Data Security News
Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !
-InfoSec News: Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !: Forwarded from: noreply (at) crypto.cs.stonybrook.edu
2011 ACM Cloud Computing Security Workshop (CCSW) at CCS
October 21, 2011, SWISSOTEL Chicago
Dear Colleagues,
CCSW is back! The past workshops were a tremendous success, with over
Unfollowed: How a (Possible) Social Network Spy Came Undone
-
US-Russian dictionary defines cyber war, other concepts
-
By William Jackson
GCN.com
April 28, 2011
It is all very well to talk about cyberspace and cybersecurity, but what
do they mean, exactly?
A U.S.-Russian effort is proposing common definitions.
ICANN taps DefCon founder for top security spot
-
By Shaun Nichols
V3.co.uk
29 Apr 2011
The Internet Corporation for Assigned Names and Numbers (ICANN) has
named Jeff Moss as its new chief security officer.
A security expert and respected member of the hacking community, Moss is
best known for his roles in founding the DefCon and Black Hat security
conferences. He has also worked in advisory positions for the US
Department of Homeland Security.
The appointment of Moss will bring to ICANN a security head who is
well-versed in the attitudes and techniques which have driven research
in both security intrusions and detections in recent years.
The hiring also comes at a time when ICANN and other internet governance
groups are working to roll out security measures such as DNSSEC.
Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools
-
By kirotv.com Webstaff
April 28, 2011
SEATTLE -- Someone has stolen teacher passwords and changed grades in a
Seattle Public Schools computer system, the district said in an email to
teachers obtained Thursday by KIRO 7 Eyewitness News.
[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)
-InfoSec News: [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011): Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com>
Apologies for multiple copies of this announcement.
The annual ACM Computer and Communications Security Conference is a
leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas and
results, and to exchange techniques, tools, and experiences. The
conference seeks submissions from academia, government, and industry
presenting novel research on all practical and theoretical aspects of
computer and communications security. Papers should have relevance to
the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make a convincing argument for the
practical significance of the results. All topic areas related to
computer and communications security are of interest and in scope.
Accepted papers will be published by ACM Press in the conference
proceedings. Outstanding papers will be invited for possible publication
in a special issue of the ACM Transactions on Information and System
Security.
Paper Submission Process
Submissions must be made by the deadline of May 6, 2011, through the
website:
The review process will be carried out in two phases and authors will
have an opportunity to comment on the first-phase reviews. Authors will
be notified of the first-phase reviews on Monday, June 20, 2011 and can
send back their comments by Thursday, June 23, 2011.
Submitted papers must not substantially overlap papers that have been
published or that are simultaneously submitted to a journal, conference
or workshop. Simultaneous submission of the same work is not allowed.
Authors of accepted papers must guarantee that their papers will be
presented at the conference.
Paper Format
Submissions must be at most 10 pages in double-column ACM format (note:
pages must be numbered) excluding the bibliography and well-marked
appendices, and at most 12 pages overall. Submissions must NOT be
anonymized. Only PDF or Postscript files will be accepted. Submissions
not meeting these guidelines risk rejection without consideration of
their merits.
Tutorial Submissions
Proposals for long (3-hour) and short (1.5-hour) tutorials on research
topics of current and emerging interest should be submitted
electronically to the tutorials chair by May 24, 2011. The guidelines
for tutorial proposals can be found on the website.
Important Dates
- Paper submission due: Friday, May 6, 2011 (23:59 UTC - 11)
- First round reviews communicated to authors: Monday, June 20, 2011
- Author comments due on: Thursday, June 23, 2011 (23:59 UTC - 11)
- Acceptance notification: Friday, July 15, 2011
- Final papers due: Thursday, August 11, 2011
GENERAL CHAIR:
Yan Chen (Northwestern University, USA)
PROGRAM CHAIRS:
George Danezis (Microsoft Research, UK)
Vitaly Shmatikov (University of Texas at Austin, USA)
PROGRAM COMMITTEE:
Michael Backes (Saarland University and MPI-SWS, Germany)
Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France)
Dan Boneh (Stanford University, USA)
Nikita Borisov (University of Illinois at Urbana-Champaign, USA)
Herbert Bos (VU, Netherlands)
Srdjan Capkun (ETHZ, Switzerland)
Avik Chaudhuri (Adobe Advanced Technology Labs, USA)
Shuo Chen (Microsoft Research, USA)
Manuel Costa (Microsoft Research, UK)
Anupam Datta (CMU, USA)
Stephanie Delaune (CNRS and ENS-Cachan, France)
Roger Dingledine (The Tor Project, USA)
Orr Dunkelman (University of Haifa and Weizmann Institute, Israel)
Ulfar Erlingsson (Google, USA)
Nick Feamster (Georgia Tech, USA)
Bryan Ford (Yale University, USA)
Cedric Fournet (Microsoft Research, UK)
Paul Francis (MPI-SWS, Germany)
Michael Freedman (Princeton University, USA)
Guofei Gu (Texas A&M University, USA)
Nicholas Hopper (University of Minnesota, USA)
Collin Jackson (CMU Silicon Valley, USA)
Markus Jakobsson (Paypal, USA)
Jaeyeon Jung (Intel Labs Seattle, USA)
Apu Kapadia (Indiana University Bloomington, USA)
Jonathan Katz (University of Maryland, USA)
Stefan Katzenbeisser (TU Darmstadt, Germany)
Arvind Krishnamurthy (University of Washington, USA)
Christopher Kruegel (University of California, Santa Barbara, USA)
Ralf Kuesters (University of Trier, Germany)
Ninghui Li (Purdue University, USA)
Benjamin Livshits (Microsoft Research, USA)
Heiko Mantel (TU Darmstadt, Germany)
John Mitchell (Stanford University, USA)
Fabian Monrose (University of North Carolina at Chapel Hill, USA)
Steven Murdoch (University of Cambridge, UK)
David Naccache (Ecole Normale Superieure, France)
Arvind Narayanan (Stanford University, USA)
Kenny Paterson (Royal Holloway, University of London, UK)
Niels Provos (Google, USA)
Mike Reiter (University of North Carolina at Chapel Hill, USA)
Thomas Ristenpart (University of Wisconsin, USA)
Hovav Shacham (University of California, San Diego, USA)
Adam Smith (Pennsylvania State University, USA)
Anil Somayaji (Carleton University, Canada)
Francois-Xavier Standaert (UCL, Belgium)
Eran Tromer (Tel Aviv University, Israel)
Leendert Van Doorn (AMD, USA)
Paul Van Oorschot (Carleton University, Canada)
Bogdan Warinschi (University of Bristol, UK)
Brent Waters (University of Texas at Austin, USA)
Robert Watson (University of Cambridge, United Kingdom)
Xiaowei Yang (Duke University, USA)
Haifeng Yu (National University of Singapore, Singapore)
Cyberespionage: US finds FBI agents in elite unit lack necessary skills
-InfoSec News: Cyberespionage: US finds FBI agents in elite unit lack necessary skills: Forwarded from: Justin Lundy <jbl (at) tegataiphoenix.com>
By Mark Clayton
Staff writer
The Christian Science Monitor
April 27, 2011
Many of the Federal Bureau of Investigation's field agents assigned to
an elite cyber investigative unit lack the skills needed to investigate
cases of cyberespionage and other computerized attacks on the US, the
Justice Department inspector general reported Wednesday.
That's a problem because the US is under constant and increasing
cyberattack with 5,499 known intrusions into US government computer
systems in 2008 alone -- a 40 percent jump from 2007, the inspector
general's office found.
Investigating these kinds of cyberespionage attacks falls largely on the
FBI as the lead agency for the National Cyber Investigative Joint Task
force, which also includes representatives from 18 different
intelligence agencies and is assigned to investigate the most difficult
national security intrusions -- those by a foreign power for
intelligence gathering or terrorist purposes.
But in interviews with 36 field agents in 10 of the FBI's 56 field
offices nationwide, 13 agents, or more than a third, "reported that they
lacked the networking and counterintelligence expertise to investigate
national security [computer] intrusion cases." Five of the agents told
investigators "they did not think they were able or qualified" to
investigate such cases, the report said. The inspector general report
does not indicate whether the 36 field agents who were interviewed are a
representative sampling of the FBI’s cyber unit.
Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College
-
By ANDREW SCHOTZ
herald-mail.com
April 27, 2011
Experts Wednesday detailed simple and complex ways to protect computers
Are we talking "cyber war" like the Bush admin talked WMDs?
-
By Matthew Lasar
Ars Technica
April 27, 2011
Turn any corner in the complex metropolis that is Internet policy and
you'll hear about the "cybersecurity" crisis in two nanoseconds.
Oracle hedging its vulnerability reports?
-
By Joab Jackson
IDG News Service
April 27, 2011
Oracle may be subtly misleading customers about the severity of some of
the vulnerabilities found in its database software, according to
PlayStation credit card data was encrypted
-
By Darren Pauli
ZDNet.com.au
April 28th, 2011
Sony has confirmed that the credit card details possibly stolen in a
breach of its PlayStation Network (PSN) were encrypted.
Phone-hacking laws are 'very uneven and unclear'
-
By James Robinson
guardian.co.uk
26 April 2011
The information commissioner has told a powerful group of MPs that
legislation outlawing phone hacking is "very uneven" and "very unclear"
USENIX HotSec '11 Submission Deadline Extended
-InfoSec News: USENIX HotSec '11 Submission Deadline Extended: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
I'm writing to remind you that the submission deadline for the 6th
USENIX Workshop on Hot Topics in Security has been extended.
Please submit all work by 11:59 p.m. EST on May 12, 2011.
HotSec takes a broad view of security and privacy and encompasses
research on new security ideas and problems. Cross-discipline papers
identifying new security problems or exploring approaches not previously
applied to security will be given special consideration. All submissions
should propose new directions of research, advocate non-traditional
approaches, report on noteworthy experience in an emerging area, or
generate lively discussion around an important topic.
Topics of interest include, but are not limited to the following:
* Large-scale threats
* Network security
* Hardware security
* Software security
* Physical security
* Programming languages
* Applied cryptography
* Privacy
* Human-computer interaction
* Emerging computing environment
* Sociology
* Economics
Attendance will be limited to 35-50 participants, with preference given
to the authors of accepted position papers/presentations.
Submission guidelines and more information can be found at
HotSec '11 will take place Tuesday, August 9, 2011, in San Francisco,
CA. It is co-located with the 20th USENIX Security Symposium, which will
take place August 10-12, 2011.
We look forward to your submissions.
Patrick McDaniel, Pennsylvania State University
HotSec '11 Program Chair
hotsec11chair (at) usenix.org
Court order cripples Coreflood botnet, says FBI
-
By Gregg Keizer
Computerworld
April 26, 2011
Although the Federal Bureau of Investigation (FBI) said a federal
temporary restraining order has crippled the Coreflood botnet in the
U.S.
China Implicated In Hacking Of SMB Online Bank Accounts
-
By Kelly Jackson Higgins
Darkreading
April 26, 2011
This time it wasn't an "advanced persistent threat" associated with
Is Iran just seeing Stars?
-
By Robert Lemos
CSO
April 26, 2011
An Iranian official caused a stir Monday, claiming the nation's
cybersecurity experts found another digital attack aimed at the Islamic
country's systems.
Police: Wireless network hacker targeted Seattle-area businesses
-
By LEVI PULKKINEN
SEATTLEPI.COM STAFF
April 19, 2011
Law officers have moved to seize a Seattle man's car they claim was used
in a "wardriving" spree that saw Seattle-area wireless networks hacked
New Workshop: USENIX FOCI '11 Submission Deadline Approaching
-InfoSec News: New Workshop: USENIX FOCI '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
We're writing to remind you that the submission deadline for the first
USENIX Workshop on Free and Open Communications on the Internet (FOCI
'11) is approaching. Please submit your work by May 1, 2011, at 11:59
p.m. PDT.
The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures
-
By Eric Doyle
eWEEK Europe
April 25, 2011
Cyber-attacks are increasing but national infrastructures are
ill-prepared to defend themselves.
DHS chief: What we learned from Stuxnet
-
By Robert McMillan
IDG News Service
April 25, 2011
If there's a lesson to be learned from last year's Stuxnet worm, it's
that the private sector needs to be able to respond quickly to
Phishing: Consumer Education Lacking
-
By Tracy Kitten
Managing Editor
Bank Info Security
April 22, 2011
The Oak Ridge National Laboratory, located in Tennessee, recently
disconnected Internet access after hackers attacked employees at the
federal facility.
2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems
-InfoSec News: 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems: Forwarded from: Marius Minea <marius (at) cs.upt.ro>
CALL FOR PAPERS
[ PDF version at: ]
The Sixth International Conference on
Risks and Security of Internet and Systems
CRiSIS 2011
Timisoara, Romania, 26-28 September 2011
Phishing Attack Hits Oak Ridge National Laboratory
-
By Elizabeth Montalbano
InformationWeek
April 21, 2011
The Department of Energy's Oak Ridge National Laboratory is
investigating a sophisticated phishing attack that forced it to shut
down email and Internet access last week.