don't Fire An Employee And Leave Them In Charge Of The Corporate Twitter Account (Forbes) Yesterday HMV, the beleaguered British entertainment retailer, laid off 190 employees, in an effort to cut costs and right its balance sheet. The company apparently pulled a large group into human resources and gave them the bad news. While this was going on, one employee, Poppy Rose, who had been an HMV community manager and thus had access to the corporate Twitter account, started live tweeting about the layoffs
Information risks in the enterprise (Help Net Security) Ian Whiting is the CEO Titania, a developer of security auditing and testing software. In this interview he discusses managing information-related risks in the enterprise, Titania Labs free tools
Design and Innovation
How To Say No, And Other Tips From Inside SRI's Venture Process (TechCrunch) What have we learned over more than 65 years of invention and commercialization? There are several specific ways in which our venture processes stand in contrast to what is in vogue today. These are lessons that anyone in the business of innovation should
Google plays nice with French media, creates 82 million dollar innovation fund (Ars Technica) Company will also work with publishers to gain more revenue from Google ad tech
Research and Development
Fujitsu unveils new data transfer protocol (Fierce CIO: TechWatch) Fujitsu says it has developed a new data transfer protocol that is 30 times faster than the commonly used TCP protocol. The proprietary protocol is based on UDP, but adds the ability to distinguish between packets that are dropped or simply haven't arrived at the destination. Integrated control technology also measures UDP transmissions in real time to ensure that they don't overwhelm standard TCP data packets
Legislation, Policy, and Regulation
Cyber Europe 2012 revealed national and international cyber attack response holes (Fierce Government IT) An October 2012 pan-European cyber exercise involving a conjectured distributed denial of service attack showed that some of the 25 nations participating experienced challenges in crisis management decision making "even though that was not part of the exercise objectives," says a European Network and Information Security Agency report
Eshoo promises legislation if FCC loses net neutrality court case (Fierce Government IT) Should the court overturn the FCC's rules, I'll be prepared to introduce legislation clarifying the Commission's authority to ensure a free and open Internet, while preventing the use of Internet fast lanes or other discriminatory rules," said Rep. Anna Eshoo (D-Calif.) in a Jan. 24 keynote speech before the annual State of the Net conference sponsored by the bipartisan Congressional Internet Caucus
US weighs tougher action over China cyberattacks (Yahoo) High-level talks with the Chinese government to address persistent cyberattacks against U.S. companies and government agencies haven't worked, so officials say the Obama administration is now considering a range of actions. China-based hackers have long been an economic and national security concern, but as cybersecurity experts report an increase in attacks, U.S. leaders are looking at ways to better address the threat and analyze its impact. Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem
Cyber Jihad Fatwas to Hack and Use Malicious Acts (Right Side News) Leading Mainstream And Jihadi Sheikhs Issue Fatwas Beginning In 2000 Allowing Hacking And Other Forms Of Online Attacks Providing Religious Justification For Today's Era Of Cyber Jihad Over the past year, there have been thousands of high-profile hacking attacks against important websites, including those of the FBI, the CIA, the Department of Homeland Security, the White House, the Justice Department, and other government websites, and banks throughout the world
Cyberwar, out of the shadows (Washington Post) A planned fivefold increase in the staff of the US Cyber Command is indicative of how conflict is moving toward center stage for the military
Broad Powers Seen For Obama In Cyberstrikes (New York Times) Cyberweaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow. Officials said that the new cyberpolicies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyberweapons
Internet Users, Tech Companies Beware: Son of SOPA Lives (Breitbart) In January 2012, the online world was ablaze with news that Congress was taking up controversial legislation intended to address internet piracy, the Stop Online Piracy Act (SOPA), but which critics derided for giving the government even more powers to shut down content providers and force major online companies, such as Google, Yahoo and others to block content. The bill was introduced by then-House Judiciary Committee chairman Rep. Lamar Smith (R-TX), and had a number of prominent co-sponsors
Litigation, Investigation, and Law Enforcement
Chinese web company faked Microsoft patch to force download (The Register) China's government has slapped fast-growing Chinese web firm Qihoo with a warning for unfair competition, alleging the firm used its security software to trick users into downloading its browser. The warning(via TechInAsia), handed down last week, has been made public by Chinas State Administration for Industry and Commerce (SAIC). The Administration says Qihoo made it's popular free security software 360 Safeguard difficult to uninstall
Canadian Naval Officer Who Leaked Information to Russia Faces Life in Prison (Softpedia) On Friday, the sentencing hearing of former Canadian naval officer Sub-Lieutenant Jeffrey Paul Delisle is scheduled to end. The man, who admitted to selling secrets to Russia, could spend the rest of his life in prison. According to CBC Canada, Delisle is the first individual to be convicted under the countrys Security of Information Act.
Minister: Iceland Refused FBI Aid Over WikiLeaks (ABC News) Iceland's interior minister says he ordered the country's national police not to cooperate with FBI agents sent to investigate secret-busting site WikiLeaks and that it escalated into a diplomatic spat. Ogmundur Jonasson told The Associated Press that the FBI agents were sent to the country to interview an unidentified WikiLeaks associate in August of 2011. Jonasson's comments offered a rare glimpse into the workings of the U.S. investigation into WikiLeaks, a site which has repeatedly embarrassed Washington with spectacular releases of classified documents
Four House Democrats Hit Army's Battlefield Intel System (Washington Times) Four House Democrats are asking fellow party members to consider blocking funds for the Army's battlefield intelligence processor, citing the system's huge costs and failed operational tests
Here's What Google Does When the Government Wants Your Emails (Mashable) Google gets "dozens" of requests for users' information from governments, courts and police forces around the world every day, according to the company. These requests are up 70% over the last three years, but exactly how Google handles data demands from government agencies has been a mystery — until now
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.