The CyberWire Daily Briefing for 3.28.2013
CyberBunker's denial-of-service campaign against Spamhaus displays risks misconfigured open DNS servers pose. Inherent vulnerabilities of DNS (beyond misconfiguration) lead many observers to see the CyberBunker campaign as a harbinger of things to come. The volume of attack traffic is very large, dwarfing that achieved by the Izz ad-Din al-Qassam Cyber Fighters in their campaign against US banks (which resurfaces this week in Wells Fargo servers).
The perpetrators have been unusually open about their responsibility. In an interview with Russia Today (a surprising tribune of unfettered expression) CyberBunker calls Spamhaus a censorship organization, and says its denial-of-service attacks are a blow for Internet freedom. The campaign has been widely felt but of limited impact: congratulations to CloudFlare for mitigating it.
From Egypt comes news of a more primitive attack on the Internet: the Egyptian Coast Guard boards a fishing boat off Alexandria and snaps up three men trying to cut the SEA-ME-WE 4 undersea cable. SEA-ME-WE 4 runs from France to Malaysia, and links Europe, Asia, and North Africa.
More warnings of malicious Chinese hardware in the IT supply chain appear, and the US Congress does something about them. Their continuing budget resolution will restrict purchase of Chinese-manufactured IT devices and components. Before buying, Government organizations must vet such items in a formal cyber-espionage risk assessment by at least four agencies, including the FBI. Any purchases must be determined to be "in the national interest of the United States." Industry analysts name Lenovo and Apple (via Foxcon) as likely big losers.
Today's issue includes events affecting Algeria, Austria, Canada, China, Egypt, European Union, Republic of Korea, Netherlands, Russia, South Africa, Taiwan, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Massive DDoS attack against anti-spam provider impacts millions of internet users (Naked Security) The largest recorded DDoS attack has been ongoing for over eight days now, causing slowdowns and errors throughout the internet. Is this a one time scenario or does this expose a greater weakness in the world's largest network
The Largest DDoS Ever Hits the Internet (eSecurity Planet) On March 22, the largest DDoS attack yet seen in the history of the Internet hit the CloudFlare network. CloudFlare is a host for spam fighting SpamHaus.org, the target of the DDoS attack
Misconfigured, Open DNS Servers Used In Record-Breaking DDoS Attack (Dark Reading) This was not your typical hacktivist DDoS attack: a massive, 300 gigabits-per-second traffic attack against volunteer spam filtering organization Spamhaus spread yesterday to multiple Internet exchanges and ultimately slowed traffic for users mainly in Europe. Security experts say the attacks appear to be in retaliation for Spamhaus recently blacklisting CyberBunker--a notorious hosting provider based in The Netherlands that provides anonymous hosting--as a spam conduit. The attack, which as of this posting had subsided, at its peak today hit 300 Gbps, a massive leap from the previous record 100 Gbps-sized DDoS attacks seen only occasionally
The biggest cyber attack in the history of the Internet is happening right now (Quartz) At this very moment, the largest cyber attack ever declared is emanating from a decommissioned, nuclear-war proof NATO bunker with five foot-thick concrete walls and a reputation for harboring spammers and cybercriminals. It's all part of a dustup between CyberBunker—so named for the building just outside Kloetinge, in the Netherlands, that houses its servers—and the international non-profit Spamhaus
Spamhaus mafia tactics main threat to Internet freedom: CyberBunker explains largest cyber-attack (Russia Today) Spamhaus is a major censorship organization only pretending to fight spam, a CyberBunker spokesman said in an RT exclusive. Sven Olaf Kamphuis claimed that as a constant bully of Internet service providers Spamhaus has only itself to blame for the attack. In a Skype interview with RT, Kamphuis denied that CyberBunker was the organization behind the historical attack, pointing the finger at a large collective of internet providers around the globe called Stophaus
What caused the 'biggest ever' cyber attack? (Telegraph) Security expert Edd Hardy says not much can be done about the huge cyber attack which has slowed internet connections around the world. Millions of people were affected by the unprecedented 'denial of service attack' which was launched on Wednesday
Biggest Cyber Attack In History Could Have Been Carried Out With Just A Laptop (Forbes) There's no better place than the Internet for minimal damage to swirl into an epic disaster. A skirmish between the anti-spam organization Spamhaus and a Dutch web-hosting firm has ranked as the biggest known distributed denial of service (DDoS) attack
Did the spam cyber fight really slow down the Internet? (CNet) The New York Times reported about spam-fighting nonprofit Spamhaus and a distributed-denial-of-service attack on the Dutch group's site that became the "largest computer attacks on the Internet" and caused a "widespread congestion and jamming crucial infrastructure around the world."Matthew Prince, the CEO of CloudFlare, the company enlisted to fight the attacks for Spamhaus, told CNET today that the attacks -- which ceased yesterday morning -- were so big, they caused outages for the London and Hong Kong Internet exchanges. These exchanges are the meeting point for multiple networks. Before the Times report, CloudFlare put out a blog post titled, "The DDoS that almost broke the Internet."But new reports, like one from VentureBeat, show that a check of different Internet monitoring services reveal that the disruption, while indeed large, did not actually cripple the Internet globally
Unprecedented cyber attack won't slow down the Internet (Los Angeles Times) Since mid-March, a Dutch Internet hosting company has reportedly been waging the largest publicly known denial of service attack in history. But a McAfee security expert told The Times the attack probably won't slow down Internet transmission speeds
Security experts: attack is first of many (The Telegraph) Both Joakim Sundberg, Security Solutions Architect at F5 and Kasperky Lab argue that the Spamhaus attack is part of an almost unstoppable trend
Cyberfight puts a drag on the Internet (CNet) A cyberwar is under way between two companies over a recent move made by one. Spam-fighting organization, Spamhaus, which works with e-mail providers around the globe to block spam from entering in-boxes, has been in a battle over the last week that has seen distributed denial of service (DDoS) attacks exceed by several times the typical attacks inflicted on organizations. Spamhaus hosts a blacklist made up of servers that, it believes, are designed to send spam around the world
Spamhaus DDoS Attacks Triple Size of Attacks on US Banks (Threatpost) So you thought the 100 Gbps distributed denial-of-service attacks against U.S. banks were big? Ongoing attacks against Spamhaus have three times the fury and have affected unrelated online services as collateral damage. Attackers from Dutch webhost Cyberbunker are turning on a firehose of bad traffic in retaliation for being blacklisted by spam blacklist providers Spamhaus
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions (InformationWeek) Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam
Forget about the Cyberbunker attack—here's how to take an entire continent offline (Quartz) At its peak, Cyberbunker clogged up a mind-boggling 300 gigabits per second of the Internet in what's being called the biggest cyber-attack in history. But what if you could switch off 1.28 terabits—four times as much bandwidth—with nothing more high-tech than an axe? That's what three men tried to do in an unsophisticated but effective form of sabotage in Egypt yesterday; their identities and motives are not yet known. Reuters reports the Egyptian coastguard intercepted a fishing boat off the coast of Alexandria and arrested three men trying to cut through the SEA-ME-WE 4 undersea cable. The cable is one of the main connections between Asia and Europe, running from France to Malaysia and linking Italy, north Africa, the middle east and south Asia. The men, whose pictures the navy uploaded on Facebook, are being interrogated by Egyptian authorities. (If you recognize them, send an email to firstname.lastname@example.org.
Sensitive Enterprise Data Exposed in Amazon S3 Public Buckets (Threatpost) With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they're making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in
AVG South Africa Hacked, 10,000+ Product Keys Leaked by Over-X from Algeria (Hack Read) Over-X hacker from Algeria has breached and defaced two official websites of AVG Technologies for South Africa (avgsoftware. co. za) and as a result 10,371 product keys have been leaked online
Official Mcdonalds Austria, Taiwan & Korea Hacked. Over 200k Credentials Leaked (CyberWarNews) Turkish Ajan hacker group member Maxney has been at it again this time taking sights to fast food giant McDonalds (again). Maxn3y and another hacker using the handle xXM3HM3TXx have breached the official sites for Austria, Taiwan
HealthCare for Women server breached by hackers (South Coast Today) A computer server for SouthCoast medical provider HealthCare for Women was hacked in January, potentially exposing summaries of patient visits occurring from June 2012 to January 2013. Patient names, addresses, telephone numbers and dates of birth could also have been accessed. HealthCare for Women specializes in gynecology and obstetrics and has practices in New Bedford, Dartmouth and Mattapoisett
Oregon Health and Science University Admits Security Breach (eSecurity Planet) 4,022 patients' personal data may have been exposed. Late last week, Oregon Health & Science University (OHSU) began mailing letters to 4,022 patients informing them that an unencrypted laptop containing their personal data was stolen from an OHSU physician's vacation rental in Hawaii in late February
Dump Memory Grabber Malware Steals Card Data from ATMs and POS Systems (Softpedia) Researchers from Russian security firm Group-IB have identified a piece of malware thats designed to steal payment card information from the ATMs and the point-of-sale (POS) systems it infects. Dubbed Dump Memory Grabber, the malicious element has already swiped the details of cards issued by major US banks such as Citibank, Capital One and JP Morgan Chase, SecurityWeek reports. Group-IB has told SecurityWeek that the malware can steal Track 1 and Track 2 information account number, cardholder name and expiration data which is basically the information thats needed to clone cards
Anonymized Phone Location Data Not So Anonymous, Researchers Find (Wired Threat Level) Anonymized mobile phone location data produces a GPS fingerprint that can easily be used to identify a user based on little more than tracking the pings a phone makes to cell towers, a new study shows
iPhone is less secure than Android, security company SourceFire reveals (The Full Signal) The iPhone has shown to have more security vulnerabilities than Android or BlackBerry, a SourceFire study has shown. The iPhone may be more vulnerable to security attacks and hacks than Android and other smartphones, according to SourceFire, which released a "25 Years of Vulnerabilities" study in March. Because of the iPhone's popularity and Apple's strict App Store guidelines, hackers and cyber criminals are more motivated to penetrate Apple's security and iOS's loopholes
Spicing up phishing attacks (Naked Security) Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm. In this post I am going to take a quick look at one of the techniques used in some phishing attacks we have seen in recent months
Cyber Threats Can Lurk in DoD Electronics, Software Purchases (Defense News) When Scott Borg began warning a decade ago of the various ways adversaries could infiltrate electronic supply chains, the danger was largely theoretical. He suggested that an adversary might embed malicious programs in microcircuitry, and then spy on or sabotage weapons and other electronic equipment. When my colleagues and I first talked about these things, the actual evidence we could point to was slender and patchy, said Borg, director of the nonprofit U.S. Cyber Consequences Unit
Security Patches, Mitigations, and Software Updates
Several Cisco IOS DOS Issues Resolved (Internet Storm Center) Thanks Jim, for forwarding a whole raft of Cisco Alerts on DOS issues affecting various features within IOS. The alerts can be found here
Researcher Helps Nokia Fix XSS, CSRF Vulnerabilities, Rewarded with Lumia Phone (Softpedia) Pakistani security researcher Rafay Baloch has identified several security holes on various websites operated by Nokia. The company has addressed the vulnerabilities and has rewarded the expert's work with a Nokia Lumia 820 smartphone. The security holes identified by the researcher include an iFrame injection and a couple of cross-site scripting (XSS) issues on the PrimePlaces subdomain
GlobalSign Survey Reveals 74 Percent of Enterprise IT Professionals Say SaaS Certificate Authorities Provide Greater Security than Internal Certificate Authorities (Dark Reading) Survey Reveals SaaS Certificate Authorities Reduce Management Burdens Caused by Internal CAs such as Microsoft Certificate Services
Web Application Attacks Dominate (Dark Reading) But cloud no less secure than the enterprise, new attack data shows. You know that age-old question of whether the cloud is a more secure bet or not? New attack data shows it's basically a toss-up
Too Scared To Scan (Dark Reading) Fear of business disruption and downtime often leaves enterprises hesitant to scan the critical applications that hackers are most likely to target in their quest for exploitable vulnerabilities
Cybersecurity and the Threat to Networked Business (Forbes) Beware the dark side of networked business. There is substantial risk of meaningful disruption to operations for any organization whose business model relies on an information network to connect its employees, partners and customers. The public networks we use daily are foundational to networked business
U.S. and Russia--Not China--Lead List of Malicious Hosting Providers (Threatpost) China has become the go-to bogeyman behind every cyber attack…Those statistics, compiled in Host Exploit's quarterly World Hosts Report
Check Point: 63 Percent of Organizations Infected with Bots (ComputerWorld) The report states that cyber-attacks, ranging from crime-ware to hacktivism, will continue to evolve this year, impacting organizations of all sizes
DISA Lays Groundwork for Commercial Cloud Computing Contract (SIGNAL) One of the U.S. Defense Department's top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business
DHS IT programs see funding boost in continuing resolution (FierceGovernmentIT) Funding for Homeland Security Department information technology programs fare well under the continuing resolution (H.R. 933) signed into law by President Obama March 26. The law funds the government through the end of fiscal year 2013, and maintains $85 billion in automatic budget cuts under sequestration
Congress' cybersecurity crackdown on China could put Apple in the crossfire (Quartz) Last week, Congress quietly passed a bill that will make it much more difficult for the US government to buy computer equipment from Chinese companies, amid a spate of cyberattacks linked to Beijing. But the unintended consequences could ensnare Apple's iPhone and other devices sold by US firms that are assembled in China. A continuing budget resolution that is awaiting President Obama's signature bans several federal agencies, including NASA and the Justice and Commerce Departments, from purchasing any "information technology system" that was "produced, manufactured or assembled" by entities "owned, directed, or subsidized by the People's Republic of China," unless the agency's chief and the FBI determine whether there is a cybersecurity threat and conclude that the purchase is in the US national interest. The clause was first spotted by Stewart A. Baker, a lawyer and former Homeland Security official, who writes the Skating on Stilts blog
New U.S. Cyber-Security Law May Hinder Lenovo's Sales Growth (TechCrunch) The provision came to attention via a blog post by lawyer Stewart A. Baker, a former Assistant Secretary in the U.S. Department of Homeland Security under George W. Bush. Baker wrote that the sanctions "[demonstrate] remarkable bipartisan angst about
Nir Zuk's Palo Alto Networks Is Blowing Up Internet Security (Forbes) "They don't like me," says Nir Zuk of his old bosses. As one of the earliest employees at Check Point Software Technologies in the 1990s he wrote parts of the world's first commercial firewall. He later built essential chunks of the firewall sold by Juniper Networks. But at both companies, Zuk (pronounced "zook") ended up quitting in a huff–and, in one case, walking away from millions of dollars in unvested stock options. Why? The Israeli engineer felt his best ideas were being blocked by incompetence and office politics. All he ever wanted, he insists, was to build new things
Products, Services, and Solutions
Did Tencent just build a way around the Great Firewall of China? (Quartz) Tencent, China's largest tech company, just launched a multilingual version of its chat platform QQ on Facebook. QQ is the Chinese equivalent of Yahoo Messenger, circa 2003—only it has 800 million active users. And the version of QQ that Tencent made for Facebook isn't much different: Its core function is pretty much the same as Facebook's own chat function
Machine learning a growing force against online fraud (GCN) A group of ex-Google employees has started a company that wants to expand the use of big data to spot fraud a blight that costs taxpayers over $125 billion a year, and affects public-sector agencies involved in payments, collections and benefits before it occurs. San Francisco-based Sift Science says it has developed an algorithm that uses machine-learning techniques to stay ahead of new fraud tactics as they are introduced into its customers networks. Many anti-fraud technologies follow a set number, maybe 175 to 225 rules, against which to measure user behavior, Sift Science co-founder Brandon Ballinger told GigaOm
Technologies, Techniques, and Standards
Which IPS is 'The Best'? (Internet Storm Center) I recently had the privilege of advising on a SANS Gold Paper (GCIA) for Michael Dyrmose, titled "Beating the IPS". In the paper, Micheal uses basic IPS evasion techniques to test the capabilities of many of the "major vendor" IPS Systems. To be as fair as possible, Michael targeted the MS08-067 vulnerability, the security flaw that Conficker took advantage of - every IPS on the planet should be able to handle that, right
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense (Internet Storm Center) Today we bring you a second guest diary from Stephen Groat where he speaks about IPv6 moving target defense. By frequency hopping in the large IPv6 address space, we're able to create a moving target defense that protects privacy and avoids attackers
The Sourcefire VRT Community ruleset is live! (Snort.org Blog) As I discussed last week in my blog post concerning the recent VRT Rule license changes, the community ruleset, something we've been planning here in the VRT is finally live
Risk assessment and automated monitoring are keys to federal cybersecurity, report says (FierceGovernmentIT) Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report released Tuesday
The Five-Step Privilege Management Checklist for Financial Organizations (infosec island) Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations. Taking this into consideration, it's crucial that banking and financial firms take a close look at how administrator rights are allocated on company-owned machines. This is problematic, given that unmanaged administrator rights can open the door to malware attacks that exploit elevated privileges, ultimately exposing sensitive financial data that can result in staggering, and frankly, unquantifiable damage
Design and Innovation
Netflix's Cloud Contest: More Companies Should Follow Suit (InformationWeek) The economics of open innovation are too compelling to ignore
Legislation, Policy, and Regulation
Maude warns on EU cyber security plans (Financial Times) Britain has raised concern over European Commission plans to force companies to declare publicly whenever there has been a breach in their cyber security systems, fearing it may undermine the UKs commitment to voluntary collaboration. Unveiling a new push to boost collaboration against cyber attacks between the security services and business, Francis Maude, minister for the Cabinet Office, said Britains policy of urging companies to inform each other voluntarily when they face a cyber attack was better than compulsion
US Congress restricts government purchase of Chinese computer equipment, citing cyber-espionage concerns (The Verge) The latest US appropriations bill, signed into law just this week, includes a provision that is likely to further raise tensions between the country and China. The provision requires the Department of Justice, Department of Commerce, NASA, and the NSF to perform a formal assessment of risk of cyber-espionage before purchasing computer systems and other IT equipment. There is a clause in the bill that states that the assessment must specifically analyze with the assistance of the FBI any "such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by the People's Republic of China to determine if the purchase is "in the national interest of the United States." Stewart A. Baker first wrote about the provision on his blog yesterday, and Reuters published a report on the restriction earlier today
Cybersecurity Meets the WTO (Volokh Conspiracy) The continuing resolution that I wrote about yesterday could have a big impact on the federal government's procurement of IT equipment from Chinese companies. As described in an earlier post, the resolution includes a provision that bars purchases of an "information technology system" that was "produced, manufactured or assembled" by entities "owned, directed, or subsidized by the People's Republic of China" unless the head of the purchasing agency consults with the FBI and determines that the purchase is "in the national interest of the United States"
Litigation, Investigation, and Law Enforcement
Twitter shuts five items in satisfying Russia's request (Russia Behind the Headlines) Twitter's management has blocked access to five items in the microblogging social networking service this month at the request of the Russian Federal Service for Supervision in the Sphere of Telecommunications, Information Technologies and Mass Communications (Roskomnadzor), Roskomnadzor said
GPS tracking back in federal court (FierceGovernmentIT) The subject of whether law enforcement tracking through a GPS device attached to automobiles requires a warrant is back in federal court, with the Third Circuit Court of Appeals considering whether to uphold a lower court's decision to toss out evidence gathered through a tracking device placed without a warrant
Canadian Supreme Court enforces stricter standards on cops reading text messages (Ars Technica) High court says a wiretap warrant, rather than a general warrant, is required
New e-mails reveal Feds not 'forthright' about fake cell tower devices (Ars Technica) E-mails could have implications for accused tax fraudster caught via "stingray"
Spanish Linux group runs to teacher, complains about Microsoft's Secure Boot (Naked Security) Spanish open source association Hispalinux, reports Reuters, has officially complained to the European Commission about the Windows 8 Secure Boot system. Paul Ducklin gets quizzical about what happens next
For a complete running list of events, please visit the Event Tracker.
Emerging Science and Technologies - Securing the Nation through Discovery and Innovation (Washington, DC, USA, Apr 4, 2013) Join Nextgov and INSA on April 4th and hear from key leadership at IARPA, DIA, and the Applied Research Laboratory, Penn State University who will address: the challenges to our nation's future as the global research leader, the opportunities for government to maintain and enhance our nation's security, and strategies to enable the U.S. to better collect and assess intelligence and avoid technological surprise. If you are a member of the Intelligence Community, are supporting innovation and research, or rely on the U.S. Government, academia or industry to support the research foundations for delivering solutions in the future, this is a "must attend" session.
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, Apr 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.