
The CyberWire Daily Briefing for 2.12.2014
Cyber espionage campaign Careto (or the Mask) continues to impress security analysts, who stick with their comparisons to Duqu and Flame. No attribution yet.
A customer running on CloudFlare's platform was hit by a large distributed denial-of-service (DDoS) attack. European networks and some CloudFlare US infrastructure were disrupted, but only in minor ways. Given the size of the network-time-protocol enabled campaign, the relative ease with which it was shrugged off suggests that enterprises are getting better at handling DDoS threats. Still, Prolexic and others warn that such attacks can be expected to grow in both frequency and sophistication.
Interested in a case study of how big phish render themselves vulnerable to spearphishing? Take a look at the LinkedIn "LIONs," for whom networking trumps security.
Investigators are increasingly convinced that the Target hackers lurked inside the retailer's point-of-sale networks for months before they began stealing customer data.
Bitstamp joins Mt. Gox in suspending Bitcoin withdrawals. Bitcoin exchanges are reported to be under sustained attack, much in the form of "phantom trading."
Snapchat users beware—if someone sends you a photo of a tempting fruit smoothie, it's probably a malware vector. Don't go there.
Microsoft, Adobe, JomSocial, and Facebook have all issued security updates.
In industry news, Sapient buys OnPoint, and IAI enters the cyber market.
Wired discerns a design trend in social media: building privacy in from the start.
In the US, DARPA works on the next generation of deep web search.
US state legislatures indulge in quixotic pro-privacy, anti-NSA posturing.
Notes.
Today's issue includes events affecting Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, European Union, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Israel, Japan, Republic of Korea, Libya, Malaysia, Mexico, Morocco, Netherlands, Poland, Romania, Russia, South Africa, Spain, Switzerland, Tunisia, Ukraine, United Kingdom, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Unveiling 'The Mask': Sophisticated malware ran rampant for 7 years (PC Magazine) A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries
Mask Spyware Outdoes Flame (InformationWeek) Rare Spanish-speaking cyberespionage campaign uses spyware and malware tools that researchers call the most sophisticated yet
'The Mask' Espionage Malware (Schneier on Security) We've got a new nation-state espionage malware. "The Mask" was discovered by Kaspersky Labs
'The Mask' malware campaign, undetected by anti-virus firms since 2007? (Graham Cluley) Kaspersky used the backdrop of the luxurious beach resort of Punta Cana in the Dominican Republic to announce its malware discovery to the world's press. But if Careto, aka "The Mask", has been missed by security firms since 2007 that's not a great advert for the anti-virus industry
CloudFlare Infrastructure Hit With 400Gbs NTP-Based DDoS Attack (SecurityWeek) Web performance and security firm CloudFlare said late Monday that a customer running on its platform was hit with a massive DDoS attack today that affected service in much of Europe and then into some of its US infrastructure
Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps (The Register) NTP flaw used again, effects minimal
DDoS Attack Hits 400 Gbit/s, Breaks Record (InformationWeek) A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus
NTP Amplification Blamed for 400 Gbps DDoS Attack (Threatpost) For those of you who thought the infamous Spamhaus distributed denial-of-service attack set an ugly bar for the volume of spurious traffic sent at a target, gird yourself for worse
Get Ready for Powerful NTP-Based DDoS Attacks (Tripwire) Internet security experts from Cloudflare say the Internet saw a massive denial-of-service attack that exploited a vulnerability in the Web's infrastructure, resulting in the largest such attack of its kind ever recorded, and they warn that this is the just beginning of "ugly things to come"
Prolexic Warns of New DNS Flooder DDoS Attack Toolkit (SecurityWeek) Prolexic Technologies, a provider of Distributed Denial of Service (DDoS) protection services that was recently acquired by Akamai Technologies, today warned organizations about a new version of an attack toolkit that makes it easy for attackers to launch DNS flood attacks
Trojan.Win32.FSYSNA.fej AKA Chewbacca (Tenable) Before I begin the technical portion of this analysis, I think it's important to understand the severity of this threat, which is very low. This threat was initially discovered on the 25th of October 2013, in the world of counter malware, this is very old news. The recent RSA paper and industry coverage is more about the ongoing threats to the Point of Sales (POS) systems, that is gaining spotlight based in part on the local highly visible retail vendors compromised during the holiday season by another POS targeting malware. At the time of writing there are three families of malware known to target POS systems
LinkedIn "LIONs" Are an Easy Target for Criminals (Duo Security) When criminals want to spam or spear phish, finding targets that willingly give up details about themselves to strangers is a good place to start. With social networking enabling the exchange of personal information quicker than ever, it's not a shock that sometimes an opportunity to connect trumps online security practices
Hacked X-Rays Could Slip Guns Past Airport Security (Wired) Could a threat-simulation feature found in airport x-ray machines around the country be subverted to mask weapons or other contraband hidden in a traveler's carry-on
Target Breach Was Months in the Making (American Banker) It looks increasingly likely that the hackers responsible for the massive data breach at Target were lurking inside the retailer's network for months before they started swiping customers' credit card data, according to security expert and blogger Brian Krebs
Target Credit Card Breach (Critical Watch) Security Journalist Brian Krebs broke the Target Story on December 18, 2013, and on December 19, Target Officially confirmed the breach of 40 Million Credit Cards
Hackers attack prominent med device makers' networks (FierceHealthIT) Computer networks at three prominent medical device makers—Medtronic, Boston Scientific and St. Jude Medical—were hacked in the first half of 2013, and may have lasted several months, according to a report this week from the San Francisco Chronicle
Bitcoin Exchange Bitstamp Halts Withdrawals After Cyber Attack (FoxBusiness) Bitcoin exchange Bitstamp temporarily halted withdrawals and deposits on Tuesday due to a cyber attack that caps off a rocky stretch for the crypto currency
Lots Of Major Bitcoin Exchanges Are Under A 'Concerted And Massive Attack' Right Now (Reuters via Yahoo! Finance) Andreas Antonopolous is chief security officer at Blockchain.info, a popular Bitcoin wallet service, and he tells CoinDesk that numerous Bitcoin exchanges are experiencing a "massive and concerted" denial of service attack right now
Modular Corcow banking Trojan poised for success (Help Net Security) Banking Trojans are among the most used stealthy malware, and the most popular ones are undoubtedly Zeus, SpyEye, Citadel and Carberp
Suspected Mass Exploit Against Linksys E1000 / E1200 Routers (Internet Storm Center) Brett, who operates an ISP in Wyoming, notified us that he had a number of customers with compromised Linksys routers these last couple of days. The routers, once compromised, scan port 80 and 8080 as fast as they can (saturating bandwidth available). It is not clear which vulnerability is being exploited, but Brett eliminated weak passwords. E1200 routers with the latest firmware (2.0.06) appear to be immune against the exploit used. E1000 routers are end-of-life and don't appear to have an immune firmware available.
Snapchat Hacked By Fruit Smoothie Enthusiast (TechCrunch) If one of your friends randomly sends you a photo of a smoothie on Snapchat, don't go to the URL on the picture. It's a hack that has affected several accounts, as a Twitter search shows. Wired writer Joe Brown was one of the users who suffered a Snapchat fruiting. A Snapchat spokesperson told him that the startup did not see any evidence of "brute-force tactics," and that someone had likely
Security Patches, Mitigations, and Software Updates
Microsoft patches critical vulnerabilities, secures IE (Help Net Security) At first take, it looked like Microsoft would continue the 2014 trend of keeping patch Tuesday relatively light. There were only 5 advisories this month, two critical, three important
Adobe patches critical flaw in Shockwave Player (ZDNet) Memory corruption vulnerabilities in the Player could lead to complete system compromise. The new version is 12.0.9.149
Joomla JomSocial Remote Code Execution Vulnerability (Sucuri Blog) The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From their hot-fix update
Facebook Fixes Instagram CSRF Vulnerability to Keep Private Profiles Private (Threatpost) Facebook has fixed Instagram to remedy a cross-site request forgery (CSRF) vulnerability that could've put some photos users thought were private, out in the open
Cyber Trends
Building the security bridge to the Millennials (CSO) The younger generation's desire to be connected all the time expands the attack surface. But experts say enterprises can, and should, manage the risk
Growing interference on the customer's PC (Dave Waterson on Security) It used to be that the customer's PC program files were sacrosanct — safe from interference from well-meaning security applications. Not anymore. Recently it was reported that Microsoft remotely deleted the Tor browser from two million PCs. Without asking their customers for permission
Study shows those responsible for security face mounting pressures (CSO) Trustwave report shows year-over-year increase of pressures on InfoSec leaders
CDT: Privacy, security concerns at forefront of telehealth (FierceHealthIT) The full potential of telehealth cannot be realized unless privacy and security risks are addressed up front, according to Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology
Firms fail to implement PCI DSS, leading to credit card breaches, says Verizon (FierceITSecurity) Organizations are consistently failing to implement the Payment Card Industry Data Security Standard, which provides guidelines to secure credit and debit card information, according to the Verizon 2014 PCI Compliance Report
Trend Micro's 2013 Threat Roundup Highlights The Profitability Of Private Data (Dark Reading) Cyberthreats and attacks have become more complex
Attacking ICS Systems Like Hacking in the 1980s (Threatpost) Here's how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control system, so he went
Will smart machines take away your job? (FierceMobileIT) Will the rise of smart machines, the so-called "Internet of Things," make your job obsolete? That is the question asked by Gartner analyst Tom Austin in a recent blog. He cites a study by University of Oxford researchers Carl Frey and Michael Osborne, which found that close to one-half of all current U.S. jobs are at risk from smart machines and computerization over the next two decades
Marketplace
Sapient Buys Federal IT Services Provider OnPoint; Allan Herrick Comments (GovConWire) Sapient (NASDAQ: SAPE) has acquired OnPoint Consulting for an undisclosed sum as part of Sapient's efforts to bolster its presence in the public sector technology services market
Managing Life with Cyber Threats (Defense Update) IAI is developing the tools and methodologies enabling organizations to better prepare to cyber attacks and minimize the negative effects that such attacks can cause
Swiss Federal Railways turns to HP TippingPoint for network security (FierceITSecurity) Swiss Federal Railways is turning to HP TippingPoint to secure the national railway's network, which controls the signaling system and the energy framework
FireEye climbs as analyst initiates coverage (AP via BloombergBusinessWeek) FireEye's stock rose Monday as an analyst started coverage of the computer security software company with an "Outperform" rating, saying it's a way for investors to get into the sector as concerns about cybersecurity grow
Let's Stay Together (Infosecurity Magazine) The information security industry is at war — with itself. A civil war occurring simultaneously with the more widely publicized war against cybercrime, and whatever and whomever threatens the security of information
Group Aims To Foster Cybersecurity Industry In Md. (CBS Baltimore) Cybersecurity executives and government officials are forming a roundtable group aimed at boosting Maryland's efforts to become a center for the growing field
Light Point Security ready to no longer be a one-two combo (Baltimore Business Journal) Cyber startup Light Point Security is looking to grow from its two-person team and hire its first full-time employee
Lunarline Sees Dramatic Increase in Demand for Advanced Penetration Testing Services (Sacramento Bee) Lunarline today announced that FY2013 saw a dramatic increase in the number of advanced penetration testing engagements conducted by the company's technical assessment team. The company noted that a flurry of high profile cyber events in 2013 drove increased demand for penetration testing services
Bonnie Cook Promoted to ManTech Mission Solutions, Services Group EVP Role (GovConWire) Bonnie Cook, a 25-year veteran of ManTech International (NASDAQ: MANT), has been promoted to serve as executive vice president of business operations for the company's mission solutions and services group
Products, Services, and Solutions
Cyber Squared Inc. Launches ThreatConnect Partner Program to Automate Cyber Defenses from Powerful Threat Analysis Data (MarketWatch) Carbon Black, General Dynamics Fidelis, Sourcefire/Cisco, and Tenable Network Security are initial integrations
FireEye Expands Security Platform: Offers Customers One Solution to Detect, Contain, Resolve and Prevent Threats (MarketWatch) MVX-based security platform to include new capabilities for intrusion prevention, endpoint protection, analytics and managed services
Palo Alto Networks releases next-generation firewall to keep data safer (V3) Palo Alto Networks has released a new next-generation firewall called the PA-7050, claiming the security tool will offer businesses advanced threat-detection powers
Is Your Company Running A Data Dump? (InformationWeek) Hoarding useless data makes analytics harder. Companies like Paxata say their brand of analytics lets non-data experts turn data landfills into useful info
The Glitch That Will Kill Bitcoin (Bloomberg) What kind of "experiment" has a $14 billion market cap? As the world's first, and most popular, cryptocurrency, Bitcoin has by now suffered every possible setback a payment project could encounter. It was implicated in a huge drug bust when the Federal Bureau of Investigation took down the Silk Road electronic exchange. It has experienced regulatory pressure in forms ranging from trading restrictions in China to a recent threat of a complete ban by the Russian authorities. It survived a scare involving an apparently Ukraine-based operation taking over close to half of the currency's "mining". It absorbed Apple's decision to remove all related software from its app store. Now, a top Bitcoin exchange, where the cryptocurrency could be traded in for government-issued money, has hit a snag that forced it to stop Bitcoin transfers to outside addresses
Technologies, Techniques, and Standards
Tools for Internet Counter Surveillance (InfosecInstitute) Today's world is an Internet world. These days, everyone wants to save their professional data and private content
Does PCI DSS help prevent credit card breaches? (FierceITSecurity) With all of the data breaches at major retailers, the question arises as to whether the Payment Card Industry Data Security Standard, or PCI DSS, is working to prevent theft of credit and debit card data
Tips to Get Ready for (or Possibly Avoid) Software Audits (CIO) Software compliance is a complex and interpretative process that if not done correctly and with forethought can cost organizations millions. Follow these guidelines to ensure the best possible outcome
How to Avoid Intruders in your Smartphone (Mobile World Capital) We tend to believe that viruses are a problem that is limited to desktop computers, specifically the ones running Windows, but this is simply not true. Although it is much less common, your smartphone can be infected just like any other device and it could even be spying on you
Banks fare better in a staged, 36hr IT attack (ContractorUK) The UK's banks would hold up better than they did a few years ago if a hostile state launched a three-day cyber attack on London's financial system, a mock exercise suggests
New data stewardship guidelines released (FierceCMO) Marketers can "drastically improve" data stewardship if they follow new guidelines released by the IAB at its annual meeting on Tuesday
Locking Down E-mail With Security Services (Dark Reading) Companies are increasingly looking to the cloud for services to encrypt, backup and archive their e-mail to protect from accidental leakage and intentional disruption
Design and Innovation
Secrecy Is the Key to the Next Phase of Social Networking (Wired) Over the past week, I've been getting a steady stream of push notifications alerting me that another one of my friends has joined the new social media app Secret. "Who could it be?" my screen asks each time, which is less an actual question and more an attempt to pique my curiosity. Technically, it could be any one of the couple hundred random people whose number I have in my phone. Within that parameter, I know for sure that it's someone I've at least talked to; whether or not I consider that person a friend is questionable, mostly because Secret won't tell you who it is that just joined the service
Research and Development
Memex: The next generation of deep-Web search? (Defense Systems) Web search engines are a great way to find information quickly, and they're always improving the quality of their results. Google "Winter Olympics" and you get 1.69 billion results in 0.29 seconds, along with the schedule for the day's events in Sochi and the current medal standings right there on the results page
Dumbing down cyberwar: Is the US military ready for simpler cyberweapons? (The Interpreter) America's military science lab DARPA (the Defense Advanced Research Projects Agency) is now spending $110 million 'to allow those with little or no hacking experience to engage in cyberwarfare', reports the technology website CNET. The goal is to help US military commanders launch cyber attacks 'using preplanned scenarios that do not involve human operators manually typing in code'
Quantum Computers Could Crack Existing Codes But Create Others Much Harder to Break (Science World Report) The massive release of the US National Security Agency (NSA)'s classified documents by Edward Snowden continues to raise questions about security
Survey: Online trolls are 'everyday sadists' (CNN) If you've ever complained that the trolls junking up online comment sections are a bunch of sadistic psychopaths, you might be onto something
Academia
DON Pathways Internship Program (Electrical/Electronics Engineer Student Trainee) (USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a degree in Electrical or Electronics Engineering
DON Pathways Internship Program (Information Technology Student Trainee) (USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a degree in Computer Science or a related field that includes 24 semester hours of related course work as listed under the Qualification section who live or go to school in the Washington DC Commuting Area
DON Pathways Internship Program (Computer Science Student Trainee) (USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a degree in Computer Science or a related degree that includes 30 semester hours in a combination of Mathematics, Statistics, and Computer Science. At least 15 of the 30 semester hours must include any combination of Statistics and Mathematics that included differential and integral calculus
DON Pathways Internship Program (Computer Engineer Student Trainee) (USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a degree in Computer Engineering
DON Pathways Internship Program (Security Clerk Student Trainee) (USAJobs) Who may apply: Current students accepted for enrollment and/or pursuing a diploma or degree program that live or go to school within the Washington, DC Commuting Area
Legislation, Policy, and Regulation
Top U.S. Spy Claims 'Terrorists Are Going to School' on Snowden Leaks (Wired) A clearly frustrated U.S. intelligence chief complained today that America's adversaries are changing the way they communicate electronically in the wake of the leaks by NSA whistleblower Edward Snowden
NSA spying undermines separation of powers (USA Today) The program makes it easy for the president to spy on and blackmail his enemies
NSA Protest Day Drives More Than 200K Emails And Calls To Congress (TechCrunch) A planned day of protest against the NSA's surveillance efforts called "The Day We Fight Back" got off to a strong start. So far, more than 69,000 phone calls have been placed to Congressional representatives, along with more than 140,000 emails as part of the effort. In-person protests are planned, as well, both in the United States and abroad
Maryland lawmakers look to cut off NSA's water, power (The Hill) A bill in Maryland's state legislature would cut off state services like water and power at the National Security Agency's (NSA) headquarters. The bill from eight Republicans in the House of Delegates, including the chamber's minority leader, would prevent the state from granting "material support, participation or assistance" to the NSA or any other federal agency that collects people's information without a warrant
Indiana bills seek to shelter digital privacy (AP via the Kansas City Star) Police would have to get a search warrant before they could take data off of cellphones or computer tablets or use aerial drones under bills that are still breathing in the Indiana General Assembly
Technology group downplays incentives in recommendations on DHS Voluntary Program (Inside Cybersecurity) The Department of Homeland Security over the next year should focus on raising awareness about the government's new framework of cybersecurity standards and downplay the issue of providing incentives to encourage framework adoption, the Information Technology Industry Council says in a new paper
Why South Korea is really an internet dinosaur (The Economist) South Korea likes to think of itself as a world leader when it comes to the internet. It boasts the world's swiftest average broadband speeds (of around 22 megabits per second). Last month the government announced that it will upgrade the country's wireless network to 5G by 2020, making downloads about 1,000 times speedier than they are now. Rates of internet penetration are among the highest in the world. There is a thriving startup community
Litigation, Investigation, and Law Enforcement
NSA cybersecurity issues echo scathing Hill report (FCW) Like the more than 15 civilian agencies lambasted for poor cybersecurity practices in a Feb. 4 Senate committee minority report, it appears the National Security Agency is also guilty of failing to promptly upgrade its IT software and security measures
Americans find swift stonewall on whether NSA vacuumed their data (McClatchy via the Kansas City Star) Since last year's revelations about the National Security Agency's massive communications data dragnets, the spy agency has been inundated with requests from Americans and others wanting to know if it has files on them. All of them are being turned down
Dropbox Outlines Its Principles For Handling Government Data Requests (TechCrunch) Joining other leading technology firms, Dropbox today detailed the number of national security requests it received in the preceding 12 months for user data of its customers: 0-249
When hacking isn't (CSO Salted Hash) This week I read an article about a French journalist, Olivier Laurelli, who had the temerity to to fix a URL in order to get to a proper webpage. The information that he accessed was not behind a firewall. The information was not password protected
Barclays customer data stolen and sold to rogue traders (Finextra) Authorities are investigating a security breach at Barclays which saw the confidential information of thousands of customers stolen and sold on to unscrupulous City traders
Eerste phishingproces van start in Brussel (Redactie) In Brussel vindt het eerste proces rond phishing plaats. Bij phishing proberen criminelen mits een list bankgegevens te ontfutselen via het internet. In Brussel staan nu 25 mensen terecht voor phishing. Ze maakten zo'n 220.000 euro buit
Nederlandse politie haalt verborgen drugsmarkplaats offline – update (Tweakers) Utopia, een marktplaats waar illegale waren konden worden gekocht en die enkel via het anonimiseringsnetwerk Tor toegankelijk was, is offline. De Nederlandse politie heeft de site offline gehaald, bevestigt het Openbaar Ministerie
Dutch Minister of Interior Fights for His Political Life (Wall Street Journal) The Dutch Minister of the Interior, Ronald Plasterk, is fighting for his political future, as he faces continued questioning that he misinformed the public over activities of his intelligence service. Mr. Plasterk backtracked last week when he admitted that the collection of telephone traffic and data wasn't the work of the U.S. National Security Agency as he previously suggested, but his own intelligence service
Encryption at Times a Detriment to Honest Policing (Threatpost) The use of surveillance tactics by law enforcement in the performance of precisely targeted criminal investigations is still widely accepted and supported by much of the global public
Japanese Man Accused of Using Malware to Make Threats Says He's Innocent (Softpedia) Around one year ago, Japanese authorities arrested 30-year-old Tokyo resident Yusuke Katayama on suspicion of being behind the malware that hijacked computers to make threats on behalf of their owners. The man says he's innocent
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
NovaSEC! Pre-RSA Rally (, Jan 1, 1970) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated community that demonstrates the Northern Virginia region's size, scope and impact on the Country's cyber landscape. This particular event will take place one week before the annual RSA Conference in San Francisco. We view this as an opportunity for security professionals to network and discuss current security topics that will be highlighted at the RSA Conference. Plenty to talk about in 2014 for sure! So whether you are going to RSA or not this is the place to connect socially with your peers.
FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.