The CyberWire Daily Briefing for 1.15.2013
The Red October espionage campaign has affected at least sixty countries, and its targets include governments, embassies, research institutions, "trade and commerce," energy (including both nuclear research laboratories and fossil fuel companies), military organizations, and aerospace companies. In operation for five years, Red October has stolen, Kaspersky estimates, terabytes of information.
Oracle patched Java over the weekend but vulnerabilities persist. The US Department of Homeland Security repeats its recommendation to disable Java. Microsoft's Internet Explorer patch seems to be faring better, but a few new telecommunications, manufacturing, and human rights sites were victimized before the patch could be applied.
Linksys routers are found vulnerable to remote root access. US banks continue to prepare defenses against denial-of-service attacks. Two US power companies find malware in their industrial control systems; in both cases the vector was a USB drive used for software updates.
AV Test reports the effectiveness of antivirus products is declining as this form of defense lags rapidly improving malware.
In industry news, Dell appears to be considering a leverage buyout to go private. Online universities continue to pressure the higher education business model.
Wired argues the FBI is too fixated on backdoors: it needs qualified "hackers" instead. Australia's security services get more legal authority for cyber monitoring. Slate, echoing vulnerability-hunter Netagard, calls for regulation of the vulnerability research market. Aaron Schwartz's death may take the open-access movement mainstream. (Charges against him are posthumously dropped.)
Cyber gumshoes were inevitable. Now they're here, and unlike Philip Marlowe, they do divorce work.
Notes.
Today's issue includes events affecting Afghanistan, Albania, Armenia, Australia, Austria, Azerbaijan, Belarus, Belgium, Bulgaria, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Canada, Chile, Congo, Croatia, Cyprus, Czech Republic, Ethiopia, Finland, France, Georgia, Germany, Greece, Hungary, India, Indonesia, Iran, Iraq, Ireland, Israel, Italy, Japan, Jordan, Kazakhstan, Kenya, Latvia, Lebanon, Lithuania, Luxembourg, Macedonia, Mali, Mauritania, Moldova, Morocco, Mozambique, New Zealand, Oman, Pakistan, Portugal, Qatar, Romania, Russia, Saudi Arabia, Slovakia, South Africa, Spain, Switzerland, Tanzania, Turkey, Turkmenistan, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, and and Uzbekistan..
Cyber Attacks, Threats, and Vulnerabilities
'Red October' Attacks: The New Face Of Cyberespionage (Dark Reading) New cyberspying attacks discovered siphoning terabytes of information from computers, smartphones, routers, and even VoIP phones
Cybersleuths Uncover 5-Year Spy Campaign Targeting Governments, Others (Wired) An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia. The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation "Red October"
Kaspersky identifies 'Red October' cyberespionage network (CSO Salted Hash) It is not know whether the operation was state-sponsored or a criminal group gathering information to sell to the highest bidder. Since 2007, a cyberespionage network has been stealing confidential data from private industry and government and research organizations in Eastern Europe, former Soviet republics and Central Asian countries, a security firm reported Monday
How the 'Red October' Cyber-Attack Campaign Succeeded Beneath the Radar (PC Magazine) Kaspersky Lab released the first of a two-part report on "Red October," a malware attack the company believes is infesting high-level government systems throughout Europe and could be specifically targeting classified documents. According to the report
Homeland Security warns Java still poses risks after security fix (ZDNet) The U.S. Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability. It comes as some security experts are warning that the new software -- Java 7 (Update 11), which was released on Sunday -- may not actually protect against hackers attempting to remotely execute code on user machines
'Unless it is absolutely necessary to run Java in web browsers, disable it' advises US Dept of Homeland Security (Naked Security) Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch? It's time to rip Java out of your browser for better security
Dangerous remote Linksys 0-day root exploit discovered (Help Net Security) DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along
Does It Really Take A Government To Launch Cloud-Based Cyberattacks? (Readwrite) U.S. financial institutions are apparently the main targets for hackers bent on disrupting the banks' online business, combining old tools and new tricks to muster a whole new class of zombie computers into attacking bank servers. But even as banks level accusations of state-sponsored hacking, the identity of the attackers is still not entirely clear. Certainly the banks and their allies in the U.S. government haven't been shy about calling out the attackers
Private Companies Seek to Stop Foreign Cyber Attacks (Fox Charlotte) While it's the FBI that has the executive order to lead the defense against cyber terrorism from foreign states, some private companies are looking to thwart attacks on their own. Crowdstrike CEO George Kurtz says: "This happens every day in the cyber security space, where these adversaries come in and steal everything."
DHS Identifies Malware on ICS Networks of Two Power Companies (Softpedia) In its latest report, the US Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reveals that, over the past three months, pieces of malware have been identified in the industrial control system environments of two power companies. The first incident affected a power generation facility where both common and sophisticated malware was identified on a USB drive used by an employee to back up control system configurations
AnonGhost publishes Pastebin file 'Israel Nightmare 2013' (Cyberwarzone) AnonGhost has massively attacked Israeli websites in the last few days. The Pastebin that got released today contains an list with major Israeli websites that have been defaced. Websites like babies
Anonymous avenges Aaron Swartz - MIT and DoJ websites allegedly hacked (Naked Security) Anonymous, or someone with that name, is reported to have downed the website of the Massachusetts Institute of Technology (MIT). MIT runs the network via which, back in 2011, controversial internet activist Aaron Swartz allegedly acquired a whole bucketload of download-protected academic articles in contravention of his entitlement, with the aim of republishing them without restriction
Rex Mundi Hackers Target Drake International (eSecurity Planet) Members of Rex Mundi, who previously attempted to extort $15,000 from AmeriCash Advance, claim to have stolen 300,000 applicant records from job placement firm Drake International."The hackers ... made their threats public Wednesday through the social media site Twitter, linking to a Web site where they outlined their demands for $50,000 to keep the stolen information private," writes The Financial Post's Christine Dobby. "They claim to have data on users from Canada, Australia, the United Kingdom and New Zealand
Out-of-Band IE Patch Released as More Sites Attacked (Threatpost) IE patchInternet Explorer users, exposed to a zero-day vulnerability in the browser and a faulty temporary Fix It from Microsoft, finally got some relief today when the company, as promised, released an out-of-band patch. Meanwhile, a handful of new telco, manufacturing and human rights sites have been infected and have been serving exploits since the public release of the zero-day, a researcher told Threatpost
Tension Grows for Multinationals Operating in Indonesia (Asia Sentinel) Having been the darling of foreign investors and business pundits for the past couple of years, Indonesia is now finding that some of its biggest and longest-term investors, especially in the energy sector, are growing fed up with policy shifts and the climate of hostility toward multinational companies. With the mining and energy minister having said recently that ExxonMobil's local CEO would be turfed out of the country over a stalled asset sale, executives say they are confused and worried over the future here and are concerned about speaking out for fear they will be forced to follow him out
Cloud's Privileged Identity Gap Intensifies Insider Threats (Dark Reading) Organizations need to reign in shared accounts and do a better job tracking user activity across cloud architectures
IT Hiccups of the Week: BATS Global Long-hidden Programming Errors (IEEE Spectrum) It's been another relatively quiet week on the IT glitch front. We start off, again, with news of errors involving a stock exchange—this time ones that have avoided detection for four years before being discovered
Android Mobile Malware Found In The Wild (Dark Reading) Finding it hard to believe that mobile malware really exists because you haven't seen it? A couple of weeks ago, SophosLabs Insights posted an advisory about mobile malware detections increasing, and they still are
Security Patches, Mitigations, and Software Updates
Oracle Fixes Zero Day Java Flaws: Patch Now (InformationWeek) Oracle released an out-of-band patch Sunday to fix two zero-day vulnerabilities in Java that are being actively exploited by attackers. A security alert from Oracle said that the patched vulnerabilities include CVE-2013-0422 (Oracle Java 7 Security
Apple releases Java 7 update 11 for zero-day flaw but concerns linger (ZDNet) A zero-day vulnerability discovered in Java last week prompted separate warnings from the US government, Apple, and Mozilla advising users not to use the software
Microsoft patches critical IE 0-day used in watering hole attacks (Help Net Security) Microsoft has released an out-of-band patch for the Internet Explorer 0-day recently discovered to have been misused in a series of targeted watering hole attacks linked to the Elderwood gang
Looking back at a year of Microsoft patches (Help Net Security) Last year Microsoft's Patch Tuesdays featured a total of 83 bulletins, which is a decline from previous years. Since their security efforts impact countless security professionals, we wanted to see what IT security leaders, and Microsoft, think about the patches released in 2012. Here are some of the comments received by Help Net Security
Cyber Trends
Today's antivirus apps ARE 'worse at slaying hidden threats' (The Register) The effectiveness of antivirus products has declined, according to tests by German testing outfit AV-Test. org. AV-Test put 25 antivirus products for home users and eight corporate endpoint protection software applications through their paces in November and December 2012
UK office workers swamped with phishing emails, study finds (Computer Weekly) UK office workers are swamped with phishing emails, a study has revealed. A poll of 1,000 office workers across the UK showed that nearly 60% of UK office workers receive phishing emails every day and 6% receive more than 10 a day. Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content
Forrester: Mobile technology offers enterprises endless possibilities ... as well as trepidation (Fierce Mobile IT) The rapid pace of mobile technology development offers enterprises "endless mobile possibilities," yet enterprise leaders are "filled with an equal amount of trepidation" about mobile devices in the enterprise, wrote Forrester analyst Michael Facemire in recent blog
Marketplace
Obama Won't Hold Debt Talks With GOP (Washington Post) Obama used some of his most vivid language in describing what Americans could experience if the debt ceiling is not raised. He said U.S. troops may not get paid, Social Security checks and benefits for veterans would be delayed, and world financial markets "could go haywire"
Possibility Of Sequestration Hangs Over The Pentagon (FNC) The state of the U.S. military is very much in flux tonight. The Pentagon is staring at the very real possibility of severe budget cuts as part of that looming sequestration
Fiscal Issues Put Federal Workers In Crosshairs — Again (Washington Post) The debt ceiling is separate from another looming crisis, potential across-the-board budget cuts. Take a look at what's percolating at the Defense Department. It's the largest government agency, and what it does can be an indication of what's in store for employees across the government
The Unaffordability Of The All-Volunteer Military (Washington Post) The United States can't sustain the pay, allowances, retirement and health benefits that the all-volunteer military force and their families enjoy, according to a study by the Defense Department's Reserve Forces Policy Board
Napolitano to stay as Homeland Security secretary (Washington Post) Secretary of Homeland Security Janet Napolitano will remain in the same post as President Obama begins a second term, a White House official said Monday
Feds Face Challenges In Mobility Mandate (InformationWeek) As agencies develop apps that extend government data to on-the-go citizens and employees, many issues have cropped up
GSA Industry Day to Discuss FBI HQ Move (Govconwire) The General Services Administration is seeking ideas from vendors on how to move the FBI into a new headquarters from its current home in the J. Edgar Hoover Building in Washington. GSA said it will host an industry day Thursday at its headquarters to discuss the project, aimed at giving interested parties an overview of
CSC Wins $103M NASA Computing, Data Support IDIQ (Govconwire) Computer Sciences Corp. (NYSE: CSC) has won a potential $103 million contract to provide NASA computing and technical services for the agency's high-end computing program, NASA said Friday. The cost-plus-fixed-fee, indefinite-delivery/indefinite-quantity contract's performance period starts March 1 and ends Feb. 28, 2018. Under the contract, the company will support satellite data transmission and information systems
SAIC, CACI Part of Defense Department Contract Worth Up to $899 Million (Motley Fool) Defense contractors SAIC (NYSE: SAI ) and CACI (NYSE: CACI ) today both announced their participation in a five-year Defense Department contract valued at up to $899 million. The contract has several prime contractors
CGI Updates Brand, Logo Following Logica Buy (Govconwire) CGI Group (NYSE: GIB) has updated its brand to incorporate Logica's products in an initiative aimed at reflecting CGI's expanded presence and service offerings worldwide. The refresh includes updated messaging, visual identity platforms and a new logo, CGI said Monday. CGI now has $10.2 billion in annual revenue and employs 72,000 staff in 40 countries
Longer-Term Outsourcing Contracts Gain Favor (Information Week) More IT leaders lean away from multiple outsourcing suppliers and short-term contracts, in search of stability and control, Ovum says
Qualcomm retains leads in smartphone app processor market (Fierce Mobile IT) Qualcomm retained the pole position in the smartphone app processor market, while Apple (NASDAQ: AAPL) led the tablet app processor market, according to the latest stats from Strategy Analytics
Booz Allen's chief of civilian business to retire (Washington Business Journal) Booz Allen Hamilton Inc.'s lead executive for its civilian business will retire in April, according to a Friday filing with the Securities and Exchange Commission
Dell in talks with private-equity firms to go private, report says (CNET) Dell is in buyout talks with at least two private-equity firms, Bloomberg reported today. The talks, which would take the computer hardware maker private, are still preliminary and could fall apart because the firms may not be able to line up financing or resolve how to exit the investment in the future, Bloomberg said, citing two people with knowledge of the matter. One of the people told the publication that several large banks have been contacted about financing a buyout
Dell may go private, but why? (Quartz) Can an LBO really resuscitate Dell's ageing business model? Fresh rumors that Dell has been in talks with at least two private equity shops to take its business private have driven a massive rally in the company's share price, up more than 12.7% to $12.28. This isn't the first time investors have gushed over the prospect of a leveraged buyout (LBO); just a month ago, a note from Goldman Sachs analyst Bill Shope sent the tech company's stock price up nearly 7% merely by indicating that the possibility of a buyout sometime in the distant future could set a basic floor on the company's share price
Facebook's Baffling Stock Spike Could Be Explained This Week (Wired Business) Why did Facebook shares spike 22 percent in two weeks? The answer might be revealed on Tuesday
2013 Could Be the Year eBay Takes on Amazon for Real (Wired Business) Expectations are high for eBay ahead of its earnings call this week as this charter member of the web's old guard shows signs of finding strong footing in the mobile era
Products, Services, and Solutions
Sourcefire Extends Advanced Malware Protection With Incident Response Capabilities (Dark Reading) Services enable customers to identify an event, evaluate the risk, and determine the most effective approach to remediate
AlienVault Unified Security Management Platform Provides Security Visibility For Amazon EC2 (Dark Reading) AlienVault, the leading Unified Security Management provider committed to making security visibility complete, simple and affordable, announced today its latest 4.1 release, which aims to resolve the biggest challenges associated with traditional SIEM solutions including cost, complexity and difficult deployments. AlienVault Unified Security Management&trade (AV-USM&trade) platform 4.1 simplifies and speeds SIEM deployments and provides intelligent security incident response guidance
Encrypted IM project, Cryptocat, looks to mobile this year (CSO) Several improvements are in the works for the encrypted instant messaging application
Rambus Inc. : ALi Corporation integrates Cryptography Research CryptoFirewall Security Core into Next Generation System-on-Chip Solutions (4-Traders) Cryptography Research, Inc. (CRI), a division of Rambus Inc. (NASDAQ:RMBS) and ALi Corporation (3041 TT), a leading provider of set-top box (STB) system-on-chip (SoC) solutions, today announced that ALi has completed integration of the CRI CryptoFirewall™ security technology into its multimedia STB SOC products. The CryptoFirewall core will be available in the ALi DVB-S2, DVB-C, DVB-T2, ISDB-T, and IP STB chipsets beginning in 2013
Tokenless authentication comes to the cloud (Help Net Security) SecurEnvoy has partnered with PasswordBank to bring the leading tokenless two-factor authentication capabilities to the PasswordBank identity management offering. Customers will be able to access
Browser Exploitation Framework LiveCD (Help Net Security) The Browser Exploitation Framework (BeEF) is a penetration testing tool that focuses on the web browser. BeEF allows penetration testers to assess the actual security posture of a target environment
Automating security for developers with Minion (Help Net Security) Minion is a security testing framework built by Mozilla to brdige the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface
Good Technology unveils new mobile enterprise apps to edit Microsoft Office, Adobe files (Fierce Mobile IT) Hoping to capture workers' interest in mobile business apps, mobile device management provider Good Technology has unveiled seven additional third-party mobile enterprise apps
Technologies, Techniques, and Standards
All Your Base Are In An Indeterminate State (Dark Reading) Or the importance of timeliness in monitoring. Does your data need to be poppin' fresh, organic, and locally sourced? Maybe not; it depends on how and why you're consuming it
Ripple Credit System Could Help or Harm Bitcoin (IEEE Spectrum) Decentralized, peer-to-peer credit could either be the exchange Bitcoiners want—or the nascent currency's first credible competition
Security Manager's Journal: When technologies collide (IT World) An encryption initiative runs into the law of unintended consequences: Legal can't search encrypted emails. My efforts to protect sensitive company data recently got a boost when we introduced encryption for files and emails to several key groups, including the human resources, finance, sales and legal departments. I was delighted to see how readily many employees in those groups were adopting encryption, since its use means that files and email can be read only by the intended recipients. Then we ran smack into the law of unintended consequences
Design and Innovation
Spamalittle (Slate) How Facebook's plan to charge you $100 to message Mark Zuckerberg could change email forever. Ever wonder why you don't get a lot of spam in your Facebook inbox? It's because the site quietly routs messages from people you aren't friends with into a separate folder, cryptically labeled "Other." That works really well when it comes to sparing you from unwanted mail. And it's obviously important to Facebook, which crushed MySpace partly because the latter was strewn with spam. But as Elizabeth Weingarten explained in Slate in 2011, Facebook's filter sometimes works a little too well, shielding you from messages you would have actually really like to see
CES 2013: 5 Dumbest Ideas (InformationWeek) CES launches some of the coolest gadgets on the planet. But with more than 3,000 exhibitors this year, not everyone could be a winner
Research and Development
Will Machines Ever Master Translation? (IEEE Spectrum) Podcast: Language translation is proving to be one of the hardest tasks to automate—and one of the most important
Academia
Non-Profit Innovation: How Minerva Plans To Make Its Affordable, Next-Gen University A Reality (TechCrunch) The Minerva Project burst onto the scene last year with an ambitious goal: To create the next elite American university, online, and, in so doing, help rethink the role of higher education in the Digital Era. Not only that, but the startup wants to establish rigorous, Ivy League-caliber standards, admitting only the best and the brightest, with a faculty to match, while offering tuition that's
How California's Online Education Pilot Will End College As We Know It (TechCrunch) Today, the largest university system in the world, the California State University system, announced a pilot for $150 lower-division online courses at one its campuses–a move that spells the end of higher education as we know it. Lower division courses are the financial backbone of many part-time faculty and departments (especially the humanities)
Legislation, Policy, and Regulation
The FBI Needs Hackers, Not Backdoors (Wired Threat Level) The FBI's been warning that its surveillance capabilities are "going dark," because internet communications technologies are getting too difficult to intercept with current law enforcement tools. So the FBI wants a more wiretap-friendly internet, and legislation to mandate it will
Hague visit: NZ and UK to confront 'growing threats' to cyber security (New Zealand Herald) New Zealand and the United Kingdom will work closely together to confront "growing threats" to cyber security, Foreign Minister Murray McCully and his British counterpart announced today. Mr McCully and British Foreign Secretary William Hague released a joint statement on cyber security following bilateral talks at the beginning of Mr Hague's second visit to New Zealand. The statement says the two countries will work jointly, and with their allies, to develop a "vision for the future security of cyberspace and will work together to advance this through positive international engagement"."New Zealand and the United Kingdom will work closely together in relevant international fora to advance common understanding on the importance of an open, dynamic internet underpinned by the body of applicable existing international law
Australian secret services to get licence to hack (H-online) According to a news report, Australia's Attorney-General's Department wants to permit the Australian Security Intelligence Organisation (ASIO) to hack IT systems belonging to non-involved, non-targeted parties. The report cites a spokesperson for Australia's Attorney-General Nicola Roxon as saying that the agency would then use these systems to access the actual target computers belonging to security targets such as terrorist suspects or suspected criminals. Stringent conditions would be attached to the use of these powers to ensure that they would be used only in exceptional cases
1 day for UAE SIM registration deadline: Etisalat extends work hours, crowds build up (Emirates 24/7) Etisalat business centers, kiosks and service centers in Dubai and Abu Dhabi remain open until midnight from January 14-16
Cyberwar's Gray Market (Slate) Should the secretive hacker zero-day exploit market be regulated? Behind computer screens from France to Fort Worth, Texas, elite hackers hunt for security vulnerabilities worth thousands of dollars on a secretive unregulated marketplace. Using sophisticated techniques to detect weaknesses in widely used programs like Google Chrome, Java, and Flash, they spend hours crafting "zero-day exploits"—complex codes custom-made to target a software flaw that has not been publicly disclosed, so they can bypass anti-virus or firewall detection to help infiltrate a computer system
Litigation, Investigation, and Law Enforcement
Apple's Warranty Practices Under Fire In Europe Again As Belgian Watchdog Agency Files Complaint (TechCrunch) Apple's warranty plans have drawn the ire of a Belgian consumer watchdog agency, Test-Aankoop/Test-Achats. The group has filed a complaint against the company over how AppleCare is sold and marketed to customers, who in the EU by default are entitled to a free two-year warranty with any consumer electronics purchase. The complaint says Apple markets its warranties in a manner which doesn't
McCann Investigations Releases New Case Study Titled Cyber Stalking and Spyware in Divorce (Yahoo) McCann Investigations, a Texas-based private investigations firm released a new video to accompany its case study titled Cyber Stalking and Spyware in Divorce Cases. Divorces can often become so contentious that warring spouses will go to any means to gain the upper-hand in the settlement. Spyware and key loggers that used to be only available to governments and corporations are now inexpensive and easily accessible to even the most novice computer user
Russian faces 4 years for cyber attack (News24) A 30-year-old Russian man, who is suspected of organising an hour-long hack attack on the Kremlin website in support of the political opposition, faces up to four years in prison, said the Federal Security Service (FSB), which investigated the
The Death of Aaron Swartz (American Interest) Yesterday's suicide of Aaron Swartz, 26, one of the founders of Reddit and a passionate activist for Internet causes, has shaken the tech world. By all accounts a brilliant and fiercely idealistic (if somewhat troubled) young man, Swartz had his fingerprints on many of the things we take for granted online today, from the RSS standard (which he helped author at the age of 14), to the Creative Commons, to the first Internet public library, archive.org. In recent times he'd turned his sights on bigger issues, most consequentially spearheading the ultimately successful efforts against the SOPA/PIPA bills in Congress
Charges dropped against internet activist Swartz (Sydney Morning Herald) A hacktivist group has attacked a university website to post a tribute to internet wunderkind Aaron Swartz, as US prosecutors said they were dropping charges against him following his death. Anonymous claimed credit for the attack on the Massachusetts Institute of Technology website, which was temporarily shut down, via Twitter with the hashtag #JusticeForAaronSwartz. The group wrote of their heavy-heartedness following the apparent suicide of Swartz, who was 26."We do not consign blame or responsibility upon MIT for what has happened, but call for all those feel heavy-hearted in their proximity to this awful loss to acknowledge instead the responsibility they have that we all have to build and safeguard a future that would make Aaron proud," read the message
The Brilliant Life and Tragic Death of Aaron Swartz (Slate) I didn't know Aaron Swartz, whose death by suicide was reported yesterday, all that well. We'd met a handful of times at Netroots Nation conferences or when I was up in Cambridge. But in the Internet era that hardly seems to matter. I followed him on Twitter. I read his blog and his amazing year-end book review wrap-ups. We exchanged some emails. Lots of people knew him better, but he felt like part of my life
Will Aaron Swartz's Suicide Make the Open-Access Movement Mainstream? (Slate) The news that Internet folk hero Aaron Swartz tragically ended his own life shook the Web this weekend, bringing sorrow to online activist circles—but also signaling a hardening of resolve among those who worked alongside him. At 14, Swartz co-authored the RSS 1.0 specifications. He went to become a co-founder of activist organizations Demand Progress and the Progressive Change Campaign Committee as well as an early Reddit co-owner and a Harvard University Center for Ethics fellow. He was involved somehow in almost every digital rights issue, but had a particular knack for freedom of expression, open government, and open access and freedom of information activism
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
BWI Business Partnership Signature Breakfast (Hanover, Maryland, USA, Jan 16, 2013) Navy Rear Adm. Margaret Klein, Chief of Staff of the U.S. Cyber Command at Fort Meade, will headline the BWI Business Partnership's Signature Breakfast, Wednesday, Jan. 16, from 7:45 to 9:15 a.m., at the Hotel at Arundel Preserve, 7795 Arundel Mills Blvd., in Hanover.
Cybergamut Technical Tuesday: Finding Splunk Before Splunk Finds You (Columbia, Maryland, USA, Jan 22, 2013) Rob Frazier of Whiteboard Federal Technologies will present his talk "Finding Splunk Before Splunk Finds You". Certification letters will be available for PMI PMP PDU' and CISSP CPEs as well as other technical credits as appropriate. The live event will be in Columbia, MD, and there will be a cybergamut node established in Omaha, Nebraska for this event.
TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, Jan 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.
Data Privacy Day (Various locations, Jan 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy Day (DPD), is collaborating with many educational institutions, corporations, government and non-profit organizations across the world to make Data Privacy Day on January 28th a success. Data Privacy Day is an international day of awareness to educate everyone to respect privacy and safeguard personal information.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, Feb 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
Cybergamut Technical Tuesday: Cloud Security (, Jan 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
RSA USA 2013 (San Francisco, California, USA, Feb 25 - Mar 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
Business Insurance Risk Management Summit (New York City, New York, USA, Mar 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.