Grecs’ Weekly Infosec Ramblings for 2010-03-04

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be quite a few meetups this past week. Did you get to attend any of them?

• Reminder: DojoSec Meetup @ Thu Mar 4 7pm – 9pm (NovaInfosecPortal.com Calendar) #
• Reminder: 2600 Baltimore Meetup @ Fri Mar 5 6pm – 8pm (NovaInfosecPortal.com Calendar) #
• Reminder: 2600 Arlington Meetup @ Fri Mar 5 7pm – 10pm (NovaInfosecPortal.com Calendar) #
• DojoSec Happy Hour Tonight 7-9pm at Howl at the Moon Baltimore http://bit.ly/cbXQOe via(@marcusjcarey) #

There’s also some upcoming meetups for those of you who are interested.

• Sweet! #meet RT @OWASPNoVA: March and April talks announced: http://bit.ly/9aOhIg #
• CALENDAR UPD: OWASP VA Meetup http://bit.ly/a9MOts http://j.mp/nispcal #
• CALENDAR UPD: OWASP VA Meetup http://bit.ly/adAVU6 http://j.mp/nispcal #
• RT @charmsec CharmSec 23 will be March 25th: “CharmSec Roulette.” Don’t get nexted. #meet #
• CALENDAR UPD: CharmSec Meetup http://bit.ly/bMhbGw http://j.mp/nispcal #
• FISSEA #con http://bit.ly/bzvUQV & IBM workshop #meet http://bit.ly/aO7BrN. Thanks to @danphilpott. #
• CALENDAR UPD: ISSA Baltimore Meetup http://bit.ly/9pLMcr http://j.mp/nispcal #

If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences? GovSec seems to be all the rage for March…

• #con RT @GovSecUSLaw Plan your days at GovSec/U.S. Law with our comprehensive eBrochure! http://j.mp/92iCD6 (PDF) #
• RT @rybolov @IsCool: We R starting 2 plan 2010 @PrivacyCampDC. If interested, let me know & join our Google Group http://ow.ly/1blxU #con #
• RT @GovSecUSLaw GovSec excited 2 welcome Steven R. Chabinsky, Deputy Asnt Dir, FBI 2 keynote line-up! http://j.mp/dD71mk #con #
• #con RT @GovSecUSLaw Plan days at GovSec/U.S. Law with R comprehensive eBrochure! http://j.mp/92iCD6 enforcement #GovSec #security #
• RT @GovSecUSLaw Check out some of your colleagues attending. http://j.mp/deIlsA ! Upgrade your reg 2day, call (708)-486-0707. #con #
• RT @GovSecUSLaw Bill Bratton, former NYC/Boston/LA police chief is headlining Domestic Defense Symposium! http://j.mp/9YccP7 #con #
• #con RT @GovSecUSLaw Don’t miss 1st Responder Site Assessment Tabletop Exercise by NSA #GovSec #USLaw http://bit.ly/bEVZtJ #
• #con RT @GovSecUSLaw Homeland Seurity Finance Forum, learn 2 present ur business 2 qualified institutional investors http://bit.ly/amkHFm #
• More *free* stuff at upcoming GovSec #con. http://bit.ly/9PEtN7 #
• GovSec/U.S. Law 2 offer free CISSP Exam Prep Clinic. Spaces limited, register today! #CISSP http://bit.ly/cluZRR via(@GovSecUSLaw) #

ShmooCon is still hitting the news periodically…

• RT @ThisIsHNN: Behind the Firewall #Shmoocon Ep.1 is posted at http://bit.ly/diMGjR #
• Woot! Just in time for #rsac. RT @shmoocon #ShmooCon 2010 videos are online http://j.mp/ccd4FC #
• Latest episode of ‘Behind the Firewall’ – Shmoocon 2010 ][ http://bit.ly/90uT0u via(@ThisIsHNN) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• Want to work with @taosecurity? They're hiring. http://bit.ly/b521eP #novablogger #
• #novablogger.. This just in. Lawful Surveillance. Kind of relates to that whole MS thing. http://bit.ly/9x55pS #
• #NOVABLOGGER: Off Topic: Juried into DCist Exposed 2010, Come out to see March 6 http://bit.ly/a85Jjn http://j.mp/nispblog #
• #NOVABLOGGER: Android (In)Security http://bit.ly/cEMVlb http://j.mp/nispblog #
• #NOVABLOGGER: Class Exercise http://bit.ly/bMSVCl http://j.mp/nispblog #
• #NOVABLOGGER: The End Of Paper http://bit.ly/bruNfJ http://j.mp/nispblog #
• #NOVABLOGGER: Annual ABA ISC+EDDE Meeting After-Report http://bit.ly/bMILvo http://j.mp/nispblog #
• #NOVABLOGGER: CIA Triad http://bit.ly/bn2QDX http://j.mp/nispblog #
• #NOVABLOGGER: Re-orginuzation of site. http://bit.ly/diDu3t http://j.mp/nispblog #
• #NOVABLOGGER: RSA 2010 - Innovation Sandbox: Not Really Innovative http://bit.ly/dhEE9o http://j.mp/nispblog #
• #NOVABLOGGER: Learning from other’s mistakes http://bit.ly/bvpVvT http://j.mp/nispblog #
• #NOVABLOGGER: RSA Conference Teaser http://bit.ly/dzqF4O http://j.mp/nispblog #
• #NOVABLOGGER: RSA 2010 - Day 1 Round-up http://bit.ly/cLeZJL http://j.mp/nispblog #
• #NOVABLOGGER: Industrial Control Systems CERT (ICS-CERT) has a newish website http://bit.ly/byat9c http://j.mp/nispblog #
• #NOVABLOGGER: The InfoSec D-List and IKANHAZFIZMA http://bit.ly/aADMe2 http://j.mp/nispblog #
• #NOVABLOGGER: RSA 2010 - Day 2 Round-up http://bit.ly/asW5D0 http://j.mp/nispblog #

NIST has been active as usual...

• Nice! RT @danphilpott @frednecksec: #rsac sqCA, open source implementation of NIST SP800-37 http://j.mp/aavDCP #
• NIST released ITL Security Bulletin, Feb 2010 Secure Management Of Keys In Crypt Applications: http://bit.ly/bnHAyK via(@danphilpott) #
• NIST released IR 7658 Guide to SIMfill Use and Development today: http://bit.ly/arNSyk via(@danphilpott) #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-02-25 http://bit.ly/cl3TOk #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/agxrMi #
• BLOGGED: Where You Want to Be This Week for 2010-03-01 http://bit.ly/dt5uoX #
• BLOGGED: RSA 2010 Coverage http://bit.ly/9CCQCK #

Of course we also had our little series of tweets advertising a bit of what we do and need.

• NOVAINFOSEC TWITS: Haven't mentioned in while. Localized vs of @securitytwits. We'd love 2 have u. http://bit.ly/nisptwit #
• ADD YOUR MEETUPS: Want to add your #meet up events to our calendar at http://bit.ly/nispcal? Contact us at http://bit.ly/nispcontact. #
• ADVERTISE W/ US: Friendly reminder.. NovaInfosecPortal is always looking 4 local advertisers. More info at http://bit.ly/nispadvert. #

You can also keep yourself busy with these interesting newsbites:

• RT @gdead RT @pcapr: Inj3ct0r is the new Milw0rm - UP-TO-DATE! - http://www.inj3ct0r.com/ /via @suffert @tcvieira @welias #
• Twitter. Hacker. It's gotta b good. RT @regsecurity Latvian hacker tweets hard on banking whistle http://j.mp/bH85Dx #
• Nice.. Until you read other half of story. RT @DarkReading: Number of new vulns dropped in '09: http://bit.ly/cANZYK #
• Twitter scams stepping it up today. http://bit.ly/9Bnz3y #
• Nice. RT @moranned: Social Security cards that say "Not for use as identification" #thingswewantback /via @strat (via @adamshostack) #
• Is this person crazy? RT @jaysonstreet: "School Administrator Boasts a/b Spying On Students Using Laptop Webcams" http://bit.ly/c5po3c #
• Interesting. RT @signalmag: DOD Mks Social Media Official: U.S. Defense Department has announced.. http://bit.ly/c3gy0a #
• Rogue MS Security Essentials software. Be on the look out if that's your thing. http://bit.ly/bBV3ed #
• RT @cyberwar Air Force still prohibits thumb drives/flash media on its network. http://j.mp/cZVz4A #
• Interesting developments. RT @DrInfoSec RT @jstennet: Firefox Private Browsing Mode Is Broken - http://j.mp/b1u1p7 #
• RT @werntzp DHS S&T looking for #cybersecurity R&D support. http://j.mp/cDzBbh #
• Nice. RT @jaysonstreet @singe: Brilliant escalation, @psifertext has crafted fake patent for XSS awarded to @rsnake http://j.mp/9T3jG1 #
• Nice. I'm a pic kinda person. RT @ThisIsHNN RT @mikkohypponen: Nice botnet chart by @belogor: http://j.mp/coNhrK #
• RT @DrInfoSec New Facebook Attack Tricks Users Into Creating Apps http://j.mp/cUNoKq [turns users into script kiddies?] #
• RT @mckeay Sorely disappointed that the Patriot Act got renewed for another year without additional oversight. http://j.mp/acGlFa #
• RT @bobgourley http://www.govevents.com @GovEventsGroup is tremendous resource 4 any1 who needs 2 decide which gov events 2 attend. #gov2 #
• Interesting. RT @jaysonstreet: “Open Wi-Fi ‘outlawed’ in Digital Economy Bill” http://bit.ly/bcpZTs #
• Nice review. RT @regsecurity Fatal System Error: Watching the miscreants http://j.mp/dsU5tD #
• Good 2 know. RT @DrInfoSec VZ releases Incident Metrics Framework http://j.mp/d2VKig [just in time 4 RSA] #
• Good news 4 those hosting own sites! RT @jaysonstreet “Qualys to scan Web sites for malware” http://j.mp/aElrp1 #
• Will have 2 c where fits in2 8570. RT @ThisIsHNN DoD approves of EC-Council Certified Ethical Hacker Cert http://j.mp/9KvfMd #
• There ya go. RT @jaysonstreet FYI @lvdeijk has been adding some great content so plz check out http://j.mp/bBvzmJ plus a giveaway! #
• Ooch, he bit me. RT @regsecurity IE code execution bug can bite older Windows machines http://j.mp/bgU47G #
• RT @DrInfoSec Can Adobe Stop the Hate? (by @BillBrenner70) http://bit.ly/agshI9 [feat. DrInfoSec] #
• I heard but did U? Good catchup listening. RT @GovInfoSecurity What’s Happening w/ Trusted Internet Connection? http://j.mp/csx8ig #
• RT @danphilpott @michael_howard: Elev of Privilege: Card Game! http://j.mp/cxxuBJ <-Awesome! Way 2 improve developer sec awareness #edu #
• Interesting thought. RT @kpyke Cyberwar Hype Intended to Destroy Open Internet http://j.mp/aFCBL7 #
• More report spam. Actually, 3 disguised as 1. RT @DarkReading The Top 7 cloud threats: http://j.mp/bou4rH #
• Can U say VPN? RT @DrInfoSec Hotel networks are easy, lucrative targets http://j.mp/cpqHkN [mouse moving by itself again?] #
• Nice 4 home users. Adds bit of auto 2 prev product. RT @DarkReading New free app upd service 4 consumers http://tinyurl.com/yjpagqs #
• Interesting. RT @GovInfoSecurity Schmidt announces new site whitehouse.gov/cybersecurity that will show declassified CNCI summary. #
• RT @GovInfoSecurity White House Partly Lifts CNCI Secrecy. Schmidt Announces Declassification in RSA Keynote. http://j.mp/bhJUyd #
• RT @DrInfoSec One Man’s Life on the Security D-List (by @BillBrenner70) http://j.mp/9qlfUU [good advice 4 new infosec generation] #
• RT @DarkReading Cybersecurity czar outlines priorities: http://is.gd/9Bi5Q #
• Nice. RT @jaysonstreet “Microsoft warns Windows XP users, ‘don’t touch the F1 key’” http://bit.ly/aoT72q #
• Not much b/y little bit a/b Einstein 3 it seems. RT @InfosecCareer What is new in declass summary of CNCI? http://bit.ly/dtgeGg #
• Interesting report fr @CSOonline. According 2 ISC2, most of us got raises this year despite recession. http://bit.ly/9q7WsY #
• Gov looking 4 private cybersec help via National Cybersec Awareness Campaign Chall. Is awareness the prob? http://bit.ly/bQH4ws #
• RT @ksignal9: Tax net users, setup fund, co’s can dip into IFF they fail at sec? MS says tax all, reward stupid, wtf? http://bit.ly/bGnJ1D #
• “There’s a sucker born every minute.” No patch 4 this. A sobering reminder that biggest vuln is the end user. http://j.mp/9orLIt #
• WTF! “Apple Abolishes Wi-Fi Scanners From App Store” Glad I got at least 1 of these b/f the ban. http://bit.ly/9DxJ6o #
• Interesting research on security questions. “…personal knowledge questions are no longer viable…” http://bit.ly/9oARie #
• Came acorss #job for pen tester in Reston on the OWASP VA list. More details here. http://bit.ly/9U97BX #
• [Well at least it's the good guys.] Tool automates targeted attacks on Twitter: http://bit.ly/cXn9DY via(@DarkReading) #

And in closing, who could forget the tweet of the week?

• [So true; hate that crap.] And they wonder why people pirate movies: http://bit.ly/9DDstz via(@mubix) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter