If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There seemed to be quite a few meetups this past week. Did you get to attend any of them?
- MEETUP Next @charmsec will be 4/29 at @slaintepub. http://bit.ly/devJRV (if China lets us) (via @charmsec) #
- Reminder: CapSecDC Meetup @ Wed Mar 31 6pm – 9pm (NovaInfosecPortal.com Calendar) #
- RT @dallendoug: Amen! RT CapSecDC, Wed. 3-31 at Stetson’s, 1610 U St. NW, Washington, D.C. 20009 – http://capsecdc.org/ /via @sabletek #
- Two concepts for you: “70 degrees” & “patio seating.” Make sure you get to CapSec early! Stetson’s 1610 U St NW after CoB! (via @capsecdc) #
- #MEETUP CapSec now in session! On back patio — it is BEAUTIFUL out. Plus R waitress has Minor Threat shirt. How DC is that? (via @capsecdc) #
- Reminder: DojoSec Meetup @ Thu Apr 1 6pm – 9:30pm (NovaInfosecPortal.com Calendar) #
- Reminder: 2600 Baltimore Meetup @ Fri Apr 2 6pm – 9pm (NovaInfosecPortal.com Calendar) #
- Reminder: 2600 Arlington Meetup @ Fri Apr 2 7pm – 10pm (NovaInfosecPortal.com Calendar) #
There’s also some upcoming meetups for those of you who are interested.
- CALENDAR UPD: DojoSec Meetup http://bit.ly/aNXqAa http://j.mp/nispcal #
- CALENDAR UPD: DojoSec Meetup http://bit.ly/bnyxx6 http://j.mp/nispcal #
- CALENDAR UPD: NoVA Hackers Association Meetup (one for lunches) http://bit.ly/cSqL4O http://j.mp/nispcal #
- CALENDAR UPD: NoVA Hackers Association Meetup (one for dinners) http://bit.ly/93DnKg http://j.mp/nispcal #
- CALENDAR UPD: CharmSec Meetup http://bit.ly/czSynM http://j.mp/nispcal #
- CALENDAR UPD: ISSA Baltimore Meetup http://bit.ly/aHodAd http://j.mp/nispcal #
If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences?
- CALENDAR UPD: SwA Forum http://bit.ly/dboXRG http://j.mp/nispcal #
- CALENDAR UPD: HIPAA Conference http://bit.ly/cbDlN3 http://j.mp/nispcal #
- CALENDAR UPD: Software Assurance Forum http://bit.ly/9CWQYj http://j.mp/nispcal #
- CALENDAR UPD: Software Assurance Working Group Sessions http://bit.ly/dhWkyk http://j.mp/nispcal #
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.
- #NOVABLOGGER: Teaching Apple to fish http://bit.ly/d0kAmP http://j.mp/nispblog #
- #NOVABLOOGER I have blog post reacting 2 @rmogull (& others) ideas a/b Compliance, Sec, & innovation http://bit.ly/94a0SC (via @alexhutton) #
- #NOVABLOGGER: Time and Cost to Defend the Town http://bit.ly/aRKuy7 http://j.mp/nispblog #
- #NOVABLOGGER: Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies http://bit.ly/a7H5Lc http://j.mp/nispblog #
- #NOVABLOGGER: Malware delivered by Yahoo, Fox, Google ads http://bit.ly/dg7wyZ http://j.mp/nispblog #
- #NOVABLOGGER: There are Bad Neighborhoods Online Too http://bit.ly/945jse http://j.mp/nispblog #
- #NOVABLOGGER: Internet making it easier to become a terrorist http://bit.ly/cgchMa http://j.mp/nispblog #
- #NOVABLOGGER: Because that’s where the money is http://bit.ly/dCfEps http://j.mp/nispblog #
- #NOVABLOGGER: Mafia Fail http://bit.ly/avScIr http://j.mp/nispblog #
- #NOVABLOGGER: Rybolov is Dead, Long Live Rybolov http://bit.ly/cpsUBD http://j.mp/nispblog #
- #NOVABLOGGER: Observations on SP 800-37R1 http://bit.ly/a6OEdZ http://j.mp/nispblog #
- #NOVABLOGGER: Google http://bit.ly/9OO5gU http://j.mp/nispblog #
- #NOVABLOGGER: Chechen rebel leader claims responsibility for attacks http://bit.ly/8XI8RW http://j.mp/nispblog #
- #NOVABLOGGER: Metasploit Cyberwarfare http://bit.ly/bP1G2u http://j.mp/nispblog #
- #NOVABLOGGER: Using Dradis to Organize and Share Information with Your Team http://bit.ly/aTGfty http://j.mp/nispblog #
- #NOVABLOGGER: New Career http://bit.ly/a3DyZj http://j.mp/nispblog #
In case you missed them, here were some of our blog posts from this week.
- BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-03-25 http://bit.ly/cjAWy0 #
- BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/cSu69V #
- BLOGGED: Where You Want to Be This Week for 2010-03-29 http://bit.ly/aAzdVs #
- BLOGGED: OWASP DC Wrap-Up http://bit.ly/drYXKY #
- BLOGGED: NovaInfosecPortal Closing http://bit.ly/9ZwykV #
Of course we couldn’t go the week without mentioning some of the things we offer and how you can help.
- NOVAINFOSEC TWITS: Haven’t mentioned in while. Localized vs of @securitytwits. We’d love 2 have u. http://bit.ly/nisptwit #
- ADD YOUR MEETUPS: Want to add your #meet up events to our calendar at http://bit.ly/nispcal? Contact us at http://bit.ly/nispcontact. #
- ADVERTISE W/ US: Friendly reminder.. NovaInfosecPortal is always looking 4 local advertisers. More info at http://bit.ly/nispadvert. #
Here are a few project updates I noticed…
- Announcing: SIFT Workstation 2.0 Release -> http://bit.ly/d5pUtz (via @danphilpott @robtlee) [A VM-based forensics toolkit.] #
- OWASP Broken Web Apps v0.91rc1 http://j.mp/bWnYn9 (via @ToolsWatch @mubix) [Great proj. Saw talk at @owaspdc past week.] #
- #EDU Honeynet Project: 2010 Forensic Challenge #3 http://j.mp/93ivyx (via @sans_isc) [More learning fun.] #
- Web Hacking Incident DB (WHID) Project Upd http://bit.ly/bVyYOr (via @rgaucher) [Reminder of this. Under new leadership.] #
Lots of government related activities happening…
- Information Security Risk Assessment? There’s an App for that: http://bit.ly/dbtm4G (via @danphilpott) [Awesome!] #
- Worth a good read: Rift raises questions on Obama intel czar’s future. http://bit.ly/9mbYrg (via @bobgourley) #
- “Feds Challenged on Key Infosec Initiatives – Forthcoming GAO Audits Focus on FDCC, TIC” http://bit.ly/aX87MV [Uh oh.] #
- HR.4900, FISMA Reform, introduced 2 wks ago: http://bit.ly/cwGfnW (via @rybolov) [Sweet. Need something 2 put me 2 sleep.
] # - While I’m passing out links, if you’re in Gov & security, you need to see this: http://bit.ly/bZP0Qw (via @rybolov) #
- S.3155 is Cybersecurity Ambassador bill http://bit.ly/ddBUHH (via @rybolov @securityintern @chrisjager @gattaca) #
- FISMA compliance reform act looks 2 monitor cybersec threats http://bit.ly/baWkU9 on http://bit.ly/donBrE (via @danphilpott) #
- Security Clearance Reform: Moving Forward On Modernization http://bit.ly/c8CVLU (via @IBMFedCyber) [Interesting.] #
- “Should Gov Stop Outsourcing Code Dev?” http://bit.ly/91SlsV (Ties in w/ some of disc fr last weeks #OWASPDC meetup.) #
- DoD issued DTM-09-016 Supply Chain Risk Mgmt http://bit.ly/95fDUk (via @danphilpott) [More of what was discussed at #owaspdc.] #
- NIST rel SB 2010-03 Revised Guide Helps Fed Orgs Improve Risk Mgmt Practices & Sys Sec http://bit.ly/cBehJg (via @danphilpott) #
- Most Agencies to Deploy TIC By Jan http://bit.ly/9xobxn [Well m/b not 50 but 1000 or so is a lot better.] #
- “Moving to a Risk-Based Organization – NIST 800-37 Rev 1″ http://bit.ly/bqvfWz [Nice overview.] #
There weren’t many that I saw but here are few career related nuggets.
- #JOB New Fr DSA: Searching 4 Sr IT Auditor in DC Metro Area. http://bit.ly/9cBWam #ITAudit #DC #VA (via @DuvalSearch) #
- #JOB @falconsview mentioned local job opp 4 an edu in Reston on @novahackers list. Looking for mid-level security person. #
You can also keep yourself busy with these interesting newsbites:
- Very relevant SANS Newsbites for local DC area this week with all the recent testimony & proposed laws. http://bit.ly/aPYta1 #
- “Gmail Detects & Warns U If Someone Else Is Using Your Acct” http://bit.ly/cbEAAk [Step in right direction.] #
- this is a fantastic trick http://bit.ly/aUpvzU (via @transzorp) [Interesting tool called pwnat;allows nat-2-nat comm.] #
- Rm malware fr PC that won’t boot using rescue CDs fr AV companies http://bit.ly/d3mw4s (via @briankrebs) [Bookmark these.] #
- FB’s Privacy Changes http://bit.ly/cMFfmk (via @bvPredator) ["..frequent changes mean most users won’t know what’s going on."] #
- Drop Admin Rights & Win 7 is Less Vuln http://bit.ly/aKAx4v [Nother report stating obvious again. But stats are surprising.] #
- OpenSSL V 1.0.0 released! http://bit.ly/aMg7Vy (via @sans_isc) [Wow! And just in time to fix a vuln.] #
- “MS to Release Emergency IE Fix on Tue” http://bit.ly/9M2QuZ [Wow, another out-of-band patch.] #
- Developing Secure Facebook Apps Guide at OWASP http://bit.ly/cbZYiI (via @danphilpott) [Nice!] #
- Facebook AV http://j.mp/dlEq5i (via @FSLabs) [Fake AV for FB.] #
- “Researchers find security holes in smart meters” http://bit.ly/cCTm0Y [Not surprised.] #
- “Playing it safe with two networks” http://bit.ly/dj7kph [1 for sensitive work & nother 4 all else. It may b future.] #
- Out-of-order sign helpfully directs bank patrons 2 ATM w/ skimmer. http://bit.ly/deHrUN (via @derekcslater) [@briankrebs chk this out.] #
- More on gov/cert authorities conspiracy to spy on SSL users.. http://bit.ly/d5sOzU #
- “Break TrueCrypt harddrive encrypt quickly” http://bit.ly/djW3W1 (via @falconsview) [Comp needs 2 b on & mounted; ust tool 2 automate.] #
- SANS updates its GIAC re-cert process (now w/ CPE/CMU option) http://bit.ly/dAVL7t (via @DrInfoSec) [Interesting.] #
- “Code Writers Finally Get Sec? Maybe” http://bit.ly/cpvZXE (Small sample & asked @ sec cons – attended by sec pros. Long way 2 go.) #
- NJ supr. court upholds privacy of personal email at work http://bit.ly/dcbnoR [stored data] (via @DrInfoSec) [Interesting.] #
- Unlike popular belief, short links on Twitter aren’t malicious http://bit.ly/bNFIOG [malware in only 0.06%] (via @DrInfoSec) #
And in closing, who could forget the tweets of the week?
- “Schneier Blogging Template” http://bit.ly/dv8B3Y (via @schneierblog) [Freakin hilarious.] #
- “The Lighter Side of Passwords”: http://bit.ly/cWSvNm (via @CSOonline) [More funnies.] #
- Diff b/t Nerd, Dork, & Geek Explained by Venn Diagram http://bit.ly/bGy9tu (via @schuetzdj & others) [These diagrams becoming popular. ] #
- RT @alexhutton: RT @jth: “FISMA isn’t dead, but it may have hit puberty.” –> Puberty? Try “toddler” #
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…
No related posts.
