Grecs’ Weekly Infosec Ramblings for 2010-06-17

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There were a few events this past week. Did you get to attend any of them?

• Just got back from @novahackers. Gr8 talks as usual .. except the first one kinda sucked. #
• #MEETUP Learn electronics at HacDC! Our class starts tonight at 7PM and goes for 8-10 weeks. No prior XP needed. http://bit.ly/amd2fc #
• #CON Pen Test Summit 2010 Thoughts/Summary http://bit.ly/8ZCbJc (via @pauldotcom) [Sum of of con earlier this week in Balt.] #

Here’s an upcoming meetup for those of you who are interested.

• #MEETUP Propose 5min talk 4 #DCWeek HacDC Lightning Talks 6/19 (NOT 7/19) http://bit.ly/aP41iK (via @daniel_packer @hacdc) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER Framing Software Security http://bit.ly/ctGIQa [@falconsview snuck a post in over at @fudsec] #
• #NOVABLOGGER: Maintaining Sec w/ Enterprise Virtualization http://bit.ly/9ysTM2 http://j.mp/nispblog [Pros & cons of virt.] #
• #NOVABLOGGER: June 2010 Hakin9 Mag Published http://bit.ly/cNvAHv http://j.mp/nispblog [Some nice reading for the weekend.] #
• #NOVABLOGGER Risk Appetite: Counting Risk Calories is All You Can Do http://bit.ly/aAH5DT #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://tinyurl.com/37blns7 #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-10 http://bit.ly/aglIxF #
• BLOGGED: AppSecDC Infosec Conference Event http://bit.ly/96aoAK #
• BLOGGED: Where You Want to Be This Week for 2010-06-14 http://bit.ly/bbiFyC #

And this guy is just too “ligatt” to quit…

• Review of ‘How 2 Become The Worlds No 1 Hacker’ http://bit.ly/bmTJ9l #LIGATT (via @benrothke @schuetzdj) [More #LIGATT fun.] #
• RT @dallendoug: If we can get ATT 2 sue LIGATT, we’ve got win! RT @danielkennedy74 @LIGATT Step 2) Predict seq num <- Plagiarizing Goatse #
• RT @LIGATT: If there is another computer hacker better than me…please stand up or shut the hell up! #
• RT @cktricky: RT @LigattHaxx0r: Hacking Tip # 13- Use a different password for your Twitter and Facebook accounts. <~Lol, nice <- +1 #
• Here U go http://bit.ly/99bodu (via @Equix3n @bitkitty) [Here's Ligatt BSing it a/b women. Whatever. ] #

In more pertinent things that went on this past week, there were plenty of career discussions and suggestions to improve yourself.

• #JOB Stratum Security is looking 4 software sec folks. Web app sec, rev eng, malware, protocol analysis.. Contact us. (via @packetwerks) #
• #JOB Sourcefire VRT Expansion Plans (We are Hiring) http://bit.ly/datFvK [I'm assuming this in their MD office. Good opp.] #
• Exploit writing tutorial 10 released http://bit.ly/aPCBA8 – Chaining DEP with ROP http://bit.ly/ayOy06 (via @mubix @corelanc0d3r) #
• #JOB 9 Career Tips 4 Security Pros http://bit.ly/brR7Uc [Good things 2 consider.] #
• #Job Trends http://bit.ly/9xeRQg [Mentions some good verticals to focus on.] #
• #EDU How Strong is Your Fu – 4 Charity http://bit.ly/b1oOuX (via @offsectraining) [Looks like still open. Gr8 way 2 improve skillz.] #

And of course there was a lot going related to cyber security in the federal government.

• FISMA Reform: Lieberman, Collins & Carper Intro Bill http://bit.ly/9s4X3k [Mention of @danphilpott, FISMApedia, and Guerilla CISO.] #
• Senate hearing tomorrow on Cybersecurity and legislation http://bit.ly/bBTb8Q (via @rybolov) #
• CBS re-aired 60 Minutes piece on cyberwar fr Nov & it hasn’t improved w/ age http://bit.ly/dex9Fa (via @danphilpott) #
• If U R in2 cyber, plz view archived testimony here.. HSGAC Hearings http://bit.ly/9mJehz (via @bobgourley) [#todo] #
• Who’s In Charge During Cyber Attack? http://bit.ly/9SSTgt [Aaaah, that guy. <WH/DHS pointing 2 each other when sh*t hits fan>] #
• DHS Voluntary Private Sector Prep Accred&Cert Prog http://bit.ly/c0tbcx (via @cyberwar) [Term that'll ensure #fail "voluntary".] #
• NIST rel draft SP 800-130 Framework 4 Designing Crypto Key Mgmt Systems http://bit.ly/aeghJr (via @danphilpott) #
• DHS Slams US Gov Network Security http://bit.ly/9Kzg2u [Interesting but bit over-the-top headline.] #
• Gov TLD Registry/Registrar Service RFP Posted http://bit.ly/c3akbJ (via @scottr_nist) [Get your prop team ready.] #
• NIST rel 2nd draft SP 800-131 Rec 4 Transitioning of Crypto Algs.. http://bit.ly/aeghJr (via @danphilpott) [I'm sleeping already. ] #
• Switch 2 Cont Mon Requ New Skillz http://bit.ly/biLOSN [Really? Love this - "what we R doing .. is operationalizing compliance."] #

You can also keep yourself busy with these interesting newsbites:

• Encrypted Laptop Stolen While in Use http://j.mp/ceExZ0 [Problem with existing solutions. Suggestions on how 2 address?] #
• AT&T Explains iPad email Breach http://nyti.ms/aVbIhi /via @dallendoug @WeldPond #
• Shed Vulns w/ 1 Simple Rule http://bit.ly/dlVfVY [Let's get basics right. "uninstall software .. that R not in use"] #
• SAFECode Report Highlights Best Practices http://bit.ly/9fyK2V [Good 2 c this being taken more seriously.] #
• RT @spookerlabs: Awesome Read “IDS/IPS Evasion – Step 1. Awareness” http://j.mp/bTu8Qw /via @mubix #
• Cloud Keyloggers? http://bit.ly/9uuXBK (via @briankrebs) [Interesting insight into what loggers record.] #
• French ISP’s Attempt 2 Block File-Sharing Ends in Failure http://bit.ly/d95uhd [admin:admin anyone?] (via @DrInfoSec) [Nice.] #
• 10 of Top Data Breaches of Decade http://bit.ly/cZNLZu (via @DrInfoSec) [Not huge fan of Top 10s but interesting.] #
• Researchers probe net’s most blighted darknet http://bit.ly/aOXTkb [Interesting.] #
• http://j.mp/dzxWE3 now in beta – ff extension, auto redirect 2 https site /via @rgaucher @alien8 @fmavituna [Just need encryped proxy.] #
• (IN)SECURE Mag 26 rel http://bit.ly/cWj5tx (PDF) (via @helpnetsecurity @danphilpott) [iPhone encryption/forensics art.] #
• New Attack on AES Claims 2 Reduce Entropy from 128 to 32 Bits http://bit.ly/aHmDfu (via @ivanristic @jack_mannino) #
• .. cocreator of public-key crypto says “e-mail crypto is pain in the ass” http://bit.ly/btyPf6 (via @kanendosei @shpantzer) #
• July Edition of Crypto-Gram http://bit.ly/98XldU (via @ksignal9) #

And in closing, who could forget the tweet of the week?

• Now that’s a music video http://j.mp/baBH7T /via @danphilpott [Whoa!] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter