The CyberWire Daily Briefing for 1.4.2013
PNC suffers a denial-of-service attack, the second major bank to report disruptions caused in the latest campaign by the Izz ad-Din al-Qassam Cyber Fighters. Banks must also prepare for vorVzakone's "Project Blitzkrieg," which shows signs of launching this spring. Unlike the Izz ad-Din al-Qassam Cyber Fighters, who represent themselves as disinterested supporters of Iran, the Russian mob behind Project Blitzkrieg are simple bank robbers.
Symantec attributes recent exploitation of Internet Explorer zero-day vulnerabilities to the Elderwood Group, the skilled and well-funded organization responsible for last summer's attacks on US Defense contractors. Microsoft has issued a fix for Internet Explorer vulnerabilities, but for now has no plans to address them in next week's Patch Tuesday.
TURKTRUST Inc. issued a fraudulent certificate that's turned up in Google spoofing exploits. Browser vendors work to block it.
Malware ("SNEAK") posing as a Java Server page installs a backdoor on compromised servers. Pop-up windows inviting users to take a survey have been caught delivering malware. Compromised password reset services are found stealing credentials. China restricts use of virtual private networks, and this is seen as an opening gambit in a new economic espionage campaign. The restrictions appear as part of a larger program of Internet restriction; coincidentally or not Google has quietly dropped the censorship warning feature from its Chinese service.
The Department of Homeland Security will lead continuous monitoring for US Government unclassified networks. It expects to select five contractor teams for the $6B work before October. The program may eventually encompass power grids.
Notes.
Today's issue includes events affecting Canada, China, India, Iran, Japan, Morocco, Peru, Russia, Turkey, Turkmenistan, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Cyber Attack On PNC's Online Banking Slows Customer Access (CBS Local Pittsburgh (KDKA)) Bob Williams of Edgewood is one of thousands of PNC customers who enjoy the bank's online banking system -- until recently. "What just happened?" KDKA money editor Jon Delano asked Williams as he tried to log on to the PNC
Mobile devices set to become next DDoS attack tool (CSO) While no DDoS attacks have been linked to mobile devices, one analyst is convinced it's only a matter of time
Evidence of Possible Spring Cyber Attack on Banking Industry (Signal Magazine) The purpose of the attack is purely robbery, says a cyber expert, who has shared his McAfee report with government officials. A cyber attack that could result in the theft of millions of dollars from American banks could take place this spring
IE Zero-Day Watering Hole Attack Expands to Handful of Political Sites (Threatpost) The attacks further demonstrate the effectiveness of watering hole attacks compared to phishing attacks for example, which require some advance legwork in order to target victims. "The whole point of the waterhole tactic is that they believe such sites
Symantec links latest Microsoft zero-day with skilled hacker gang (IT World) Analysis of the attack code used to exploit the vulnerability has similarities to other code used by the Elderwood group to exploit other zero-day vulnerabilities in Microsoft's software, the company wrote on its blog. In one example, Symantec found
Fraudulent digital certificate for Google web properties used in active attacks (Help Net Security) A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google
Turkish Certificate Authority screwup leads to attempted Google impersonation (Naked Security) Another Certificate Authority has been caught out having issued certificates that were being used to impersonate Google. Does the SSL padlock not mean we are safe anymore
Fraudulent Digital Certificates Could Allow Spoofing (Microsoft Security Tech Center) Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows
Browser vendors rush to block fake google.com site cert (The Register) Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *. google. com" domain that fraudsters could have used to impersonate the search giant's online services
Malware SNEAK dons cunning disguise, opens creaky back door to servers (The Register) A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. The malware, dubbed BKDR_JAVAWAR. JG, poses as a Java Server page but actually creates a backdoor on compromised servers
Survey Malware Could Be 'Portent' of Bigger Threats (eSecurity Planet) Malware that uses a pop-up window to hijack a user's machine and asks them to take a survey could lead to more serious demands, says Malwarebytes' lead analyst. Hackers are always finding new ways of getting PC users to give up information or money. Recently they've appropriated an annoying but usually innocuous online fixture, a pop-up window that asks users
Details of 5,000 Canadians Compromised After HRSDC Employee Loses USB Stick (Softpedia) On November 16, 2012, an employee of Human Resources and Skills Development Canada (HRSDC) reported that a USB stick containing the details of 5,000 individuals was missing. The information contained on the drive included social security numbers and other personal details, but HRSDC hasnt found any evidence to show that it has been used for fraudulent purposes, The Vancouver Sun informs. On December 21, HRSDC notified the privacy commissioners office
The War Z comes under heavy cyber attack, bounces back (VG247) The War Z comes under heavy cyber attack, bounces back. Servers for controversial survival MMO The War Z has been suffering "various forms of malicious attacks" attacks, according to a post on its forums. Hammerpoint Interactive believes the most
OpRollRedRoll: AnonAcid leaked records of 50,000 Steubenville, Ohio Citizens (E Hacking News) A Hacker with Twitter handle AnonAcid has claimed to have leaked the records of more than Steubenville,Ohio residents as part of the operation called "OpRollRedRoll". The campaign has been launched after news broke out that authorities might be protecting members of the Steubenville football team accused of abusing a 15-year-old girl. The hacker uploaded the dump in Mediafire
Over 18,000 PayPal Phishing Websites Identified in December 2012 (Softpedia) Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because theyre so effective, crooks have launched a considerable number of sites that replicate popular companies. For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal.
Phishing Visualized: U.S. More Dangerous Than Russia, China (Toms Hardware) Netcraft published a dynamic map that shows the likelihood of a phishing attack on a site hosted in a specific country. The map may be surprising to some. The greatest chance to encounter phishing site in any country is Morocco (1 in 102), followed by Turkmenistan (1 in 103)
World Wildlife Fund Hacked (eSecurity Planet) A new hacker group calling itself the DarkWeb Goons recently breached the Chinese Web site for the World Wildlife Fund and leaked several thousand user names and passwords."The leaked data has been uploaded to the Dark Web Goons site in the format of a txt file that contains over 80,000 accounts of which 54,000 have email:passwords and usernames," Cyber War News reports. "The Dark Web Goons is a new crew that has been kicked off by @INST1NCT_ in recent days. All accounts that have been leaked contain clear text passwords which appear to be in numeric format only.""Many of the email addresses are registered with Chinese providers such as Sina or QQ, but a few thousands belong to Hotmail, Gmail and Yahoo customers," notes Softpedia's Eduard Kovacs
Blue for Reset? (Internet Storm Center) Over the holidays, a friend of mine was busy trying to repossess her online accounts that had been hacked and taken over. While her experience wasn't quite as bad as Mat Honan's, it still was a mess to untangle. Initially, we had suspected spyware, and spent some time looking through her PC for the presence of a keylogger. None was found. Once the first few accounts were returned to her, including an email account, we were able to (partially) reconstruct what had happened. Like in Mat Honan's case, it wasn't the password, but rather the "I forgot my password" functionality that had been breached. Duh-oh
Could China blocking VPNs lead to spying on business? (CSO) 'Great Firewall of China' upgrade could also allow China to spy on international companies doing business in the country. And some observers say this may not only be an effort to stop citizens from reading or viewing Western information, but also to spy on international corporations doing business in the country who encrypt their internal communications
Security Patches, Mitigations, and Software Updates
All Ruby on Rails versions affected by SQL injection flaw (Help Net Security) Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected all the previous versions
'Holey code, Batman!' Microsoft to patch 12 vulns on Tuesday (The Register) Microsoft has issued its prePatch Tuesday report, saying it will issue seven patches fixing 12 code flaws next week but it won't provide a permanent fix for the exploit discovered during the recent holidays that is already being used in the wild."With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual," says Dustin Childs, group manager of Microsoft Trustworthy Computing.""Next Tuesday we'll release seven bulletins; two Critical and five Important, which address 12 vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Office, Developer Tools and Microsoft Server Software."The full patches, along with advisory notices for IT managers on the recommended deployment strategy, will be released on January 8 at 10am PST (6pm UTC.)
Microsoft to patch Windows 8, but stays mum on IE zero-day fix (Computerworld) Microsoft today said it will release seven security updates next week -- including one rated critical for Windows 8 and Windows RT -- to patch 12 vulnerabilities in Windows, Office, SharePoint Server and the company's website design
Cyber Trends
Forrester: SaaS And Data-Driven 'Smart' Apps Fueling Worldwide Software Growth (TechCrunch) Forrester Research is citing SaaS and data-driven smart apps as the major growth engines for the worldwide software market. The SaaS software market will increase 25 percent in 2013 to $59 billion, a 25 percent increase. In 2014, the market is expected to total $75 billion. Forrester uses the term "smart computing" to define apps that, for instance, provide direct access to data for
Worldwide IT spending to reach $3.7 trillion in 2013 (Help Net Security) Worldwide IT spending is projected to total $3.7 trillion in 2013, a 4.2 percent increase from 2012 spending of $3.6 trillion, according to the latest forecast by Gartner. The 2013 outlook for IT spending
Rapid-fire changes to information security strategies (Help Net Security) RSA released a special report from the Security for Business Innovation Council (SBIC) that assesses how disruptive innovations such as Big Data analytics, cloud computing, enterprise mobility and social media
Marketplace
DHS to Pick Up $6 Billion Tab for Cyber Surveillance Systems at Every Department (NextGov) The Homeland Security Department is footing a potentially $6 billion bill to provide civilian agencies with the technology and expertise needed for near real-time threat detection, DHS officials said this week. The White House has demanded so-called continuous monitoring since 2010, but many agencies did not have the resources or know-how to initiate such surveillance. Executives at prospective contractor Booz Allen Hamilton said their bid for the task will highlight the Virginia-based consulting firm's own internal continuous monitoring system…"We're definitely eating our own dog food on continuous monitoring," said George Schu, a senior vice president who handles the company's federal cyber business. "I think this is a defining moment for the nation, and the government has an important role"
Defense bill emphasizes cyber operations (Federal Computer Week) The Defense Department is taking more aggressive steps in cyberspace, including clearer authorities, more oversight and a key partnership to identify and address gaps, due to provisions in the National Defense Authorization Act for fiscal 2013. Those provisions in the NDAA, which President Barack Obama signed into law on Jan. 2, require DOD officials to report on cyber operations to Congress on a quarterly basis, beginning March 1. It also outlines authorities and expectations for military forces in cyberspace
Defense Firms Seek Alternatives As U.S. Cuts Military Spending (Wall Street Journal) RTI is part of a broader shift by defense companies, large and small, looking for ways to contend with lost business. Some of them are diversifying. Others are shedding unprofitable segments, closing plants or laying off workers. Many are looking to increase sales on the international market.
TIGTA: IRS must improve CADE 2 requirements management, testing, security (Fierce Government IT) Key developmental processes of the IRS's Customer Account Data Engine 2 program need improvement, especially in the areas of requirements management, testing and security, says the Treasury Inspector General for Tax Administration
CMS issues request for information on hospital and vendor EHR readiness (Fierce Government IT) The Centers for Medicare and Medicaid Services is seeking information from hospitals and vendors on their electronic health record readiness beginning in 2014 for EHR hospital inpatient quality data reporting, according to a Jan. 3 notice in the Federal Register
Challenges remain for agency cloud computing adoption, says CAGW (Fierce Government IT) While federal agencies have made progress expanding their use of cloud services, many challenges remain for full implementation, Citizens Against Government Waste says in its 2012 review of the federal cloud
Army may work with Palantir on intel software (Army Times) Elements of Palantir's off-the-shelf intelligence collection, analysis and dissemination software, which has had success anticipating locations of
CTC, InfoTech Partnering on $5B DIA Intell Analysis IDIQ (ExecutiveBiz) Concurrent Technologies Corp. and New York-based software integrator InfoTech Solutions will team up to provide intelligence analysis services to the Defense Intelligence Agency under a $5.6 billion contract
HP Wins $36M to Migrate 600,000 at VA to Microsoft 365 Cloud Email (The New New Internet) The Veterans Affairs Department announced on November 13 that they will transfer 600,000 personnel to the cloud using Microsoft Office 365 for Government, according to a GCN report. HP Enterprise Services was awarded a $36 million contract for 5 years under the VA's transformation twenty-one total technology (VA T4) program
Lockheed CEO Hewson greets employees, comments on sequestration delay (Washington Business Journal) Newly inaugurated Lockheed Martin Corp. CEO Marillyn Hewson picked up the policy torch left by predecessor Bob Stevens, commending Congress and the White House for their decision to delay $1.2 trillion in automatic federal budget cuts, but emphasizing the need to eliminate the so-called sequestration entirely
Amazon's R&D Group Lab126 Embarks On Hiring Spree As Kindle Business Expands (TechCrunch) Amazon's Lab126, the secretive R&D group behind the Kindle, is apparently on a hiring spree, as noted by the EETimes, which speculates that the organization may be planning to spin out the lab as a stand-alone company. There are currently about 250 job openings available, with most based in Silicon Valley, but several in Hyderabad, India, one in Shenzhen, China and another in Tokyo
CipherCloud Expands Management Team (Dark Reading) CipherCloud, the leader in Cloud Information Protection, announced two new members to its executive leadership team. Travis Patterson, who recently served as Marble Cloud's senior vice president of Sales and Support, joins as senior vice president of Worldwide Sales. Paige Leidig joins as CipherCloud's first chief marketing officer, coming from SAP where he served as global vice president, Office of the CEO. Both executives report directly to CipherCloud's CEO and founder, Pravin Kothari
Storage giant EMC unites with PC OEM Lenovo on new joint venture (Ars Technica) Ashes of Iomega transformed into SMB-focused "LenovoEMC Ltd"
Products, Services, and Solutions
'Dementia' Wipes Out Attacker Footprints In Memory (Dark Reading) New tool exposes weak links in forensic tools that inspect Windows memory for attack intelligence. Forensics increasingly encompasses the analysis of potentially valuable clues and intelligence in the physical memory of an infected machine. But like anything in infosec, it's a constant cat-and-mouse game, with attackers finding new ways to hide their tracks in memory from incident response handlers trying to get to the bottom of a breach
Google Quietly Removes Censorship Warning Feature For Search Users In China (TechCrunch) Google has quietly disabled a feature that notified users of its search service in China when a keyword had been censored by the Chinese government's internet controls, according to censorship monitoring blog GreatFire.org. The blog reports that the change was made sometime between December 5 and December 8 2012, with no official statement from Google to announce or explain its removal
Bad Data Handbook (Help Net Security) What is bad data? Some people consider it a technical phenomenon, like missing values or malformed records, but bad data includes a lot more. In the Bad Data Handbook, data expert Q. Ethan McCallum has gathered 19 colleagues from every corner of the data arena to reveal how they've recovered from nasty data problems
Video surveillance for critical IT systems (Help Net Security) NetWrix has announced its new User Activity Video Reporter tool that acts like a surveillance camera for critical servers and other IT systems by recording user activity for security, compliance, auditing
Prolexic Releases Threat Advisory to Detail Massive DDoS Threat From Itsoknoproblembro (MarketWatch) Multi-Tiered DDoS Toolkit Leveraged in Synchronized Attacks Against Banking, Hosting and Energy Industries. Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, today released a suite of detection and mitigation rules, a log analysis tool and a comprehensive threat advisory on the itsoknoproblembro DDoS toolkit. Considered to pose a very effective, multi-level threat, itsoknoproblembro has been the favored weapon in headline-making DDoS attacks against the US banking industry
Cleveland Clinic spinoff spreads big data across health care (Fierce Big Data) We reported in October on the $10 million big data investment being made at the University of Pittsburgh Medical Center by companies such as IBM (NYSE: IBM), Oracle (NASDAQ: ORCL) and dbMotion, designed to explore the secrets of human health. Not to be outdone, the Cleveland Clinic also has been investing in the technology to unlock its own secrets and to streamline its methods and procedures for better health lifecycle management and profitability. The health care company even spun off its own cloud-based platform business in 2009, now known as Explorys
Bargain BlackBerry Betrays RIM's High-End Aspirations (InformationWeek) BlackBerry Curve 9315, launched Thursday for T-Mobile USA, is not the RIM smartphone you want
Microsoft Tries To Outflank Amazon With Azure Upgrades (InformationWeek) Azure enhancements leave Microsoft well positioned against cloud competitors in 2013, analyst says
Technologies, Techniques, and Standards
How to talk security so people will listen (and comply!) (IT World) From phishing your own employees to sharing your company's hack history, here are five techniques for getting users' attention about security
How a regular IT guy helped catch a botnet cybercriminal (Naked Security) Veteran cybercrime investigator Bob Burls looks back on a case where the diligence of an IT professional helped convict a botmaster who had made tens of thousands of dollars
Don't Be Caught Playing the Fool (A Lesson in Why Change Control is Important) (infosec island) This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one persons actions could have resulted in an attacker gaining complete access to the organizations internal network. I am hoping this example will cause organizations to take their change control processes a little more seriously
Risk I/O Lowers Risk by Raising IT Security Intelligence (eSecurity Planet) There are a lot of different tools and methods to perform IT security vulnerability assessments. Making sense of all the data that various tools collect is important if an enterprise wants to truly understand its risks. Ed Bellis knows this better than anyone after serving as the CISO of travel website Orbitz."We had a bunch of different tools doing assessments, including network, dynamic and static application scanning," Bellis told eSecurity Planet
Wells Fargo, Ally Bank See the Camera as Key to Mobile Banking (American Banker) A revolutionary as mobile banking has been, it's the camera that resides within smartphones that's lighting the fire underneath adoption drives at banks such as Wells Fargo (WFC) and Ally Bank."The camera is critical. If you look at the kinds of growth in mobile banking over the first couple of years, it was about the basics of mobile banking. But what's really exciting me and my team for the next couple of years is figuring out how to take advantage of the ability of the mobile device," says Brian Pearce, senior vice president and head of the retail mobile channel in the digital channels group at Wells Fargo
Practical IT: are your firewalls in the wrong place? (Naked Security) Firewalls have come a long way in the last 15 years. But today's standard architecture might leave something to be desired and we talk about what firewall administrators want to look at
Improve your firewall auditing (Help Net Security) As a penetration tester you have to be an expert in multiple technologies. Typically you are auditing systems installed and maintained by experienced people, often protective of their own methods and
To thwart hackers, firms salting their servers with fake data (Washington Post) Brown Printing Co., which prints popular magazines and catalogues, knew that it had valuable assets in its computer systems and that those assets -- online editions and subscriber databases -- were increasingly at risk with the proliferation of cyber-espionage. And so, to confront one of the newest and most damaging crimes, it turned to one of the oldest tricks in human history: deception
NIST releases draft trusted cloud geolocation proof of concept (Fierce Government IT) Security challenges involving infrastructure-as-a-service cloud computing technologies and geolocation are being addressed in a draft proof of concept implementation document from the National Institute of Standards and Technology
The efficacy of trend analysis using personal health apps (Fierce Big Data) John Grohol, doctor of psychology and founder, and editor-in-chief, of PsychCentral, has a long-standing concern about the bias of samples used in psychology research. He says now, with the ubiquity of smartphone apps, developers and entrepreneurs are pursuing data without understanding the basics of good, reliable, scientific data collection
Deferring to differential privacy (Fierce Big Data) The term anonymize is not only a bad verb, it's equally bad at doing what it purports to do, which is make data not personally identifiable. Foiling early efforts at anonymizing data has proved fairly simple, putting at risk a company's freedom to use it for intelligence purposes or to monetize it. The Simons Foundation recently cited an example in Massachusetts where the state made health records available to researchers after removing personally identifiable references such as name, address and social security number, only to have a grad student from MIT re-identify the data using other public records
CSOs Say: 'Court' Your Middle Managers, Too (Dark Reading) Security for Business Innovation Council (SBIC) members warn of 'disruptive' technologies for 2013 that will test enterprise security. Everyone talks about winning over the executive boardroom, but top security executives from the world's largest corporations say middle managers are also key to making information security part of the business plan
Design and Innovation
How fast does 'virtual reality' have to be to look like 'actual reality'? (Ars Technica) Low latency is important to an effective VR display but might not be everything
The top ways federal websites messed up in 2012 (Fierce Government IT) A team that tests federal websites for usability says in a Dec. 28 blog post that they found four main problems in 2012
Research and Development
Imagining The Future: Ray Kurzweil Has 'Unlimited Resources' For AI, Language Research At Google (TechCrunch) Last month, famed inventor, entrepreneur and futurist, Ray Kurwzeil, announced that he was joining Google as a director of engineering. Many have wondered what Kurzweil's new position would mean for Google and the billions of people its global reach directly or indirectly touches. Would they be uploading Kurzweil's brain into their datacenters? Become the next Skynet
Broadcom claims cryptography first as it enhances STB security (Rapid tv news) Broadcom is claiming a world's first in enabling Cryptography Research (CRI) differential power analysis (DPA) countermeasures across its line of set-top boxes (STBs). The result, says the semiconductor solutions provider, will be that by embedding
Academia
Teachers targeted by pupils using social media, says SSTA chief (CSO) Misbehaving pupils are getting away with using social media to anonymously target school teachers with abuse, threats and ridicule, Scottish Secondary Teachers' Association (SSTA) president Margaret Smith has said. In a strongly worded analysis, Smith noted that the problem of teachers being targeted using such technologies ran across the social spectrum and could affect even teachers working in "leafy suburb" schools. Female teachers were a particular target, and could find themselves on the receiving end of personal comments that would be considered sexual harassment in any other walk of life."Social media networks, mobile phones and other technologies to which pupils have access make it so much easier to make a teacher's life intolerable and his or her job impossible," said Smith
Legislation, Policy, and Regulation
White House takes small step toward sharing cyberattack data (CSO) The White House has issued a framework for government departments and agencies to follow in sharing information, including data that would help bolster defenses against state-sponsored hackers and other criminals. The National Strategy for Information Sharing and Safeguarding is seen as a small step, albeit an important one, as lawmakers struggle with much broader regulations governing data sharing between government and private industry
Sina Weibo Accounts Of Prominent Bloggers, Journalists and Activists Shuttered As China Clamps Down On Internet Users (TechCrunch) The last week has been a troubling one for observers of Internet censorship in China, and things just got worse as several bloggers and activists had their Sina Weibo accounts shut down over the past few days, the Washington Post reports
Arizona set to make online impersonation a felony (Ars Technica) Fake John McCain may be worried parody accounts won't be protected
Litigation, Investigation, and Law Enforcement
Bush-Era Wiretapping Case Killed Before Reaching Supreme Court (Wired Threat Level) A federal appeals court's August ruling in which it said the federal government may spy on Americans' communications without warrants and without fear of being sued won't be appealed to the Supreme Court, attorneys in the case said Thursday
Record 5-Year Prison Term Handed to Convicted File Sharer (Wired Threat Level) The leader of the in-theater camcording gang known as the IMAGiNE Group was handed a 60-month prison term Thursday in what is the nation's longest sentence in a file-sharing case
Megaupload claims it was asked by US to keep infringing files (Computer World) The U.S. government misrepresented facts when it approached a court for search warrants against Megaupload, according to a filing Wednesday by counsels of the file-sharing site. The basis for the warrants was the charge that Megaupload had not removed from its servers infringing copies of copyrighted motion pictures, despite a criminal search warrant of June 24, 2010 from the U.S. District Court for the Eastern District of Virginia to hosting company, Carpathia Hosting, the filing said. Megaupload had every reason to retain the files in good faith because the government had sought its cooperation in retrieving the files, and warned that alerting users to the existence of the warrants, and the government's interest in the files, could compromise an investigation, the filing said
Major global Facebook Botnet taken down (Journalism) A fraud ring worth around 525 million has been taken out of action by the joint efforts of Facebook's own security team and local police forces in the UK, Peru, the US and a number of other countries. The gang managed to steal the massive sum from Facebook users by secretly planting spyware on victims' computers that would steal credit and bank card details. Along with financial details, personal information with worth on the black market was also lifted
Home Ministry ordered 10k wire taps in last 90 days, orders tapping of 1300 email ids (India Times) The Ministry for Home Affairs ordered interception of about 10,000 phones and 1300 email ids, during October to December last year, according to a document reviewed by ET. Home Secretary RK Singh, the designated officer for authorizing a wire tap by a security agency, cleared about 4,000 fresh requests of phone surveillance, which includes tapping of about 700 overseas connections. About 500 new email addresses of individuals have also come under the scanner, besides the 800 email ids already under surveillance
Google Settles FTC Antitrust Inquiry (InformationWeek) Google has settled with the Federal Trade Commission to resolve the agency's 19-month antitrust investigation into the company's advertising business practices and its use of industry-standard patents against competitors. The deal prevents Google from using standard patents against competitors, but brings only minor changes to the company's search business.
How Google resolves antitrust cases without impeding its creeping monopoly (Quartz) It's hard to say what constitutes "unfair" competition in a marketplace in which anyone with a browser is free to switch from Google's search engine to Bing, Yahoo, or lesser known but differentiated competitors like DuckDuckGo. Yet Google now represents 67% of all searches in the US, an all-time record
Big data's 4th Amendment problem (Fierce Big Data) While the country squabbles over the Second Amendment, the Fourth Amendment may need just as much attention. Since any abuse of privacy is a potential threat in terms of regulatory ramifications that could limit the ability of industries and institutions to realize the full potential of big data, then any abuse of the Fourth Amendment should be taken seriously by this community
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.