June 2012 – year 2, issue 6 events SAM’12: The 2012 International Conference on Security and Management Date: 16 – 19 July 2012 editorial Location: Las Vegas , USA http://sam.udmercy.edu/sam12/ Leading international opportunity for computer and network security professionals and users Dear Reader, users are facing. The situation is even to investigate innovative ideas and outcomes, worse than it appears: most users I know and to exchange experiences on various May has been full of events that saw the are using on Linkedin the same password aspects of information security. Novel participation of GCSEC. they use for the email. This is a big risk: research in all practical areas of computer and network security is sought. email has become our “digital key ring” It is worth mentioning the Digital Agenda where most of our digital identities are ICITIS 2012 : The 3rd IEEE International Assembly 2012 in Brussels, where connected to. The incident demonstrated Conference on Information Theory and GCSEC has been asked to contribute on not only the risk, but also the fact that Information Security Digital Identity. In April we also joined a operators are not adopting even the most Date: 27 July 2012 session at the European Parliament simple and inexpensive techniques to Location: Beijing, China organized by EIF – European Internet protect users identities and credentials. http://www.wikicfp.com/cfp/servlet/event.show Foundation. The situation is clear: the cfp?eventid=19827&copyownerid=21605 ICITIS 2012 will keep promoting the attention is on eID, the digital equivalent GCSEC position is to help operators information exchange on information theory, of National ID cards and not on “soft through guidelines and standards in order information security, computer technology, identities”, those that we use daily to to adopt minimum standard telecommunication technology, network and access any kind of service on the countermeasures to protect end-user some related fields, which aims to promote Internet, including payment systems (at identities. Governments should also play international academic exchange and the end, a credit card when used online is a key role through modern policies. This international cooperation. a soft identity…). is what GCSEC is advocating at The incident that affected 6.5m users of international level. SecurIT 2012 Date: 16 – 19 August 2012 Linked is a clear example of the risks that Andrea Rigoni Location: Kerala, India http://securit.ws/ SecurIT 2012, the Security Conference on Internet of Things (IoT) invites professionals in this number from industry verticals such as security solutions companies, automobile, mobile and wireless companies and academicians from “London Olympics 2012: no game with Cyber Security!” universities and research labs to participate by Maria Luisa Papagni – AlmavivA/GCSEC and contribute. The surprising results of a survey by McAfee, the well-known U.S. security company, show a Cyber Resilience for National Security worrying lack of awareness amongst MPs, business leaders and journalists about the extent of Date: 12 – 14 September 2012 the cyber threat facing the London 2012 Olympic Games. The risks for major events like the Location: Washington, DC/VA, USA Olympics, do not just come from terrorism, but the alarm is very high even for a cyber attack. http://www.clocate.com/conference/Cyber- Resilience-for-National-Security-2012/29782/ “A distributed and hierarchical DNS-CERT for Internet Health and Security.” As the US Military, Homeland Defense and by Igor Nai Fovino and Elena Agresti – GCSEC Intelligence communities prepare for post- The mechanism by which Internet translates names to addresses and vice versa is the Domain Iraq, and eventually post-Afghanistan, they Name System (DNS). It is recognized as one of the most critical services in the Internet will need to maintain force dominance over infrastructure. The cyber attacks and security breaches to which the DNS has been exposed in new and emerging actors and threats. One of the last years have shown that DNS’s world is in crisis. the largest threats to national security at “Lulzsec. Can hacking be just fun?” - by Marco Caselli – GCSEC present is in the cyber realm. This event will focus on the latest prioritization efforts within Lulz Security, abbreviated Lulzsec, was born as an offshoot of Anonymous. On May 2011, an the DoD’s cyber security efforts, while affiliated collective called Internet Feds decided to re-organize itself under this new identity while bringing together government and industry riding the wave of success of several cyber attacks. In just one year the group has made people leaders to discuss the most challenging talking a lot about it. threats to national cyber security in both the public and private sector. “London Olympics 2012: no game news with Cyber Security!” India to greenlight state-sponsored cyber attacks By Maria Luisa Papagni – AlmavivA/GCSEC http://www.theregister.co.uk/2012/06/11/india_state_spo nsored_attacks/ The Indian government is stepping up its cyber security capabilities with plans to protect critical national infrastructure from a Stuxnet- like attack. Sources told the “Times of India” that the government’s National Security Council, which is headed by Prime Minister Manmohan Singh, is working out the fine details which would give the Defence Intelligence Agency (DIA) and National Technical Research Organization (NTRO) the power to carry out unspecified offensive operations. LinkedIn dials 911 on password mega-leak hackers http://www.theregister.co.uk/2012/06/08/law_investigat es_linkedin_breach/ LinkedIn has turned to the FBI for help after 6.5 million of its users' passwords were dumped online by hackers. A list containing the SHA1 hashed passwords but unsalted, purportedly of users of the business social network, has been posted on a Russian Dropbox-alike website. The business network Imagine to be at the stadium watching the finals of the athletics competitions said "a small subset" of the hashed data had of Olympics. Adrenaline and emotion before the start, with the whole been deduced and revealed, but the rest is audience stood to admire the "human shrapnel" try blocks and make the last "hard to decode". Security biz Sophos estimated that as much as 60 per cent of the stretch pre-start. leaked list had been cracked. "To the best of Then comes the long awaited moment. One, two, three ... and spectacular our knowledge, no email logins associated start of the usual Usain Bolt. He is already a few inches ahead of everyone, with the passwords have been published," the and suddenly… all the lights turn off! company stated in a blog post. Flame gets suicide command Total darkness, people panic, it is a terrorist attack? People start to scream http://www.theregister.co.uk/2012/06/07/flame_suicide_ command/ and rush en masse toward the way out! This sounds like a science fiction One of the most dangerous virus ever, which movie? No, it's just one of the scenarios that may follow to a possible cyber lie in some areas of the Middle East, a attack during the Olympics in London 2012. surprise change his behavior. According to Symantec, its creators have sent a self- Yes, because the risks for major events like the Olympics, do not just come destruct command designed to wipe Flame from terrorism, but the alarm is very high even for a cyber attack, that can be from compromised computers, to avoid can be traced to them. Study on Flame also from who also has the purpose of a terrorist attack or even who wants to have revealed how sophisticated is the code used, a bit of notoriety (given the high number of followers of the event). will take years to understand how it works. White House unveils initiatives to combat The risk is to underestimate the threat of cyber attacks, as often happens with botnets http://www.scmagazine.com/white-house-unveils- regard to cyber security. The surprising results of a survey by McAfee, the initiatives-to-combat-botnets/article/243712/ well-known U.S. security company, show a worrying lack of awareness The Obama administration revealed new amongst MPs, business leaders and journalists about the extent of the cyber initiatives to combat botnets, believed to threat facing the London 2012 Olympic Games. present one of the greatest threats to the Only 2% of respondents considered cyber-attacks the largest threat, despite integrity of the internet. The initiatives are the result of a voluntary public-private partnership the record growth of malware (over 6 million cases in the first three months of between the White House Cybersecurity 2011). The McAfee report, in essence, reflects a mismatch still present Office and the U.S. Departments of between the real growth of cyber attacks and the awareness of dangers of Commerce and Homeland Security (DHS), entrepreneurs, politicians and media. who coordinate with private industry to lead Just think that in the first three months of 2011 there was an increase of 76% the Industry Botnet Group (IBG), a group of of the attacks on Android phones, while the forecast for growth of malware nine trade associations and nonprofit organizations representing thousands of indicates the threshold of 75 million by the end of the year. companies across information, communications, and financial services This is a deficit of awareness that we must be aware of. industries. But awareness does not fail Gerry Pennell, Chief Information Officer of Obama Order Sped Up Wave of London Committee for the Olympic Games, which early in January said that Cyberattacks Against Iran http://www.nytimes.com/2012/06/01/world/middleeast/o “The high profile nature of the event means that an attack is inevitable. We bama-ordered-wave-of-cyberattacks-against- will be the target of a cyber attack. It will happen for sure as happened in the iran.html?pagewanted=all last editions of the Games.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages5 Page
-
File Size-