The CyberWire Daily Briefing 02.10.15

Cyber Trends

It's cyber war: guerrilla tactics gain traction as defense strategy (Reuters) A barrage of damaging cyberattacks is shaking up the security industry, with some businesses and organizations no longer assuming they can keep hackers at bay, and instead turning to waging a guerrilla war from within their networks

Cyber-Attacks Force a Defence Strategy Rethink (EWN) US insurer Anthem Inc. said hackers may have made off with some 80 million personal health records

The Uses and Abuses of Cryptography (CircleID) Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data

"Assume Breach" is Not a Defeatist Point of View (Norse Blog) As an industry, we have collectively been talking about the concept of assume breach for at least two years now. Frankly, it's probably been much longer than that, and I feel like the idea is starting to take hold

Security, Privacy Lapses Stem Largely from Lack of Enforcement, Study Finds (IT Business Edge) You'd think that organizations would have learned by now. But as last week's news of the Anthem breach shows, hackers still find it too easy to steal critical information from high-profile companies. A disturbing dimension of all of this is that too often, organizations have the proper security and privacy controls in place, but there's just one problem: They fail to properly enforce them

Are smart homes security smart? (Help Net Security) A new ENISA study aims to identify both the security risks and challenges as well as the countermeasures required for emerging technologies in smart homes, providing a specific and focused approach, with an overview of the current state of cyber security in this emerging domain

It's Safer Internet Day. So where is our Internet of Secure Things? (We Live Security) Today, Tuesday 10 February, has been declared "Safer Internet Day" — a day for all of us to work together to "create a better internet together"

3 questions you should be asking on Safer Internet Day (Naked Security) What's in a word?

Four Reasons Why Millennials Should Care About Safer Internet Day (TechCrunch) Growing up, I was always close to technology. I explored the vast world of the Internet from a young age. I created my first email account when I was 10 years old, but had no concept of acting safe online and signed up for numerous websites that promised free TVs and other cool prizes. It wasn't long before I fell victim to phishing attacks and almost sent money to someone in Florida for a puppy

AVG: Parents complacent about keeping kids safe online (TrustedReviews) To mark Safer Internet Day 2015, TrustedReviews spoke to Tony Anscombe, AVG's ambassador of free products, to learn about some of the biggest cyber issues facing parents today

Legislation, Policy and Regulation

France's embrace of harsh anti-terror laws that go far beyond America's Patriot Act (The Week) Hours before 3.7 million people took to the streets of France last month in solidarity with the victims of the Paris shootings, a former minister in the French government tweeted that the country should adopt its own version of the United States Patriot Act

'Glaring hole' in Australia's cyber security policy (The Age) Australia's cyber security policy lacks direction, crucial funding and strength because of an across the board "imagination deficit", experts and analysts say

JCS chairman to take control of [RoK] cyber operations (Yonhap) The Cabinet decided Tuesday to empower the chairman of the Joint Chief of Staff (JCS) to control the operations of the cyber command as part of efforts to counter growing security threats online

U.S.-German Spy Spat Unresolved as Merkel Visits Obama (Bloomberg) The unresolved fallout between the U.S. and Germany over National Security Agency espionage and mass surveillance slid to the background of a visit by Chancellor Angela Merkel to Washington, supplanted by the need for intelligence sharing amid rising threats of terrorism

Obama asks Germany "to give us the benefit of the doubt" on NSA spying (Ars Technica) "The underlying foundation for the relationship remains sound"

National Security Strategy (The White House) Today, the United States is stronger and better positioned to seize the opportunities of a still new century and safeguard our interests against the risks of an insecure world

White House Releases National Security Strategy (Dark Matters) The White Has has released the latest National Security Strategy, which calls for improved network security defenses to protect critical systems and intellectual property from theft, specifically referring to economic espionage by China

Obama Pushes for Greater Intel Sharing in New Strategy (Defense One) Risky or not, the new national security strategy pushes for greater information sharing between intelligence agencies, at home and abroad

New agency to sniff out threats in cyberspace (Washington Post) The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs

Government IT Makes GAO's High Risk List (Fiscal Times) At a time when cyber attacks pose an increasingly serious threat to national security, with hackers launching attacks at the Defense Department every day, watchdogs are flagging federal IT operations as one of the most serious weaknesses in the federal government

The country is vulnerable without CISPA (Baltimore Sun) While some worry about privacy in a proposed cyber intelligence law, they should be worried about attacks. The uninterrupted operation of our nation's infrastructure is vital to our physical and economic security and our lives. It monitors generators producing power; controls valves that allow gas or oil to flow from well to refinery to pump; manages air, rail, and road traffic; and enables banks to process credit card transactions and business activities nationally and internationally

Intelligence Legalism and the National Security Agency's Civil Liberties Gap (Harvard National Security Journal) Since June 2013, we have seen unprecedented security breaches and disclosures relating to American electronic surveillance. The nearly daily drip, and occasional gush, of once-secret policy and operational information makes it possible to analyze and understand National Security Agency activities, including the organizations and processes inside and outside the NSA that are supposed to safeguard Americans' civil liberties as the agency goes about its intelligence gathering business. Some have suggested that what we have learned is that the NSA is running wild, lawlessly flouting legal constraints on its behavior. This assessment is unfair

Eavesdropping on Our Founding Fathers: How a Return to the Republic's Core Democratic Values Can Help Us Resolve the Surveillance Crisis (Harvard National Security Journal) On April 20, 1978, the Democratic Senator from Indiana, Birch Bayh, stood in the well of the U.S. Senate. He rose to speak in support of S.1566, which, six months later, would receive overwhelming congressional approval, the signature of President Jimmy Carter, and become the Foreign Intelligence Surveillance Act of 1978, commonly known as FISA. Senator Bayh admitted to "mixed feelings" that day, wishing that the legislation "was not necessary." Realism, however, demanded otherwise

Navy Submariner Takes Pentagon Cyber Post (Breaking Defense) The Pentagon named a Navy cryptologist to a top cyber policy position today. Rear Adm. Sean Filipowski, who'll get his second star with the new job, is a protégé of former NSA director Gen. Keith Alexander

California lawmaker proposes warrant requirement for digital data access (Ars Technica) "Californians recognize the risk to their privacy," Sen. Mark Leno tells Ars

EU Parliament blocks Microsoft's new Outlook apps over privacy concerns (PCWorld) Access to Microsoft's new Outlook apps has been blocked for members of the European Parliament because of "serious security issues"

Products, Services, and Solutions

AirPatrol and Pay Tel Announce Partnership to End Contraband Cell Phone Use in Correctional Facilities (Finances) Addressing the growing problem of illicit cell phone use in correctional facilities, AirPatrol, a developer of mobile device detection systems, and Pay Tel Communications, a provider of inmate phone service, today announced a partnership to combat cell phone smuggling

Carahsoft Adds RSA Offerings to GSA Schedule (ExecutiveBiz) Carahsoft Technology has added the security products and services of RSA, the security division of EMC, to its General Services Administration schedule

AppGuard® for AFCEA Members on CauseNetwork (PRNewswire) Preferred price and $5 donation to AFCEA Educational Foundation STEM Program

Exabeam handles security threats in real time with user behavior intelligence (Tech Republic) Too many firms lack security visibility into their networks, while hackers prowl using stolen credentials. The solution, says Exabeam, requires user behavior intelligence

5 Top Firefox Addons For Anonymous Surfing (eHacking) Firefox is fast,reliable and secure browser that provides a lot of different features except browsing. So this article will talk about anonymous surfing via Firefox

Why Northern HSC Trust chose ForeScout CounterACT for agentless NAC (Cambridge Network) Implementing 802.1x authentication controls across thousands of owned network devices in a large organisation is both complex and time-consuming. Deploying authentication to devices you don't own, manage or (sometimes) know about introduces a new set of issues

DISA Rolls Out Collaboration Tool for Secure Web Conferencing (SIGNAL) Open source enterprise effort expected to save millions of dollars, officials say

Technologies, Techniques, and Standards

FFIEC Issues Cyber-Resilience Guidance (GovInfoSecurity) New business continuity guidelines from the Federal Financial Institutions Examination Council paint a more detailed picture of the cybersecurity initiatives banks and credit unions will be asked about during upcoming examinations

How do we identify our attackers in cyberspace? (Tenable Blog) In 1995 I landed my first independent consulting project: an incident response for an important financial institution in New York City. That experience has informed my attitude about attribution ever since, because it was one of the rare incidents I've ever been involved in when we actually learned the identity and location of the attacker with a high degree of certainty

Email Is Not Forever: Advice on Archiving (eSecurity Planet) In the wake of the Sony scandal, companies may wonder how long to retain email. Hint: The answer is not "forever"

Fighting Advanced Persistent Threat DDoS Using A Pro-Active Defense Approach (Infosec Island) Recently, the Akamai Threat Research Team revealed an application-layer Distributed Denial of Service (DDoS) attack campaign against an airline company web site

Detecting Mimikatz Use On Your Network (Internet Storm Center) I am an awesome hacker. Perhaps the worlds greatest hacker. Don't believe me? Check out this video where I prove I know the administrator password for some really important sites!

A Token's Tale (Google Project Zero) Much as I enjoy the process of vulnerability research sometimes there's a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex exploits for seemingly trivial vulnerabilities. You might wonder why we'd go to this level of effort to prove exploitability, surely we don't need to do so? Hopefully by the end of this blog post you'll have a better understanding of why it's often the case we spend a significant effort to demonstrate a security issue by developing a working proof of concept

Legacy Approach to Password Management: Trade Security for Convenience? (RSA: Speaking of Security) I came across an article the other day highlighting the importance of password management. The article indicated that employees are willing to sell their passwords to bad actors, and that password management is the right solution to combat this issue. This made me scratch my head — how can password management help mitigate a stolen password or a password that has willingly been handed over?

Don't count on antivirus software alone to keep your data safe (Register) Buckle up with belt and braces

Printer to Shredder — Threat intelligence's problem (Cytegic) You're an IT executive and your company receives regular cyber intelligence updates. They land in your inbox (or have been forwarded to you by your managers, flagged "urgent") every once in a while. When opening one you can find a brief summary of current events or alerts and an attachment, usually a PDF document. If it's over 10 pages long you will then print this and then… well, most likely keep it on your desk for several days. If you have some spare time you might even gaze into this document, and maybe even highlight a paragraph or two for future use. But most likely, you will either ask one of your subordinates to read and summarize it for you or never look at this again before finally shredding it

Marketplace

CEO heads may roll for security breaches in wake of Sony boss' exit, experts say (Silicon Valley Business Journal) The massive, embarrassing data breach that preceded the exit of Sony Pictures co-chairman Amy Pascal put CEOs on notice that failure to take information security seriously may now be a firing offense

Security professionals warn against relying on cyber insurance (ComputerWeekly) Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks

Company Shares of Proofpoint Inc Rally 6.22% (Wall Street Pulse) Shares of Proofpoint Inc (NASDAQ:PFPT) rose by 6.22% in the past week and 6.67% for the past 4 weeks. For the past week, the counter has outperformed the S&P 500 by 3.1% and the outperformance increases to 6.12% for the past 4 weeks

Company Shares of Nice-Systems Ltd (ADR) Rally 9.91% (Wall Street Pulse) Shares of Nice-Systems Ltd (ADR) (NASDAQ:NICE) rose by 9.91% in the past week and 7.47% for the past 4 weeks. For the past week, the counter has outperformed the S&P 500 by 6.67% and the outperformance increases to 6.91% for the past 4 weeks

Company Shares of Cyberark Software Ltd Rally 9.45% (Winston View) Shares of Cyberark Software Ltd (NASDAQ:CYBR) rose by 9.45% in the past week and 0.03% for the past 4 weeks. The shares have outperformed the S&P 500 by 6.23% in the past week but underperformed the index by 0.49% in the past 4 weeks

Company Shares of Radware Ltd. Rally 3.95% (Wall Street Pulse) Shares of Radware Ltd. (NASDAQ:RDWR) appreciated by 3.95% during the past week but lost 7.19% on a 4-week basis. The shares have outperformed the S&P 500 by 0.89% in the past week but underperformed the index by 7.67% in the past 4 weeks

HP Acquires Voltage Security (CSO) Today came news that the software giant HP has made a new acquisition. This time they have picked up the encryption vendor Voltage Security. Congrats to Sathivk Krishnamurthy and team

Wandera Raises $15M To Protect Mobile Data And Deliver It More Cheaply (Forbes) The dual current focuses on mobile enablement and IT security mean that there are a growing number of vendors pitching their solution as a mobile-specific one

Consulting Firm System 1 Views Cyber's Landscape Through 'Democratization' of Capability, Exposure (ExecutiveBiz) Federal agencies have put cybersecurity defenses high on their agendas in recent years due in part to a "democratization of cybersecurity capability"

ObserveIT detects UK channel opportunity (ChannelPro) US security vendor ObserveIT launches in UK with new partner programme and EMEA sales chief

Which IBM Layoff Numbers Add Up? (IEEE Spectrum) Last month, tech journalist Robert X. Cringely reported that 26 percent of IBM's employees were about to be shown the door, potentially more than 100,000 people if you look at IBM's worldwide workforce of more than 400,000. IBM responded that it had already announced that it was writing off $580 million for "workforce restructuring," a number consistent with laying off several thousand people. That's a big gap

Calling IBM'ers Who Have Been Chrome'ed, RA'ed, or PIP'ed: Tell Us Your Story (IEEE Spectrum) IBM is currently in the midst of a workforce reduction. Journalist Robert X. Cringely reports that more than 100,000 current employees will be dropped from the payroll by March; IBM counters that it's planned a layoff that will be less than a tenth of that amount

Bridging the Cybersecurity Skills Gap: 3 Big Steps (Dark Reading) The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration

Security Startup Illumio Hires Sales Exec From Ruckus (Re/code) Four months after popping out of stealth mode, the security startup Illumio is seriously ramping up its sales efforts

Two Coalfire Executives among the 2015 Federal 100 from Federal Computer Week (Herald Online) Robert Barnes and Tom McAndrew recognized for federal IT expertise

Research and Development

China nears launch of hack-proof 'quantum communications' link (MarketWatch) This may be a quantum-leap year for an initiative that accelerates data transfers close to the speed of light with no hacking threats through so-called "quantum communications" technology

Human Traffickers Caught on Hidden Internet (Scientific American) A new set of search tools called Memex, developed by DARPA, peers into the "deep Web" to reveal illegal activity

NSA Announces 3rd Annual Best Scientific Cybersecurity Paper Competition (NSA) The National Security Agency is seeking nominations for the 3rd Annual Best Scientific Cybersecurity Paper Competition. The competition is for scientific papers that were published between January 1, 2014 and December 31, 2014 and that show an outstanding contribution to cybersecurity science. Deadline for nominations is March 31, 2015

Pentagon seeks new war games to combat cyber threats (USA TODAY) The Pentagon think tank that has funded studies into whether Russian President Vladimir Putin has Asperger's syndrome is expanding its research to futuristic war games and investigating the effects of embargoes and trade restrictions, newly released military documents show

DARPA project trains robots to watch YouTube (C4ISR & Networks) Do robots like videos of cute puppies or daring skateboard stunts? Researchers at the Defense Advanced Research Projects Agency might find out, but it will be as a byproduct of the Mathematics of Sensing, Exploitation and Execution (MSEE) program, which is teaching robots to respond to visual information by having them watch YouTube videos

Government Contract to Grier Forensics Speeds-Up Digital Investigation (Forensic Magazine) It is often the case that the spur to innovation in America takes the form of a government solicitation. As an instrument of the people, the government gives power to the those that develop ideas and tools that benefit everyone

Security Patches, Mitigations, and Software Updates

Creaking Patch Tuesday's Viability Rests with Quality, Speed (Threatpost) Today is Patch Tuesday, the 11-year-old procession of security bulletins from Microsoft streamed out automatically to consumers of Windows Update, and pulled en masse by enterprise admins worldwide needing to test each for compatibility

Microsoft products face increased out-of-band patching, predicts Tripwire (ComputerWorld) Is life getting easier or worse for admins given the job of patching Microsoft products or is it perhaps just the same as it's ever been but gradually changing in nature?

Cyber Attacks, Threats, and Vulnerabilities

"Stop Supporting ISIS": Anonymous Kurdistan Hacks Turkish Govt. Websites (HackRead) On Thu, 02 Jan 2014, a Kurdish hacker going with the handle of Anonymous Kurdustan & Muhmad Emad hacked two Turkish government websites belonging to the Afyonkarahisar Provincial Disaster and Emergency Management (Afyonkarahisar is a city in western Turkey, the capital of Afyon Province), asking the Turkish government to stop supporting the ISIS terrorist group

Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm (Dark Reading) New report shows 2014 as the year of China's renewed resiliency in cyber espionage — with Hurricane Panda storming its targets — while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain

Anthem Breach May Have Started in April 2014 (KrebsOnSecurity) Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion

Anthem Breach: Phishing Attack Cited (GovInfoSecurity) Phishing campaigns now targeting Anthem members

Probe of Anthem pushed after consumer data stolen in cyber attack (ABC 7 News Denver) Members of the National Association of Insurance Commissioners want a multi-state examination of Anthem, Inc. and its affiliates, following the discovery of a cybersecurity breach at the health insurance company

Health data breaches could be expensive and deadly (CSO) Health-related data breaches could be expensive and life-threatening

New multi-purpose backdoor targets Linux servers (Help Net Security) A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it

PlugX, Go-To Malware for Targeted Attacks, More Prominent than Ever (Threatpost) Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups

Cryptowall 3.0 Slims Down, Removes Exploits From Dropper (Threatpost) A slimmed down version of Cryptowall is in circulation, and this one contains no built-in exploits, confirming a growing trend that most ransomware will be spread almost exclusively via exploit kits

French firms targeted with ransomware (Help Net Security) French companies are the latest targets of cyber crooks wielding the CTB Locker (aka Critroni) ransomware

Is Anonymous Attacking Internet Exposed Gas Pump Monitoring Systems in the US? (TrendLabs Threat Intelligence Blog) Even as attacks on SCADA devices has become more public, devices are constantly being reported as Internet-facing and thus, vulnerable to attacks. Very little security is implemented on these devices, making them perfect targets of opportunity. Recently, Internet-facing gas station pumps have gained some attention, when several articles exposing the availability of these devices were published online

Senate Report Slams Automakers for Leaving Cars Vulnerable to Hackers (Wired) Since hackers first began demonstrating that they could take over cars' digital systems to slam on brakes or hijack steering, most automakers have done everything they can to avoid publicly discussing whether their vehicles are vulnerable. Massachusetts Senator Edward Markey, however, has demanded answers on that car-hacking question. Now he's released his findings: the answers are messy at best, and dangerous at worst

Watch how car hackers can disable brakes and steal your personal data (We Live Security) When US TV correspondent Leslie Stahl drove her car around a deserted parking lot the other day, she was in for a big surprise

Be careful when talking in front of a Samsung SmartTV (Help Net Security) Owners of Samsung SmartTVs that use its Voice Recognition feature to control the device should be aware that everything they say in front of their smart television set may end up in the hands of third parties

From Zero to Your Credit Card (Cyactive) A recent blog post by Nick Hoffman highlights the efficiency of reusing malware techniques and just how easy it is to develop a credit card data stealing malware. The malware that he notes consists in fact of the basic processes that every PoS malware uses. This malware doesn't have a name, and probably served as a Proof-Of-Concept. It is tiny (4k) and as of April 2014 was undetected by most Antivirus. Yet, bottom line, it can steal your credit card data

Chipotle apologises for offensive tweets, says account was hacked (Naked Security) Fast-food restaurant chain Chipotle was forced to apologise after its Twitter account was used to post racist, homophobic and anti-government tweets on Sunday morning

Subdomain of Arizona Army National Guard website hacked by 3xp1r3 Cyber Army (HackRead) The famous Bangladeshi hackers from 3xp1r3 Cyber Army are back in action. This time the hackers hacked and defaced the sub-domain of the official Arizona Department of Emergency & Military Affairs (DEMA) on Feb 2nd, 2015

Marriott Hotels Hit by Credit Card Breach (eSecurity Planet) All the affected locations are run by franchise operator White Lodging Services

Litigation, Investigation, and Enforcement

Wall Street regulator weighing insurance industry cyber rules (The Hill) New York's top financial watchdog will conduct cybersecurity spot checks on insurers that could lead to new regulations for the industry, following the massive data breach at health insurer Anthem Inc

The CIA Lawyer Who Led a Secret Effort to Spy on the Senate (Atlantic) An insider's account of why the intelligence agency monitored its overseers

Twitter Reports a Surge in Government Data Requests (New York Times) Twitter on Monday released its twice-yearly transparency report, showing a surge in government requests for users' Twitter information

FBI really doesn't want anyone to know about "stingray" use by local cops (Ars Technica) Memo: Cops must tell FBI about all public records requests on fake cell towers

Ross Ulbricht Didn't Create Silk Road's Dread Pirate Roberts. This Guy Did (Wired) More than 14 months after his arrest, Ross Ulbricht has been convicted of being the Dread Pirate Roberts, the masked figure who ran the Silk Road's unprecedented online supermarket for drugs. But the man who first created that mask — and in many ways served as Silk Road's mastermind just as much as Ulbricht — remains a mysterious figure, and one who by all appearances walked away unscathed from his involvement in the Silk Road's billion-dollar drug operation

5 technologies that betrayed Silk Road leader's anonymity (ComputerWorld) Even technologies designed to preserve privacy can reveal identities when not used thoughtfully

MyCoin closes its doors, $387 million in investor funds vanishes (ZDNet) Bitcoin exchange MyCoin has vanished — leaving up to $387 million in investor funds unaccounted for

Researcher Releases 10 Million Usernames And Passwords In Fight Against Obama's War On Hackers (Forbes) With the sentencing of Barrett Brown, a journalist who was convicted of numerous crimes and whose jail time was increased because he posted a link to stolen data, and some worrying cyber security proposals from the Obama administration that would appear to outlaw the everyday activities of researchers, both hacks and hackers have been anxious about the chilling effects on their work. Quinn Norton, a long-time security writer, said she would no longer report on leaked information for fear of arrest. Errata Security's Robert Graham said there was a war being waged on professional hackers who have only been trying to make the internet safer

Today I Am Releasing Ten Million Passwords (Passwords) Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain

KickAss Torrent Download Website Seized (HackerNews) So far, the torrent users didn't forget the incident of The Pirate Bay seizer, that another most popular Torrent website, KickAss Torrents, has been kicked off by the Somalian registry

Microsoft, PNP to strengthen Philippine cybersecurity (Philippine Daily Inquirer) Microsoft Philippines is partnering with the Philippine National Police Anti-Cybercrime Group (PNP-ACG) to help the government address cybercrime

INTERPOL and the fast-paced digital threat landscape (Help Net Security) Dr. Madan Oberoi is the Director of Cyber Innovation and Outreach Directorate at the INTERPOL Global Complex for Innovation in Singapore. In this interview he talks about the key developments that allow law enforcement to stay on top the fast-paced digital threat landscape, offers insight on the challenges involved in managing international cyber innovation and research within INTERPOL

Cybercrime: the importance of being alert (Malaysian Insider) The recently published Safe Cities Index 2015 by The Economist magazine placed Singapore as the second-safest major city in the world, after Tokyo. The index does not measure simply crime, but also a wide-ranging set of factors, including digital security

Cybercrime happens — deal with it! (ComputerWorld) It's no use waiting for the law to sort it out — businesses need to act too

You can't trust Snapchat to keep your selfies secure, discovers alleged murderer (Graham Cluley) As if you needed more proof that you're a fool if you think sending a picture via Snapchat means that it won't come back to haunt you

Famed God nabbed by the cops (CSO) There is a nonsensical bad habit that some script kiddies have been getting up for the last couple years. This is the practice of swatting. One person who allegedly fancied himself as a "hacker" was Brandon Wilson aka "Famed God". Despite his lofty moniker he was a 19 year old teen from Nevada

Gamer swatted while live-streaming on Twitch.TV (Naked Security) A gamer has recorded a video of his tearful reaction after he was swatted in the middle of a live Twitch stream of RuneScape

Hacker avoids conviction over university cyber-attack (New Zealand Herald) A 20-year-old Auckland computer hacker has been discharged without conviction after launching a cyber-attack on the University of Melbourne in 2011

Design and Innovation

Steps to success in biometric security app design (ZDNet) As we seek new security solutions, what should app developers working in the burgeoning field of biometric security keep in mind?

How a Hacking Stunt at the Academy Awards Launched a Mobile-Security Startup (Inc.) John Hering and his friends discovered a security vulnerability in early bluetooth technology in 2004. They proved what kind of mobile device breach was possible at the 2005 Academy Awards — and turned the concept into a company called Lookout

Will 2015 Be The Year of Information Security Disruption? (CRN) Mark Robinson, president of Findlay, Ohio-based CentraComm, is one of dozens of channel veterans who attends the RSA Conference every year and has watched the security industry's largest annual gathering grow substantially in recent years. Robinson and others recall having to sprint to meet colleagues from one side of the mammoth Moscone Convention Center in San Francisco to the other