The CyberWire Daily Briefing 03.01.13

Cyber Trends

3 out of 4 infosec pros unsure they would spot a breach (Help Net Security) LogRhythm announced the results of its 2nd Annual Cyber Threat Readiness Survey of 150 IT security professionals on their organizations' readiness to address advanced cyber security threats

Legislation, Policy and Regulation

FCC To Investigate Cell Phone Unlocking Ban (TechCrunch) Following an online uproar over a law banning the unlocking of cell phones, the Federal Communications Commission will investigate whether the ban is harmful to economic competitiveness and if the executive branch has any authority to change the law

Cyber security organisational standards: call for evidence (gov.uk) The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management. There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote

CNAS: government needs to clarify active cyber defense options (FierceGovernmentIT) Given the changing nature of cyber threats confronting the United States, policymakers need to provide better guidance and greater clarity regarding active cyber defense options available for both the private and public sectors, argues a new report from the Center for a New American Security

House committee to consider email privacy bill (FierceBigData) As Accenture's Jeanne Harris said this week, trust is a huge issue for the big data community. And when consumers and their watch dogs hear big data and email in the same sentence, they get concerned. While it may be a while before big data filters down to consumers directly, the privacy issue will likely bubble up before that. Recent movement on email privacy in Congress shows the potential for alleviating some of that concern

Federal IT Reform: Are More Laws Needed? (InformationWeek) There's a move afoot to use legislation to reform federal IT acquisition and management, an idea that appears to be gaining some steam. Congressional hearings frequently pass with nary a whiff of consequential reform, but two hearings in the last month -- both punctuated by a bipartisan tone and proposed legislation -- indicate that the House of Representatives is serious about using 2013 to overhaul the way the federal government spends money on and manages IT

New committee formed to develop eDiscovery process standards (Enterprise Communications) A 66-year-old governing body with 162 member nations that deal with a wide range of issues has announced that they are forming a new committee who will have the task of developing standards for eDiscovery processes. The International Standards Organisation has said that the standards, should they be passed, 'would define procedures for technology companies, discovery providers and their clients to follow when handling digital data'. A draft of the committee charter states: "This international standard provides guidance on measures spanning from initial creation of electronically stored information through its final disposition, which an organisation can undertake to mitigate risk and expense should electronic discovery become an issue"

Dateline

[RSA 2013] Conference Resources (RSA Conference) Bookmark this page for easy access to the information and resources you'll need to make the most out of your week. Make sure to check out what's new for 2013!

Scenes from RSA Conference and BSidesSF 2013 (CSO Salted Hash) A look at the sights and sounds of the world's biggest annual information security event

When's the next Apocalypse? RSA 2013 Conference Trends (Kaspersky Labs) RSA is like the Hogwarts of Security, the annual reunion for cyber jedi masters or the secret fight club for private security companies, governmental agencies and international organizations. We've got an exclusive pass to all of the sessions and sideline discussions. Here is what this year's buzz is all about with everything you need to know about RSA 2013

FBI Director: We Can't Close All Vulnerabilities, We Must Identify and Deter Attackers (Softpedia) Speaking at the 2013 RSA Conference in San Francisco, FBI Director Robert Muller explained that the partnership between government agencies and private industry must be strengthened, also saying that a new approach is needed in the effort to combat cybercrime. Muller has highlighted the fact that after 9/11, the FBI has been trying to fight terrorism by identifying and disrupting terrorist threats. This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well, he noted

5 Lessons From The FBI Insider Threat Program (Dark Reading) Insider threats may not have garnered the same sexy headlines that APTs did at this year's RSA Conference. But two presenters with the Federal Bureau of Investigation (FBI) swung the spotlight back onto insiders during a session this week that offered enterprise security practitioners some lessons learned at the agency after more than a decade of fine-tuning its efforts to sniff out malicious insiders following the fallout from the disastrous Robert Hanssen espionage case

RSA 2013: Get The Lawyers, Offensive Security Is Go (TechWeek Europe) CrowdStrike is leading the industry into offensive security and a legal minefield awaits. "This isn't hacking back," George Kurtz, president and CEO of CrowdStrike, one of the most talked-about security firms at RSA 2013, tells TechWeekEurope. "No sensationalist headlines please." The company has been one of the bigger voices this week, turning heads with a live takedown of thousands of nodes of the Kelihos botnet, at one point having to do so using a laptop tethered to a 4G phone. The botnet is still active, and will be until more concerted action is taken against it, but CrowdStrike at least showed what it could do

RSA Conference: Crowdstrike defend intentions and concept (SC Magazine) Proactive defence of networks is not about vigilantism, according to US security technology company Crowdstrike. In a presentation titled 'Highway to the danger zone - going offensive legally' at the RSA Conference in San Francisco, Crowdstrike president and CEO George Kurtz admitted that the concept of proactive defence and 'hacking the bad guys back' is a hot topic and the legal aspects need to be understood. He said: "Take vigilantism off the table, we look at ways and methods to make it harder for the adversary and be more hostile in the network"

So APT Is China (snicker) Now What? (infosecisland) As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT bleated out by a megaphone from the Mandiant booth, I find myself once again looking at the problem as opposed to the hype. Let me simplify this for you all a little bit here to start though. APT is not necessarily "advanced" as Mandiant finally lets you all out there not in the secret squirrel club know

Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013 (TechTarget) When Mandiant Corp. released its report on APT1, imaginations seemed to run wild with ideas of Chinese super hackers conducting incredibly sophisticated attacks from their secret headquarters. In reality, advanced persistent threats (APTs) largely consist of B-team scrubs running the equivalent of script-kiddie tools created by a few talented hackers with a huge support team behind them. This was the case put forward by Alex Lanstein, senior researcher at Milpitas, Calif.-based security vendor FireEye Inc., during his RSA Conference 2013 presentation, APTs by the Dozen: Dissecting Advanced Attacks from China

Security breaches remain undiscovered and unresolved for months (Help Net Security) At RSA Conference 2013 in San Francisco, Solera Networks announced the results of the Ponemon Institute's 2013 report, "The Post Breach Boom," which revealed that organizations are unprepared to detect

RSA: IT Security Managers Skeptical on Big Data Security Proposition (CSO) "I don't call it Big Data," I call it garbage data," said Jerry Sto. Tomas, director of global information security at healthcare company Allergan, who with other panelists at the RSA Conference this week discussed the challenges that security managers face today in getting solid threat intelligence for network defense out of what already feels like too much security-event data. Adoption of cloud services is only adding another wrinkle on centralizing that plan

Malware's Future Looks A Lot Like Its Present (Security Ledger) What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday

RSA 2013: Outdated Software Biggest Internet Security Threat (eSecurity Planet) Forget exotic new variants of malware. Metasploit founder HD Moore warns that outdated and improperly configured software is the Internet's biggest security threat. There is no shortage of research releases at the RSA 2013 security conference. Yet one piece of research stands alone, above all others by virtue of the sheer audacity of the undertaking

RSA 2013: SSL Certificate Security in the Crosshairs (eSecurity Planet) Can the SSL certificate authority system be improved? A panel at the RSA conference discussed several promising approaches. Over the course of the last several years, the security of SSL certificate authorities (CAs) has come under attack. At the RSA Security conference this week, a panel of CAs and researchers discussed ideas that could help shore up the system of awarding SSL certificates

Sourcefire Advanced Malware Protection Turns Back Time (IT Trends & Analysis) As RSA 2013, cyber security's annual gathering, draws to a close, the key conclusion is that we are in 'deep s**t' cyber-security wise, according to a new blog from Kaspersky Lab's Tyler Durden. 'The reasons are very simple - the internet was designed and built without any security-concerns in mind.' Attackers are getting organized as if they were banks or special task forces; they are businesses based around data and money stealing with structures, business planning, HRs, CEOs, CTOs, margins, and ROIs. 'Cybercrime has become an industry, similar to drug cartels or shadow weapons shipments, and in order to fight it we need to be strong and organized'

SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure (Dark Reading) The oil and gas industry now has at its disposal a SCADA security test laboratory for testing just how their environments would hold up—or not--to today's attacks. The so-called Industrial Control System (ICS) Sandbox based in Montreal aims to simulate real-world effects of attacks on critical infrastructure to help power plants and other operators to better lock down their environments

FIPS certified cryptography for embedded systems (Help Net Security) At RSA Conference 2013 in San Francisco, Allegro announced the addition of the FIPS 140-2 compliant Allegro Cryptography Engine (ACE) to the RomPager suite of embedded internet toolkits

Avast 8 generates detection of entire malware families (Help Net Security) At RSA Conference 2013 in San Francisco, Avast Software introduced a new version of its consumer security software line, with a number of new technologies and improvements to deliver proactive detecti

Endpoint manager with panoramic, touch screen display (Help Net Security) At RSA Conference 2013 in San Francisco, Comodo announced their latest solution for centralized administration of security, including anti-virus protection of endpoints: Comodo Endpoint Security Manager

Juniper adds global attacker intelligence service to its products (Help Net Security) At RSA Conference 2013, Juniper Networks unveiled its next-generation security products for protecting data center environments, fortified by the Junos Spotlight Secure global attacker intelligence

Test malware handling capabilities of network security devices (Help Net Security) At RSA Conference 2013 in San Francisco, Spirent Communications announced the release of malware testing capabilities on Spirent Studio. With the addition of malware testing, Spirent offers its custom

Multi-layered authentication appliance from HID Global (Help Net Security) HID Global announced its new ActivID Appliance solution for strong authentication at RSA Conference 2013. Enabling organizations to protect corporate data against unauthorized access

Bloggers' Awards at RSA - Naked Security scoops Best Corporate Security Blog (again!) (Naked Security) Fellow Naked Security writer and industry stalwart Graham Cluley just emailed from San Francisco to tell us that we won the Best Corporate Security Blog in the 2013 Security Bloggers' Awards. The Security Bloggers' Awards are handed out each year alongside the RSA Conference, halfway through the conference week. They're a bit different from most security awards because they aren't voted for by an industry panel, but by the security blogging community itself

Kindsight Empowers Internet Service Providers To Defend Against Botnets (Dark Reading) Kindsight Botnet Security service analyzes Internet traffic for communications between infected devices and the bot masters' C&C servers

Products, Services, and Solutions

General Dynamics eyes government-level security on smartphones (CSO Salted Hash) Android phones could be approved for access to classified networks later this year. General Dynamics is looking to bring U.S. government-level security to consumer smartphones, allowing organizations to benefit from the type of strong data protection only available on expensive and clunky mobile terminals

The Chubby vWand Stylus Can Bring NFC Support To Non-NFC Smartphones And Tablets (TechCrunch) NFC has always struck me as one of those things that everyone says is going to get really big next year, and the growing number of smartphones and tablets that come bearing support for the standard is proof that at least a few people care about it. But what if you want to experience the NFC lifestyle but your gadget(s) of choice don't play nice with it? Enter Spain-based Sistel Networks, and its

Google Launches Zopfli To Compress Data More Densely And Make Web Pages Load Faster (TechCrunch) Google just launched Zopfli, a new open source compression algorithm that can compress web content about three to eight percent more densely (PDF) than the standard zlib library. Because Zopfli is compatible with the decompression algorithms that are already part of all modern web browser. Using Google's new algorithm and library on a server could lead to faster data transmission speeds and lower

iCloud e-mail 'censorship' thanks to overzealous spam filtering (Ars Technica) Certain key phrases inside even a zipped PDF cause Apple to intercept. Apple is apparently performing some content-based iCloud e-mail filtering, resulting in e-mails that never arrive to their intended destination. As detailed by Macworld, e-mails that included a particular phrase, even in a zipped PDF file, were prevented from getting to the intended recipient. This was regardless of whether the message was from a known sender, indicating that Apple is placing a pretty judging eye on what passes through its servers

ThreatMetrix Enhances Its Cybercrime Defender Platform to Include Behavioral Analytics (Softpedia) Integrated cybercrime prevention solutions provider ThreatMetrix has announced the introduction of behavioral analysis in its Cybercrime Defender Platform via a component called ThreatMetrix Persona ID Rules. Persona ID Rules is capable of identifying abnormal behavior in real time by doing a comparison between current and historical attributes. Information such as email addresses, transactions, accounts, IP addresses, devices, proxies, geo-location and physical addresses are taken into consideration to make the determinations as precise as possible

Co3 Systems delivers security incident response (Help Net Security) Co3 Systems announced an expansion to its SaaS-based incident response platform. The new Security module provides automated, single-pane incident management in a secure, isolated environment for generating

Yubico launches smart card that combats spying malware (Help Net Security) Yubico announced that the Yubikey NEO aggressively defends against malware aimed at smart cards. Successfully piloted by leading enterprises, the new product eliminates the risk of card and PIN being

Technologies, Techniques, and Standards

The Best Way To Spend Your Security Budget (Dark Reading) One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority

The 5 Commandments Of Data And Why Analytics Efforts Are Still A Big Old Mess (TechCrunch) At the Strata Conference this week, Marck Vaisman, a freelance data scientist, talked with us about the five commandments of data, a set of principles he has developed and written about in a book by O'Reilly Publishing called "The Bad Data Handbook"

Social media needs to be about policy not politics (IT Pro) I was at an event recently where I overheard an IT executive declaring proudly how an intern was in charge of his firm's social media policy. A woman, who also overheard the boastful executive, turned to her colleague and said: "So what? We do that, too." I'm not sure who was worse: the first executive openly talking about his firm's social media policy, or the second executive who was eager to show off at the other guy's expense

Heralding the Dawn of Critical Infrastructure Security Metrics (Smart Grid Security) You may like this blog because of its emphasis on business-oriented security metrics and measurement. Or you may loathe it for the same reason (though if you do, you shouldn't still be visiting much). Can measure, can't manage

Hadoop gets workout at Strata (FierceBigData) Hadoop has been getting a workout over the last year and both large and small companies revealed their progress this week--at the Strata Conference in Santa Clara, Calif.--in leveraging the open source system to unleash the power of big data. Intel (NASDAQ: INTC), for example, got into the big data game with its own distribution of Apache Hadoop. The company said it was committed to strengthening the Apache Hadoop framework by contributing platform enhancements into open source, in collaboration with the developer community

5 Things IT Pros Need to Know About SaaS Governance (CIO) Software as a service is here to stay. So CIOs need the tools to manage their sprawling portfolios of SaaS applications with the same rigor they use for on-premise software

3 Ways to Give Your IT Organization a Skills Tune-Up (CIO) Three CIOs describe how they define and develop IT staff capabilities that keep pace with business needs. From tying core IT competencies to your business strategies, to creating demand by providing context, to offering career-building tools, three CIOs describe how they define and develop IT staff capabilitiess

Do Chief Digital Officers Spell Trouble for CIOs? (CIO) CEOs are hiring hotshot chief digital officers to run strategic, customer-facing operations such as online sales. Is this good news or bad news for CIOs? When consumers wanted movies, TV, music and other media to be online and on mobile devices, entertainment companies started recruiting chief digital officers (CDOs) to transform their businesses

Marketplace

Boehner Halts Talks On Cuts; G.O.P. Cheers (New York Times) Speaker John A. Boehner, the man who spent significant portions of the last Congress shuttling to and from the White House for fiscal talks with President Obama that ultimately failed twice to produce a grand bargain, has come around to the idea that the best negotiations are no negotiations

Efforts To Avert Cuts Are Dropped (Washington Post) One day before automatic spending cuts were due to hit the Pentagon and other federal agencies, Congress on Thursday abandoned efforts to avert the reductions and left town for the weekend. The sequester is here, and policymakers have no plans to end it

Hail Armageddon (Washington Post) "The worst-case scenario for us," a leading anti-budget-cuts lobbyist told The Post, "is the sequester hits and nothing bad really happens." Think about that. Worst case

When does sequestration start? (Politico) When exactly does sequestration start? It's a bit of a technicality, but one that makes a big difference, especially for the hundreds of thousands of federal workers waiting on furlough notices. The law requiring $1.2 trillion in across-the-board spending cuts is a bit vague on when the budget cuts begin. It only says March 1. So, the White House Office of Management and Budget has until 11:59 p.m. Friday to actually issue the official sequestration notice that starts the entire process

Many Steps To Be Taken When 'Sequester' Is Law (New York Times) At some point on Friday (no one will say precisely when), President Obama will formally notify government agencies that an obscure process known as sequestration is in effect, triggering deep, across-the-board budget cuts that will force federal spending to shrink

Pentagon To Make 'Quick Decisions' On Sequester Cuts (Agence France-Presse) The Pentagon will make "some very quick decisions" on programs to be hit by automatic spending cuts under the so-called sequester, a Defense Department spokesman said Thursday

Sequestration Doesn't Cut Nearly Enough (Washington Times) A project to design beef jerky that rolls up: $1.5 million. A seminar in which a topic was, "Did Jesus die for Klingons, too?" (This is a question, I can assure you, that will not be answered by any sane person): $100,000. These examples of absurd government spending become even more absurd when you realize these items were all part of the budget for the Department of Defense

Sequester Insanity: Why the Pentagon budget cuts are far worse than you think. (Slate) The Pentagon is about to become a crazier place to work, and not because Chuck Hagel has taken the helm. It's because of sequestration, which, if it really does happen on March 1, could twist and twirl the world of defense contracting into contortions heretofore unseen. The mainstream news stories and editorials on the subject have not conveyed the full nuttiness of what's about to blow

The Superhero Of The Sequester (The Daily Beast) Deputy Secretary of Defense Ashton Carter says he'll give back part of his paycheck if the sequester leads to furloughs at the Pentagon. Why won't more politicians follow his lead

Lockheed Martin Named As A Commercial Cyber Security Provider By Department of Homeland Security (MarketWatch) Lockheed Martin (NYSE:LMT) has recently signed a Memorandum of Agreement (MOA) with the Department of Homeland Security (DHS) to become a Commercial Services Provider in the Enhanced Cybersecurity Services program

Software AG Launches New Government Focused Subsidiary (ExecutiveBiz) Software AG USA Inc. has established Software AG Government Solutions, a wholly owned subsidiary exclusively focused on providing unique and targeted solutions to U.S. federal government customers, according to a company statement

Deloitte To Help Labor Dept's Cloud Transition (The New New Internet) Deloitte has won approval to host the Labor Department's litigation data outside of the department's firewall as DOL intends to move to a cloud computing environment

Kay Kapoor Joins AT&T As Govt Services President (GovConWire) Kay Kapoor, former CEO of Accenture Federal Services (NYSE: ACN), has joined AT&T (NYSE: T) as president of the government solutions unit

V-Key Hires Two Top-Tier Executives (Dark Reading) Richard Trovato and Matt Rose have joined the company as Senior Vice President Sales and Vice President of Mobile Solutions, respectively. V-Key Inc., pioneer and inventor of mobile application intrusion protection and intelligence today announced that Richard Trovato and Matt Rose have joined the Company as Senior Vice President Sales and Vice President of Mobile Solutions, respectively. The new appointments of Trovato and Rose are timely as V-Key makes a RSA Conference splash in San Francisco this week (February 26-March 1) and kicks off its rapid growth for 2013

Marissa Mayer's Job Is to Be CEO--Not to Make Life Easier for Working Moms (The Atlantic) Her decision to ban telecommuting is deeply unpopular, but it could be necessary to save the company she's been hired to lead

Yahoo Flap Misses The Bigger Point (InformationWeek) New CEO Marissa Mayer wants all company employees to work in the office. This isn't about exercising control; it's about setting a tone for change. Yahoo CEO Marissa Mayer is under fire for doing the unthinkable: She's requiring company employees to actually work at the workplace. That's right. In an era when just about everyone but coal miners and longshoremen thinks telecommuting is their birthright, Mayer is ordering all of Yahoo's 11,500 employees to show up at the office every day, starting in June

Iron Bow Wins Spot On CRN Top 250 IT Education, Training List (GovConExecutive) Iron Bow Technologies has won a place on CRN's annual list of its top 250 information technology services providers that invested in education and training for data center and cloud computing certifications

Research and Development

The Guardian Project's software authenticates human rights videos and protects activists in the field (IEEE Spectrum) Suppose you're a human rights organization. Someone sends you a video documenting an abuse of human rights—by a private militia in Chechnya, or the Abu Ghraib prisoner abuse photos, or children forced to pick cotton in Uzbekistan. The Internet has once again proved its worth—the pool of people able to video a human rights abuse and send it to you is a hundred- or maybe a thousandfold greater than it used to be. Awesome. Unless the video is a fake

Verbal Java: Meaning-Based Language Can Be Instantly Translated (Wired Business) By encoding meaning instead of words, the Free Speech engine can easily render a given piece of information — like a news article or school lesson — into any language. Its developer, Indian programmer Ajit Narayanan, presented at the

LOL, texting, and txt-speak: Linguistic miracles (Ars Technica) A linguist surprises the TED crowd; apparently txt-speak really is special. Is texting shorthand a convenience, a catastrophe for the English language, or actually something new and special? John McWhorter, a linguist at Columbia University, sides with the latter. According to McWhorter, texting is actually a new form of speech, and he outlined the reasons why today at the TED2013 conference in Southern California

Security Patches, Mitigations, and Software Updates

Google patches bug that allows attackers to slip past two-factor authentication (Naked Security) Attackers could - until Google issued a fix last Thursday, that is - bypass Google accounts' two-step login verification, reset a user's master password, and gain full profile control, just by capturing a user's application-specific password

Facebook fixes bug that leaked users' phone numbers (Naked Security) Facebook said that when retrieving a user's email address via graph API, app developers were receiving a 10-digit number once for every 1,000 users, more or less (mileage varies), instead of the properly formatted email address the documentation states that the field should return

Cyber Attacks, Threats, and Vulnerabilities

Islamic Group Promises to Resume U.S. Bank Cyberattacks (CSO Salted Hash) Cyber Fighters have claimed responsibility for five waves of attacks against banks since last September. An Islamic group that has claimed responsibility for several waves of attacks on major U.S. banks since last September has promised to resume its assault next week using a lot more firepower. The group that calls itself the Cyber Fighters of Izz ad-Din al-Qassam claimed to have given a preview of what's to come in launching distributed denial of service (DDoS) attacks against the websites of a number of banks and credit unions on Monday. Targets included Bank of America, PNC Financial, Capital One Financial, Union Bank, Zions Bank, Citizens Bank, Peoples United Bank, Patelco Credit Union and University Federal Credit Union

Chinese Army: US hacks us so much, I'm amazed you can read this (The Register) Two Chinese military websites - including the Defence Ministry - are routinely subjected to thousands of hacking attacks every month, the majority of which can be traced based to the US, Chinese authorities alleged this week. Two-thirds of the 144,000 attacks a month against Chinese military sites last year came from the US, the ministry told Chinese journalists on Thursday, Reuters reports. The accusation follows a high-profile report by US incident response firm Mandiant last week blaming a Shanghai-based People's Liberation Army affiliated team (dubbed Advanced Persistent Threat - APT -1) for attacks against 141 organisations across 20 industries in the US and other English-speaking countries over the last seven years

China Says U.S. Routinely Hacks Defense Ministry Websites (Cyberwarzone) Two major Chinese military websites, including that of the Defense Ministry, were subject to about 144,000 hacking attacks a month last year, almost two-thirds of which came from the United States, the ministry said on Thursday. This month a U.S. computer security company said that a secretive Chinese military unit was likely behind a series of hacking attacks mostly targeting the United States, setting off a war of words between Washington and Beijing. China denied the allegations and said it was the victim

China: Including Blue Teams in Military Drills Doesn't Mean We Have Cyber Warriors (Softpedia) Over the past few weeks, reports have been pouring in from Chinese officials about the countrys cyber security capabilities. At first, they criticized US organizations for falsely accusing them of launching cyberattacks based only on some IP addresses and inaccurate information. Then, they came forward stating that making baseless accusations is not good for international cooperation

More (circumstantial) findings reinforce Mandiant's APT1 claims (Help Net Security) The release of Mandiant's APT1 report has created quite a stir in security and international political circles. The majority saw it as a confirmation of the long held belief that the Chinese government is sanctioning active espionage campaigns all over the world, while others pointed out its flaws. In the meantime, certain curious individuals did some investigating on their own and discovered some more data that seems to reinforce Mandiant's findings

Gas pipelines at risk after Chinese cyber attack (Oil Price) A restricted US government report compiled by the Department of Homeland Security (DHS) states that 23 gas pipeline companies were targets of a cyber-attack in the six months from December 2011 to June 2012. Emails designed to trick key

Cyber-attackers turn NVIDIA tool into an accomplice (The H) Virus experts at Sophos made a surprising discovery in their analysis of a targeted cyber attack. A specially crafted RTF document was taking advantage of a vulnerability in Word to execute a tool from NVIDIA's graphics card drivers on the victims' computers. The executable file, called nv.exe, is digitally signed - and is, in fact, the original file with no changes

Hackers target Euro governments with Adobe exploit (ITNews) Hackers targeted dozens of computer systems at government agencies across Europe in a series of attacks that exploited a recently discovered security flaw in Adobe Systems software, security researchers reported. Russia's Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania

Researchers discover new global cyber-espionage campaign (IT World) Security researchers have identified an ongoing cyber-espionage campaign that compromised 59 computers belonging to government organizations, research institutes, think tanks and private companies from 23 countries in the past 10 days

Zero-Day MiniDuke Virus References Dante's Divine Comedy (iTechPost) Zero-Day MiniDuke Virus References Dante's Divine Comedy. Print; Email. Joann Fan. First Posted: Feb 28, 2013 07:57 AM EST. TagsVirus, MiniDuke, CrySyS, Kaspersky. MiniDuke. (Photo : Ars Technica | iTechPost) MiniDuke exploits an Adobe Reader

Exploit lets websites bombard visitors' PCs with gigabytes of data (Ars Technica) Chrome, IE, and Safari trick could become new form of Rick Roll. A Web developer has demonstrated a simple-to-execute exploit that allows websites to surreptitiously bombard visitors' storage devices with gigabytes of junk data

Webhosting management company cPanel suffers break-in, lets slip customers' root passwords (Naked Security) Webhosting management company cPanel recently announced a worrying sort of compromise: the possible theft of its customers' root passwords. Paul Ducklin looks at what happened, and what's being done to avoid a repeat of this worrying situation

Data leaked by Anonymous appears to reveal Bank of America's hacker profiling operation (Information Age) A group of hacktivists calling itself the Anonymous Intelligence Agency has published a cache of data that seemingly reveals how Bank of America searches for and profiles hackers online. The data includes what appear to be emails from US IT services provider TEKSystems to security professionals at the bank, containing intelligence collected from hacking-related chat rooms and social networks. This includes a long list of keywords including the pseudonyms of known hackers

Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft (Wired Threat Level) When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, no one was more concerned about the discovery than Microsoft, after realizing that the tool was signed with a modified Microsoft certificate to verify its trustworthiness to

Oracle 11g Stealth Password Cracking Vulnerability (Cyberwarzone) Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137). February 20, 2013Risk Level:HighAffected versions: Oracle Database Server version 11gR1, 11gR2Remote exploitable:Yes(No authentication to Database Server is needed)Credits:This vulnerability was discovered and researchedby Esteban Martinez Fayo ofApplication Security Inc. Details:There is a flaw in the way that Authentication Session Keys are generated and protected by Oracle Database Server during the authentication process. It is possible to use this flaw to perform unlimited password guesses(cracking)of any user password in a similar way as if the password hash would be available

Oracle investigating after two more Java 7 zero-day flaws found (ZDNet) Polish security researchers have discovered yet more zero-day vulnerabilities in Java, the beleaguered Web plug-in, that led to the successful intrusion of Facebook, Apple and Microsoft in recent weeks. Java is at the center of yet another security storm after Polish security researchers found not one, but two new separate zero-day flaws in the Web plug-in software. Web users are once again warned to disable Java immediately to prevent any infection on production machines or networks

Team GhostShell Leader Details the Tricks He Played on Law Enforcement Agencies (Softpedia) After leaking millions of pieces of information from the systems of organizations from all over the world, Team GhostShell has become the target of several law enforcement agencies. In an interview weve had with DeadMellox, the leader of the group, he has detailed some of his encounters with the authorities. DeadMellox says hes taking a break from hacking for an undetermined period of time, but before doing so, he has shared with us some interesting things from behind the scenes of his collectives operations

How Much Does A Botnet Cost? (Threatpost) The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP addresses

Anonymous: 10 Things We've Learned In 2013 (InformationWeek) The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings

Foundry Park Inn & Spa becomes victim to cyber-attack (Red and Black) The Foundry Park Inn & Spa, located on 295 East Dougherty St., reported in an official release Thursday that it had been the victim of a cyber-attack "that targeted food and beverage customers." The release explained that Melting Point ticket buyers

Academia

Senate panel asked to consider cyber-security exemption for research universities (Independent Mail) An official from the Medical University of South Carolina asked a Senate panel Thursday to consider making the states research universities including Clemson University exempt from the requirements of a cyber-security bill now under discussion. The aim of the bill is to create standards for, and centralized oversight of, the states computer systems following the cyber attack that allowed a hacker to access personal data for 3. 8 million adults and 700,000 businesses in South Carolina

UI shaping curriculum to train digital sleuths (News Gazette) When a house is burglarized, a detective arrives on the scene to analyze footprints or blood splatters. When a rogue government or crime syndicate infiltrates a computer system or when a cellphone has been crushed and data must be retrieved, private industry and government officials turn to digital forensics specialists. Once a nascent field, digital forensics has gained momentum and attention in recent years

Litigation, Investigation, and Enforcement

In First On-Stage Interview, Autonomy's Lynch Re-Ignites His Fight With HP (TechCrunch) The saga of the fight between Hewlett-Packard and Autonomy continued on stage today when Autonomy founder Mike Lynch repeated his allegation that HP has "never made" any formal representation to him or other former directors of the company regarding its controversial write-down of the acquisition

EU privacy taskforce plan to take action against Google (ComputerWorld) European privacy authorities approved a plan to come up with measures to curb Google's collection, combination and storage of its users' personal information before the summer. The data protection regulators have decided to continue their investigation into Google in close cooperation with each other and will take all actions necessary, the French National Commission on Computing and Liberty (CNIL) said in a news release on Thursday. The CNIL is the Data Protection Authority (DPA) leading the investigation

European Commission is set to fine Microsoft over Internet Explorer (Inquirer) THE EUROPEAN COMMISSION (EC) apparently is set to hand Microsoft a steep fine later this month for anti-competitive behaviour with Internet Explorer

Soldier Admits Providing Files To WikiLeaks (New York Times) The guilty pleas exposed him to up to 20 years in prison. But the case against Private Manning, a slightly built 25-year-old who has become a folk hero among antiwar and whistle-blower advocacy groups, is not over. The military has charged him with a far more serious set of offenses, including aiding the enemy, and multiple counts of violating federal statutes, including the Espionage Act. Prosecutors now have the option of pressing forward with proving the remaining elements of those charges

10 Things You Didn't Know About The National Security Agency Surveillance Program (BuzzFeed) The National Security Agency's domestic surveillance programs are an endless source of controversy. But 12 years after their first construction, they are alive and listening -- and listening to a lot more than ever before. Here are 10 new secrets my colleague D.B. Grady and I reveal about the history and operation of the program in our new book Deep State: Inside the Government Secrecy Industry

Design and Innovation

Back to Apple's Future (IEEE Spectrum) Apple's 1987 promo video forecast the world 25 years hence. Hey! That's now

Twilio And 500 Startups Launch A Micro-Fund For European Startups (TechCrunch) "Cloud communications" company Twilio and startup accelerator 500 Startups today launched Twilio Fund Europe 2013, a new micro-fund for companies from Europe and surrounding countries being built on the Twilio platform. In addition, the existing US-based 2012 Twilio Fund finalists were announced, closing out last year's fund

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

IHS CERAWeek 2013 (Houston, Texas, USA, March 4 - 8, 2013) IHS CERAWeek 2013 will offer new insight on the energy future -- and on the strategic and investment responses by producers, consumers and policy-makers. What are the changes ahead in the competitive landscape for oil, natural gas, coal, renewables, and nuclear power? How will the global unconventional oil and gas revolution change the game for all energy participants? What will be the fuel and technology choices of the future. Michael Hayden will deliver the keynote. While primarily concerned with the energy sector, the conference may also be of interest to the cyber security industry.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

Google and University of Maryland Cybersecurity Seminar (College Park, Maryland, USA, March 14, 2013) Dr. Ari Juels, Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories, will discuss "Aggregation and Distribution in Cloud Security." His talk will feature information on cloud computing and virtualization, a key supporting technology. Cloud computing offers flexibility and agility in the placement of resources. Certain risks, however, arise from cloud services' tendency to aggregate sensitive data and workloads. He will discuss side-channel attacks resulting from the co-location of disparate tenants' virtual machines (VMs) on hosts and the vulnerabilities posed by databases aggregating the authentication secrets, e.g., password hashes, of numerous users. Conversely, cloud computing offers new opportunities to distribute data. Dr. Juels will also describe a new, research-driven RSA product that splits sensitive data across systems or organizations, removing the single points of compromise that otherwise naturally arise in cloud services.

Department of Homeland Security 6th Annual Industry Day (Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the morning session will be procurement-centric with an emphasis on procurement issues, policies and programs. The afternoon session will be Chief Information Officer (CIO) IT-centric. Both sessions will provide acquisition information concerning specific program areas.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

TechCrunch Disrupt San Francisco (San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September 7-11 on your calendar, because you're not going to want to miss Disrupt SF 2013. The Hackathon kicks everything off, followed by our main event, which starts every morning with panels of special speakers and guests, one-on-one chats featuring TechCrunch writers and editors, special guest speakers and judges, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. In the afternoons, the Startup Battlefield presentations begin, with the final presentations held on the last day of Disrupt.