The CyberWire Daily Briefing for 2.19.2013
Mandiant says it's identified individual members of the Chinese hacking group "Comment Crew." It has, moreover, fairly conclusively linked them to a People's Liberation Army cyber espionage organization, "Unit 61398," located in Shanghai. Comment Crew has been implicated in recent attacks on US media outlets.
Another Chinese botmaster has been identified: Zhang Changhe's profession is distributing malware, but he also runs Facebook scams on the side. (He was identified through his own uneasy conscience, which prompted him to confess violations of the Five Precepts of Buddhism in social media fora.)
Information gained from access to Telecom customers' email accounts may enable those who attacked the New Zealand carrier to sweep in victims from other Internet services.
Anonymous threatens the governments of Egypt, Australia, and the Netherlands. The hacktivist "collective" also goes after an investment bank for being a Stratfor client.
BlackBerry warns that TIFF-processing vulnerabilities can be used to compromise BlackBerry Enterprise Server. A malware campaign affects Bulgarian Facebook users. Fake invoices are used to distribute ransomware. IOActive Labs finds many unsecured Internet-connected devices networked with the US Emergency Alert System; expect more zombie apocalypse warnings.
Adobe moves forward with plans to patch Acrobat this week.
Absent extraordinary Congressional action, the US Federal budget will be automatically cut next week. The cyber industry convenes in San Francisco Monday for RSA (we'll follow the event in a special section of the CyberWire).
The United Kingdom and India announce a joint cyber task force. Pirate Bay complains to Finnish police about piracy.
Today's issue includes events affecting Australia, Bulgaria, Canada, China, European Union, Finland, France, India, Netherlands, New Zealand, Russia, Singapore, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese Army Unit Is Seen As Tied To Hacking Against U.S. (New York Times) An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups known to many of its victims in the United States as Comment Crew or Shanghai Group to the doorstep of the military units headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area
Unit 61398: A Chinese cyber espionage unit on the outskirts of Shanghai? (Naked Security) Security researchers at Mandiant have published a lengthy report, which appears to track a notorious hacking gang right to the door of a building belonging to the People's Liberation Army of China
Mandiant report on APT1 & China's cyber espionage units (Security Affairs) Early this month it was spread the news regarding a sophisticated cyber espionage campaign against principal media agencies in US, included NYT and Washington Post, the hackers have tried to compromise the email account of journalists to steal sensible information,. The campaign appeared very aggressive, the hackers have tried to infiltrate the network of the journal using 45 instances of targeted malware, as revealed by forensics analysis conducted by Mandiant security firm
Botnet master abuses Facebook for pocket money, researchers reveal (Naked Security) A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently
Personal details of millions of Britons at risk of cyber attack (The Independent) Confidential information about millions of Britons stored on Indian computer systems could be open to cyber attack from terrorists, fraudsters and hostile nations such as China, the Government will admit today. In a tacit recognition of the potential
Telecom cyber attack could spread (Radio New Zealand) The Institute of IT Professionals says a cyber attack that has affected 87,000 Yahoo! Xtra customers at Telecom, could start targetting those from other providers. Yahoo! Xtra email customers had their passwords cancelled at the weekend
Most take advice to change email passwords (Radio New Zealand) Telecom says nearly all of its 87,000 customers affected by a cyber attack have changed their email passwords. The trouble began on 9 February when Yahoo! Xtra customers reported corrupting emails being inadvertently sent to their contacts
OpEgypt: Anonymous Threatens to Continue Attacking Government Sites Video (Softpedia) Anonymous hackers have issued a new statement for Operation Egypt (OpEgypt). The hackers threaten to keep attacking Egyptian government sites, including, but not limited to, the ones of the Ministry of Information, Cabinet of Ministers and the Ministry of Interior. Mr. Morsi does not seem to understand the consequences of his doings
Anonymous OpLastResort hacks investment firm, cites Stratfor ties (ZDNet) Anonymous Operation Last Resort has struck successfully again, leaking crucial files from an investment banking firm allegedly linked to intelligence firm Stratfor. The Anonymous Operation Last Resort campaign returned Monday to leak crucial files from an investment banking firm and a state. gov database "for Aaron Swartz."The OpLastResort Twitter account announced its hack, defacement and data exposure of an investment firm G.K. Baum, seen in Wikileaks email files as an alleged client of global intelligence company Stratfor
Anonymous initiates #opWilders against Dutch political member Geert Wilders arrives in Australia (Cyberwarzone) The #opWilders pastebin appeared on the Internet with the #opWilders hash tag. The Pastebin file containing a message towards Geert Wilders and the people of Australia has been uploaded several hours ago after Geert Wilders arrived at Australia. The message calls for an attack on multiple websites that are spreading fake information about Islamic issues
Burger King downs Twitter account after attack (Reuters-Emirates 24/7) Several tweets carried the logo of McDonald's. Hackers breached the Twitter account of fast-food chain Burger King, posting the online equivalent of graffiti and sometimes making little sense. Burger King Worldwide Inc suspended its Twitter account about an hour after it learned of the attack at 12:24 p.m. EST on Monday, company spokesman Bryson Thornton said in an email
Facebook malware campaign targeting Bulgarian users (Help Net Security) "Being" on Facebook brings its own set of dangers, and among them is inadvertently downloading malware by clicking on links posted by your own "friends". Webroot warns about a malware campaign that
BlackBerry Enterprise Server can be compromised due to TIFF-processing vulnerabilities (Help Net Security) BlackBerry has released details about two critical vulnerabilities that can allow attackers to access and execute code on systems running BlackBerry Enterprise Server
Fake invoices in personalized emails deliver ransomware (Help Net Security) When a business, social network or any other online service that you use or have signed up for sends you an email, they address you by the name you provided. This is one of the things that usually
Facebook engineers compromised by Java zero-day (The H) Facebook logo Facebook has confirmed that systems used by its employees were compromised in an attack which used a Java plugin zero-day exploit. The company explained that it found a suspicious domain in its DNS logs in January and traced it an
Brace for MORE ZOMBIE ATTACK ALERT pranks, warns security bod (The Register) Vulnerabilities in America's TV emergency alert system - exploited last week by pranksters to put out fake warnings of a zombie apocalypse - remain widespread, it is claimed. And that's after station bosses remember to change the default passwords on their broadcast equipment. Mischievous miscreants managed to hack into a television station's emergency alert system in Montana to broadcast an on-air audio warning about the end of the world
Raytheon Can Track You Via Your Social Media Accounts (Mobile Magazine) Privacy has been at the center of social networking over the past couple of years. In fact, Facebook dedicates a great amount of time and money to protecting their users. But after a major hack to Twitter 2 weeks ago and one close call for Facebook just a couple of days ago, what you are about to read might push you over the edge to deactivation
Trust but verify: when CAs fall short (SecureList) We've recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First, only the very same CA that issued a certificate can later revoke it. Second, although web browsers implement several techniques to check the certificate's revocation status, errors in the procedure are rarely considered hard failures
Security Patches, Mitigations, and Software Updates
Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch (ZDNet Australia) Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch this week. Summary: Adobe is rushing out a patch for Reader and Acrobat flaws that hackers are already exploiting
Most Americans Believe U.S. Businesses Are Vulnerable To Cyberattack, Study Says (Dark Reading) Ninety-three percent believe U.S. corporations are at least somewhat vulnerable to state-sponsored online attacks, Tenable report says
Value of wireless packet core market to top 6bn dollars in 2017 (Misco) In addition, there is the need to address issues such as deep packet inspection (DPI) and Wi-Fi management and Dell'Oro believes that new wireless packet
Cyber: Unclear and present danger (The Interpreter) There is widespread concern about strategic competition in cyberspace, including cyber espionage and cyber attack as an element of armed force. Cyber infrastructure is critical to the global economy. Yet it is badly secured, worse governed, and a place of interstate competition and potential conflict
Special report: Cloud 2.0 begins to take shape (Computing) "I think this is absolutely the right way to be going," said Raj Samani, EMEA CTO for McAfee and strategy adviser for the Cloud Security Alliance
RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah (Dark Reading) Pro tip: It's not threats, it's not capabilities, it's integration. Spending on security and identity continues to progress and vendors, nothing if not observant, have tried their best to productize the gap between enterprise want and what currently exists. Shopping for rugs in Tangier feels sedate compared to walking the RSA showroom floor
Obama ramps up pressure on GOP to avert budget cuts (Los Angeles Times) With less than two weeks before across-the-board spending cuts begin taking effect, President Obama is cranking up pressure on congressional Republicans to agree to a Democratic plan that would temporarily block the deep reductions
Congress Leaves Town With Layoffs In Its Wake (Washington Times) Defense-related companies large and small are preparing to lay off thousands of employees as Congress takes a recess this week, so far unable to agree on how to undo automatic military spending cuts
SAIC Awarded Contract by Department of Defense (Sacramento Bee) Science Applications International Corporation (SAIC) (NYSE: SAI) announced today it was awarded a prime contract by the Department of Defense (DoD) to provide manufacturing, systems engineering and integration support services. The single-award, indefinite-delivery/indefinite-quantity (IDIQ) contract has a one-year base period of performance, four one-year options and a total contract value of $65 million, if all options are exercised. Work will be performed primarily in Columbia, Md
Bob Fecteau Joins SAIC As CIO, Charles Beard Leading Cyber (GovConWire) Charles Beard, SAIC senior vice president and its former CIO, ... as CIO for both the customer solutions and intelligence and security business groups
Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods (The Register) Despite the best attempts of security vendors, neither online stores nor the financial industry seem particularly keen to adopt DNSSEC tech - an anti-fraud mechanism that makes it difficult for fraudsters to spoof legitimate websites. DNSSEC (DNS Security Extensions) uses public-key encryption and authentication to guard against the domain name cache poisoning attack famously highlighted by security researcher Dan Kaminsky back in 2008. The technology works by building up a chain of trust
Your data privacy assured in Canadian clouds (Calgary Herald) A recent article in the Ottawa Citizen suggested that American spies can snoop through Canadians' computer data - including that of political organizations and without warrants - if the data resides within popular U.S. cloud computing services
Products, Services, and Solutions
10 Commandments Of Application Security (Dark Reading) While application security cascades into just about every facet of IT security today, many enterprises have a difficult time implementing sustainable application security programs that offer measurable benefits to the business. A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10
Office 2011 for Mac: same product, now 20 dollars more (Ars Technica) The prices match the equivalent Office 2013 packages for Windows
Yandex, The Google Of Russia, Beats Estimates On Sales of 290M Dollars As Search Volume Grows, But Domestic Share Stagnates At 60.5 Percent (TechCrunch) Yandex, the "Google of Russia" that runs the country's dominant search engine along with a number of cloud-based apps, has just announced its quarterly and full-year earnings. And while the company saw one setback in its efforts to expand its presence internationally and on to new platforms like mobile, the mainline figures show that the company continues to grow. In the quarter that ended
Bot-Trek Group-IB software: Botnet intelligence collector tool (Cyberwarzone) Group-IB, Russia's leading computer security company, has announced Bot-Trek(TM), a comprehensive tool that gathers compromised data and intelligence from botnets and makes it available to the original Intellectual Property owners via a SaaS solution. Botnets is an exploding problem. They are used to steal private data, send spam, provide anonymous services for crimes, and perform DDoS-attacks
Samsung addresses the world's surprisingly huge demand for cheap smartphones (Quartz) Sometime this year or next, a remarkable thing will happen: Driven largely by the purchasing power of the world's growing middle class, more people will buy a smartphone than a regular "dumb" cellular phone. In the last quarter of 2012, the numbers were already close: people bought 264.4 million non-smartphones, which the industry calls "feature phones." In the same quarter, they bought 207.7 million smartphones. The gap is closing, reports Gartner, with sales of feature phones down 19% since 2011, and sales of smartphones up 38% in the same period
Businesses Move Security to the Cloud (BizTech Magazine) That's why The Sak Brand Group uses Panda Security's Panda Cloud Office Protection. "We run a lean operation," says Roger Micone, systems administrator for
Technologies, Techniques, and Standards
Software Security - Why Aren't the Enterprise Developers Listening? (infosec island) While there are plenty of enterprises out there that have figured out a formula for making software security work for them, for every one organization that 'gets it' there are many times more organizations that are struggling with software security year over year, quarter over quarter, day after day. Why? There are plenty of reasons we can blame these vast failures on ... immature tools, cookie-cutter processes, poor sentiment from the enterprise leadership ... blah blah blah ... bottom line is it's 2013 and companies big and small are still struggling with poor code quality, a negative dynamic between developer and security person, and other assorted issues
Notes for surviving NERC CIP (Energy Central) When new regulations come into play, such as NERCs Critical Infrastructure Protection (NERC CIP) requirements a few years ago, its fairly normal for everyone involved to, basically, freak out a little. The power industry definitely did: There were laments and, Id dare say, crying in some circumstances. But, the regulators would argue that its all for a good cause
Police enlist war tech in crime fight (Washington Post) Wartime technology used by soldiers in Iraq and Afghanistan is increasingly making its way to U.S. cities and towns, changing the way police investigate crimes by focusing not where crimes have happened but where they most likely will happen next. One of the latest technologies, called "geospatial predictive analytics," has helped police chase copper thieves in Virginia and a strangler in Philadelphia -- and enabled officers to deploy police smartly across the Washington region during the mysterious shootings of military installations in 2010
Rose State students find opportunities with cyber security (Newsok) Joyce Schwartz worked in retail and other hourly jobs for 30 years before deciding it was time to try for a college degree. She didn't know much about computers, only what she needed for her job. But despite her lack of expertise, Schwartz thought she'd try her hand at cyber security
Ohio State's national-security major attracts undergraduates (Columbus Dispatch) Marzalik and D'Angelo say that, as juniors, they already have job offers from the National Security Agency. A similar boom happened in the first years of the Cold War with international-studies and diplomatic programs, Recco said. International studies
Legislation, Policy, and Regulation
UK, India sets up joint cybercrime task force (ZDNet) The collaboration will give additional assurance to the U.K. as it looks to protect its citizens' personal banking and mobile phone data, much of which are currently stored on Indian servers. India and the United Kingdom will be looking to seal an agreement Tuesday to establish a joint task force to combat online crimes. In a Reuters report Tuesday, Prime Ministers David Cameron and Manmohan Singh are expected to agree on plans to create the new unit in a move that the U.K. hopes will help it safeguard the personal banking and mobile phone data of millions of its citizens
Cybercom Commander Calls Cybersecurity Order First Step (Albany Tribune) The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said this week
Litigation, Investigation, and Law Enforcement
We can't block YouTube, Egypt's telecomms authority tells the court (Infosecurity-Magazine) At the time, the judge suggested that it was a ruling on a case brought several months earlier, but gave no further details. The video, a 13-minute clip billed as a film trailer, has caused huge outrage among Muslims. It depicts Mohammad as a fool and sexual deviant
Pirate Bay files police report alleging piracy by pro-copyright organization (ComputerWorld) Parody site imitates appearance of Pirate Bay site while providing links to two directories of legal download sites. The Pirate Bay reported an anti-piracy organization to Finnish police on Monday for allegedly breaching its copyright
Burdens of Proof: Cryptographic Culture & Evidence Law in the Age of Electronic Documents (infosec island) When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly
PayPal suspends personal payments in Singapore (Finextra) PayPal has been forced to suspend personal payments in Singapore by regulators, according to TechCrunch. Citing an e-mail sent out to members, TechCrunch says that the transfer of money between personal accounts will not be allowed from 20 February. Users will still be able to make commercial payments for goods and services and receive personal payments from people outside of Singapore
ICO dishes 150,000 fine after nursing body loses unencrypted DVDs (TechWorld) The ICO has handed out an unusually severe 150,000 fine to the Nursing and Midwifery Council for losing unencrypted DVDs full of sensitive data that were being transported to a misconduct hearing. The three DVDs of highly sensitive witness videos of children were supposed to be delivered to a Cardiff hotel for a nurses 'fitness to practise hearing on 7 October 2011, but when it arrived the package was found to be empty.
Dutch Court Fines MP for Hacking into Medical Laboratory (Softpedia) Henk Krol, a Dutch Member of Parliament (MP) and the leader of the 50plus political party, has hacked into the systems of the Diagnostics for You medical laboratory in an attempt to prove that the organization was vulnerable. Despite the fact that his intentions were good, a court has ordered him to pay a $750 (1,000 EUR) fine because of the way he handled the issue. According to ITWorld, Krol used a password provided to him by an individual who overheard the information from one of the laboratorys employees
After ban, Kai-Fu Lee invites 30M to follow him on Twitter (CNet) Former Google China chief gets kicked off China-based microblogging sites after complaining about state controls over the Internet. An outspoken opponent of censorship in China, Kai-Fu Lee has responded to a ban from social networks in his homeland by inviting his 30 million followers to follow him on Twitter
FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool (Slate) It was described recently by one rights group as a "secretive new surveillance tool." But documents just released by the FBI suggest that a clandestine cellphone tracking device known as the "Stingray" has been deployed across the United States for almost two decades--despite questions over its legality. Stingrays, as I've reported here before, are portable surveillance gadgets that can trick phones within a specific area into hopping onto a fake network. The feds call them "cell-site simulators" or "digital analyzers," and they are sometimes also described as "IMSI catchers." The FBI says it uses them to target criminals and help track the movements of suspects in real time, not to intercept communications. But because Stingrays by design collaterally gather data from innocent bystanders' phones and can interrupt phone users' service, critics say they may violate a federal communications law
For a complete running list of events, please visit the Event Tracker.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.