The CyberWire Daily Briefing for 2.20.2013
Sino-American ties are strained by evidence of a massive Chinese cyber espionage campaign against US media outlets and other companies (among which utilities are curiously overrepresented). China's government categorically denies it all, but few observers are buying their protestations of innocence. (Wall Street Journal and New York Times editorial pages, rarely ideological bedfellows, read like Hearst and Pulitzer circa 1898.) Mandiant, whose investigation fingered the People's Liberation Army, stands by its report, and says (with commendable swagger) it expects retaliation. (CyberWire will follow Mandiant's fortunes with interest and best wishes.)
Lessons from this much-discussed imbroglio include the value of open sources (Anonymous rants and incautious Chinese operators' social media presence among them) and a corollary reminder not to mistake information's cost with its value. There's also a question: US-Chinese cyber conflict doesn't seem entirely like a war (the two countries remain close trading partners, even as the US Administration considers legal retaliation for Chinese hacking) but it isn't remotely an alliance, either. So what is it, and how can beneficial trade persist without unacceptable security risk?
McAfee researchers find a polymorphic autorun worm that evades detection through VM-awareness and advanced obfuscation.
Apple fixes its recently exploited Java vulnerability, Oracle issues another security patch, and Mozilla addresses PDF vulnerabilities. Adobe's promised patches have yet to appear.
US budget cuts are scheduled to hit next week. The US Navy says major (ACAT 1) programs are at risk (but the Navy's cyber chief sees a silver lining and expects austerity to bring innovation).
Notes.
Today's issue includes events affecting Algeria, Australia, Canada, China, Russia, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
US Ready To Strike Back Against China Cyberattacks (Yahoo.com) As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is eyeing fines and other trade actions it may take against Beijing or any other country guilty of cyberespionage
U.S., China Ties Tested In Cyberspace (Wall Street Journal) Ties between China and the U.S., strained by military rivalries and maritime disputes, may face an even greater test from the newest front in global conflict: cyberspace. U.S. military and homeland security officials quietly have long blamed the Chinese military for the most egregious assaults on U.S. computer networks
China denies cyber attack allegations (BBC News) A secretive branch of China's military is probably one of the world's "most prolific cyber espionage groups", a US cyber security firm has said. Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at
Chinese Army unit is behind cyber espionage campaigns, researchers claim (Help Net Security) Mandiant, the computer forensic and incidence response firm that got called in following the recent breaches of the New York Times' and Wall Street Journal's networks, has issued a comprehensive report
Mandiant Used Data Leaked by Anonymous in 2011 to Investigate Chinese Hackers (Softpedia) In the report highlighting the activities of the Chinese cyber espionage unit responsible for breaching the systems of over 140 organizations, security firm Mandiant has also published the details of three personas believed to be involved in the APT1 campaign. So far, weve covered numerous aspects of the APT1 report, but theres another one worth noting. In order to collect information on the three hackers, Ugly Gorilla, DOTA and SuperHard, Mandiant relied on data leaked online by Anonymous back in 2011
It turns out that Chinese cyberspies love Facebook, too (IT World) Our nation is under attack by an army of Chinese hackers. But even they managed to get outed by their own social media accounts. Yesterday the New York Times revealed a blockbuster report about how deeply Chinese spies have insinuated themselves into more than 140 US and Canadian companies, many of them related to the power grid
6 Types of Data Chinese Hackers Pilfer - Mandiant Highlights Broad Range of Info Stolen from Victims (Bank Information Security) IT security provider Mandiant lists six categories of information that's commonly pilfered from business and government computers by hackers from a Chinese military unit it dubs APT1. Mandiant's findings appear in a comprehensive report issued Feb. 18 that the security firm contends documents how APT1 has breached computers in enterprises that conduct business mostly in English, especially in the United States [see map below]. China denies the allegations presented in the report
China's Online Thieves (Wall Street Journal) Mandiant Corp., the network security firm hired by the Journal and others hacked by the Chinese government, has released compelling evidence that the People's Liberation Army conducted hacking attacks on 115 U.S. corporations over the last seven years. Huge amounts of data and proprietary information were taken. The report even traces the digital footprints to a single building, the headquarters of PLA Unit 61398 on Datong Road in Shanghai
China's Cybergames (New York Times) Washington has not had much success persuading Beijing to rein in its hackers even though American officials and security experts have long known that China is the main source of cyberattacks on the United States. Two recent developments, however, should raise the political costs for China and may cause it to alter its calculus. Refusal to change its conduct could make its relations with the United States even more difficult than they are
Chinese Army link to hack no reason for cyberwar (CSO) Finding of China's involvement in recent hacks in U.S not an act of war because it's cyberespionage, says proponent of proactive defense. Security vendor Mandiant's 60-page report on Chinese cyberespionage, which offers proof that it is coming from a Chinese military unit housed in a building in the Pudong district of Shanghai, adds new fuel to two hotly debated cybersecurity questions. First, does this mean the quest for 100% certainty in "attribution" of intrusions has been achieved? And second, does that mean the U.S. is justified in taking what government officials like to call "active defense" measures -- what most others call "retaliation" or "offense"? Security experts are divided on the issue
Chinese cyber spies: Pwning U.S. businesses since 2006 (InfoWorld) The New York Times issued another blockbuster report yesterday revealing just how thoroughly U.S. companies have been pwned by Chinese cyber spies over the last few years. The Chinese government immediately took to Twitter, accusing the Times of publishing a "fake" account and having a bias against hackers of Chinese origin as well as $100,000 electric vehicles. (I'm kidding about that last bit
Is Australia next for Chinese cyber-attacks? (SBS World News) A US report details China's involvement in cyber-attacks on US companies and institutions, but experts say little is known about US attacks on China and that Australia too is at risk of Chinese cyber espionage
Several Chinese Government Sites Defaced by Algerian Hackers (Softpedia) In a statement issued earlier today, Chinese officials complained that their cyberspace was constantly targeted by hackers from abroad. One of the hacker groups involved in the attacks against the Chinese government is the Algerian Barbados-DZ collective. In the period between January 29 and February 19, the hackers defaced a total of 22 websites owned by the Chinese government, HackRead reports
Apple claims cyber-attack on staff computers by hackers that targeted Facebook (Russia Today) Apple has confirmed it has sustained the widest known cyber-attack on its computers. While the company is trying to downplay the consequences, the full extent of the breach is not
Apple targeted by Java zero-day bug (SlashGear) Last week, Facebook was attacked by a zero-day Java exploit. While the social network said that no personal data was stolen, it's never too comforting when companies and services get hacked. This week, however, Apple was the target this time around
Malware Attack on Apple Said to Come From Eastern Europe (Bloomberg) At least 40 companies including Apple Inc., Facebook Inc. and Twitter Inc. were targeted in malware attacks linked to an Eastern European gang of hackers that is trying steal company secrets, two people familiar with the matter said. Apple, one of three victims to publicly disclose attacks this month, said some of its internal Mac systems were affected by a malware attack. The hackers used an iPhone-developer website, according to the people familiar with law enforcement efforts, including investigations by the FBI and Secret Service, and didnt want to be identified because of the probe
JEA website whacked by cyber-attack (Florida Times-Union) A cyber attack that shut down JEA's email caused the Jacksonville utility to suspend orders to disconnect overdue utility accounts Tuesday, the third day of a denial-of-service assault on its computers. The electronic mischief wasn't affecting power
JEA cyber attack, what does it mean? (Business Journal) JEA's website was shut down from a "denial of service" cyber-attack this week, knocking out the company's website and some payment systems. As of 3:00 p.m. Tuesday, it was still down. Those of you still timid about paying your bills online (like me, a
Rogue Chrome extension racks up Facebook likes for online bandits (CSO) Security researchers at Bitdefender have discovered a newA phishing scam that installs a malicious extension in the Chrome web browser in order to turn Facebook 'likes' into cash for cyber crooks. The exploit begins with a malicious link embedded in spam email, saysA Bogdan Botezatu, a senior e-threat analyst atA Bitdefender.A The link ushers you to the Chrome Web Store, where you download an extension for a "business" Flash player--assuming you're foolish enough to click on spam links
Researchers Uncover Polymorphic AutoRun Worm (Threatpost) W32/Autorun.worm.aaeb-h is an evolved, virtual machine-aware AutoRun worm that makes use of obfuscation and polymorphic techniques in order to evade detection and infect removable media and mounted network shares, according to McAfee
Cyber attack hits Central Hudson customer data (Poughkeepsie Journal) Customers of Central Hudson are being warned that their private banking data may have been compromised by a cyber security attack over the weekend. "Out of an abundance of caution, we are recommending that all customers monitor their credit reports
Microsoft Support Calling Customers, Or A SCAM! (Dark Reading) Microsoft is becoming proactive by calling their end users to ensure they are applying the latest security patches, or it's a social engineering scam? One weekday evening, the telephone rings unexpectedly. Brenton, a Sophos strategic account executive, pulls himself away from graduate school reading to see who could be calling. The caller ID was unhelpful as it usually is when it's being masked
Delta Airlines spam delivers Citadel Trojan (Help Net Security) Roman Huessy over at Zeus Tracker warns about a Delta Airlines-themed spam campaign that ultimately leads to a variant of the Citadel malware - a banking Trojan that is based on Zeus' source code
EDUCAUSE Hacked, Users Advised to Change Passwords (Softpedia) On Tuesday, EDUCAUSE a nonprofit association whose mission is to advance higher education by promoting the intelligent use of IT published an advisory urging users to immediately change their passwords because hackers had breached one of the organizations servers. According to EDUCAUSE, the cybercriminals might have gained access to information such as names, titles, email addresses, usernames and hashed passwords. On the other hand, the breach might have also compromised the hashed passwords of . edu domain holders
Jeeps' Twitter Account Hacked, DJ Blamed (Softpedia) The official Twitter account of Jeep, the world-renowned brand of American automobiles, has been hacked. The hacker said that Jeep had been sold to Cadillac. Yesterday, Burger King fell victim to a similar attack
Hackers Leak Data from Montreal Police Department Databases (Softpedia) Earlier this month, hackers published the names, phone numbers and job titles of thousands of individuals allegedly working for the Montreal police department (SVPM). The hackers accused the organization of tormenting the people of Montreal. The people do not sit idly under the SPVM, the SPVM sit idly under the people
Anonymous Takes On State Department, More Banks (InformationWeek) Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks
How to filch explicit photos to fuel your revenge porn site (Naked Security) IsAnybodyDown's owner apparently impersonated a woman to trick victims into sending him nude photos. Showing true monopolistic genius, he also seems to be running the photo-takedown service that promises to get those photos off his site - for a fee
Why the Bit9 Hack is Not a Failure of Application Control, Whitelisting (lumension) There's never a dull day in the security industry. Anymore, we rarely have to look beyond the proverbial front page for news on the latest hack. Cyber attacks are increasing in volume and sophistication and no one is immune
Hybrid mobile payment products open up security risks, warns Frost & Sullivan (FierceMobileIT) The integration of cloud-based offerings and near-field communication technology in the mobile payments market poses security risks, warned research firm Frost & Sullivan. A cloud-based mobile payment product uses a mobile app, such as PayPal, which requires authentication prior to connecting with the cloud-stored account details to process the transaction. Data is stored virtually and is not easy to access or track, assuming the cloud provider offers appropriate protection, Frost & Sullivan explained
Software update goes bad - International Space Station lost and then found (Naked Security) Even if you have everything from Plan B all the way to Plan Z just in case the A-plan fails, you'll know that things can still go wrong. So spare a thought for NASA flight controllers, who lost contact with the ISS for a nerve-racking three hours during a recent software update
Security Patches, Mitigations, and Software Updates
Update Palooza (Internet Storm Center) If you are easily confused like me, you may appreciate this quick summary as to the different updates released the last couple of days
Oracle Patches Critical Java Flaws in 7u15 (Threatpost) On a day when Java zero day exploits were fingered in attacks against Apple, Facebook and Twitter, Oracle released the remainder of its quarterly security patch updates for the Java platform
Firefox 19 Fixes HTTPS Phishing Issue, Adds Built-In PDF Viewer (Threatpost) Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of the ongoing attacks that use vulnerabilities in Adobe Reader and other PDF readers as infection vectors
Kaspersky apologizes for antivirus update that continues to disrupt customer nets (CSO) Kaspersky Lab's flawed anti-malware update that went out Feb. 5 for the Kaspersky Endpoint Security product continues to cause serious disruptions in enterprise networks. And Kaspersky, which has released ensuing patches aimed at remedying the problems caused by the first bad update, is apologizing for the ongoing problems
Apple patches the Java hole its own developers fell into - eventually (Naked Security) Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. Apple, with this most recent update, seems to have washed its hands permanently of browser-based Java. Paul Ducklin explains
Cyber Trends
Lessons Learned From A Decade Of Vulnerabilities (Dark Reading) A pair of reports look at the trends in vulnerability disclosure over a decade or more. Here are four lessons from the data on more than 50,000 flaws
The cyber war is real -- and our defenses are weak (InfoWorld) I used to think "cyber war" was the most overhyped security buzzphrase of all time. And it was -- until Stuxnet and APTs (advanced persistent threats) arrived. Now, as Bob Violino detailed in his recent InfoWorld article, all-out cyber war has begun
The Looming Certainty Of A Cyber Pearl Harbor (Politico) To state the painfully obvious, Washington is not a town filled with much unanimity these days. But on one subject there is common ground: the recognition of Americas vulnerability to and the threat from cyberattacks. The concern is so great that many argue it is only a matter of time until we face a so-called cyber Pearl Harbor. As outgoing Defense Secretary Leon Panetta put it, a sudden, massive cyberattack would paralyze and shock the nation and create a new, profound sense of vulnerability
Cyber is a fraudulent weapon in a nonexistent war (THe Week) Corporate fearmongers are eager to make a fortune from the phony threat of cyber-terror. Just as the war on terror is winding down, a so-called cyber war is spinning up. How very fortunate for government contractors like BAE Systems. Historically, we would call attempts by foreign countries to acquire information from American government and industry "espionage." The problem is that spies aren't all that scary. But cyber war? It's a perfectly meaningless phrase to frighten a perfectly credulous government. When contractors really want to tighten their coils, they make "cyber" the prefix to "terror"
Critical infrastructure protection: Maybe thinking good thoughts will make us safe (Computer World) Joe Lieberman (I-Conn.) retired in January after quite a colorful two-dozen years in the U.S. Senate. One of the major issues he pushed for during his last few years in office was protection of the U.S. critical infrastructure. Along with Sen. Susan Collins (R-Maine), Lieberman put forth a series of bills aimed at requiring some level of protection for such infrastructure, the last of these being voted down in November
Your Company's Employer Brand Could Be the Victim of an Identity Thief (ERE) In the comedy movie "Identity Thief," mild-mannered businessman Sandy Patterson (played by Jason Bateman) travels from Denver to Miami to confront the deceptively harmless-looking woman (played by Melissa McCarthy) who has been living it up after stealing Sandy's identity. It's a funny movie and in its first weekend it grossed over $34 million dollars at the box office
The sophistication of risky apps, mobile misbehavior and spyware (Help Net Security) McAfee released the results of a new report, documenting sophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads and near-field communication threats
Security pros should listen with their heads, not their hearts (Help Net Security) There is a phrase that has become quite popular in information security circles and it goes along the lines of "there are two types of organizations, those that have been breached and those that don't know they've been breached"
Cloud maturity seen in expanding enterprise security focus (ZDNet) Summary: RSA Conference week will kick off with Cloud Security Alliance Summit that examines issues from identity, to mobile to national securit
Cyber resilience overtaking security compliance as top business priority: Deloitte (CSO) Cyber resilience is becoming a top business priority for the world's largest technology, media and telecommunications (TMT) companies, according to Deloitte's TMT Global Security Study
Marketplace
Mabus: Automatic Defense Cuts Could Break Ship, Aircraft Contracts (Stripes.com) Massive cuts to the defense budget scheduled to take place March 1 could jeopardize acquisition of future Navy ships and planes purchased under multi-year contracts, the Navys top civilian leader said Wednesday
Navy Cyber Chief: Budget Crunch Will Drive Innovation, Force Jointness (AOL) Since 9/11, the armed services have made great strides in applying information technology to warfare -- but their implementation to date has relied on costly, manpower-intensive "brute force," said the Navy's director for "information dominance," Rear Adm. William Leigher. As budgets tighten, he said, the services will have no choice but to operate more efficiently and, above all, more cooperatively with one another."This is going to force us to take a different approach with jointness," Leigher told the audience at an Armed Forces Communications and Electronics Association (AFCEA) luncheon yesterday. Under the growing fiscal pressure, he said, consolidation of separate networks to a single "joint information environment [JIE] becomes more possible in this downturn…than it might have been
Obama's Forecast On Cuts Is Dire, But Timing Is Disputed (New York Times) President Obama on Tuesday painted a dire picture of federal government operations across the United States should automatic budget cuts hit on March 1: F.B.I. agents furloughed, criminals released, flights delayed, teachers and police officers laid off and parents frantic to find a place for children locked out of day care centers
As Cuts Near, Focus Is On Blame (Washington Post) The fight between President Obama and congressional Republicans over the automatic spending cuts that start next week is shifting from one about stopping them to one about assigning blame if they happen
DOD Expected To Announce Plan To Furlough 800,000 Civilian Workers (Stars and Stripes) The Defense Department intends to notify Congress on Wednesday of a plan to furlough nearly 800,000 civilian employees one day each week beginning in April, a defense official said Tuesday
Sweeping Cuts For Army, Navy (USA Today) Budget cuts by the Army and Navy scheduled to take effect March 1 would force more than $26 billion in wage and spending reductions and prompt furloughs or layoffs for more than 450,000 people nationwide, according to documents obtained by USA TODAY
O'Malley names state cyber security czar (Baltimore Sun) Gov. Martin O'Malley tapped a private-sector cyber security veteran to lead a push to promote that industry's job growth in the state, he announced in a visit to Hanover company KEYW Corp. Tuesday. Jeani Park will serve as Maryland's director of cyber development as the state works to woo more cyber firms and train more workers for the growing field. Park has worked in product strategy and marketing for companies including Hewlett Packard and Dell
GSA announces consolidation of IT under CIO (FierceGovernmentIT) The General Services Administration announced Feb. 19 it will consolidate all information technology personnel, budgets and systems under the authority of its chief information officer
VA CIO Roger Baker resigns (FierceGovernmentIT) Veterans Affairs Department Chief Information Officer Roger Baker announced his resignation in a Feb. 15 email sent to VA information technology staff
The tragedy of Roger Baker (FierceGovernmentIT) Roger Baker's decision to leave the Veterans Affairs Department is, on reflection, a tragedy. Yes, it comes shortly after his lamentable participation in the joint VA-Defense Department total whitewash of a presentation announcing cancelation of the iEHR program
IDEX: Boeing and SecureTech join to enhance UAE Cybersecurity (Arabian Aerospace) Boeing and SecureTech will collaborate to jointly offer solutions that protect critical data and national infrastructure for customers in the United Arab Emirates (UAE) and the region through a cybersecurity agreement signed yesterday during the 2013 International Defence Exhibition Conference in Abu Dhabi
SAIC To Analyze DoD Antennas, Develop Software (GovConWire) Science Applications International Corp. (NYSE: SAI) has won a potential $65 million contract from the U.S. Defense Department to perform software development and analyze and design antennas. 'This indefinite-delivery/indefinite-quantity contract contains one base year and four option years, the company said Monday. "We look forward to continuing to provide manufacturing and engineering support services to
Dan Hushon Named CSC CTO (GovConWire) Dan Hushon, a former chief technologist at EMC Corp. (NYSE: EMC), has joined Computer Sciences Corp. (NYSE: CSC) as chief technology officer. Hushon's appointment is effective Feb. 28 and he will report to Mike Lawrie, chairman and CEO, the company said Thursday. The 20-year information technology industry veteran has also held chief technologist roles within
Meet the Company That's Profiting From Chinese Hacking (Slate) A big story out today seems to confirm longstanding suspicions that computer-hacking emanating from China is an official tool of PRC government policy, in this case People's Liberation Army Unit 61398. The sources pointing in that direction are multiple, but a key source of information is a detailed 60-page report from U.S.-based cybersecurity firm Mandiant, released today for all to read
Manos Antonakakis of Damballa Appointed Co-Chair of M(3)AAWG (MarketWatch) At Damballa, Dr. Antonakakis directs advanced research projects and university collaborations. He is responsible for developing several patent-pending cyber
RSA Update: CyberPoint's Jerry Caponera will speak about how the Prescient Program enhanced the security of a Chinese-made VTC system (MarketWatch) During next week's RSA conference, Jerry Caponera will discuss how CyberPoint's Prescient Program enhanced the security of a Chinese-made VTC. Since its inception in 2011, the Prescient Program has developed solutions to ease heightened US security concerns over Chinese and other foreign-made technology products
Products, Services, and Solutions
Canonical launches Ubuntu tablet interface (IT World) Canonical has introduced the Ubuntu tablet interface, which will compete with Android, iOS and Windows with its own take on multitasking and advanced security features. The launch is the next step in Canonical's quest to unify phones, tablets, PCs and TVs
Google Says Gmail Security Measures Have Reduced Account Hijacks By 99 Percent (Threatpost) Gmail accounts are high-priority targets for attackers of all stripes, particularly spam crews and state-sponsored attackers who use them to monitor the activities of activists and journalists. Hijacking those accounts can be quite useful for spammers and malware gangs as well, but Google said that it has put security measures in place that have greatly reduced the number of successful hijack attempts. In the last few years, the company has added a number of security systems to Gmail and its other services to help protect users' accounts
Cavium Introduces TurboDPI II For OCTEON Processors - Takes Deep Packet Inspection to the Next Level (Daily Markets) TurboDPI II Offers Nine Production-Ready DPI Modules Including Inspection, Extraction and Insertion for Enterprise, Cloud, Data Center, 3G/4G/LTE Wireless Equipment Manufacturers
Antibot: Network-based botnet removal tool (Help Net Security) Botnets are flourishing with new packaging, new methods and new business models. ZeroAccess, the world's fastest-growing botnet, infected millions of computers in 2012, using them to commit large-scale
Virtual appliance fuels Bring Your Own Identity (Help Net Security) NetIQ announced SocialAccess, a virtual appliance that allows business and government entities to leverage social identity providers to share select identity information for authentication via OAuth
Modeling, customizing, and automating applications with AWS OpsWorks (Help Net Security) Amazon Web Services launched AWS OpsWorks, an application management solution for the complete lifecycle of complex applications, including resource provisioning, configuration management, deployment
Duo Security launches secure mobile ID (Help Net Security) Duo Security announced that the high level of security traditionally associated with hardware smart cards is now available on consumer mobile devices that use Duo's two-factor authentication service
F5 Networks releases hybrid cloud solution for mobile application management (Help Net Security) F5 Networks announced F5 Mobile App Manager, a new hybrid cloud solution for mobile application management that enables organizations to safely support enterprise BYOD initiatives
Opera's WebKit Move Isolates Mozilla (InformationWeek) Opera makes its browser more broadly appealing but diminishes diversity of the Web browser technology stack
Making sense of stricter Office 2013 retail license (FierceCIO: TechWatch) Microsoft has confirmed that a retail copy of its new Office 2013 productivity suite is permanently tied to the PC that it is first installed on. The issue initially arose after the more stringent EULA, or End-User Licensing Agreement, for Office 2013 came to light, specifically its wording: "Our software license is permanently assigned to the licensed computer"
Windows 7 RTM to lose official support in April (FierceCIO: TechWatch) The Windows 7 Service Pack 1 will become the only officially supported version of the popular PC operating system as of April 9, in adherence to Microsoft's (NASDAQ: MSFT) policy of dropping support for the initial edition 24 months after the release of the first service pack
Nokia faces challenge in smart feature phone market (FierceMobileIT) Samsung is taking on Nokia (NYSE: NOK) in the smart feature phone market with the launch of its REX line of mobile phones
Report: Samsung developing mobile enterprise platform to compete with BlackBerry (FierceMobileIT) Samsung is developing a mobile enterprise platform to challenge the BlackBerry Enterprise Server, according to a client note from brokerage firm Detwiler Fenton
Technologies, Techniques, and Standards
5 Overlooked Cloud-Based Compliance Dangers (Dark Reading) Fully understanding risks helps avoid expensive surprises later. We all know the use of cloud-based resources is becoming increasingly common in organizations of all sizes. This can range from large-scale systems to small software-as-a-service tools. While convenient and sometimes quite cost-effective, this trend creates several compliance and data security dangers that are often overlooked. Here are five of the most serious issues
Rashomonitoring (Dark Reading) When you don't know who to believe. There's something to be said for pure, unprocessed data: You know it doesn't come with any assumptions. Here's a simple example: Logs show use of an application from an executive's phone in Maryland
Japan Looks to Taiwan to Disaster-Proof Telecom (IEEE Spectrum) Software and wireless experience could help realize a wireless service that bounces back
Magazine article on Chinese online takedown services gets taken down (Ars Technica) A recent magazine article detailing the baffling inner workings of China's "black PR" industry—where companies pay to have bad press scrubbed from the Chinese Internet—has, itself, been taken down. The article reported on firms that had apparently figured out how to game China's Internet monitoring and filtering system into a simple way to make money
Darknet: Surfing the underground black markets (YouTube) Using the live Linux distro Tails to connect to the Tor network and log into Blackmarket Reloaded to show how fast and easy it is
Darknet: Mobile Hidden Service (YouTube) "This will cover a quick way to set up a darknet hidden service using portableapps. com for mobility. Includes using xampp apache and the Tor Browser Bundle"
How CSOs are enabling secure BYOD (Help Net Security) Wisegate released a new report that answers the industrys most complex Bring Your Own Device (BYOD) questions while providing expert insight to help CSOs successfully build policies and effectively manage employee owned devices in the enterprise. The report shares the latest perspectives of CSO members from across industries who agree that while allowing employees to use their own mobile devices improves job satisfaction and can increase productivity, it also raises serious questions about how to secure these devices when they are no longer completely under ITs control. The explosion of employee owned devices being used in the enterprise has quickly become a main focus for CSOs, said Bill Burns, Director of IT Security & Networking and Wisegate Member
Tips to overcome PHI security obstacles (Help Net Security) Healthcare organizations privacy programs are still understaffed and underfunded, even while millions of patients protected health information (PHI) are compromised. Securing PHI in healthcare is an obstacle, with 94 percent of healthcare organizations suffering data breaches in the past two years, according to the Third Annual Benchmark Study on Patient Privacy & Data Security. Organizations face new challenges with the recent release of the HIPAA Final Omnibus Rule
Mocny: US-VISIT biometric tech becoming world standard (FierceGovernmentIT) Broad-based use of biometric screening standards worldwide and interoperability between the Homeland Security Department and other agency systems are among the most significant technology improvements since Sept. 11, 2001, says Robert Mocny, DHS director of US-VISIT. Mocny spoke at a Feb. 7 Center for Strategic and International Studies event in Washington, D.C
NIEM 3.0 on schedule for fall release, say architecture committee members (FierceGovernmentIT) A beta release of the third version of the National Information Exchange Model should be ready by this summer with release candidates complete by this August or September, said Andrew Owen, NIEM technical architecture committee co-chair, while speaking Feb. 15 during an online meeting of NIEM stakeholders
The next gen database: Is it a one-or-the-other, all-or-nothing proposition? (FierceBigData) Where would tech news be without its holy wars? We'll never know. The freshest skirmishes have broken out among adherents to either relational or non-relational databases, better known as NoSQL and tied--at least in the headlines--most tightly with big data
Lack of standardization, evidence hinders wireless patient monitoring (FierceMobileHealthCare) Although venture capitalists recognize the potential for long-term returns from bringing "disruptive" wireless patient monitoring (WPM) technologies to market, the lack of standards in interoperability may delay the scaling up of these technologies, says a new report from research firm Frost & Sullivan
Integrating business continuity management with IT risk management (CSO) LockPath's Chris Goodwin says disconnects create risk instead of reducing it. Most organizations are transitioning, or have already transitioned, to a risk-based approach to security management. However, many of those IT risk management practices still suffer from a degree of fragmentation that hinders the ability of executives to see a reasonably complete picture and make well-informed, commercially reasonable, legally defensible decisions
Design and Innovation
U.S. Accelerator TechStars Goes Global, Merges With UK's Springboard And Opens Its First International Outpost In London. 'Something Feels Different Now' Says Cohen (TechCrunch) A big step forward today for TechStars, the Boulder-based uber-accelerator founded in 2006 that has set up operations mentoring and funding startups in six cities across the U.S. as well as powering several more. The company today is opening TechStars London — the first TechStars outpost outside of the U.S. In doing so, it is also announcing a merger with Springboard, a UK-based accelerator
How (not) to launch a search engine with Chinese characteristics (Quartz) As its censorship prowess has shown, the Chinese government is great at removing things from the Internet. What it's not so great at, though, is creating things. Things that its people might plausibly want. Things that other businesses would eventually want to spend money on
Apple Beware, Samsung Plans Smartwatch Too (InformationWeek) Mere days after reports surface about an Apple-made smartwatch, leaked screenshots purport to reveal what Samsung's smartwatch will look like
Research and Development
Sandia draws from nuclear science in inaugurating new cyber lab (Nextgov) Sandia National Laboratories on Tuesday will inaugurate a cybersecurity center to perform offensive and defensive warfighting techniques that onsite nuclear weapons scientists have been practicing for decades. The Cybersecurity Engineering Research Laboratory, which began operating in 2011, draws from nuclear research and development to test hardware vulnerabilities in closed facilities and model cyberweapons on supercomputers, Sandia officials said. Cybersecurity is one of the New Mexico-based labs defense systems missions
Academia
Pearson Launches Catalyst, An EdTech Incubator That The Publisher Hopes Will Give It More Startup Mojo (TechCrunch) On the heels of Kaplan linking up with TechStars to offer an edtech accelerator program in New York City, educational publishing giant Pearson is also wading further into startup waters to help propel the company further into the 21st century and away from declining, old media business models
Oxford University briefly blocks Google Docs in anti-phishing effort (CSO) Faced with an epidemic of phishing attacks on its academic networks, Oxford University took drastic measures: It blocked Google Docs. The tactic was short-lived, however. "It is fair to say that the impact on legitimate business was greater than anticipated, in part owing to the tight integration of Google Docs into other Google services," Robin Stevens, of Oxford's Computer Emergency Response Team (OxCERT) wrote in a university blog Monday
Legislation, Policy, and Regulation
How will EU cybersecurity directive affect business? (Computer Weekly) Since the publication of the EUs proposed cyber security strategy and supporting directive, much of the focus has been on how difficult it will be to implement and how effective it will be in improving data security. But what effect will it have on business? The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply
Why Banks Benefit from New Cyber Bill - BITS: Legislation is an Aid to Thwarting Threats (Bank Information Security) Information sharing within the financial sector has been critical in thwarting cyber-attacks. Legislation pending before Congress would help bridge the information gap among industries, says Paul Smocer of BITS. If passed, the Cyber Intelligence Sharing and Protection Act "will have a positive impact" because it will pave the way for sharing more threat information among various business sectors says Paul Smocer, president of BITS, the technology policy division of the Financial Services Roundtable."Information sharing in the financial-services sector is probably far more advanced than it is in other sectors," he notes
Litigation, Investigation, and Law Enforcement
Security And Privacy Legal Cases Vie For 2013 Headlines (Dark Reading) We're not even all the way into the second month of 2013 and it is already shaping up to be a busy year in the realm of security and privacy law. Juicy corporate espionage suits, privacy violation fines from regulatory agencies and class action settlements have all abounded in the last month and a half. If the courts keep pace with the current tempo of cases hitting the dockets, 2013 looks to be a precedent-setting year. Here's a look at some of the highlights.
Google looks to cut funds to illegal sites (Telegraph) Google is in discussions with payment companies including Visa, Mastercard and PayPal to put illegal download websites out of existence by cutting off their funding. The web search giant, which is embroiled in a long-running row over the way it deals with pirated material, is considering the radical measure so that it can get rid of the root cause instead of having to change its own search results. Executives want to stop websites more or less dedicated to offering links to pirated films, music and books from making money out of the illegal material
Tesco calls the police as online Clubcard accounts compromised (CSO) Retail giant says the number of affected accounts is small. Tesco has confirmed that it has called in the police to investigate a possible data breach after a number of complaints from Clubcard members who claim to have had their online accounts compromised
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
NRO Winter Way Forward Conference (Chantilly, Virginia, USA, Feb 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
CanSecWest 2013 (Vancouver, British Columbia, Canada, Mar 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit (Washington, DC, USA, Mar 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.
AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, Apr 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.