Grecs’ Weekly Infosec Ramblings for 2010-03-11

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be quite a few meetups and conferences this past week. Did you get to attend any of them?

• Reminder: NoVA Hackers Association Meetup @ Mon Mar 8 4:30pm – 7:30pm (NovaInfosecPortal.com Calendar) #
• #MEETUP #NoVAHackers Dinner 2night. Awesome line up of speakers: http://bit.ly/9WdrWr (lineup posted to list) via(@mubix) #
• Reminder: Software Assurance Forum @ Tue Mar 9 – Fri Mar 12, 2010 (NovaInfosecPortal.com Calendar) #
• #MEETUP DSA will b speaking at Central Maryland ISACA mtg this Wed. http://j.mp/9R3H0X Come out to say hello (via @DuvalSearch) #
• Reminder: ISACA CM Meetup @ Wed Mar 10 11:30am – 4pm (NovaInfosecPortal.com Calendar) #
• #MEETUP Open Hack tomorrow: Processing Meetup. We are working with video! http://bit.ly/atSVVY via(@baltimorenode) #

And here are some of my live tweets from the Nova Hackers meetup.

• At #novahackers waiting for everyone to show up so @elwing to start her talk. #
• CA Cert rulz. Thanks @elwing for some good info at #novahackers. #
• #novahackers @mubix talking now on DNS voodoo. #
• Mmmm, pizza. Now onto @carnal0wnage and some Ruby magic combined with NMAP. #novahackers #
• Back from #novahackers. Fun night but now I got to finish stuff I should have finished earlier. #
• To #novahackers I was talking to.. The VPN solution I couldn’t remember was Hamachi. Although it was bought by LogMeIn and is now payware. #
• Also 2 #novahackers. Name of dashboard is Talisker Computer Network Defense Operational Picture. Ok for free I guess. http://bit.ly/9vkDjL #

Speaking of live tweeting, @dallendoug is doing a pretty good job for this week’s Software Assurance Forum. Still one more day to go though.

• #CON Howard Schmidt doing Keynote at Software Assurance Forum #swaforum (via @dallendoug) #
• #CON Greg Schaffer Asst Sec for Cyber, DHS, keynote at #swaforum. Message is get everyone aware of security via(@dallendoug) #
• #CON Leslie Guyatte, Canadian gave solid presentation on their practical C&A process & delta certs #swaforum via(@dallendoug) #
• #CON Nadya Bartol giving overview of ISO/IEC stnds that R pertinent to ICT Supply Chain mgmt. #swaforum (via @dallendoug) #
• #CON Murray Donaldson orig of Common Criteria talking a/b deficiencies & need 2 revise 4 modern era #swaforum (via @dallendoug) #
• #CON Tim Harp IT Acquisition 4 DoD #swaforum #keynote avg time 2 stand up new system averages 81 months (via @dallendoug) #
• Mary Ann Davidson on metrics should help manage better, motivate good behavior, be objective & help U fix things #swaforum via(@dallendoug) #
• #CON .@weldpond on panel 4 product lessons learned. 95% of audience questions are 4 him a/b Veracode #swaforum via(@dallendoug) #
• #CON Very solid preso by Jeff Cohen of Intel a/b applying assurance practices 4 software & hardware #swaforum (via @dallendoug) #

There’s also some upcoming meetups for those of you who are interested.

• #MEETUP ISACA NCAC April con lineup is great; Ron Ross & Peter Mell of NIST,.. http://bit.ly/aPxfZO via(@danphilpott) #
• CALENDAR UPD: OWASP DC Meetup http://bit.ly/aBLF9E http://j.mp/nispcal #
• CALENDAR UPD: 2600 Baltimore Meetup http://bit.ly/bCJoki http://j.mp/nispcal #
• CALENDAR UPD: 2600 Arlington Meetup http://bit.ly/adW3fz http://j.mp/nispcal #
• CALENDAR UPD: HTCIA DC Meetup http://bit.ly/dB4m5E http://j.mp/nispcal #

If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences?

• #CON IBM #cloud con 3/22-23 – I’ll speak along side MSFT & Goog. http://bit.ly/cQIbke (via @GoldbergLawDC) [Is 1 @danphilpott mentioned?] #
• #CON Take adv of FREE briefings incl critical infra planning tools & more! http://bit.ly/bbBPdv via(@GovSecUSLaw) [More *free* stuff.] #
• CALENDAR UPD: FISSEA Conference http://bit.ly/9uPLdv http://j.mp/nispcal #
• GOVSEC #CON RAFFLE: To enter 4 free pass to GovSec in 2 weeks RT this! See http://bit.ly/a1IfRk for details. #GovSecTix #

With RSA being just last week there were some stories related to that conference … and even a ShmooCon post.

• #NEWS RSA 2010/Security B-Sides Recap http://bit.ly/96GSFu #RSAC #bsidesSF via(@CSOonline) [Good reading for the weekend.] #
• #NEWS Coverage of RSA 2010 videos, news,.. http://bit.ly/c9cufq via(@InfosecCareer) [More consolidated reading on RSA.] #
• #NEWS iPhone, Android weather app builds a mobile botnet #rsac: http://bit.ly/aHXyTa via(@DarkReading) [Open vs closed app stores?] #
• . @grecs awareness was the big theme for feds at RSA last wk, too… Schmidt, Napolitano, Mueller all said same thing… via(@falconsview) #
• RT @SecurityTube: [Video] A New Project 4 Insecure Web Apps (Shmoocon 2010) http://j.mp/9N6ahm (via @bvPredator) [W/ @dallendoug] #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Keeping FreeBSD Applications Up-to-Date in BSD Magazine http://bit.ly/a9Gt6Q http://j.mp/nispblog #
• #NOVABLOGGER: Making a Point with Pressure Points http://bit.ly/9FgUFy http://j.mp/nispblog #
• #NOVABLOGGER: Einstein 3 Coming to a Private Network Near You? http://bit.ly/cKebSS http://j.mp/nispblog #
• #NOVABLOGGER: Fear, Uncertainty, and Doubt http://bit.ly/diDmCY http://j.mp/nispblog #
• #NOVABLOGGER: Security BSides Austin 2010 – Join Us Saturday! http://bit.ly/awzXl6 http://j.mp/nispblog #
• #NOVABLOGGER: Oops…. http://bit.ly/98XZzh http://j.mp/nispblog #
• #NOVABLOGGER: Marketing Fail http://bit.ly/9MRKJm http://j.mp/nispblog #
• #NOVABLOGGER: Bejtlich OWASP Podcast Posted http://bit.ly/cYswvA http://j.mp/nispblog #
• #NOVABLOGGER: The pentesting 101. http://bit.ly/cM7xxJ http://j.mp/nispblog #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-03-04 http://bit.ly/dpLsdy #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/boQhxz #
• BLOGGED: Where You Want to Be This Week for [2010-03-08] http://bit.ly/cNtors #
• BLOGGED: NoVA Hackers Dinner Wrap-Up http://bit.ly/cPB5kr #
• BLOGGED: GovSec Conference Free Pass Raffle http://bit.ly/a1IfRk #

Of course we couldn’t go the week without mentioning some of the things we offer and how you can help.

• NOVAINFOSEC TWITS: Friendly reminder.. NovaInfosec Twits list is opt-in. Find list & instructs 2 join at http://bit.ly/nisptwit. #
• ADD YOUR CONS: Want to add your #con events to our calendar at http://bit.ly/nispcal? Contact us at http://bit.ly/nispcontact. #
• HELP US HELP U: Friendly reminder.. Support NovaInfosecPortal by purchasing thru 1 of our affiliates. More info at http://bit.ly/nisphelp. #

Here’s a few job-related tweets we mentioned.

• #JOB #Intelligence Community virtual job fair coming soon http://bit.ly/d67BL6 (via @werntzp) #
• #JOB Saw on @novahackers list .. Develop online reservations system for pet hotel. Contact @falconsview for more info. #
• Mark your cal: Intel Community’s Virt Career Fair is 3/16. http://bit.ly/d67BL6 via(@IBMFedCyber) [Get those resumes polished.] #

You can also keep yourself busy with these interesting newsbites:

• Yep, There’s a Patch for That http://j.mp/cGe4lk (via @briankrebs) [Can't wait 4 PSI app.] #
• #NEWS Patch Tuesday will leave F1 hole unpatched http://j.mp/bdqMoF (via @regsecurity) [Really? Guess we don't use Help often.] #
• #NEWS Argos buries unencrypted CC data in email receipts http://j.mp/d978V6 [Guess they never heard of postcard analogy.] #
• Professor on Leave 4 Facebook Posts http://bit.ly/d7XtBH via(@DrInfoSec) [Perfect ex of FB tweaking settings gets avg user in trouble.] #
• RT: @mikkohypponen Interesting case. Trojan Found in USB Battery Charger Software: http://j.mp/binmBT (via @Shpantzer) #
• Hundreds of Twitter Accounts Hacked – http://j.mp/96HYAX (via @jack_mannino) [Looks like 3rd party connections via API.] #
• A straight forward, simple explanation of #SCAP stnds http://bit.ly/bCkYlB (via @honeyapps @ebellis) [Acronym soup explained.] #
• “Practical Attack to De-Anonymize Social Network Users” http://j.mp/d2He5Y (via @schneierblog) [Triangulate using grp memberships.] #
• Building your own Malware Lab: http://bit.ly/ai1cpx via(@alexhutton @adamhos) [Nice quick list of tools to try.] #
• Fiserve 2 Credit Unions: Stay on Outdated, Insecure Adobe Reader Vs http://bit.ly/cN341h via(@briankrebs) [Compatibility issues, huh?] #
• Criminals steal account #s using 1-cent Transfers http://bit.ly/ad2H36 [loophole indeed!] via(@DrInfoSec) [Low cost 4 trial & error.] #
• RT @briankrebs: RT @bobmcmillan: The FBI supply chain illustrated http://bit.ly/b3g7rs [Nice!] #
• #NEWS “NSA Still Ahead In Crypto, But Not By Much” http://is.gd/a2tTJ (via @jaysonstreet) #
• “Security in Social Media” http://bit.ly/aBwdRW [Users will def not be emailing back & forth 2 verify shortened URL.] #
• 1024-bit RSA encryption cracked by starving CPU http://bit.ly/bRwshB via @Beaker @colovirt @ALBsharah @pmhesse [This could b big.] #
• “Adobe Reader is world’s most-exploited app” http://bit.ly/cpw4bp [Well, we've all sort of knew this but now it's official.] #
• “March 2010 Vulnerability Report” from @VRT_Sourcefire. http://bit.ly/ajTSpR [He's your 4min monthly summary.] #
• Hmm….RT @mllyssa: #Twitter Takes on Phishing with New Security Features http://j.mp/cFH7ke (via @jack_mannino) #
• Twitter adds filter to cut phishing lines http://j.mp/cww1jT (via @regsecurity) [Bonus pts 4 awesome title.] #
• Twitter’s Red Carpet Era – Celebrities & Criminals http://bit.ly/bMkpfz via(@DrInfoSec) [Interesting reading on Twitter trends.] #
• Phishing Made “Super” [easy] http://bit.ly/bOwXcp [way too easy] via(@DrInfoSec) [Scary stuff.] #
• Weak security ID questions put e-mail at risk http://bit.ly/cRnspH [trust bubble!] via(@DrInfoSec) [Such a huge prob.] #
• “Better Security Through Multi-Factor Authen” http://bit.ly/8Yuux9 [B/f U freak out w/ MITM cmts, note word "better" in title.] #
• RT @roblemos: Goodbye (mostly), SecurityFocus. http://j.mp/99Z63C (via @briankrebs) [And hello Symantec Connect. ] #
• Wikibooks Cryptography Book: Wikibooks trying 2 write open source crypto book. http://bit.ly/akS2WF via(@schneierblog) [Nice effort.] #
• Where’s weirdest place you’ve ever seen Windows BSoD? http://bit.ly/cBK33t via(@briankrebs) [Love these things.] #
• “One-third of orphaned Zeus botnets find way home” http://j.mp/blczxI [This bad boy is robust.] #
• #EDU Challenge yourself with forensics & IR skill-building: http://j.mp/97qaSU (via @DarkReading) [Fun stuff to play with.] #
• #NEWS RT @helpnetsecurity: New Federal IT security cert program – http://j.mp/9P0AQd (via @IBMFedCyber) [Talk amongst yourselves.] #
• RT @geekgrrl: How to Completely Erase Your Hard Drives, SSDs & Thumb Drives: http://j.mp/9lpFtr Thorough How-To. #article (via @sans_isc) #
• If someone took over your gmail account, how would you give it back? Here’s 1 story. http://bit.ly/cknHvr #

And in closing, who could forget the tweet of the week (ok, I liked three this time)?

• RT @dionthegod RT @textfiles Inside the locked window box of a subway car, a locksmith had placed his business cards. [Nice. ] #
• “DotNet” is one character away from “Botnet.” Coincidence? via(@schuetzdj) [Nice observation!] #
• Large blinking roadsigns in DC advert “distracted driver” law: 2pts/$100. Read while driving, almost rear-ended some1 via(@GoldbergLawDC) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter