The CyberWire Daily Briefing 02.11.13

Summary

By The CyberWire Staff

Bit9, a security firm specializing in whitelisting and other forms of trust-based security, has been hacked. Attackers used Bit9's trusted digital certificates to preauthorize malware for uploading onto customer networks. Bit9 has acknowledged the breach and is working to repair the damage.

Open-source toolkit cURL suffers an authentication bug. Google Play hosts some malicious Android apps masquerading as cleaning utilities. Twitter suffers a typo-squatting phishing campaign.

Four dissident or journalistic groups are hacked or otherwise restricted in Russia, Burma, Bulgaria, and Iran.

AVG notices an odd trend: more tweens are writing malware, mostly to access or succeed in online games.

Google Chrome now aggressively flags sites when it suspects malware infection. VMWare patches a privilege-escalation vulnerability. Windows and iOS users are strongly urged to patch Flash.

The US Secret Service investigates last week's doxing of former US president G.H.W. Bush and journalism critics note that apparently the rules have changed: illegally obtained private correspondence is evidently fair game for publication.

The US National Intelligence Estimate identifies China as a major cyber threat, highlighting its direct threat to US businesses.

Two product notes are particularly interesting, involving as they do fear-uncertainty-and-dread: the Shodan search engine (which specializes in finding Internet-connected devices), and Raytheon's social media monitoring tool (spookily "predictive," say British journalists).

Wired makes an obvious but worth-pondering point about big data: the more data, the more false data.

The Department of Homeland Security decides that "suspicionless" seizure of electronic devices "along" the US borders raises no difficult civil liberties issues.

Notes.

Today's issue includes events affecting Bugaria, Burma, China, European Union, Iran, Israel, New Zealand, Qatar, United Kingdom, United States.

Selected Reading

Cyber Trends

Microsoft Report Examines Socio-Economic Relationships to Malware Infections (Threatpost) Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions' relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy

No limits after Bush emails hacked (Sydney Morning Herald) By the old rules of journalism, George W. Bush's private emails to his family might never have been published or broadcast - certainly not without his permission. Most news organisations would have thought twice about publishing personal messages that were, in essence, stolen goods. But that was the

Insiders pose 'accidental' threat to business data, Symantec says (CSO) Blurring lines between home and office lead to data leakage. Valuable intellectual property is leaving companies every day and languishing at insecure locations where it can scooped up by unauthorized parties. That was one of the findings in a study released this week by cyber security software maker Symantec of Mountain View, Calif

Cyber-Spying Said To Target U.S. Business (Washington Post) The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain

Malware Storm (IDG Connect: Rob Cheng (Global)) The US Department of Homeland Security advised last week that users disable Java. This is unprecedented. The government felt this is a computing problem so severe that it must intervene. Java is a real and present threat to not only our national security but our computers, privacy and wallets. The DHS has no motivation to sow misinformation or fear, and they should be heeded

New motto for the security war (CRN) The US Department of Defense Cyber Command recently issued an announcement that was somewhat attention-getting: "An infected flash drive inserted into a Defense Department computer in 2008 caused a significant compromise of the department's classified computer networks and was a wake-up call for Pentagon officials to expedite cyberdefense measures."

1 million high-risk Android apps will enter the enterprise this year, says Infonetics (FierceMobileIT) Roughly one million malicious or high-risk Android apps are expected to be introduced into the enterprise this year, according to an Infonetics Research's mobile security report, which was based on a survey of decision makers at 103 medium and large enterprises in North America

Legislation, Policy and Regulation

DHS Watchdog OKs 'Suspicionless' Seizure of Electronic Devices Along Border (Wired Threat Level) The Department of Homeland Security's civil liberties watchdog has concluded that travelers along the nation's borders may have their electronic devices seized and their contents reviewed for any reason whatsoever -- all in the interest of national security

Controversial CISPA Cyber-Security Bill Returns Next Week (PC Magazine) A controversial cyber-security bill will return next week when Reps. Mike Rogers and C.A. Dutch Ruppersberger reintroduce the measure in the House. The congressmen - chairman and ranking member of the House Permanent Select Committee on Intelligence, respectively - will bring the Cyber Intelligence Sharing and Protection Act (CISPA) back to life next Wednesday, Feb. 13. The duo will discuss their plans in a speech at the Center for Strategic and International Studies (CSIS) in Washington, D.C. that day, but they said in a Friday press release that the bill they plan to introduce will be identical to the one that passed the House last year

As Attacks Mount, Governments Grapple With Cyber Security Policies (All Thingsd) One way or the other, the president of the United States is going to unveil a new executive order on cyber security this week. Long in coming cyber security has simmered in the background of the national security policy agenda for at least two years the new order will create a set of standards that private companies operating critical infrastructure, such as power plans and water utilities, can choose to follow voluntarily, according to a report from Bloomberg News. That the new policy is expected this week implies that President Obama may devote a few words to the subject in his State of the Union address on Tuesday night

The European Cyber Security Strategy: Too Big to Fail? (RAND) Yesterday's publication of the much-anticipated European Cyber Security Strategy reflects a realisation that co-ordination across a range of policy domains in Europe is necessary to respond to challenges like cyber-security, which crosses many domains. The strategy is remarkable because it tries to co-ordinate policy across three areas whose competences and mandates were formerly very separate: law enforcement (under Commissioner Cecilia Malmstrm), the 'Digital Agenda' (Commissioner Neelie Kroes), and defence, security, and foreign policy (High Representative for Foreign Affairs and Security Policy Catherine Ashton). The strategy is necessarily a high-level document with such goals as improving the resilience and capacity of EU member states, strengthening the fight against cybercrime, addressing and developing structures and capabilities for EU cyber defence, and formulating an international policy on cyber security to help build capacity outside the EU

New EU Cyber Security Directive to Impact U.S. Companies (Wall Street Journal) A European Union directive proposed Thursday governing network and information security would require companies to disclose significant cyber attacks to national authorities. Even companies not headquartered in Europe, but which have activities or systems in Europe, would have to disclose cyber intrusions. That includes incidents that have a "significant impact on the security of core services," according to the proposed directive, which will have to be enacted into law by the individual European nations before becoming effective. The directive would broadly impact consumer-facing companies that do business online, including multinational banks, as well as stock exchanges, energy firms, transportation providers and health care companies

Congressman Crusades To Block Sales of Surveillance and Censorship Gear to Dictators (Slate) Authoritarian regimes are willing to pay big bucks for the latest surveillance and censorship tools. But a congressman from New Jersey is on a crusade to make sure tyrants can't get their hands on American spy gear--no matter how high the price. Earlier this week, Rep. Chris Smith, R-N.J., introduced the Global Online Freedom Act of 2013, aimed at curtailing "the growing use of the Internet as a tool of repression." Smith has launched versions of the bill in previous years, but he says the latest incarnation has been beefed up with new clauses targeting companies who may be involved in selling dual-use technology that could be used for nefarious purposes if in the hands of a despot

Products, Services, and Solutions

Mi5 security first in NZ to adopt Vodafones Global SIM (Computer World) Security and surveillance firm Mi5 Security has adopted new Vodafone technology that allows it to connect all its security devices in North America and Europe with a single SIM card in each device. It is the first New Zealand company to do so. Mi5 Security sells surveillance devices, which all communicate back to a central database in New Zealand for data collation and analysis

The world's most dangerous search engine (San Diego City Beat) Aren't you glad Shodan is in the hands of good guys like John Matherly? Ask John Matherly if he's a hacker, and he'll struggle for a moment with the term. On one hand, he's a hacker, in the sense that he's an innovative programmer, arms deep in the information-security industry. On the other, he's hypersensitive to how his baby--a project called Shodan--is portrayed in the press. In the past year, it's surged in notoriety and not just in technology publications, such as Ars Technica and Wired. Shodan's been the subject of multiple Washington Post investigative features, profiled on Dutch television and name-dropped by Sen. Joe Lieberman both in a statement on the Senate floor and in a New York Times op-ed, in which he characterized the site as a "nefariously named" hacking tool that was becoming more powerful and easier to use each year

Software that tracks people on social media created by defence firm (Forensic Focus) A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software named Riot, or Rapid Information Overlay Technology to any clients

BlackBerry Z10 review: Nerds take revenge against iPhone cool school (The National) BlackBerry's first BB10 smartphone is as sleek and shiny as rivals - but its ultimate success will depend on the availability of apps

Sharing web pages now possible with Google Drive (FierceCIO: TechWatch) Google (NASDAQ: GOOG) this week enabled a new feature that allows web developers to host their web pages on its Google Drive cloud storage service. The feature is enabled by default, and requires that developers first share a folder as "Public on the Web." Once they have done that, they can upload all relevant HTML, JavaScript and CSS files into the folder

Technologies, Techniques, and Standards

SIEMs Legit (Dark Reading) Enough picking on SIEM; what are we doing right? You really have to be on your toes when you're talking to the PaulDotCom crew. Not only do they come up with weird questions, they also come up with seemingly simple ones that are actually tough to answer. One of them they tossed my way was, "In the [SIEM] space, what are people doing right? What are people doing wrong?" Putting aside the preposterousness of my telling a whole industry what they're doing wrong with a particular technology, I thought it was time to talk about what's going well and what does work -- well, for some definition of "work," because the other preposterous thing is trying to declare that any security product totally defeats the APT

Making Insiders Foot Soldiers In Enterprise Security (Dark Reading) Employees and partners can either be part of the security problem or part of the solution. Here's a look at both. Insider threat-borne attacks remain the minority of data breaches but tend to inflict the most damage -- especially when it comes to intellectual property theft. This week, Dark Reading posts a compendium of some of its best recent coverage of the insider threat problem

Using Antonyms To Understand The Difference Between The Cloud And Everything Else (TechCrunch) The difference between new and not-so-new technology has a way of revealing what is elastic and dynamic compared to what is rigid and static. It's not a measure of which technology is considered good or bad. It simply represents the progression from client/server technology to the Internet-scale, data-driven services that are gaining such momentum

Identity theft protection tips (Help Net Security) More than 11.6 million adults were victims of identity theft in 2011, according to Javelin Strategy & Research. Child identity theft is also a significant problem, which many people don't realize

Cybersecurity concerns of online dating (Help Net Security) ThreatMetrix announced several ways for consumers to stay protected from online dating fraud and malware as Valentine's Day approaches. According to Fast Company, online dating grew

Five safety tips for Valentine's Day (Help Net Security) Whether you decide to give flowers, chocolates or something a little more unusual as the perfect symbol of your affection this Valentine's Day, make sure you take extra precautions when ordering onlin

10 reasons why tablets still can't replace laptops or desktop PCs (FierceCIO: TechWatch) Can the tablet replace the laptop or desktop PC? Don Reisinger of eWeek doesn't think so. Post-PC era or not, some of the reasons shared by Reisinger resonate with me. For one, he notes that the capabilities of ARM-based processors, such as Nvidia's Tegra 3 and Apple's A6X, pale in comparison to the processing powers of the latest PC chips from Intel (NASDAQ: INTC) and AMD

Marketplace

A Cliff Congress May Go Over (Wall Street Journal) As Congress comes up on the latest budget deadline, lawmakers seem less daunted by the prospect of going over the "cliff" this time, as partisan positions remain far apart with only three weeks remaining before big cuts hit

Qatar Cyber Warfare Center promotion videos (Cyberwarzone) As Cyberwarfare and Cyberconflict are taking their place in the world the economic environment is starting to see the market that is being brought with the cyberwarfare area

New cyber-security startups launched in Beersheba (Jerusalem Post) An incubator will be located in the new Beersheba Technology Park near the university and the new technological campus of the IDF. Israels first-ever cyberspace security incubator will be established in Beersheba under the Office of the Chief Scientist of the Industry and Trade Ministry, thanks to BGN Technologies Ben-Gurion Universitys technology transfer company and Jerusalem Venture Partners (JVP), a leading venture capital firm. The initiative comes in the wake of rising cyberthreats and increasing attacks on critical computer infrastructure in Israel and around the world

BAE Systems want to recruit 400 apprentices (Express.co.uk) Defence engineer BAE Systems is to recruit nearly 400 apprentices in its highest ... operations including cyber security, munitions and regional aircraft

7 Moves Dell Must Make Now (InformationWeek) By going private, Dell has extricated itself from Wall Street's fickle grasp. No longer beholden to quarterly earnings reports and fluctuation in shareholder loyalties, the company is now free to invest for the long term, even -- as Michael Dell has said in the past -- if it means suffering some temporary losses along the way. This flexibility is all well and good -- but what should Dell do to capitalize on it

SRA Elects Charles Gottdiener To The Board Of Directors (GovConExecutive) SRA International has elected Charles Gottdiener, a managing director for portfolio operations at Providence Equity Partners, to the board of directors, effective Friday. He will serve on the board's audit committee as well as the compensation and personnel committee, SRA said Friday

SAP and NetApp Expand Partnership to Support Database, Analytics Offerings (ExecutiveBiz) SAP AG and NetApp have announced their intent to support next-generation database, analytics and application offerings by deepening their collaboration, according to a SAP statement

Research and Development

Beware the Big Errors of 'Big Data' (Wired) We're more fooled by noise than ever before, and it's because of a nasty phenomenon called "big data." With big data, researchers have brought cherry-picking to an industrial level. Modernity provides too many variables, but too little data per variable. So the spurious relationships grow much, much faster than real information. In other words: Big data may mean more information, but it also means more false information

Security Patches, Mitigations, and Software Updates

Vodafone warns iPhone users not to update to iOS 6.1 (Computer World) Vodafone has warned it's UK customers with the iPhone 4S not to upgrade to iOS 6.1. Texts were sent out to iPhone 4S handsets on the network yesterday evening. According to the company Apple's 6

Google Chrome issues warnings while blocking ESPN.com and major websites (CSO) On Saturday, Michigan CSO Dan Lohrmann was watching Valparaiso play Cleveland State in college basketball while checking on some sports scores. Suddenly, a red box popped up on his Google Chrome browser which cut off the website and warned, "Danger: Malware Ahead!"

VMWare security hole - it sounds like you need the patch, even if it's not clear why (Naked Security) VMWare just announced a patch for a security hole in its virtual machine software. It sounds as though guests might be able to tweak their hosts without authorisation, or vice versa, so you probably want to patch now and ask your questions later

Windows and OS X users under attack, update Flash now! (Help Net Security) Adobe has pushed out an emergency Flash update that solves two critical vulnerabilities (CVE-2013-0633 and CVE-2013-0634) that are being actively exploited to target Windows and OS X users

Cyber Attacks, Threats, and Vulnerabilities

Bit9 hacked, used to inject malware into customers' networks (Naked Security) Security vendor Bit9 has been hit by a serious security breach of its own network. Intruders broke into a core part of the company's service and used its own trusted digital certificates to create pre-authorised malware

Bit9 says network hacked, blames itself (CSO) Criminals get around an application whitelist by going after the vendor providing the security product

Anatomy of a vulnerability - cURL web download toolkit holed by authentication bug (Naked Security) You may not have heard of cURL, but you've probably used software that uses it. Recent versions contain a buffer overflow bug that could lead to remote code execution on your computer. Paul Ducklin investigates, explains and advises

Bogus cleaning apps on Google Play install backdoor on PCs (Help Net Security) Malicious Android apps able to infect and set up a backdoor on PCs running pre-Windows 7 operating systems have been recently spotted by researchers of several security companies

Twitter users hit with typo-squatting phishing campaign (Help Net Security) In the wake of last week's compromise of 250,000 Twitter accounts comes another threat to Twitter users: phishing messages - both DMs and tweets - that lure in the curious by asking "Did you see this

Spammers breach security to hijack email accounts (NZ Herald) Hundreds of New Zealanders have had their email accounts hijacked by "savvy" spammers. It isn't known how the Yahoo Xtra email security was breached. But once it was, emails were sent to everyone on the users' contact lists asking them to click on a link.

Iran regime cyber attacks NCRI website to stifle news on its role in attack on Liberty (National Council of Resistance of Iran) Following Saturday's deadly rocket attack on Camp Liberty, the Iranian regime launched a terrorist cyber attack on NCR-Iran.Org website in an attempt to prevent reporting on the attack, causing the website to go offline for a few hours on Saturday

Burma journalists hit by 'state-sponsored' hacking (Sydney Morning Herald) Several journalists who cover Burma said Sunday that they had received warnings from Google that their email accounts might have been hacked by "state-sponsored attackers."The warnings began appearing last week, said the journalists, who included employees of Eleven Media, one of Burma's leading news organisations; Bertil Lintner, a Thailand-based author and expert on Burma's ethnic groups; and a Burmese correspondent for The Associated Press. Taj Meadows, a Google spokesman in Tokyo, said that he could not immediately provide specifics about the warnings, but said that Google had begun the policy of notifying users of suspicious activity in June

Russia, in adding to new blacklist, blocks site used by dissidents (Ars Technica) Since 2012, the Kremlin has targeted drug sites--activists worry they'll be next. On Friday, a freedom of speech activist group reported that the Russian government has blocked access to a prominent blog-hosting service that carries many dissident voices from within the countries. Back in the fall, the Kremlin put into place a much-derided-from-the-West "Internet blacklist." When it was launched in November, Moscow blocked access to over 180 sites that it deemed were offensive to Russian interests. In particular, this blacklist was meant as a way to protect minors from pornography sites, sexual abuse sites, and sites that provide details about drug use and suicide

Cyber Attack Floods again Bulgarian Whistleblowing Site (Novinite.com) The site for investigative journalism Bivol is down again Friday over a flooding attack. The independent site for investigative journalism Bivol.bg which published formerly classified documents, revealing that Prime Minister, Boyko Borisov, has been a person of interest for the anti-mafia police in the 90s, became subject of a second "flooding" attack

Ex-President Bush doxed - family photos, personal email, bathtub portraiture leaked (Naked Security) A hacker using the alias "Guccifer" has claimed responsibility for hacking the Bushes, aka the political family that gave the US its 41st president (George H.W. Bush) and its 43rd president (George W. Bush)

Pope Benedict XVI to resign - Twitter sex spammers exploit breaking news story (Naked Security) Within seconds of the news breaking that Pope Benedict XVI was to resign, spam began to appear on Twitter taking advantage of the story

Children turning into malicious code developers (Help Net Security) In a world filled with laptops, tablets and smartphones, today's children become digitally fluent far earlier than previous generations. Now, AVG has found evidence that pre-teens are writing malware

Academia

Online Education Is Replacing Physical Colleges At A Crazy Fast Pace (TechCrunch) Educators knew the online revolution would eventually envelop the physical classroom, but a torrent of near-revolutionary developments in the past month are proving that change is coming quicker than anyone imagined. In just 30 days, the largest school system in the U.S. began offering credit for online courses, a major university began awarding degrees without any class time required, and scores

Litigation, Investigation, and Enforcement

Egypt court orders YouTube banned for a month after case raised against anti-Islam film (FOXNews) A Cairo court has ordered that the website YouTube be banned in Egypt for 30 days for carrying an anti-Islam film that caused deadly riots across the world. Judge Hassouna Tawfiq ordered the government Saturday to block YouTube because it carries the amateur film produced by an Egyptian in the United States. The film caused uproar for denigrating Islam and the Prophet Muhammad

US Secret Service on trail of Bush hacker (Sydney Morning Herald) A criminal inquiry is under way after personal photographs, paintings, security information and even funeral details involving former US presidents George and George W. Bush were obtained by an email hacker. The US Secret Service is investigating how the hacker, known as Guccifer, gained access to material including pictures of the older Mr Bush in a hospital bed and the security code for a gate to one of his son's homes. He also obtained a confidential list of home addresses, mobile phone numbers and email addresses for dozens of members of the Bush family, including the former presidents, their siblings and children

Man arrested over bizarre hacking campaign involving cat (Sydney Morning Herald) Japanese police on Sunday arrested a man suspected of being behind a computer hacking campaign following an exhaustive hunt that at one stage had authorities tracking down a cat for clues, according to reports. Yusuke Katayama, 30, was arrested on charges of using a remote computer and sending a mass-killing threat to a comic book event after months of evading investigators with a series of vexing cyber-riddles, according to broadcaster NHK. The channel aired footage of detectives escorting a chubby man with glasses into a police station

Judge throws out 13 Motorola patent claims against Microsoft (IT Proportal) A Seattle judge has thrown out 13 patent claims that Motorola asserted against Microsoft. The decision covers technology related to three patents for coding and decoding digital video content, and narrows down the two companies' patent dispute on that aspect, at least. The decision comes about two months after the same court denied Motorola's request for an injunction against Microsoft products that the Google-owned company claim infringe on its patents

EU cybercop: European Cybercrime Centre to focus on criminal gangs (Help Net Security) The European Cybercrime Centre (EC3) at Europol in The Hague aims to become the focal point in the EU's fight against cybercrime, through building operational and analytical capacity for investigations and cooperation with international partners

Cyber Operations and International Law: A 'Secret' Legal Analysis? (Anthony Clark Arend (blog)) Today's New York Times reports: A secret legal review on the use of America's growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review

The Idealist (Slate) Aaron Swartz wanted to save the world. Why couldn't he save himself? On Jan. 4, 2013, Aaron Swartz woke up in an excellent mood. "He turned to me," recalls his girlfriend Taren Stinebrickner-Kauffman, "and said, apropos of nothing, 'This is going to be a great year.' " Swartz had reason to feel optimistic. For a year and a half, he'd been under indictment for wire and computer fraud, a seemingly endless ordeal that had drained his fortune and his emotional reserves. But he had new lawyers, and they were working hard to find common ground with the government. Maybe they'd finally reach an acceptable plea bargain. Maybe they'd go to trial, and win

Design and Innovation

Amazon Coins: Jeff Bezos's 2013 Stimulus Bill For Kindle Fire App Developers (IEEE Spectrum) Amazon Coins is a worn out, useless idea for customers. But Kindle Fire app developers could profit big time

What Comes After the Cloud? How About the Fog? (IEEE Spectrum) Startup Symform says its shredded, distributed cloud is more resistant to natural disasters than traditional computing clouds

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.