Grecs’ Weekly Infosec Ramblings for 2009-12-10

If you’re not already following the NovaInfosec Twits and are wondering where to get the best tweets about security in the NoVA, DC, and MD area, look no further than this post.

Posted every Friday, our “Infosec Ramblings” post takes the best security tweets from the past week and puts them into one easy to digest post.

If you don’t want to wait an entire week to read the best security tweets, be sure to stop by @grecs or learn more about the NovaInfosec Twits.

There seemed to be quite a few meetups and conferences this past week. Did you get to attend any of them?

• Woohoo! #mtg RT @owaspdc: Next #OWASPDC Meeting is next Wednesday, December 9th! http://ow.ly/IFIe #
• Passing along.. #con RT @electricfork: SANS incident detection summit is this week. who else is going? #SansIDS #
• RT > @abachman: Baltimore Node, Thur Open Hack (free – open), 7PM. Come jam out with http://love2d.org & http://flixel.org. #mtg #
• RT @baltimorenode: Bi-Weekly #mtg 2night 7:30pm. Come help @mehuman unload literal car load of tools & new toys fr his car. #
• RT @mschafer RT @kjhiggins: Today’s the day: Black Hat & Dark Reading’s big virtual event. http://bit.ly/8IBuP7 (and it’s free) #

If you don’t have time to make it to any of the above events, why not start planning for ShmooCon?

• SHMOOCON 2ND ROUND TALKS: They released the second round of speakers today. Congrats to everyone. http://ow.ly/JGgU #
• This’ll b interesting. RT @mubix The TF2 cheater tournament at Shmoocon is sort of like CanSecWest Pwn2own in reverse. #

There were also a few job opportunities announced.

• Potential new #job opp. RT @pmhesse: I think we’re going to be hiring again soon. Anyone want to come work at @geminisecurity? #
• Interesting #job. RT @danphilpott: Here’s position at DIA: Chief, Office of Cyberthreat Analysis – http://bit.ly/7PSORM #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their posts below.

• RT @taosecurity: Who needs stnds? Let 100 flowers blossom http://bit.ly/5TBzi0 as long as U test resistance 2 blue/red assess. #novablogger #
• RT @carnal0wnage: [Blog Spam] Digging into SSL Cipher Checking http://bit.ly/6OAwmF #novablogger #
• RT @falconsview: new blog post “Creating Epic Fail Conditions: PCI and Best Practices” http://bit.ly/8Dhi9u #novablogger #
• RT @falconsview: my first Foreground Security blog post: “Embrace Murphy’s Law” http://bit.ly/5VgEnc #novablogger #
• MOVING ON: @cktricky finished 2 yr proj & is looking 4 new opp. What does any good #novablogger do? Blog about it! http://ow.ly/JGjM #
• RISK ACCEPTANCE: @wade is back in action with new post on what happens to those that accept risk. http://ow.ly/JX7h #novablogger #
• Nice topic to consider. RT @geminisecurity: New blog post: Staying PCI DSS Compliant http://ow.ly/K1ub #novablogger #
• COST OF GOOGLE DNS: @geminisecurity has post on Google’s new DNS service. Privacy concerns any1? http://j.mp/7ZU5kd #novablogger #
• RT @room362 {blog} Metasploit with Ruby 1.9.1 http://bit.ly/727b7q #novablogger #
• RT @danphilpott Looks like @rybolov shared thoughts on tailoring 800-53r3 ctrls & compliance foibles http://bit.ly/8vADM6 #novablogger #
• RT @falconsview: New blog post: “How Not To Talk To Customers” http://bit.ly/8MRmmK #novablogger #
• What do Target & IS have in common? RT @falconsview: Blog post: “Quick Security Lessons Fr Target” http://bit.ly/6eNYKL #novablogger #
• RT @mubix: Replaced my video w/ short shell script (U don’t even need that, it’s that simple): http://bit.ly/5qV04T #novablogger #
• Links to several vids he’s done. RT @room362: {links} Whiteboarding with Mubix http://bit.ly/65LBhi #novablogger #
• Lol, initially read that as “waterboarding”. #novablogger RT @room362: {links} Whiteboarding with Mubix http://bit.ly/8zDBEL #
• RT @room362: {blog} Metasploit with Ruby 1.9.1: UPDATE: if U don’t mk some additional steps,.. http://bit.ly/4ZrbgV #novablogger #
• WIRELESS PROBS & FREEBSD: I’ll let U guess who wrote this one. http://ow.ly/KNAu #novablogger #
• STATIC ANALYSIS 2 0-DAY VID: @marcusjcarey puts out a good vid featuring Jeremy Brown. http://ow.ly/KNCg #novablogger #
• LOLCATS & SCHMIDT: Thought alrdy posted but can’t find. Anyway @rybolov must b feeling guilty. http://ow.ly/KNN2 #novablogger #
• DIRCHEX HELP: Just in case having probs with this on BT4, here’s some help from @cktricky. http://ow.ly/KNPq #novablogger #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://ow.ly/166DzK #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2009-12-03 http://ow.ly/IGqT #
• BLOGGED: Where You Want to Be This Week for 2009-12-07 http://ow.ly/167atf #
• BLOGGED: Upcoming Conferences for December, January, February http://ow.ly/167ath #

A few interesting iPhone apps got released this week.

• Push notification 4 mentions/DMs! RT @angelinaward SimplyTweet for the iPhone is free today at the app store! http://ow.ly/Jv99 #
• Requires at least 3.1. Drats. RT @angelinaward SimplyTweet for the iPhone is free today at the app store! http://ow.ly/Jv99 #
• MARK THE SPOT IPHONE APP: This is great. App for the iPhone that allows you to report ATT network probs. http://ow.ly/JGeH #
• VOICE RECOG ON IPHONE: 4 those that haven’t switched, this looks 2 b interesting. It’s fr Dragon & is currently free. http://ow.ly/Kk4I #
• Recognition isn’t done on iPhone though. It’s transferred to their servers & then pushed back. Still only took 1 to 5s according to story. #
• They just need a send to Twitter button. #

You can also keep yourself busy with these interesting newsbites:

• RT @regsecurity Zero-day IE fix stars in last Patch Tuesday of the decade http://bit.ly/66bKNd #
• SPYPHONE: Even if don’t jailbreak, U could still run into probs. Doesn’t seem 2 b protections b/t apps. http://ow.ly/J1R8 #
• CREATE SECURE PASSWORD W/ MP3?: Just hashing song & using 1st 8 chars. Could add own secret. Been done before. http://ow.ly/J1St #
• 25 FUNNY WIFI NETWORK NAMES: Saw 1 of these earlier this week but here is a whole list. Next 2 last 1 is good. http://ow.ly/J1Uh #
• FAVORITE HACKERS: Saw 1 of these lists for all time hackers but this 1 focuses on more recent ones. http://ow.ly/J1VZ #
• Phishers R getting good + awesome article title. RT @briankrebs Phishers angling 4 Web site admins http://bit.ly/7cuT6F #
• Awesome .. 4 pen testers. Hope no1 abuses it. RT @regsecurity: Service cracks wireless passwords fr cloud http://bit.ly/8AhGkv #
• AUTOMATED DOSSIERS: MS research project tries 2 create auto bios of any1 U want 2 search on. Privacy concerns? http://ow.ly/JGUr #
• Good article on hacking VoIP. Warning – TV show refs. RT @CSOonline: Hacking The Human Network http://bit.ly/92gwMF #
• Facebook got Twitter envy? Diff is all my personal info isn’t exposed there. RT @regsecurity: FB urges public exposure http://bit.ly/8aEK4D #
• More FB considerations. RT @mubix: RT @agent0x0: [blog] New Facebook Privacy Settings: For Better or For Worse? http://bit.ly/5Hqj3d #
• They have search term linked so U can test. RT @regsecurity: Potent malware link infects 300,000 webpages http://bit.ly/8LKSOE #
• Sweet! RT @mubix: SHODAN now accepts boolean operators! (Use + and -) http://bit.ly/8osPGR /via @theprez98 #

And if news isn’t your thing, some interesting reports were released this week.

• Tis the season .. for reports. RT @DrInfoSec: Cisco 2009 Annual Security Report is now out http://bit.ly/Qw2PY #
• And here’s a writeup of it. RT @CSOonline: Social Network & Banking Scams R on Rise.. http://bit.ly/70C5XX #
• Always a good watch. RT @VRT_Sourcefire: December 2009 Vulnerability Report http://bit.ly/4L8iFk #
• TREND MICRO FORECASTS THREATS: Cloud computing, virtualization, social engineering,.. #2010predictions http://ow.ly/KJWf #

As usual, lots of federal government activity…

• RT @danphilpott Initial work on OWASP NIST SP 800-37r1 draft review project is progressing nicely: http://bit.ly/62QcUu #
• RT @danphilpott: OMB Requesting Comments on Metrics for Annual FISMA Reporting by Federal Agencies http://bit.ly/4cyxoU#dec8 #
• Yes it will. RT @danphilpott: OMB has rel M-10-06 Open Gov Directive 2day, this 1 will shake things up: http://bit.ly/6V37q9 (PDF) #
• No John Stewart 2nite. I’m watchin Aneesh & Vivek. Seriously, looks good. RT @danphilpott: Vid of WH Q&A on OpenGov Dir http://bit.ly/6FGeZz #
• NATIONAL DATA BREACH NOTIFICATION: A bill passed in the House. Would trump all existing state laws. http://ow.ly/KK0n #

And Google was talked about lot this week…

• RT @moranned RT @security4all: Some thoughts on Google DNS by OpenDNS people http://j.mp/7bFsyn #
• GOOGLE DNS: Of course how could I have not mentioned this. Is speed & security their real motive? http://ow.ly/J20x #
• MORE GOOGLE DNS: Good and lengthy article from CNET. http://ow.ly/J22e #
• GOOGLE REALTIME SEARCH: Hopefully this works better than Twitter’s search that cuts off after a week or so. http://ow.ly/JF2Q #
• Article on Google’s new real-time search. http://ow.ly/JGi7 #

And in closing, who could forget the tweets of the week?

• RT @danphilpott When you need good encryption never depend on ROT13. Always use ROT26. #totw #
• Lol. #totw RT @danphilpott: I wonder why when people put computers on the cloud they don’t fall straight through. #
• This was awesome. RT @dallendoug .@rybolov just invented a new verb: “unNISTify” #

Well, that’s all for this week. Be sure to follow us @grecs for more great tweets during the week!

No related posts.

Tags: digest, grecs, twitter