The CyberWire Daily Briefing 12.27.13

Summary

By The CyberWire Staff

Affinity Gaming and TechMedia Network suffer data breaches in unrelated incidents. In both cases many customers' credit card data were exposed.

A senior Boeing executive says he shares the IATA's concerns about aircraft vulnerability to cyber attack. He highlights in particular the attack surface airliners present upon entering an airport, and sees this exposure as placing flight systems at risk.

A Raytheon executive writing in SC Magazine puts disturbingly high numbers on the cost of privileged user abuse to businesses, citing an unnamed energy company's $1B loss. He argues that privilege user accounts and activity should be routinely audited.

The story of Target's data breach has moved into its policy and litigation phases. US Senator Menendez (D-NJ) wants the Federal Trade Commission to "hold businesses accountable" for exposing consumer data, and disgruntled Target customers have thus far initiated some two dozen lawsuits.

Forbes reports on what another US Senator's (Rockefeller, D-WV) privacy hearings have turned up concerning data broker abuses: unscrupulous brokers have sold lists of alcoholics, rape victims, and others for targeted marketing.

Observers continue to mull the report recently rendered by the President's Review Group on Intelligence and Communications Technologies. Wired thinks the Review Group's recommendations could actually make call records more accessible to law enforcement. An essay in Foreign Policy sees poorly defined scope of conflict—in this case, the successor to the Global War on Terror—at the root of surveillance problems, and argues that an expansive view of potential enemies leads naturally to the Panopticon.

Notes.

Today's issue includes events affecting Malaysia, Netherlands, United Kingdom, and United States..

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

FloCon2014 (Charleston, South Carolina, USA, Jan 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.

cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, Jan 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.

Cybertech: Cyber Security Conference and Exhibition (, Jan 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

The CyberWire Daily Briefing for 12.27.2013