October 26, 2012

• arXiv [preprints – selected new articles]:

• Privacy design strategies
• Anonymous and adaptively secure revocable IBE with constant size public parameters
• Optimal contrast greyscale visual cryptography schemes with reversing
• Multilayer image watermarking scheme for providing high security
• Bio-Thentic Card: Authentication concept for RFID card
• Image encryption using Fibonacci-Lucas transformation
• Secure abstraction with code capabilities
• Computing optimal security strategies for interdependent assets
• Interdependent defense games: Modeling interdependent security under deliberate attacks
• A scalable Byzantine grid

• Ball, J. (2012, Oct. 23). Experts warn about security flaws in airline boarding passes. Washington Post. [Read]

• Beckett, L. (2012, Oct. 22). How companies have assembled political profiles for millions of internet users [Pro Publica]. [Read]

• Binney, W., & Wiebe, J. K. (2012, Oct. 23). SCOTUS must be last bulwark against NSA snooping. Politico. [Read]

• Brecher, A., (2012, Oct. 22). Cyberattacks and the covert action statute: Toward a domestic legal framework for offensive cyber operations [Michigan Law Review preprint]. [Read]

• Chesney, R. (2012). Computer network operations and U.S. domestic law: An overview [International Law Studies preprint]. [Read]

• Cryptology ePrint Archive [preprints]: new articles this week

• Cyber snooping – in whose hands should internet governance be entrusted? [Frontline Club]. (2012, Oct. 23).  [Watch / Panel discussion with Kirsty Hughes, Birgitta Jónsdóttir, Jacob Appelbaum, Karl Kathuria & Ian Brown]

• Enderle, R. (2012, Oct. 19). Why the government’s cybersecurity plan will end in catastrophe. CIO. [Read]

• Fahl, S., Harbach, M., Muders, T., & Smith, M. (2012, Oct.). Why Eve and Mallory love Android: An analysis of Android SSL (insecurity). Paper presented at the 19^th ACM Conference on Computer and Communications Security. [Read]

• Gallagher, R. (2012, Oct. 19). FBI accused of dragging feet on release of info about ‘Stingray’ surveillance technology. Slate. [Read]

• Goodin, D. (2012, Oct. 24). Phony certificates fool faulty crypto in apps from AIM, Chase, and more. Ars Technica. [Read / Also this week: HP suppresses H3C vulnerabilities demo / Apple removes Java from OSX browsers]

• Greenberg, A. (2012, Oct. 24). Bulgarian banks threaten to crush Wikileaks’ most successful copycat site. Forbes. [Read]

• Hope, C., & Coughlin, C. (2012, Oct. 19). Gary McKinnon: Eric Holder formally complains to UK and refuses to take Theresa May’s calls. Telegraph. [Read]

• Krebs, B. (2012, Oct. 22). Service sells access to Fortune 500 firms. Krebs on Security. [Read / Typical Cisco server username / pwd: “Cisco” / “Cisco”]

• Mimoso, M. (2012, Oct. 24). Operation High Roller banked on fast-flux botnet to steal millions. threatpost. [Read / Also this week: Open DNS resolvers used to amplify DDoS attacks / Barnes & Noble POS terminals compromised / Customers ruled against in PlayStation hack suit]

• Oxford Intelligence Group. (2012, June 18 – newly available). Cyber security and social science [symposium]. [Download transcripts / “Issues of trust on the internet, analysis of social media, and ‘Advanced Persistent Threats’ were discussed by experts in computer science, behavioral psychology, sociology, policy and other interdisciplinary fields”.]

• Perlroth, N. (2012, Oct. 22). The attack on the internet that wasn’t [RE: 10/22 DNS DDoS drill]. New York Times. [Read / Also this week: Cyberattack on Saudi oil company disquiets US]

• Pescatore, J. (2012, Oct. 19). Dealing with federal continuous monitoring security requirements [Gartner]. [Gartner – search for title in box at upper right].

• Peterson, D. (2012, Oct. 25). New Project Basecamp tools for CoDeSys, 200+ vendors effected [digital bond]. [Read]

• Sasso, B. (2012, Oct. 23). ACLU requests documents on drones. The Hill. [Read / Also this week: Obama briefly mentions cybersecurity in debate / Microsoft grilled over privacy changes / FTC settles with Compete / Intelligence sharing added to draft cyber order]

• Tapadinhas, J. (2012, Oct. 19). How to meet the security challenges of mobile BI [Gartner]. [Gartner – search for title in box at upper right].

• United States. Federal Trade Commission. (2012, ). Facing facts: Best practices for common uses of facial recognition technologies. [Read / Summary]

• Valentino-DeVries, J. (2012, Oct. 22). Judge questions tools that grab cellphone data on innocent people. Wall Street Journal. [Read]

• Verizon. (2012, Oct.). 2012 data breach investigations report. [Read]

• Verton, D. (2012, Oct. 19). I’m betting on Kaspersky. [RE: secure SCADA OS]. Homeland Security Today. [Read]

• Walker, D. (2012, Oct. 24). Thousands scammed by .gov open redirect flaw. SC Magazine. [Read]

• WikiLeaks. (2012, Oct. 25). Detainee policies [“WikiLeaks has begun releasing the ‘Detainee Policies’: more than 100 classified or otherwise restricted files from the United States Department of Defense covering the rules and procedures for detainees in U.S. military custody.”] [Press release]

• Wired for change: The power and pitfalls of big data [Ford Foundation conference]. (2012, Oct. 23). [Watch / “. . .  provocative conversations about the challenges and opportunities big data presents for social change makers. How can we ensure that vast data sets are tapped for the common good? How do we protect the right to privacy? And how do we build a transparent framework for data collection and analysis that allows us to create a better and more equitable future for all?”]

• Zetter, K. (2012, Oct. 24). How a Google headhunter’s e-mail unraveled a massive net security hole. Wired. [Read / Also this week: Everything you’ve been told about passwords is wrong]

Proceedings

• 2012 ACM Conference on Computer and Communications Security (2012, Oct. 16-18) – papers presented [full text]:

• Table of contents + all papers [“81 full papers, a record number . . . representing an acceptance rate of 19%”]

• 2nd International Conference on Security, Privacy, and Applied Cryptography Engineering. (2012, Nov. 3-4) – papers presented [abstracts / request]:

• A novel circuit design methodology to reduce side channel leakage
• The schedulability of AES as a countermeasure against side channel attacks
• Impact of extending side channel attack on cipher variants: A case study with the HC series of stream ciphers
• Performance and security evaluation of AES S-box-based glitch PUFs on FPGAs
• Relaxing IND-CCA: Indistinguishability against chosen ciphertext verification attack
• Towards formal analysis of key control in group key agreement protocols
• Some results on related Key-IV pairs of grain
• A differential fault attack on Grain-128a using MACs
• Breaking Hitag 2 revisited
• Reduction in lossiness of RSA trapdoor permutation
• Adaptively secure efficient lattice (H)IBE in standard model with short public parameters

October 18, 2012

• arXiv [preprints – selected new articles]:

• Honeypot venues against cheaters in location-based social networks
• Position-based quantum cryptography and the garden-hose game
• On constant-round concurrent zero-knowledge from a knowledge assumption
• Per-se privacy preserving distributed optimization
• Bad data injection attack and defense in electricity market using game theory study
• A survey on web spam detection methods: Taxonomy

• Associated Press. (2012, Oct. 12). New computer virus targets Venezuelans after vote. [Read]

• Bilge, L., & Dumitras, T. (2012). Before we knew it: An empirical study of zero-day attacks in the real world [preprint]. [Read]

• Cryptology ePrint Archive [preprints]: new articles this week

• Dorling, P. (2012, Oct. 10). Revealed: Canberra sharing intel on Assange with Washington. Sydney Morning Herald. [Read]

• Edwards, J. (2012, Oct. 11). Apple has quietly started tracking iPhone users again, and it’s tricky to opt out. Business Insider. [Read / Apple on opting out of iAd / Useful comments from Schneier on Security]

• Gary McKinnon extradition to US blocked by Theresa May. (2012, Oct. 16). BBC. [Read / More: NYT]

• Insinna, V. (2012, November). States to ramp up cybersecurity information sharing. National Defense. [Read]

• International Journal of Electronic Security and Digital Forensics – new issue [abstracts / request]:

• Security enhanced user authentication scheme for wireless sensor network
• Cryptanalysis of a three-party password-based authenticated key exchange protocol using Weil pairing
• Cryptanalysis and enhancements of delegation-based authentication protocol for secure roaming service 
• Analysis of firewall log-based detection scenarios for evidence in digital forensics
• Steganographic manipulations with elliptic curve cryptography

• Japan police chief steps down over cyber arrests. (2012, Oct. 18). Securityweek. [Read / Also this week: Northrup building cyber test range in Australia / Akamai: China biggest source of attacks / Firefox 16 recall details]

• Krebs, B. (2012, Oct. 17). Critical Java patch plugs 30 security holes. Krebs on Security. [Read]

• McCullagh, D. (2012, Oct. 16). Verizon draws fire for monitoring app usage, browsing habits. CNET. [Read]

• Mimoso, M. (2012, Oct. 15). Precision espionage miniFlame malware tied to Flame, Gauss. threatpost. [Read  / Also this week: Nitol shares code with other Chinese DDoS malware / Novell ZENworks zero day / A wave of Twitter phishing / Gathering threat intelligence with open tools]

• Palmer, D. (2012, Oct. 16). Police force fined £120,000 for data breach. Computing. [Read]

• Pauli, D. (2012, Oct. 17). Hacker terminals capable of causing pacemaker deaths. SC Magazine. [Read]

• Sasso, B. (2012, Oct. 15). Advertisers launch $1 million campaign to combat privacy concerns. The Hill. [Read / Also this week: House denies Huawei investigation report / White House to meet with industry groups on cyber order / EU calls on Google to modify privacy policy / GOP backs push to revive cyber legislation]

• Schactman, N. (2012, Oct. 11). Pentagon chief reveals ‘classified’ cyber threats … that you read in August [Brookings]. [Read]

• Setrakian, L. (2012, Oct. 15). Skype becomes operations center for Syrian rebels. ABC News. [Read]

• Stross, R. (2012, Oct. 14). Doing the two-step [verification] beyond the ATM. New York Times. [Read]

• Talbot, D. (2012, Oct. 17). Computer viruses are ‘rampant’ on medical devices in hospitals. Technology Review. [Read]

Proceedings

6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (2012, Oct. 17-19) – papers presented [abstracts / request]:

• Finding malware on a web scale
• Exposing security risks for commercial mobile devices
• From qualitative to quantitative enforcement of security policy
• Design and implementation of a cloud-based assured information sharing system
• Optimization of key distribution protocols based on extractors for noisy channels within active adversaries
• A vulnerability in the UMTS and LTE authentication and key agreement protocols
• Blind 384-bit digital signature scheme
• RABAC: Role-centric attribute-based access control
• Trust-aware RBAC
• Alternative mechanisms for information security
• Enforcing information flow policies by a three-valued analysis
• Towards the orchestration of secured services under non-disclosure policies
• An approach for network information flow analysis for systems of embedded components
• Individual countermeasure selection based on the return On response investment index
• Security and reliability requirements for advanced security event management
• Model-based security event management
• Using behavioral modeling and customized normalcy profiles as protection against targeted cyber-attacks
• Limitation of honeypot/honeynet databases to enhance alert correlation
• Stochastic model of interaction between botnets and distributed computer defense systems
• Malware characterization using behavioral components
• MADAM: A multi-level anomaly detector for android malware
• Using low-level dynamic attributes for malware detection based on data mining methods
• Configuration-based approach to embedded device security
• A study of entropy sources in cloud computers: Random number generation on cloud hosts
• Security modeling of grid systems using petri nets
• Using graph theory for cloud system security modeling

17th Nordic Conference on Secure IT Systems (2012, Oct. 31 –  Nov. 2) – papers presented [abstracts / request]:

• Designed to fail: A USB-connected reader for online banking
• Security ad-on for mobile platforms
• THAPS: Automated vulnerability scanning of PHP applications
• Cyber security exercises and competitions as a platform for cyber security experiments
• The development of cyber security warning, advice and report points
• Towards an empirical examination of IT security infrastructures in SME
• How to select a security requirements method? A comparative study with students and practitioners
• There is safety in numbers: Preventing control-flow hijacking by duplication
• Coinductive unwinding of security-relevant hyperproperties
• Retooling and securing systemic debugging
• Cracking associative passwords
• A hybrid approach for highly available and secure storage of pseudo-SSO credentials
• Assessing the quality of packet-level traces collected on internet backbone links
• Everything but the kitchen sink: Determining the effect of multiple attacks on privacy preserving technology users
• Can we identify manipulative behavior and the corresponding suspects on review websites using supervised learning?
• Privacy-friendly cloud storage for the data track: An educational transparency tool

Calls for Papers

Conferences

• 7th International Conference on Network and System Security [Madrid, June 3-4, 2013 – submissions due Dec. 15]

• 11th International Conference on Applied Cryptography and Network Security [Banff, Canada, June 25-28, 2013 – submissions due Feb. 1]

October 12, 2012

• arXiv [preprints – selected new articles]:

• A new application of multi-modal biometrics in home and office security system
• Mining permission request patterns from Android and Facebook applications 
• The Enemy within: The emerging threats to healthcare from malicious mobile devices
• Multi-frame signature-cum anomaly-based intrusion detection systems (MSAIDS) to protect privacy of users over mobile collaborative learning (MCL)
• Diagrammatization of the Transmission Control Protocol
• Variable-length Hill Cipher with MDS key matrix
• Everlasting secrecy by exploiting non-idealities of the eavesdropper’s receiver

• Cryptology ePrint Archive [preprints]: new articles this week

• Denbow, S., & Hertz, J. (2012). Pest control: Taming the RATs [Matasano]. [Read]

• Digital Advertising Alliance. (2012, Oct. 9). [Statement on Do Not Track browser settings]. [Read / More from The Hill: Lawmakers blast advertisers for ignoring ‘Do Not Track’]

• European Network and Information Security Agency. (2012, Oct. 11). Annual incident report 2011. [Read]

• Goodin, D. (2012, Oct. 10). Google Chrome exploit fetches “Pinkie Pie” $60,000 hacking prize. Ars Technica. [Read / Also this week: 300K exposed in FL college hack / Apple fingerprint software exposes Windows passwords / SHA1 could fall by 2018 / McAfee, TrustGuard certifications make sites less safe ]

• Hoofnagle, C. J., Urban, J. M., & Li, S. (2012, Oct. 8). Privacy and modern advertising: Most US internet users want ‘do not track’ to stop collection of data about their online activities [preprint]. [Read / More from NYT]

• IEEE Security & Privacy – new issue [full text]:

• Privacy: Front and center [10 years of IEEE Security & Privacy]
• Are things getting worse?
• Silver Bullet talks with Kay Connelly
• Security, privacy, and policy roundup
• Realities of e-voting security
• Hover: Trustworthy elections with hash-only verification
• The future of e-voting in Australia
• Evidence-based elections
• A gentle introduction to risk-limiting audits
• Electronic voting security 10 years after the Help America Vote Act 
• Usable, secure, private search
• Security and interoperable-medical-device systems, part 1 
• Security and elections 
• The state of embedded-device security (spoiler alert: It’s bad) 
• Filling your cyber operations training toolbox
• Security and cognitive bias: Exploring the role of the mind 
• The price of privacy
• Integrating user customization and authentication: The identity crisis 
• Risk aversion 
• The importance of security engineering 

• IEEE Transactions on Dependable & Secure Computing – new issue / preprints [full text]:

• A trust-based framework for fault-tolerant data aggregation in wireless multimedia sensor networks
• Attacks and defenses in the data plane of networks
• Detecting automation of Twitter accounts: Are you a human, bot, or cyborg?
• Empirical analysis of system-level vulnerability metrics through actual attacks
• Enhancing data trustworthiness via assured digital signing
• Jamming-resilient multipath routing
• On energy security of server systems
• Preserving structural properties in edge-perturbing anonymization techniques for social networks
• Robust network covert communications based on TCP and enumerative combinatorics
• Secure overlay cloud storage with access control and assured deletion
• Surviving attacks in challenged networks
• Virus propagation in heterogeneous Bluetooth networks with human behaviors
• The foundational work of Harrison-Ruzzo-Ullman revisited
• CipherXRay: Exposing cryptographic operations and transient secrets from monitored binary execution 
• Unprivileged black-box detection of user-space keyloggers 
• Securing class initialization in Java-like languages

• IET Information Security – new issue [Abstracts / Request articles]

• SORT: A self-organizing trust model for peer-to-peer systems
• Attribute-based signature scheme with constant size signature in the standard model
• Internal state recovery of grain-v1 employing normality order of the filter function
• Provably secure convertible multi-authenticated encryption scheme
• Keypad against brute force attacks on smartphones
• Light-weight trust-based routing protocol for mobile ad hoc networks
• Enhanced multiparty quantum secret sharing of classical messages by using entanglement swapping
• Ladon¹ : end-to-end authorisation support for resource-deprived environments
• Improved certificateless signature scheme provably secure in the standard model
• Embedded system for sensor communication and security

• Kravets, D. (2012, Oct. 9). Copyright scofflaws beware: ISPs to begin monitoring illegal file sharing. Wired. [Read / Also this week: Hacker massacres World of Warcraft characters en masse]

• Martinez, J. (2012, Oct. 10). FCC chairman warns telecomm treaty would ‘threaten the internet’. The Hill. [Read]

• McCullagh, D. (2012, Oct. 9). Military court to review tight secrecy in Bradley Manning case. CNET. [Read]

• Nakashima, E. (2012, Oct. 9). Iran aids Syria in tracking tracking opposition via electronic surveillance, U.S. officials say. Washington Post. [Read / Also this week: Lieberman on cyber attacks]

• Oulasvirta, A., Pihlajamaa, A., Perkiöm, J., Ray, D., Vähäkangas, T., Hasu, T., Vainio, N., & Myllymäki, P. (2012). Long-term effects of ubiquitous surveillance in the home [preprint]. [Read]

• Ramakers, R., Vanackenm D., Luyten, K., Coninx, K., & Schöning, J. (2012). Carpus: A non-intrusive user identification technique for interactive surfaces. Paper presented at the 25th Annual ACM Symposium on User Interface Software and Technology. [Read]

• Roberts, P. (2012, Oct. 12). Exploit code released for software used to manage solar energy plants. Naked Security. [Read]

• Ross, B. (2012, Oct. 9). Did the CIA have a double agent inside al Qaeda? [RE: alleged source of infected USB drive that facilitated killing of Anwar al-Awaki]. ABC News. [Read]

• Security & Communication Networks – new preprints [Abstracts /Request articles]

•  Spammers operations: a multifaceted strategic analysis
• Auction‐based task allocation with trust management for shared sensor networks
•  BioPSTM: a formal model for privacy, security, and trust in template‐protecting biometric authentication
• ALPP: anonymous and location privacy preserving scheme for mobile IPv6 heterogeneous networks
• A proactive approach to intrusion detection and malware collection

• Silver, V. (2012, Oct. 10). Spyware leaves trail to beaten activist through Microsoft flaw [RE: the UAE’s Ahmed Mansoor]. Bloomberg. [Read / More: University of Toronto / NYT]

• Thompson, M. (2012, Oct. 12). Panetta sounds alarm on cyber-war threat. Time. [Read].

• U.S. Chamber of Commerce. [Brief: Response to Federal Trade Commission on corporate data security accountability]. [Read]

• US Supreme Court lets wiretapping immunity stand. (2012, Oct. 10). Securityweek. [Read / More: CIO / CNN / Wired / WSJ / Glenn Greenwald / EFF files in opposition]

• United States. Congress. House. Permanent Select Committee on Intelligence. (2012, Oct. 8). Investigative report on the U.S. national security issues posed by Chinese telecommunications companies Huawei and ZTE. [Read]

• United States. Department of Defense. (2012, Oct). [Documents related to funding of Tor Project, via Cryptome]. [Read]

• United States. Department of Homeland Security. Industrial Control Systems Cyber Emergency Response Team. (2012, Oct. 11). ICS-CERT monthly monitor. [Read]

• United States. Department of Justice. Office of the Inspector General. (2012, September).  Report to Congress on implementation of Section 1001 of the USA PATRIOT Act [FBI surveillance under DOJ investigation]. [Read]

• United States. Executive Office of the President. (2012, Oct. 10). Presidential Policy Directive / PPD-19: Protecting whistleblowers with access to classified information. [Read]

• United States. Federal Bureau of Investigation. (2012, Oct. 10). [FBI Data Warehouse System exempted from Privacy Act safeguards]. [Read – scroll to bottom].

• United States. Government Accountability Office. (2012, September – newly released). Mobile device location data: Additional federal actions could help protect consumer privacy. [Read]

• Warner, M. (2012). Cybersecurity: A pre-history. Intelligence & National Security. [Abstract / Request article]

Proceedings

• 2012 Symposium on Visualization for Cybersecurity. (2012, Oct. 15) – papers presented [full text]:

• Visual analysis of complex firewall configurations
• Automated tracing and visualization of software security structure and properties
• Visualization design for immediate high-level situational awareness
• NV: Nessus vulnerability visualization for the web
• Visualization of shared system call sequence relationships in large malware corpora
• MalwareVis: Entry-based visualization of malware network traces
• Change-Link: A digital forensic tool for visualizing changes to directory trees
• Visualizing distributed memory computations with hive plots
• Visual spam campaigns analysis using abstract graphs representation
• DAEDALUS-VIZ: Novel real-time 3D visualization for darknet monitoring-based alert system
• VisTracer: A visual analytics tool to investigate routing anomalies in traceroutes
• Visualizing Semantics in Passwords: The role of dates

Calls for Papers

Conferences

• 1st IEEE Conference on Communications and Network Security [Washington, D.C., Oct. 14-16, 2013 – submissions due March 1]

• 7th IFIP International Conference on Trust Management [Málaga, Spain, June 3-5, 2013 – submissions due Jan. 25]

• 8th ACM Symposium on Information, Computer and Communications Security [Hangzhou, China, May 8-10, 2012 – submissions due Dec. 3]

• 9th Information Security Practice and Experience Conference [Lanzhou, China, May 12-14, 2013 – submissions due Dec. 3]

• 18th ACM Symposium on Access Control Models and Technologies [Amsterdam, June 12-14, 2013 – submissions due Jan. 6]

• IEEE International Symposium on Hardware-oriented Security and Trust [Austin, TX, June 2-3, 2013 – submissions due Dec. 10]

Journals

• International Journal of Cloud Computing, issue on information assurance and system security in cloud computing [deadline Jan. 30, 2012]

October 5, 2012

• Ackerman, S. (2012, Oct. 2). DHS counterterror centers produce ‘a bunch of crap’,  Senate finds. Wired. [Read / Senate report]

• arXiv [preprints – new articles]:

• Outsourcing access control enforcement for stream data to the cloud
• Superdense coding with GHZ and quantum key distribution with W in the ZX-calculus
• Implementation of privacy-preserving SimRank over distributed information network

• Cluley, G. (2012, Oct. 1). How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes. Naked Security. [Read / More / Also this week: What is your phone saying behind your back? / FTC wins 136m judgment against spamware co.]

• Cryptology ePrint Archive [preprints]: new articles this week

• Donohue, D. (2012, Oct. 4). Internet slows in Iran following attacks on infrastructure, communication. threatpost. [Read / Also this week: Recruiting botmasters for attacks on US banks / Sandia builds massive Android test platform]

• Goodin, D. (2012, Oct. 3). DDoS attacks on major US banks are no Stuxnet – here’s why. Ars Technica. [Read / More]

• Information Management & Computer Security – new issue [full text]:

• SIEM-based framework for security controls automation
• Identifying linkages between statements in information security policy, procedures and controls
• Social network analysis for cluster-based IP spam reputation
• Health service employees and information security policies: an uneasy partnership?
• Can spending on information security be justified? Evaluating the security spending decision from the perspective of a rational actor

• International Journal of Information Security – new issue [abstracts / request]:

• Replacement attacks: automatically evading behavior-based software birthmark
• The n-Diffie–Hellman problem and multiple-key encryption
• Minimizing information disclosure to third parties in social login platforms
• A new authentication model for ad hoc networks
• Strong accumulators from collision-resistant hashing

• Kazansky, B. (2012, October 3). Hacking censorship – drone humanitarianism  CNET[Interview from Circumvention Tools Hackfest / Harvard University]. [Listen]

• Krebs, B, (2012, Oct. 1), In a zero-day world, it’s active attacks that matter. Krebs on Security. [Read]

• Musil, S. (2012, Oct. 3). Hackers post data from dozens of breached college servers [including the University of Maryland].. [Read]

• Perlroth, N. (2012, Oct. 2). Google warns of new state-sponsored cyberattack targets. New York Times. [Read / Also this week: Worries over Defense Department money for ‘hackerspaces’]

• Security and Communication Networks – new issue [abstracts / request]:

• A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment
• Attribute‐based ring signcryption scheme
• Digital evidence collection for web image access
• Compression‐based spam filter
• UFLE: a user‐friendly location‐free encryption system for mobile users
• Nonintrusive tracing in the Internet
• Classifying different denial‐of‐service attacks in cloud computing using rule-based learning

• Sasso, B. (2012, Oct. 4). Rogers: ‘Irresponsible’ of White House not to consult on cyber order. The Hill. [Read – also this week: Republicans: DHS not up to cybersecurity challenge / Keith Alexander: Nation needs DHS involved in cybersecurity / Republicans: Executive order to solidify cybersecurity divide /

• Sharma, A. (2012, Oct. 4). [Indian government licensing US, Canadian, Israeli software to crack password protected phones]. Times of India. [Read]

• Temple, J. (2012, Oct. 3). Governor vetoes [California] location privacy bill. San Francisco Chronicle. [Read]

• Templeman, R., Rhaman, Z., Crandall, D., & Kapadia, A. (2012). PlaceRaider: Virtual theft in physical spaces with smartphones [preprint]. [Read / Related]

• United States. Congressional Budget Office. Proposed homeland security budget for 2013. [Read]

• United States. Department of Defense. (2012, Oct. 1). Directive: Management of the Defense Security Enterprise. [Read]

• United States. Department of Homeland Security. Office of Inspector General. (2012, Sept.). Transportation Security Administration has taken steps to address the insider threat but challenges remain. [Read redacted version /Congress reacts]

• United States. District Court for the Northern District of Texas. (2012, Oct. 3). [Indictment against Barrett Brown]. [Read /Background RE: Anonymous]

• United States. Government Accountability Office. (2012, Aug. 31 – newly released).  FDA should expand its consideration of information security for certain types of [medical] devices. [Read]

• York, G. C. (2012, Oct. 3). A dark day for the Philippines as government passes cybercrime act [Electronic Frontier Foundation]. [Read / Anonymous retaliates]

• Zetter, K. (2012, Oct. 2). DHS issued false ‘water pump hack’ report; called it a ‘success’. Wired. [Read]