May 31, 2013

News

• Australian Intelligence Seeks Power to  Break Tor

• Child Porn Suspect Ordered to Decrypt Own Data

• Chinese Army to Include Digital Forces in June Drill

• Lawsuits Over Data Breach May Cost US Grocery Chain $80 Mil.

• Defense Science Board:  US Weapons Systems Hacked by Chinese

• DHS May Have Exposed Employees’ Personal Information

• DoJ Fights to Stop Release of Court Opinion on Unlawful Surveillance

• Drupal Hit by Massive Data Breach

• Google to Double its SSL Key Sizes

• Google Fails to Strike Down FBI’s Unconstitutional Gagging Orders

• Huawei: All Governments Hack Secret Data

• Jeremy Hammond Pleads Guilty in Stratfor Hack

• Microsoft to Share Real-Time Botnet Data

• Murder of British Soldier Revives Communications Data Bill

• NSA Official: ‘Immoral’ for Feds to Not Protect Corporate Networks

• Obama to Press China on Hacking

• Researchers Use Light, Music to Trigger Mobile Malware

• Reuters Profiles Keith Alexander

• Skype Beta Plugs IP Resolver Leak

• Sky News Android, Twitter Apps Hacked

• U. of Utah Prepares Students to Work at NSA’s Warrantless Surveillance Hub

• US Military Will Soon Pursue Cyber Attacks Without Executive Oversight

Journal articles

• Adaptive Alert Throttling for Intrusion Detection Systems

• ADTool: Security Analysis with Attack- Defense Trees

• Certified Computer-aided Cryptography: Efficient Provably Secure Machine Code from High-level Implementations [also new from Cryptology ePrint Archive]

• An Efficient Dynamic ID Based Remote User Authentication Scheme Using Self-certified Public Keys for Multi-server Environment

• Geo-Indistinguishability: Differential Privacy for Location-Based Systems

• Immune System Approaches to Intrusion Detection – A Review

• Security by Design: Hardware-based Security in Windows 8

• Securing Access Control through Convergence

• Using Complexity Metrics to Improve Software Security

Reports

• Android Malware in Pictures: A Blow-by-blow Account of Mobile Scareware [Sophos]

• Anatomy of a Hack: How Crackers Ransack Passwords Like “qeadzcwrsfxv1331” [Ars Technica]

• Apple Two-Factor Authentication and the iCloud [ElcomSoft]

• Creating a Foundation for Mobile Security [US CIO Council]

• Cybersecurity: Authoritative Reports and Resources [Congressional Research Service]

• Disclosure Timeline for Vulnerabilities Under Active Attack [Google]

• Flame One Year Later [Kaspersky]

• National Cloud Computing Strategy [Australian Government]

• Pentagon Aims to Make Cyberwar as Easy as ‘Angry Birds’ [Brookings]

• Underweb Payments, Post-Liberty Reserve [Krebs on Security]

• ZeuS/ZBOT Malware Shapes Up in 2013 [TrendLabs]

DC-Area Events

• Mobile Security: Potential Threats & Solutions [Federal Trade Commission, 6/4/13 – open to public]

May 24, 2013

News

• DHS to Share Zero-Day Intelligence

• EU May Consider ‘Hack Back’ Legislation

• Few Utilities Complying with Voluntary Anti-Stuxnet Measures

• Feds Grant Amazon Cloud Security Clearance

• Guantanamo WiFi Shut Down After Threats

• NC Fuel Distributor Hit by $800,000 Cyberheist

• NYT: Hackers Find China is ‘Land of Opportunity’

• Reporters Threatened with CFAA, Labeled Hackers for Finding Security Hole

• South Africa Police Website Hacked, Informers Exposed

• Twitter Launches 2 Factor Authentication

• US: Chinese Hackers Who Breached Google Gained Access to Sensitive Data

• US: China’s PLA Has Resumed Attacks

Journal articles

• Active Cyber Defense with Denial and Deception: A Cyber-wargame Experiment

• Cognitive Systems and Bio-inspired Computing in Homeland Security

• A Framework for Prototyping and Testing Data-only Rootkit Attacks

• The Functionality-based Application Confinement Model [Request Full Text]

• Hang With Your Buddies to Resist Intersection Attacks

• An Improved Side Channel Attack Using Event Information of Subtraction

• Monitoring Information Security Risks Within Healthcare

• Mutual-friend Based Attacks in Social Network Systems

• NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem

• A Novel Agent-based Approach to Detect Sinkhole Attacks in Wireless Sensor Networks

• Rejecting the Attack: Source Authentication for Wi-Fi Management Frames using CSI Information

• Secure Biometrics: Concepts, Authentication Architectures and Challenges

• A Survey on Security Issues in Cloud Computing

• Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization [download via ieee.org]

• Using LDGM Codes and Sparse Syndromes to Achieve Digital Signatures

• A Whitelist-based Countermeasure Scheme Using a Bloom Filter Against SIP Flooding Attacks

Reports / Theses

• Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet [Molly Sauter, MIT]

• Electrical Grid Vulnerability: Industry Responses Reveal Security Gaps [download via house.gov]

• IP Commission Report [Commission on the Theft of American Intellectual Property]

• The Global Cyber Game [Defence Academy of the United Kingdom]

• PlugX “Malware Factory” Celebrates CVE-2012-0158 Anniversary with Version 6.0 [download via Sophos]

• Safe: A Targeted Threat [download via Trend Micro]

• Unveiling an Indian Cyberattack Infrastructure [Norman]

May 17, 2013

News

• £7.5m Funding Boost for UK Cybersecurity PhDs

• 8 Charged in Connection with High-tech $45m Bank Heist

• Bloomberg ‘Leaked Over 10,000 Private Messages’

• Concerns Arise on U.S. Effort to Allow Internet ‘Wiretaps’

• FBI Promises More Cooperation with Banks During DDoS Investigations

• Indian Malware Campaign Targets Pakistan

• Four Lulzsec Hackers Sentenced in UK

• ‘Lame’ Mac Malware Successful in Spearphishing

• Obama Administration Secretly Obtains Phone Records of AP Journalists

• PlayStation Hack Suspect Avoids Prosecution by Smashing Hard Drives

• Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?

• SSNs, Other Personal Data Stolen from Washington State Courts

• US: Cyberattacks Against Corporations Increasing

Journal articles

• Amazon Cloud Drive Forensic Analysis

• Auditing for Distributed Storage Systems

• Brute Force Searching, the Typical Set and Guesswork

• Cryptography Challenges for Computational Privacy in Public Clouds [more from Cryptology ePrint Archive]

• Fast Feature Reduction in Intrusion Detection Datasets

• A Framework for Prototyping and Testing Data-Only Rootkit Attacks

• A High Performance Peer to Cloud and Peer Model Augmented with Hierarchical Secure Communications

• On-scene Triage Open Source Forensic Tool Chests: Are They Effective?

• Physical-Layer Security in Distributed Wireless Networks Using Matching Theory [Request]

• Preventing Phishing Attacks Using One Time Password and User Machine Identification
• A Review of Cyber Threats and Defence Approaches in Emergency Management

• Secret Key Extraction from Wireless Signal Strength in Real Environments

• TCloud: A Dynamic Framework and Policies for Access Control across Multiple Domains in Cloud Computing

• Visualization-based Policy Analysis for SELinux: Framework and User Study [Request]

• New issue – Computer Law & Security Report  [selected articles below]
  • Location and Tracking of Mobile Devices: Überveillance Stalks the Streets
  • Cyber Terrorism: The Need for a Global Response to a Multi-jurisdictional Crime
  • The Challenge and Imperative of Private Sector Cybersecurity: An International Comparison

• New issue – Security & Communication Networks [request full text – selected articles below]
  • Digital Evidence Collection for Web Image Access
  • Comparative Study of Trust and Reputation Systems for Wireless Sensor Networks

Reports / Testimony

• CALEA II: Risks of Wiretap Modifications to Endpoints [download via Center for Democracy & Technology]

• Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection [Microsoft Research]

• Guide to Industrial Control Systems (ICS) Security, Revision 1 [NIST]

• Mobile Threat Report, January – March 2013 [F-Secure]

• Public Draft: Stronger Consumer Authentication [Google]

• PushDo Evolves Again: Enhances Evasion with Domain Generation Algorithm [Damballa]

• SANS – new papers:
  • Event Monitoring and Incident Response
  • Dead Linux Machines Do Tell Tales
  • Setting Up a Database Security Logging and Monitoring Program
  • Managing the Implementation of a BYOD Policy

• Software Assurance Competency Model [Carnegie Mellon]

• [Statement of FBI Director Robert Mueller RE: FBI FY 2013 Budget Request Before Senate Appropriations Committee]

May 10, 2013

News

• $45 Million Stolen in Global Bank Heist After Hack

• Apple Deluged by Police Requests to Decrypt iPhones

• Attacks on DC-area Media Show Rise of Mass Compromises

• UK Defense Contractor Pwned for Years by Chinese Hackers

• DOJ: We Don’t Need Warrants for Email, Facebook

• Dutch Government Hit by DDoS Attacks

• Former FBI Counterterror Agent Claims all US Phone Calls Recorded, Stored

• German Court Orders Apple to Change Privacy Rules

• German Journalists Uncover Widespread SCADA Vulnerability

• Germany Backs Away from Using Malware on its Citizens

• IE Zero Day Used in Department of Labor Attack

• IE Zero Day Attack on US Nuclear Researchers Spreads

• Infosec 2013: A Review

• India Claims Government Monitoring of All Domestic Web Traffic

• Judge Allows Evidence from FBI Spoofed Cell Tower

• Living Social Hack: Big Data Makes a Big Target

• Name.com Suffers Breach

• Nordstrom Tracking Customers via WiFi Sniffing

• Pentagon: China Hacking Government Networks

• Researchers Hack Google Office Building

• Senators to Push Cybercrime Bill

• Spamhaus DDoS Suspect Extradited to Netherlands

• Syria Returns to Internet After 20 Hour Blackout

• US Cyberwar Strategy Stokes Fears of Blowback

• US Weighs Universal, Warrantless Web Surveillance

Journal articles

• Accurate Modeling of Modbus/TCP for Intrusion Detection in SCADA Systems

• Building Secure Critical Infrastructures

• A Comprehensive Study of Queue Management as a DoS Counter-measure [Request]

• C²Detector: A Covert Channel Detection Framework in Cloud Computing [Request]

• Cross-site Scripting Attacks on Android WebView

• DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks

• Firmware Modification Attacks on Programmable Logic Controllers

• Honeywords: Making Password Cracking Detectable

• Jonesing for a Privacy Mandate, Getting a Technology Fix

• Knowledge and Security

• Off-Path Hacking: The Illusion of Challenge-Response Authentication

• Per-se Privacy Preserving Distributed Optimization

 

• New issue – IEEE Transactions on Dependable & Secure Computing

Reports

• Latin American and Caribbean Cybersecurity Trends and Government Responses [Trend Micro / Organization of American States]

• Remaking American Security: Supply Chain Vulnerabilities & National Security Risks Across the U.S. Defense Industrial Base [Alliance for American Manufacturing / Summary]

• Security and Privacy Controls for Federal Information Systems and Organizations, 4th revision [NIST]

• Snapchat Unveiled: An Examination of Snapchat on Android Devices [Decipher Forensics]