The CyberWire Daily Briefing for 4.17.2014
Retailers and security product vendors continue to stop up Heartbleed holes (the security vendors, including Symantec, McAfee, and Kaspersky, are running ahead of the retailers). Some users report that Heartbleed mitigation seems to be "making the Internet run slower," but slower browsing is to be expected as sites upgrade security. Exploitation of the vulnerability for denial-of-service purposes seems possible but (in general) too difficult to be worthwhile when much easier DDoS methods are ready to hand.
Canadian police make the first Heartbleed arrest: an Ontario nineteen-year-old is collared for his (alleged) role in the Canadian Revenue Agency hack. Media note familiar tension between law enforcement and disclosure: the Royal Canadian Mounted Police apparently asked that the breach not be disclosed until their investigation had made further progress. (Another obstacle to disclosure is simple unwillingness to bear bad news: Ponemon says 60% of enterprise security types would hesitate to inform the boss.)
German researchers demonstrate a worrisome proof-of-concept exploitation of Samsung's fingerprint login, troubling because of its integration with PayPal. Another biometric modality, face recognition, is in the news because of masked pro-Russian insurgents (or Russian troops?) in Ukraine and the US FBI's burgeoning face-recognition database.
The iBanking mobile bot infests Facebook. An Android Adobe Reader vulnerability is found. Starbucks-themed emails distribute a rootkit-capable Zeus variant.
Runway Girl points out the difficulty of "hacking an airliner."
Energy and financial sectors continue to increase cyber security investments.
India wants to "internationalize" the Internet into the "Equinet"—really a call for greater national control.
Notes.
Today's issue includes events affecting Brazil, Canada, China, European Union, Germany, Iran, New Zealand, Qatar, Romania, Russia, Saudi Arabia, South Africa, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Retailers rush to plug Heartbleed leaks (FierceRetailIT) The revelation last week of the Heartbleed bug has had retailers scrambling to both find vulnerabilities and reassure customers, but the threat is far from over
Heartbleed fallout may 'slow' browsing speeds (BBC) Browsing speeds could slow as websites update security systems to defeat Heartbleed attacks, warn researchers
Can Heartbleed be used in DDoS attacks? (CSO) With nearly every major threat to information security, it is not long before security experts ask the question, "Can the threat play a role in distributed denial of service (DDoS) attacks?"
Heartbleed SIN leak handling at CRA raises disclosure concerns (Financial Post) CRA was informed by government cyber security agencies last week that hackers had been able to exploit a "six hour window" to gain access to 900 social insurance numbers (SINs) and other taxpayer information from government servers. The RCMP asked the Canada Revenue Agency to delay informing Canadians about a malicious cyber attack that resulted in the theft of sensitive taxpayer information so that officers could pursue a "viable investigative path"
Heartbleed: Security experts reality-check the 3 most hysterical fears (PC World) Heartbleed has dominated tech headlines for a week now. News outlets, citizen bloggers, and even late-night TV hosts have jumped on the story, each amping up the alarm a little more than the last one. But while it's true Heartbleed is a critical flaw with widespread implications, several security experts we've spoken with believe the sky-is-falling tone of the reporting is a bit melodramatic
German researchers hack Galaxy S5 fingerprint login (IDG News Service via CSO) The integration with Paypal makes the weakness of Samsung's implementation extra serious
Facebook Webinject Leads to iBanking Mobile Bot (We Live Security) iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user's communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device's microphone. As reported by independent researcher Kafeine, this mobile application was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions
Got Adobe Reader on your Android device? You Had Best Update it ASAP (Lumension Blog) A critical security vulnerability has been found in Adobe Reader Mobile, the version of the popular PDF Reader developed for the Android operating system, which could lead to remote hackers compromising documents stored on your Android device and its SD memory card
Zeus/rootkit combo delivered via Starbucks-themed emails (Help Net Security) Malware peddlers have been spotted impersonating popular coffeehouse chain Starbucks in order to trick users into downloading a rootkit-equipped variant of the Zeus banking Trojan
Dangerous spam targets Brits with fake Easter offers (Help Net Security) Cybercriminals are hiding dangerous goodies among the Easter eggs and chocolate bunnies that Brits are hoping for this Easter
SharePoint users are breaching security policies (Help Net Security) A study, conducted amongst attendees at last month's Microsoft's SharePoint Conference in Las Vegas, has found that at least 36% of SharePoint users are breaching security policies, and gaining access to sensitive and confidential information to which they are not entitled
Virgin Media newsletter snowballs, burying customers with unwanted emails (Graham Cluley) The classic mistake when emailing a large number of people is to include all of their addresses in the cc: field rather than the bcc…But Virgin Media didn't make the cc: blunder. Instead, it screwed up in a different way…But when the company sent their newsletter out yesterday, it used a mailing list which wasn't configured properly. As a result, anyone who *replied* to the message would have their response forwarded — via the mailing list — to all of the other people on the list
OpEd: Why hacking an airliner isn't just an app away (Runway Girl Network) Hugo Teso may not win the prize for having the most familiar household name but he is certainly on the minds of aviation cyber security folks. In recent months Hugo has made the rounds in the hacker community for presentations claiming to show how airliners can be hacked. Hugo may have made a name for himself in the niche hacker world but he has also been widely discredited within government, aviation manufacturing, and the security world for peddling a very flawed theory
Attackers use reflection techniques for larger DDoS attacks (Help Net Security) Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques
Hackonomics: Street prices for black market bugs (ZDNet) A recent RAND Corporation report on the black market for hacks, cracks, data theft, botnets, and zero days tells us your hacked Amex Black fetches a decent price, but only if you're not an American
Security Patches, Mitigations, and Software Updates
Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab (CSO) The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab
Cyber Trends
Inside the Ring: U.S. power grid defenseless from physical and cyber attacks (Washington Times) The U.S. electrical power grid is vulnerable to cyber and physical attacks that could cause devastating disruptions throughout the country, federal and industry officials told Congress recently
Hitting it out of the park: Cybersecurity is a whole new ballgame (FierceSmartGrid) In April 2013, an attack on Pacific Gas & Electric's (PG&E) Metcalf transmission substation near San Jose, Calif. knocked the station out of commission. The attackers cut fiber optic cables and opened fire on the substation. Although the attack wasn't well-publicized in the media, it became a call for utility companies to reassess their security. Those threats are something that the federal government is focused on all the time
Cyber Security: 60% of Techies Don't Tell Bosses About Breaches Unless It's 'Serious' (International Business Times) Ponemon study shows company IT personnel filter out negative facts before communicating about security risk
How a cyber cop patrols the underworld of e-commerce (CSO) Payza 'cyber cop' Melissa Andrews tracks good, bad and ugly websites with the mission of shutting down criminal operations
New Osterman Research Report: Only 13% Happy With Compliance Methods (Dark Reading) Burdensome compliance management processes are eating into IT budget
Marketplace
Cyber Security Market Worth $155.74 Billion by 2019 (PRWeb) Cyber Security Market research report majorly focuses on estimation of current market size and future growth potential across all the major segments of this market, i.e., types, solutions, services, verticals, and regions
Financial services firms to increase cyber security budgets this year, PwC claims (ComputerWorld) Two-fifths plan to up spending to meet growing threat
Utilities act to increase grid security (Greenville News) South Carolina is vulnerable to cyber attacks or sabotage to its current electrical grid through a coordinated attack on power substations
Kaspersky Lab Reveals Strategic Plans for Expansion in Enterprise IT Security Market (MarketWatch) New virtualization, fraud prevention and other technologies driven by threat intelligence strengthen Kaspersky Lab's enterprise security portfolio
Spanning Joins Cloud Security Alliance (Fort Mill Times) Cloud-to-cloud backup & restore leader eager to share data protection expertise to help companies operate fearlessly in the cloud
Carlos Fernandes on Salient Fed's 'Precognitive Capabilities' in Cyber, the IPv6 Transition, and the Paradigm Shift Necessary to Protect (Executive Biz) Carlos Fernandes joined Salient Federal Solutions in January to serve as director of its Cyber Security Center of Excellence and develop and implement the Fairfax, Va.-based IT, training and engineering services contractor's cybersecurity strategy
Tina Kuhn on Northrop's Cyber Work with NATO and Intl Customers, the Budget Environment as a Catalyst for Change & Building Cyber Defenses From the Ground Up (ExecutiveBiz) ExecutiveBiz recently spoke with Tina Kuhn, a top cybersecurity executive with Northrop Grumman Information Systems, on Northrop's international expansion, opportunities for transformation within the government budget environment, how to "build-in" cyber defenses, and more in the cyber space
John Chen: BlackBerry Invests in Cloud Medical IT Firm NantHealth (GovConWire) BlackBerry (NASDAQ: BBRY) has made an investment in NantHealth, a California-based startup that is developing cloud-based information technology for medical applications
MTN Government Announces New Advisory Board (Broadway World) MTN Government (MTNGOV), a subsidiary of MTN Communications (MTN), announces the formation of an MTNGOV Advisory Board with veteran military, intelligence and industry business leaders. Members of the Advisory Board include: U.S. Marine Corps Major General George J. Allen (retired), U.S. Air Force Lieutenant General Albert J. "Al" Edmonds (retired), Blu Venture Investors co-founder James Hunt, U.S. Army Major General N. Lee S. Price (retired), and U.S. Air Force Brigadier General Thomas Verbeck (retired). The Board will be charged with providing advice and guidance on MTNGOV's overall business strategy and key development initiatives
Christina Lucero to Head Ciber's Vertical Strategic Solutions Group; Manish Sharma Comments (GovConWire) Christina Lucero, a former industry analyst at Gartner (NYSE: IT), has joined Ciber (NYSE: CBR) as director of the vertical strategic solutions group
Products, Services, and Solutions
Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test (Network World) McAfee seen as speediest in adding blocking protections to stop malware
eScan Internet Security Suite with Cloud Security 100% effective against zero-day malware attacks (IT Web) eScan, one of the leading anti-virus and content security solution providers, has bagged the AV-Test certification for its home user product, eScan Internet Security Suite with Cloud Security, for the tests conducted in January and February 2014
ESET Addresses Middle East e-Commerce Boom with Launch of Online Store for Antivirus and IT Security Products (MENAFN) E-Commerce is booming in the Middle East and the recent 'Online Shopping Behaviour Study 2013' by MasterCard found that almost 50% of consumers in the UAE, Saudi Arabia and Qatar already shop online while consumers in other GCC countries also strongly follow this trend
Defense Cyber Investigations Training Academy Now Offering CompTIA Network+ Certification Training Course (CompTIA) The nation's top cyber investigators can earn a key industry certification under a new initiative between the Defense Cyber Crime Center (DC3) and CompTIA, the leading non-profit association for the information technology (IT) industry
Quarri and Stoneware Deliver Secure Browser Sessions To Endpoint Devices (Broadway World) Quarri Technologies, a leading web information security software company that empowers organizations to keep their sensitive data secure, today announced a strategic partnership with Stoneware, a Lenovo company, to resell Quarri's products. Quarri's secure browser technology provides Stoneware customers with the ability to protect sensitive data delivered through the cloud to endpoint devices like PCs, laptops and mobile devices
Panda Security Will Continue to Support and Provide Protection for Windows XP (IT Business Net) Panda Security, The Cloud Security Company, today announced that its 2014 consumer solutions (Panda Global Protection 2014, Panda Internet Security 2014 and Panda Antivirus Pro 2014), as well as Panda Gold Protection and Panda Cloud Antivirus Pro, will continue to provide the same level of service to Windows XP users, despite the fact that Microsoft support for the operating system officially ended on April 8
Microsoft releases Threat Modeling Tool 2014 (Help Net Security) The Microsoft Threat Modeling Tool 2014 is the latest version of the free Security Development Lifecycle Threat Modeling Tool that was previously released back in 2011
Insurance Company To Launch Cyber Liability Product (The Bahamas Weekly) If it could happen to Target, it could happen to you. Over the Christmas holiday the popular retail giant came under fire after it — oddly enough — found itself the target of a cyber attack. Millions of its customers' credit and debit card information, as well as personal data were stolen. Now, Target is facing a string of lawsuits. It's a situation that a leading insurance agency has been watching and just one of the reasons it has decided to launch a new cyber liability product on April 24, 2014. "We have noted that there have been more and more reports of computer hacking disrupting companies' computer systems and leaking sensitive third party information stored on companies' computer systems," said Assistant Managing Director of NUA Insurance Agents & Brokers, Stanford Charlton
Technologies, Techniques, and Standards
Smartphone Kill Switches Coming, But Critics Cry Foul (InformationWeek) Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough
The Science of Unmasking Russian Forces in Ukraine (Defense One) Every day, the scene playing out along the Ukrainian border with Russia seems like an act of costumed theater. Russian protestors wearing balaclavas, or ski masks, armed with military-grade weapons, attempt to take over government buildings by force. The question of who is behind the masks has risen to a level of critical international importance. If the protestors are affiliated with the Russian military, Putin's government is in violation of international treaties and laws. It's a nearly impossible challenge, but one that the United States military, within its own sphere of operations, is also trying to solve
Massive FBI facial recognition database raises privacy fears (Naked Security) The FBI is building a massive facial recognition database that could contain as many as 52 million images by 2015, according to information obtained by the EFF via a freedom of information request
3 ways to reduce BYOD legal liability with the right conversation (CSO) Move the uncertainty of BYOD from liability to opportunity by engaging in the right conversations that ease change and increase value for everyone
Protect your business by encrypting the network (ComputerWeekly) There has been a heightened interest in encryption over recent months, largely thanks to the Edward Snowden leaks showing US and British intelligence agencies were pouring their funds into cracking popular kinds of protection
Research and Development
Crypto Examination Awaits in Phase Two of Truecrypt Audit (Threatpost) Phase two of the TrueCrypt audit figures to be a labor-intensive, largely manual cryptanalysis, according to the two experts behind the Open Crypto Audit Project (OCAP)
Cybersecurity science aims to disarm digital threats (Penn State News) Someday, a military commander will look over a battlefield map to check the position of troops, tanks, artillery emplacements and the enemy, considering every contingency in the complex mission. Then the commander will glance at a monitor that shows the status of the electronic environment — communications frequencies, computer program security, hacker attacks and the responses to those attacks — and determine which digital threats require human intervention
Future Nokia phones could send quantum-coded texts (New Scientist) Quantum cryptography could be the star feature of your next cellphone. The first pocket-sized quantum encryption device has been created in collaboration with the Finnish phone-maker Nokia, and could let you send completely secure messages — although you will need to plug it into a quantum phone booth to do so
Legislation, Policy, and Regulation
Putin tells Edward Snowden: Russia doesn't carry out mass surveillance (The Guardian) Claims by Russian president to NSA whistleblower in TV show will be treated with scepticism by western intelligence officials
U.S. SEC releases cyber security examination blueprint (Reuters via Yanoo! News) U.S. securities regulators have unveiled a road map that lays out how they plan to make sure Wall Street firms are prepared to detect and prevent cyber security attacks
House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies Hearing (Insurance News Net) Chairman Meehan, Ranking Member Clarke, and members of the Subcommittee, thank you for giving me this opportunity to provide you with my thoughts on safeguarding consumer information from cyber-attacks. My name is Tom Litchford, and I am Vice President of Retail Technologies at the National Retail Federation (NRF). In my role at the NRF, I manage the CIO Council, the IT Security Council, and the Association for Retail Technology Standards
Study says national cyber plan hurts US (The Hill) A new report claims that the Commerce Department's voluntary cybersecurty framework could end up undermining the online protections it seeks. The report out on Thursday from George Mason University's Mercatus Center claimed that the plan amounts to "opaque control" of the Internet, which could undermine the "spontaneous, creative sources of experimentation and feedback that drive Internet innovation"
India to suggest renaming of Internet as 'Equinet' (The Hindu) In a major diplomatic initiative, India is all set to challenge the U.S.' hegemony of the World Wide Web at a global meet on Internet governance in Sao Paulo (Brazil) next week. India has decided to propose renaming of Internet as 'Equinet' so that all nations can have equal say in its operations, besides calling for "internationalisation" of core Internet resources
Litigation, Investigation, and Law Enforcement
Lavabit loses appeal of court sanctions (ZDNet) Appeals court doesn't examine constitutional issues raised by Lavabit and finds against them for legal errors
Lavabit case undermines claims NSA had Heartbleed early (ZDNet) If the NSA really did have Heartbleed "for years" as was claimed recently by Bloomberg news, they wouldn't need to go after Lavabit. They wouldn't even want to
Heartbleed: Teenager charged after Canadian taxpayer hack (Graham Cluley) A 19-year-old man from London, Ontario, has been charged in correction with a hack against the Canadian Revenue Agency (CRA) website which leaked 900 social insurance numbers, and caused the website to shut down for four days
HIPAA business associate agreement consultations could be unlawful (TechTarget) Under federal law, the Health Information Portability and Accountability Act (HIPAA) Privacy Rule extends to a class of business entities (i.e., health plans, health care clearinghouses and health care providers) that are carrying out covered transactions. These business entities are otherwise known as "covered entities"
Trouble with Russia, trouble with the law: inside Europe's digital crime unit (The Guardian) Europol's European Cybercrime Centre is helping the global fight against cyber crime, but it needs more help
U.S. Agent Lures Romanian Hackers in Subway Data Heist (Bloomberg) U.S. Secret Service Agent Matt O'Neill was growing nervous. For three months, he'd been surreptitiously monitoring hackers' communications and watching as they siphoned thousands of credit card numbers from scores of U.S. retailers
Edward Snowden: From 'Geeky' Dropout To NSA Leaker (NPR) Former National Security Agency contractor Edward Snowden has revealed some of the group's most carefully guarded secrets. The reporting on the documents he leaked won a Pulitzer Prize for the Washington Post and The Guardian, announced on Monday. But there's still a lot we don't know about Snowden himself — and his motivation
New Zealand High Court rules that Kim Dotcom can have his assets back (Tweaktown) Kim Dotcom wins battle over assets in New Zealand High Court, will see his mansion, cars, and other property returned immediately
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threat landscape.
FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government, Big Data and Business Intelligence, Project Management, Procurement and Acquisition and more. (free-of-charge for government personnel).
SC Congress Toronto (Toronto, Ontario, Canada, Jun 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought leaders together with the latest technology service solutions to provide you with the answers you need to secure your enterprise network.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
US News STEM Solutions: National Leadership Conference (, Jan 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is an outcome-focused forum for the entire network of experts, advocates and change-makers who are proactively working to fill jobs now and advance the future of the STEM workforce. More than a broad-based discussion of the issues, this year's conference will zero in on tangible results, real successes and collaborative strategies that are already moving the needle. If you have a vested interest in the development of the STEM pipeline, make your voice heard where it will have the most impact.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
United States Cyber Crime Conference 2014 (, Jan 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders. All aspects of computer crime will be covered, including intrusion investigations, cyber crime law, digital forensics, information assurance, along with research and development, and testing of digital forensic tools.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
Cyber COMSEC and IT Day at Fort Huachuca (, Jan 1, 1970) This one-day vendor expo is a unique opportunity to demonstrate your products and services to military and civilian personnel at Fort Huachuca. Exhibitors will have a casual atmosphere to share ideas, concerns and build relationships with the men and women of Fort Huachuca.
Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base. This is the only yearly event officially sponsored by AFCEA at Kirtland AFB. The goal of this expo is to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to the agency. In addition, this event will be widely attended by the majority of personnel at the USSS HQ building. Attendance is expected to be over 300 for the event.
SANS Security West (, Jan 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.
Eurocrypt 2014 (, Jan 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.
Cyber Security for National Defense Symposium (, Jan 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations can come together for actionable discussions and debate. The symposium will focus on increasing the security and resiliency of the Nation's critical networks, operating freely in the Cyber Domain, and the protection of infrastructure in support of national defense and homeland Security.
INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.