If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be quite a few meetups this past week. Did you get to attend any of them?

• RT @Shpantzer: TWEETUP!!! Toodlu to @Shrdlu Friday at 5:30pm at Hama Sushi in Herndon. Be there http://twtvite.com/wg0r0n #meet #
• Reminder: ISSA DC Meetup @ Tue Feb 16 6:30pm – 8pm (NovaInfosecPortal.com Calendar) #
• RT @issa_dc Dangers of Web App Vulns by @jack_mannino. February 16, 2010 6:30 PM at GWU. http://bit.ly/bgkd1B via(@bvPredator) #
• Reminder: InfraGard NCMA Meetup @ Wed Feb 17 12pm – 3pm (NovaInfosecPortal.com Calendar) #
• Reminder: ISSA NoVA Meetup @ Thu Feb 18 5:30pm – 8:30pm (NovaInfosecPortal.com Calendar) #

There’s also some upcoming meetups for those of you who are interested.

• RT @cyberhiker HacDC Lightning Talks: Feb 23 7:30 – 9:30 http://bit.ly/cm9k8z #meet #
• RT @DojoSec: Next DojoSec Meetup will be March 4th 7-9pm at Howl Baltimore http://bit.ly/cbXQOe, no talks just fun! #meet #
• Get ready for upcoming NovaHackers #meet s.. Luncheon on 2/25 and Dinner on 3/8. #
• Just noticed NoVA Hackers posted their official announcement on upcoming 2/25 luncheon. More info at http://bit.ly/cvSCh3. #meet #
• And here is the NoVA Hackers announcement of the March dinner on 3/8. http://bit.ly/9WdrWr #meet #
• CALENDAR UPD: ISSA NoVA Meetup http://bit.ly/cVCFXC http://j.mp/nispcal #
• CALENDAR UPD: NoVA Hackers Association Meetup http://bit.ly/9hp7Hp http://j.mp/nispcal #
• CALENDAR UPD: DojoSec Meetup http://bit.ly/dCRnC3 http://j.mp/nispcal #
• CALENDAR UPD: NoVA Hackers Association Meetup http://bit.ly/bQknzG http://j.mp/nispcal #
• #meet RT @baltimorenode: Arduino Workshop p1: Learn 2 Solder 2/27 @ 1pm. Build @adafruit Protoshield! http://bit.ly/bZv69d #
• RT @charmsec: Call for Papers for #charmsec 25 is officially open. B rdy 2/25. Format: Whoever U can get 2 listen.. #meet #
• RT @DojoSec Next DojoSec Meetup will be March 4th 7-9pm at Howl Baltimore http://j.mp/cbXQOe #meet #

Not many upcoming cons however the dust is still settling from ShmooCon.

• All but 1st 15 mins. RT @packetwerks: #Shmoocon video online: The New World of SmartPhone Security http://bit.ly/aFKfQo #
• RT @mubix @SocialMediaSec: Social Media Security Podcast 10 #Shmoocon, Geo-Location, Social Media Policies,.. http://bit.ly/bnvP3K #
• One of the most complete wrap-up articles re #shmoocon I’ve seen. http://bit.ly/boD4Xz #
• #shmoocon preso follow-up. RT @pauldotcom Win file pseudonyms in action: “Not A CON, Its A Backdoor!” http://is.gd/8uPc7 (Blog post.. #
• 2nd 4 Firetalkers. Just link 2 deck on UR site is preferred. RT @shmoocon: #ShmooCon Speakers – Send UR slides 2 Heidi if U haven’t. #
• Mmm? Last upd was 2/4. Anyway. RT @shmoocon: #ShmooCon News Upd incl donation totals & lost/found items at http://bit.ly/ccd4FC. #
• RT @dallendoug @secureideas Friendly Traitor: R S/W Wants 2 Kill Us fr #ShmooCon w/ @mike_poor & @meeas at http://bit.ly/bYyFIA #
• This should keep everyone entertained. RT @pauldotcom: Shmoo 2010 Podcaster Meetup Audio: http://bit.ly/babiSO #
• RT @mckeay RT @jack_daniel: WooHoo, thx 2 @spacerog & @ThisIsHNN – #Shmoobus Doc/mock-umentary is up at: http://www.hackernews.com #

For those of you that don’t know, we have some pretty awesome local infosec bloggers. You can check out some of their articles below.

• #NOVABLOGGER: Quartz Composer Webcam Audio Visualizer Video Demos Available http://bit.ly/cjDa77 http://j.mp/nispblog #
• #NOVABLOGGER: Get the Divers Out of the Water http://bit.ly/bVk2TH http://j.mp/nispblog #
• #NOVABLOGGER: Google Buzz, Privacy, and You http://bit.ly/btCk6R http://j.mp/nispblog #
• #NOVABLOGGER: FIPS and why everyone cares http://bit.ly/9Z5eSv http://j.mp/nispblog #
• #NOVABLOGGER: Uninspired http://bit.ly/9hfgqr http://j.mp/nispblog #
• #NOVABLOGGER: 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Released http://bit.ly/crS6YH http://j.mp/nispblog #
• #NOVABLOGGER: ISSA DC http://bit.ly/d1dEw0 http://j.mp/nispblog #
• #NOVABLOGGER: Quartz Composer Webcam Audio Visualizer Video Demos Available http://bit.ly/d94nkq http://j.mp/nispblog #
• #NOVABLOGGER: Please Rob Me http://bit.ly/9b8h58 http://j.mp/nispblog #
• #NOVABLOGGER Max Ray Butler Sentenced (Again) http://bit.ly/bGe9oa http://j.mp/nispblog #
• #NOVABLOGGER Answers Regarding Military Service http://bit.ly/c4ohI6 http://j.mp/nispblog #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-02-11 http://bit.ly/a2xycG #
• BLOGGED: Where You Want to Be This Week for 2010-02-15 http://bit.ly/9tSO7e #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/a2a0YD #

There were lots of interesting tools and learning opportunities mentioned as well.

• Interesting. RT @cktricky RT @pentestit: Web Security Dojo : Web Application Security pen testing http://digg.com/u1N7mD #edu #
• Hack This Site: Saw on NovaHackers list. Good if you have some down time. http://bit.ly/cN1rrS #edu #
• + Webgoat, Mutillidae & DVWA. C Broken WebApps proj & Moth 4 more. 4 OSs: De-Ice, pWnOS, & DVL. Need 2 add 2 #edu pg http://bit.ly/nispedu #
• Agreed, this is a great tool. RT @StrongwaterSec: non-techsavvy family/friends.. Secunia PSI http://bit.ly/ajMzaS free 4 personal use #
• Nice tool fr @sans_isc; searches NIST whitelist hash db. Per @StrongwaterSec “App Whitelisting almst there..” http://bit.ly/94×4V3 #
• Good 2 know. RT @StrongwaterSec: RT @it_audit: IT Audit: Microsoft .NET Best Practice Coding Practices: http://bit.ly/co61o6 #
• RT @FSU_IT_Security: .. Mac .. guides to strengthen default sec settings.. http://bit.ly/bUA4xk via(@IBMFedCyber) #
• Nice. #edu RT @mubix: {links} Web App Sec Pro’s Daily Crossword http://bit.ly/azSPPN #
• Nice! #edu RT @IBMFedCyber: RT @lbhuston: Is there a good vulnerable ASP demo app? – you can use ours: http://bit.ly/ct8Th1 #
• Have fun! #edu RT @sans_isc New Honeynet Project Forensics Challenge http://j.mp/9C2N6f (via @jclausing) #
• Saw post a/b new Live Hacking CD on PDC list. Anyone familiar with it? http://bit.ly/9yFmQ7 #

And what’s going on with this whole Google Buzz thing?

• RT @dallendoug @bvPredator @TimelessP Epic Google Buzz #fail “…linked to [her] actual physical safety…” http://bit.ly/cMVx2o #
• I 2nd that! RT @danphilpott: The Buzz on Google is that it is not having a good day. http://bit.ly/bB2bny http://bit.ly/bfD6wl #
• RT @dallendoug @stevewerby: Had enough of Google Buzz? Don’t just click “turn off buzz”. Do it right. @gattaca did. http://bit.ly/b6AL7j #
• More Buzz problems. RT @regsecurity Google Buzz bug exposes user geo location http://bit.ly/dmRw2p #
• Sweet! RT @jack_mannino: RT @jeremiahg “Google may have broken wiretap law” via the Buzz privacy gaffe http://bit.ly/aDRyOR #

Cyber Shockwave also took place this week. So are we ready?

• Is that a pic fr War Games? RT @jaysonstreet “Fake Cyber Terrorist Attack Will Get Real Gov Response Next Week” http://bit.ly/9n0LhO #
• RT @IBMFedCyber: R U going 2 keep track of Cyber Shockwave? http://bit.ly/cyBKWV – Curious 2 see how real simulation can be… #
• Cyber Shockwave site. I love the countdown timer. http://bit.ly/clw6Np #
• Set the TiVo! RT @ThisIsHNN @BPC_Bipartisan: CNN will b airing Cyber ShockWave 2/20-21 at 8pm and 11pm EST. #
• RT @IBMFedCyber Cyber ShockWave simulation: Smartphone malware, gas line physical attack,.. cocktail for disaster: http://bit.ly/cosj2V #
• RT @ThisIsHNN: RT @rob_t_firefly Result of @BPC_Bipartisan’s #cybershockwave: bit.ly/9Ts5TR – @ThisIsHNN calling it: http://bit.ly/9u5OZJ #
• “U.S. flunks simulated cyberattack response test” M/b this’ll get someone’s attention. http://bit.ly/ckLWd0 #

You can also keep yourself busy with these other interesting newsbites:

• RT @DarkReading: Virtualization vulns are up & coming: http://bit.ly/9VZHdz <- Agree #
• RT @danphilpott: Interesting new web site, FISMAControls.com has opened up. Looks useful for Federal IA folks: http://bit.ly/bP5EHu #
• RT @danphilpott NetworkWorld has a good article introducing Einstein 2 and discussing its deployment status: http://bit.ly/9FC891 #
• Whoa! RT @briankrebs RT @kdawson: BSoD after Win security upd happens only on machines w/ pre-existing rootkit. http://is.gd/8ewEs #
• Interesting. RT @InfosecCareer: DISA 2 Create so-called DMZ to Reduce Exposure to Attacks http://bit.ly/ddNmff #
• Nice. RT @taosecurity: Great post by F-Secure on con organizers who use social eng techniques out of ignorance http://bit.ly/bVlOKe #
• RT @cyberwar in 2010, using Einstein II, US Fed will b caught up w/ industry circa 1999. http://tinyurl.com/yabzuyz #
• Worst pw practices w/ nice graphic. Uses Gmail’s pw strength meter w/ worst passwords fr recent report. http://bit.ly/cAxEi1 #
• Rogue AV comes w/ tech support. Yeah, click button & someone chat w/ U 2 answer questions a/b product. http://bit.ly/b7JSag #
• Nice analysis fr Symantec re recent BSoD caused by MS10-015 w/ existing rootkit. + cleaning instructs. http://bit.ly/byWc57 #
• Got some spare invest cash or looking 4 new job? These 5 cyber defense vendors could b poised 2 launch in ‘10. http://bit.ly/aMLhzx #
• RT @DrInfoSec: 5 Reasons Your Sec Program is a Failure (by @DaveShackleford) http://bit.ly/8YfiHG [good pts] <- Agreed. Like last 1. #
• And finally .. Sir Bruce’s most recent Crypto-Gram.. http://bit.ly/clWo4k. #
• WTF? RT @regsecurity Apple bans iPhone hackers from App Store http://bit.ly/cz1whe #
• What is responsible disclosure.. RT @DarkReading Controversy over Oracle zero-day vulnerability disclosure: http://j.mp/9txMSu #
• Interesting developments. RT @GovInfoSecurity SANS, Mitre-Led Group Proposes Suits Over Faulty Code.. http://bit.ly/cLlBAK #
• Well so much for in good areas. “Report: 71% of Malware-Related Sites are Legitimate” http://bit.ly/9rk08B via(@jaysonstreet) #
• “..an “app store” for the common user.” Nice! Opinion: Alice’s adventures in cyberland http://bit.ly/cVzNF0 via @sharethis @krvw #
• Here we go again.. New SANS/CWE Top 25 online at http://bit.ly/dpivOj via(@rgaucher) #
• I like this idea. Storms Show Need 4 Telework Policy. Navy CIO rushes home .. to beat blizzard.. http://bit.ly/atSWNM via(@GovInfoSecurity) #
• Interesting. Core integrates its commercial pen test product w/ open-source Metasploit tool: http://bit.ly/cRQ2xu via(@DarkReading) #
• M/b this’ll help sec overall.. RT @DarkReading DoD to issue stronger security guidelines for its vendors: http://bit.ly/ch2BwP #
• Come on .. ATT. RT @DrInfoSec @MarkSilver Yipee! Verizon Swallows Hard & Embraces Skype http://tcrn.ch/avZxYn #skype AT&T to follow? #
• Got 4 mins. Checkout this months’ report. RT @VRT_Sourcefire February 2010 Vulnerability Report http://bit.ly/bziQnS #
• RT @bobgourley Beer is good. Sky is blue. Water is wet. Taxes R high & US not rdy 4 cyber conflict http://j.mp/9m19ki #cybershockwave #
• B careful what you post. RT @IBMFedCyber: R we asking 2 b robbed? http://bit.ly/buCRuD – Social media is opening our unwatched homes.. #
• Story about Proj Quant for DB security. Provides way to measure it. Nice. http://bit.ly/brqYQG #
• Interesting. Anyway, new DARPA RFP. RT @jaysonstreet: “Echelon computers can’t cope with bad lines” http://bit.ly/9VKYDO #
• Interesting read on unintended consequences fr @Shpantzer. “Do Electric Car Makers Hate Blind Pedestrians?” http://bit.ly/a5YS1g #
• Well at least this is a step in the right direction. “Facebook tightens privacy on third-party programs” http://bit.ly/aMvaF4 #
• Interesting what you can learn from picking up discarded ATM receipts. http://bit.ly/bm2Ab1 #
• RT @jack_mannino @jeremiahg Put tape on cam pple! “School used laptop webcams 2 spy . at school/home” http://bit.ly/90LEZl #
• Watch out 4 FlashGot Firefox plug-in. Story a/b how latest vs includ spyware (not too malicous but still). http://bit.ly/cf5zBG #
• France 2 play big bro. <shakes head> RT @DrInfoSec: French gov 2 use malware? http://bit.ly/bfBx2Q [lower house approves draft bill] #
• RT @danphilpott: NIST announced SP 800-37 Rev1 Guide 4 Applying Risk Management Framework 4 Fed Info Systems will b released 2/22. #
• RT @cyberwar: Breaking. NYT Markoff says researchers tracing Google hacks to China http://nyti.ms/bX5Jda #
• Sweet, new cool acronym 2 scare ppl w/ – MITB. RT @briankrebs @FireEye Man In The Browser Attacks http://bit.ly/b6GXWK #

And in closing, I also noticed a few job opportunities and career advice.

• Pseudo local #job. RT @pauldotcom @RonGula: #infosec #jobs Tenable seeking sales eng 4 VA/MD/OH region. http://bit.ly/dn9cy0 #
• Networking for career success in infosec (by @LJKush & @mmurray) http://bit.ly/9CjZ59 [I use Twitter!] via(@DrInfoSec) #
• #job RT @oneeyedcarmen: DC/Baltimore area @securitytwits – Looking for FISMA C&A monkeys. DM me. /via @charmsec #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

Tags: digest, grecs, twitter

This entry was posted on February 19, 2010 at 1:00 pm and is filed under NoVA Email Lists/Networking. You can follow any responses to this entry through the RSS 2.0 feed.