The CyberWire Daily Briefing for 2.8.2013
The US Federal Reserve still has little to say about the attack it sustained over the weekend. ZDNet reports that the attackers gained access to the St. Louis Fed's Emergency Communications System, and it quotes a security specialist familiar with the system who charges that, contrary to Fed denials, the data exposed are "absolutely rife with account details." CSO says that the Fed is, at the very least, off-message in resisting attack disclosure.
A new exploit kit, "Whitehole," is out on the black market. It packages five Java Runtime Environment exploits. D-Link routers are alleged to suffer from plaintext credential and unauthenticated OS command injection vulnerabilities. A new mobile phone number harvester is implicated in SMS spam.
In what we may read as a sign of the financial sector's security success against advanced threats, banking malware appears to be trending back to older, relatively primitive phishing techniques.
China's Xinhua news agency reacts to international suspicion of Chinese activities in cyberspace by claiming, plausibly but ultimately unpersuasively, that, hey, we're the real victims here.
PostureSQL fixes a vulnerability to denial-of-service attacks. Adobe patches Flash to close a hole that's being exploited in the wild. Microsoft previews patch Tuesday, announcing it will close fifty-seven vulnerabilities.
CSO offers breezy reviews of leading security companies with quick thumbs-up-or-down profiles. CSC reveals more of its M&A strategy: the firm intends to beef up its cyber and big data capabilities through acquisition.
Dark Reading discerns a cloud-driven security trend: identity access management is replacing perimeter security.
Notes.
Today's issue includes events affecting Belarus, China, European Union, Finland, Germany, Iran, Ireland, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Anger rises as Fed confirms Anonymous hack, downplays US bank emergency system breach (ZDNet) The Federal Reserve has confirmed Sunday's Anonymous hack; ZDNet has learned the exposed information is from thousands of Fed emergency system bank contacts. After Anonymous posted sensitive credentials of over 4,600 banking executives to a government Web site on Super Bowl Sunday, the Federal Reserve acknowledged the attack in a Tuesday morning statement to affected individuals and press
Fed stays secretive after Anonymous hack (CSO) Security experts ask if government won't share information, why should the private sector? U.S. government officials, from President Obama to the ranks of Congress, regularly claim they want voluntary, substantive sharing between the public and private sectors on cyberattacks, vulnerabilities and breaches. Given that, the Federal Reserve is not on message following a Super Bowl Sunday hack. The Fed acknowledged this week only what it had to -- that one of its websites had been breached on Super Bowl Sunday by a group calling itself OpLastResort, which is tied to the hacktivist collective Anonymous
Whitehole exploit kit in the spotlight (Help Net Security) The effectiveness of exploit kits has made them malware peddlers' preferred way of distributing their malicious wares. The Blackhole exploit kit is, by far, the most most used one, and has pretty much cornered the market at the moment, but there are other kits out there looking to challenge its supremacy. Among them is a new exploit kit that has been dubbed "Whitehole" by researchers for the simple reason of differentiating it from Blackhole. Whitehole employs exploits for five Java Runtime Environment vulnerabilities, and among them is also the recently patched zero-day (CVE-2013-0422) that has ben wreaking havoc last month, and exploits for which have been added both to the Blackhole and Cool exploit kit
Researcher Warns of D-Link Router Vulnerabilities (Threatpost) A combination of vulnerabilities in D-Link's DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device, according to German security researcher Michael Messner who publicly disclosed the flaw on his personal blog Monday
Mobile Phone Number Harvester Fuels SMS Spam (Threatpost) The latest version of a phone number harvesting tool offers its users the ability to trawl the public web and collect mobile phone numbers indexed on sites that ask visitors for them, according to a Webroot report
Banking malware goes back to basics (IT World) Financial malware authors are trying to evade new online banking security systems by returning to more traditional phishing-like credential stealing techniques, according to researchers from security firm Trusteer
Digital certificates and malware: a dangerous mix (Help Net Security) In the past few days we have heard several stories about major corporations getting hacked and their security systems completely bypassed. If anything, that should remind us of how vulnerable our data
Fake Amazon Kindle receipt leads to persistent malware (Help Net Security) Amazon customers buying e-books for their Kindle or other mobile devices should be careful with emails that seemingly containing receipts for their purchases, warns Webroot, as malware peddlers have
Facebook breaks the internet (Sydney Morning Herald) Facebook briefly broke parts of the internet on Friday with users unable to access websites. It appears the Facebook plugins found on thousands of web pages, which allow people to share or recommend articles, for example, were faulty. Those visiting websites including Fairfax news sites, BuzzFeed, The Huffington Post, The Washington Post, CNN and more were instead directed to a Facebook error page with a message saying "An error occurred
Ad network site hack results in popular sites flagged as malicious (Help Net Security) Google Chrome users trying to visit a slew of popular news sites such as the New York Times, the Washington Post, ZDNet and the Huffington Post on Monday were faced with pop-ups warning them that doing
Business is booming for exploits, mobile malware (Help Net Security) Business is thriving for exploits, mobile malware is still dominated by Android and Symbian, and botnets are back and retooled, according to a new threat report from F-Secure Labs
None of the 100 largest e-commerce sites have fully implemented DNSSEC (Help Net Security) The biggest brands in e-commerce are overlooking a critical security technology that could reduce the risk of identify theft and credit card fraud. An analysis of the 100 largest e-commerce compani
China threatened by overseas hackers (Xinhuanet) Recently foreign media have been hyping up "cyber attack from China" and the talk of a "Chinese hacking threat" is in the air. But it turns out that China is actually the real victim of cyber attacks, Xinhua reported, citing statistics from the National Computer Network Emergency Response Coordination Center of China (CNCERT/CC). The number of Internet users on the Chinese mainland keeps rising sharply, but Chinese users dont take net safety protection as seriously as do most western users
The Ultimate Invasion of Privacy (Slate) How a Chinese hacker used my private nickname, personal emails, and sensitive documents to try to blackmail me. In 2007, I opened an email from an unknown sender. The message greeted me by a nickname known only to family and close friends. I was in Shanghai, unwinding late at night after a long day, pleased to be contacted by someone familiar from across the Pacific. I figured someone close to me must have gotten a new email address. But the note was signed "Eric." I did not know an Eric
6 Reasons Hackers Would Want Energy Department Data (InformationWeek) In Department of Energy breach, what was driving attackers to steal employee data? Stuxnet revenge is one theory
George Bush's family emails hacked (Guardian) Investigation launched into how Guccifer posted photos and personal emails of ex-US president George HW Bush online. An investigation has been launched into how a hacker managed to access the email accounts of the former US president George HW Bush and members of his family
Iran Shows Video It Says Was Made By U.S. Drone (New York Times) In what Iran is calling a new demonstration of its military advances, state television has broadcast clips from what was described as encrypted video footage extracted from the camera of an unarmed American surveillance drone, which was seized in Iranian territory in December 2011
Security Patches, Mitigations, and Software Updates
PostgreSQL Patches DOS Vulnerability, Other Security Issues (Threatpost) PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service (DOS) vulnerability in addition to a slew of other security flaws
Adobe patches Flash - heads off in-the-wild attacks against Windows and Apple users (Naked Security) It's not Tuesday…Nevertheless, Adobe's Flash Player has been upgraded to patch against two in-the-wild exploits against Windows and Apple users
Microsoft to patch 57 vulnerabilities (Help Net Security) The February 2013 Microsoft Patch Tuesday bulletin was released with 12 advisories and is bigger than average, which means security and IT teams will be busier than average. It's both good and bad new
Cyber Trends
Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 (Threatpost) Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the ubiquitous Zeus banking Trojan.
Defense Secretary Panetta warns next Pearl Harbor could be cyber attack (Gant Daily) Defense Secretary Leon Panetta repeated his warning that the next Pearl Harbor could be a cyber attack after a speech at Georgetown University Wednesday. Answering a question from a student if cyber warfare will be a viable and important part of future U.S. defense policy during the question-and-answer session, Panetta replied, "I believe it, that it is very possible the next Pearl Harbor could be a cyber attack; that you could, in fact, cripple our, as I said, our power grid system, our government systems, our financial systems with a cyber attack, and it would have one hell of an impact on the United States of America. That is something we have to worry about and protect against"
BYOD is increasing IT frustration and loss of control (Help Net Security) IT is concerned about rising mobility costs and feeling frustration and loss of control over BYOD, according to iPass and MobileIron. The majority of survey respondents (57 percent) thought their mobile
Zero Day (Canny Outlaw) In recent years, the world of espionage has changed so much even James Bond has had to adapt. Anthony takes us deep inside a world most of us know almost nothing about — cyber espionage — to give us a detailed and dramatic account of the darker side of the internet
The privacy cliff and how not to fall off it (Help Net Security) We are all hearing the phrase "fiscal cliff" considerably more times than is useful. So far, however, nobody's mentioned a "privacy cliff." They should: it's a very big deal
Marketplace
Security Wisdom Watch: Broken tools edition (CSO Salted Hash) Every security tool fails once in a while. What's important is how the vendor responds. Show me a piece of security technology, tell me it's bullet-proof and I'll call you a liar. No matter how good the product, glitches happen. So it's sad when vendors try to downplay it. Recent incidents have me thinking about how vendors have responded to bad news in the past. My conclusion: The most important measurement is how well or poorly they communicate with the customer
US Spy Chief Warns Cuts Will Hurt Morale (Agence France-Presse) Clapper, America's director of national intelligence, voiced grave concern over plans to impose a furlough on all Defense Department civilian employees if drastic automatic budget cuts enter into force next month
NTIA announces FirstNet state planning grant requirements (FierceGovernmentIT) The National Telecommunications and Information Administration announced Feb. 6 state allocations of $121.5 million in federal grant money to be used for planning the nationwide public safety broadband network
7 Moves Dell Must Make Now (InformationWeek) Dell's decision to go private was a bold step, but the company must continue making aggressive decisions to succeed
Mike Lawrie: CSC Pushing For Cloud, Cyber, Big Data Business Mix (Govconwire) Computer Sciences Corp. (NYSE: CSC) is increasing its investments in target areas of cloud computing, cybersecurityMeasures taken to protect a computer or computer system against unauthorized access or attack. and big data to pursue growth, CEO Mike Lawrie said Tuesday. According to the Washington Business Journal, Lawrie said during an earnings call with investors that
Northrop Promotes Michael Hardesty To Corporate VP, Chief Accountant (Govconwire) Northrop Grumman's (NYSE: NOC) board of directors has promoted Michael Hardesty, a former vice president of business management, to serve as corporate vice president, controller and chief accounting officer. His promotion is effective immediately and he succeeds Kenneth Bedingfield, who is now VP of business management and chief financial officer in the aerospace systems sector
Intelligent Decisions Names Mark Garrett Defense Business Development Head (Govconwire) Intelligent Decisions has appointed 15-year public sector sales veteran Mark Garrett director of business development for the company's Defense Department portfolio. Garrett will be responsible for pursuing new business opportunities within the uniform service and defense intelligence agencies and also manage the company's existing relationships, the company said. Harry Martin, president and CEO, said the
BAE Names Dave Herr Service Sectors EVP (Govconwire) BAE Systems' U.S. subsidiary has appointed Dave Herr, president of the support solutions sector, to serve as executive vice president of the service sectors, effective immediately. Herr will lead the support solutions sector until the company names a successor, BAE said Thursday. He will also join Linda Hudson, president and CEO, and Tom Arseneault, executive
Iron Bow Wins Cisco Security Certification (GovConExecutive) Iron Bow Technologies has achieved a Cisco security certification based recognizing its work in deploying security projects and vulnerability assessments based on benchmarks for customer satisfaction, personnel and support
Catapult Names Salient, Dell Vet Bruno Mahlmann An IT SVP (GovConWire) Federal information technology and consulting provider Catapult Technology has appointed 17-year CIA and 11-year contracting veteran Bruno Mahlmann senior vice president for national security information technology solutions
HP places new sanctions on student labor in China (CNET) The company has apparently sent new rules to its suppliers that are designed to protect student interns and improve their working conditions. Hewlett-Packard has placed new rules on its China-based suppliers over how they handle student labor, according to a new report
Products, Services, and Solutions
F-Secure Client Security updated with threat detection technology (Help Net Security) As the cost of cybercrime continues to soar, affecting businesses around the world, F-Secure is introducing the latest version of its corporate endpoint security product, F-Secure Client Security
Size Doesn't Matter In IaaS Game, ElasticHosts Says (InformationWeek) Small infrastructure-as-a-service provider cobbles together a global system of leased spaces to compete with Amazon, Rackspace and other major cloud services
iPhone 5, iOS 6.1 jailbreak tool released (ZDNet) Evasi0n jailbreak for iPhone 5 handsets and iOS 6.1 devices
Cisco unveils open networking 'fabric' for data centers, clouds (Help Net Security) Network speed, latency, and greater network port density in a single unit are key considerations for customers deploying virtualized data centers and moving to a managed cloud environment where
Oracle releases MySQL 5.6 (Help Net Security) Oracle today announced MySQL 5.6, the world's most popular open source database. With increased performance, scalability, reliability and manageability, MySQL 5.6 helps users meet the most demanding
Technologies, Techniques, and Standards
Is Identity The New Perimeter? (Dark Reading) Network controls can't scale with cloud and mobile, so CISOs are using IAM as the new lever for security control around corporate access
Mobile app security: Always keep the back door locked (Ars Technica) The best way to keep mobile apps safe is to secure the services they connect to. In the 1990s, client-server was king. The processing power of PCs and the increasing speed of networks led to more and more desktop applications, often plugging into backend middleware and corporate data sources. But those applications, and the PCs they ran on, were vulnerable to viruses and other attacks. When applications were poorly designed, they could leave sensitive data exposed
Is it Spam or Is it Malware? (Internet Storm Center) Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pic's. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete
US - NARUC Cybersecurity Guide for State Regulators 2.0 (NAURC) This primer was prepared by the National Association of Regulatory Utility Commissioners as a tool for policy-makers who are charged with making decisions about the electric, gas, water, communications, and transportation systems that are vital to everyday life. Increasingly, these systems are being interconnected with the ability to generate, share, and act on data. With these cyber-capacities come new cyber-vulnerabilities that must be managed by regulators and the infrastructure operators they regulate
Payment Card Industry clears up confusion over cloud use (CSO) New Data Security Standards (DSS) for the cloud make clear the responsibilities of merchants and service providers. The Payment Card Industry Security Standards Council (PCI SSC) has published guidelines for using the cloud for credit card processing, ending the guesswork that has plagued merchants and cloud providers. The PCI SSC introduced its Data Security Standards (DSS) for the cloud Thursday. The guidelines are expected to clear up the confusion that resulted from auditors giving different interpretations in applying pre-cloud standards to the modern computing platform
Learn by doing: Phishing and other online tests (Help Net Security) As a tech-savvy person in a family that mostly consists of low level Internet users - and especially because of my line of work - I'm often tasked with helping them when their computers become riddled
NIST releases final draft of cybersecurity document for public comment (FierceGovernmentIT) After two years of toiling and several revisions, the National Institute of Standards and Technology is seeking public comment on a final draft of the fourth revision to the security safeguards and countermeasures that federal agencies will use to protect their data and information systems, according to a Feb. 6 NIST press release
Email Overload: Can Social Really Help? (InformationWeek) Social collaboration platforms promise less email in corporate in-boxes, but do they deliver? The small business Brilliant Life Design finds out with a trial of Sendgine
Security experts turn to big data for help (FierceBigData) Until recently, a good security analyst could eyeball a stream of data and detect a malicious attack if he or she could isolate the right view of the data. Like many traditional practices in IT and networking, the deluge of data is making eyeballing a lost art. The quantity and variety of data and the frequency of attacks has made it harder to isolate the right view and detect attacks. So, security companies are beginning to incorporate big data techniques to improve threat detection and prevention
Design and Innovation
Meet The Next 10 Companies To Come Out Of StartX, Stanford's Student Startup Accelerator (TechCrunch) Stanford's student startup accelerator, StartX, had its eighth demo day tonight in Palo Alto, showing off the latest class of 11 companies* to go through the program. The accelerator, which just raised another $400,000, has already had about 100 startups go through, raising $100 million along the way between them. This next batch is hoping to follow that lead
Big data and the disputation arena (FierceBigData) Even though I was told by a famous and favorite writer of mine (may he rest in peace) to never allow myself to be a fan of him or anyone else--I don't always heed his advice. I am weak that way. I like being a fan. So, I remain a fan of a different writer, a man for whom I justify my fandom by fostering the untruth that his work is, after all, "just fiction" and worse still is "science fiction," and therefore entertainment, which makes being a fan acceptable
Research and Development
Nanoscale Chip Design Enables Future 'Internet of Things' (IEEE Spectrum) New chip design on the nano scale reduces energy consumption on chips and work off photovoltaics so batteries last forever
DARPA on Cyber Targeted-Attack Analyzer program & micro-satellites (Security Affairs) Protect the country, population and assets from cyber threats, this is a must for every government, a challenge for every state, new processes, large investment and innovative researches are the topics most debated in this period. Yesterday I wrote about the Russian government and its commitment to strengthen cyber defense, today I desire to introduce how US are trying to improve their cyber capabilities to face with cyber threats. Surely one of the most interesting and prolific agency in this sense is the US DARPA (Defense Advanced Research Projects Agency) responsible for the development of new technologies for use by the military, so I decide to introduce some of its actual and future works that could impact security in cyberspace. Few days ago the agency announced the development of a program to design a defense system able to uncover and prevent targeted cyber attacks based on the computer network managed directly from Department of Defense
Japan holds first hacking contest backed by government (Help Net Security) Despite being one of the greater world economies and being technologically advanced as few others, Japan has woken up to the reality of cyber crime relatively late. The highly publicized compromise
Legislation, Policy, and Regulation
UK government plans to track ALL web use: MI5 to install 'black box' spy devices to monitor British internet traffic (Daily Mail) The spy network will rely on a technology known as Deep Packet Inspection to log data from communications ranging from online services like Facebook and
Cyber Security Proposal Looks To Force Companies To Report Hack Attacks (RedOrbit) According to Kroes, one-third of all UK small businesses suffered a cyber-attack last year alone. 93 percent of larger businesses came under an attack of some sort in the same year. If these companies were required to report these breaches, says Kroes
Heads-Up - Storm cloud emerges from EU cybersecurity strategy (Eur Activ) While viewed as a step in the right direction, the EUs new cybersecurity strategy is criticised by experts for its lack of clarity on ensuring the safety of cloud computing. The European Commission released its cybersecurity strategy yesterday (7 February - Note Bricade - Article says 7 January) to address concerns and promote greater internet safety. But the obligation put on EU member countries to report cyberattacks are vague and appear to do little to protect EU citizens' data stored outside the EU, said lawyer Wim Nauwelaerts
Infosec pros give verdict on EU's new cybersecurity strategy: 'Nice try' (Naked Security) The European Commission on Wednesday launched a proposal for a new cybersecurity strategy with good intentions and great fuzziness, as some dissatisfied infosec professionals see it
EU proposes to make data breach disclosure mandatory (Help Net Security) The European Commission has today announced the launch of new proposals that include a requirement for EU member states to appoint an independent CERT and pivotally calls for each to create a national
Belarus Is Blasting the U.S. Government's Invasions of Privacy. Like It's One To Talk. (Slate) Calling out hypocrisy by resorting to hypocrisy is not usually a tactic that will win you an argument. But no one seems to have told Belarus. Known as Europe's last dictatorship, the country has a dismal record when it comes to human rights and is fond of mass surveillance of citizens. However, that hasn't stopped it from releasing a new report this week, Human Rights Violations in Certain Countries in 2012, which savages the United States for "unlawful interference with privacy"
NGOs decry U.S. lobbying campaign against European Union data protection directive (FierceGovernmentIT) More than a dozen consumer and civil liberties groups sent a letter to the Obama administration urging the United States to support Europe's efforts to update and strengthen privacy legislation while decrying an "unprecedented lobbying campaign" by the U.S. government and industry to limit the protections that the proposed European Union data protection directive would provide
Litigation, Investigation, and Law Enforcement
North Shore University Hospital Sued Over Security Breach (eSecurity Planet) The lawsuit seeks both compensatory and punitive damages. Twelve people recently filed a lawsuit against New York's North Shore University Hospital in response to the theft of hospital face sheets containing their personal information (including names, addresses, Social Security numbers, birthdates, medical histories and other data)
What Software Is Patentable? Federal Court To Consider In CLS Bank Rehearing (TechCrunch) Software patents continue to command the spotlight. The Federal Circuit will hold an en banc rehearing of a prior decision, CLS Bank International v. Alice Corporation. In that decision, a three-judge panel ruled that an invention related to a computerized
Former Employee Charged With Accessing Thousands of Driver's Licenses (Threatpost) A former Minnesota state employee was charged Thursday with misdemeanors for allegedly accessing thousands of driver's licenses during a four-year period and storing 172 of them in an encrypted file. Ninety percent of victims in the data breach were women
Cyber criminals target mobile users, social media (Sydney Morning Herald) Australia's top cyber cops are warning that social networking sites such as Facebook are increasingly being targeted by cyber criminals as a way to steal internet users' money. The growing commercialisation of social media through links to online trading such ''buy, swap and sell'' sites means cyber crooks now have a strong motivation to hack people's account details, police say. In an interview with Fairfax Media, the Australian Federal Police's manager of cyber crime operations, Commander Glen McEwen and Melbourne team leader Federal Agent Scott Mellis outlined a range of new threats facing web users
Secret Surveillance Court Gets New Presiding Judge (Wired) Perhaps the only thing we know about the goings on of the secret Foreign Intelligence Surveillance Court other than it granting the government unfettered spy powers is that its getting a new presiding judge. The 11-judge court was set up in the wake of the Watergate scandal in the President Richard M. Nixon era, and is best described as a rubber-stamp for giving the federal government carte blanche powers to spy on Americans at home or abroad. The court is not in Iran or Venezuela, as one might expect, but meets in secret in the District of Columbia with federal authorities and doles out spy warrants without even knowing a targets name
Facebook deleted all EU facial recognition data, regulators confirm (CSO) Both the Irish data protection commissioner and a German regulator confirmed Facebook deleted the data. Facebook has deleted all European facial recognition data, the Irish data protection commissioner and a German data protection regulator confirmed independently Thursday after reviewing parts of the social network's source code
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.