If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There were a few meetups this past week. Did you get to attend any of them?
- #MEETUP .@Defcon410 Thanks for the shout outs on http://bit.ly/cLSm6W. See you on Thursday! (via @charmsec) #
- #MEETUP To Whom It May Concern: Charmsec 26 is this Thur at 7:00PM. Sincerely, @charmsec PS http://bit.ly/devJRV (via @charmsec) #
- #MEETUP Our #dcweek HacDC Lightning Talks were awesomesauce. Updated wiki, including pic & some slides. http://bit.ly/9ejO0B #
- And speaking of @charmsec, there is a #meetup in a few hours… #
- #MEETUP Charmsec 26 is 2night! 7PM. We’ll b on 2nd floor past bar at @Slaintepub <- I’ll be there. Who else? (via @dionthegod) #
If you didn’t have time to make it to any of the weekly security meetups, were you at least able to hit some of the local conferences?
- #CON Who’s coming to Gartner security in DC tonight/this week? /via @Shpantzer #
- #CON On my way 2 Software Assurance Working Groups #SwA /via @dallendoug [Sounds like fun. I need co that supports such things.] #
For those of you that don’t know, we have some excellent infosec bloggers in the local area. You can check out some of their articles below.
- #NOVABLOGGER AT&T is Wrong About iPad Breach & I have code to prove it http://bit.ly/aBFvLI #
- #NOVABLOGGER: FD 4 Attacker Tools http://bit.ly/cRDPge http://j.mp/nispblog /via @novainfosec [Very interesting read fr @taosecurity.] #
- #NOVABLOGGER: Charmsec http://bit.ly/9Rdm5O http://j.mp/nispblog (via @novainfosec) [Nice history of @charmsec.] #
In case you missed them, here were some of our blog posts from this week.
- BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-17 http://bit.ly/cvgvJd #
- BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/ayGMAK #
- BLOGGED: Where You Want to Be This Week for 2010-06-21 http://bit.ly/a98mEk #
And this whole LIGATT thing broke big time. I hope next week not to have an entire section dedicated to this guy…
- The #ligatt exclusive interview 4 #shitcast is out. http://bit.ly/9Wz0Nn Please RT & spread word. (via @matthewhughes @mubix) #
- RT @carnal0wnage: sweet, i’ve been plagiarized by LIGATT.. http://bit.ly/9HZE31 & article… http://bit.ly/dkdx15 any1 have copy? #
- ‘World’s No. 1 Hacker’ Tome Rocks Security World http://bit.ly/cK5Scs [Article on @regsecurity a/b our fav guy.] #
- InfoSec Community Launches Campaign Against Security Firm http://bit.ly/aXfbmj (via @cktricky @benrothke) [Nother #LIGATT article.] #
- Big update to http://bit.ly/9JvWMP #ligatt (via @simplenomad) [At least he's getting a free pen test.] #
More importantly there’s been a lot of progress in enacting a cybersec law. For a quick review of the whole process, you may want to check this video out.
- Full text of S.3480 Protecting Cyberspace as a National Asset Act of 2010 http://bit.ly/bDEnXu #FISMA (via @danphilpott) #
- New Bill Grants Fed Power to Shut Down Web http://bit.ly/cNxtMP [Same 1 fr earlier this week but hadn't noticed this point.] #
- Senate Panel Clears Major Cybersecurity Bill http://bit.ly/96Aood [I'm just a Bill.] #
And on other government news…
- Darpa Taking Fire for Its Cyberwar Range http://bit.ly/bRtwTc (via @0xjudd @danphilpott) [Moving too slow.] #
- Microsoft Execs Like What They See in DC http://bit.ly/achp51 [Stuff like this makes me suspicious.] #
- Einstein Presents Big Challenge to U.S.-CERT http://bit.ly/8ZGIPD [IG says they're not sharing info.] #
- #EDU NSA pub National Centers of Academic Excellence in IA Education (CAE/IAE) List http://bit.ly/9TyqF0 (via @danphilpott) #
- #EDU MD has 3 community colleges in Nat Ctrs of Acad Excel in IA 2-year Education (CAE2Y) (via @danphilpott) #
- NIST Issues Computer Security Division Annual Report http://bit.ly/cniq44 [Looks like they've been busy.] #
- Howard Schmidt on cybersec: “The more complex it is, the less people use it.” http://bit.ly/9SvA37 (via @DrInfoSec) [So true.] #
- FTC Forces Twitter 2 Upgrade its IT Sec Program http://bit.ly/9ONQlW [No 1 wants 2 do sec by themselves. Gotta b forced I guess.] #
- #JOB Want 2 help DHS w/ national communications infrastructure & support NCCIC? http://bit.ly/96vwHP (via @werntzp) #
And if you haven’t heard, this fancy new mobile OS and phone were released this week. … No, I didn’t get one yet but as you can tell below I did do the OS upgrade.
- Any1 notice passcode being disabled after upgrading to iOS4? I had it set in 3.x but now it’s disabled by default. #
- Also noticed podcasts that deleted earlier reappearing after upgr to #ios4. #
- More #ios4 upgr annoyances.. Some cool cover art lost. No custom background on 3G. No multitasking on 3G. Total unread email counts off. #
- “The Complete Guide to Using iOS 4″ http://bit.ly/bnsYMP (via @jaysonstreet) [Enjoyed reading.] #
- Apple #iOS4 deals w/ 60+ Vulns http://bit.ly/biO7Vq (via @jaysonstreet @CyberCrime101) [Now the security stuff.] #
- Apple Collecting/Sharing iPhone Users’ Precise Locations http://bit.ly/a5OYwh (via @techsavvy @Shpantzer) [And then privacy issues.] #
- iPhone Encryption in iOS4 .. few extra steps U must take 2 mk it actually work http://bit.ly/dAHIuA (via @IBMFedCyber) [Good 2 know.] #
- iPhone iOS 4 Security http://bit.ly/ah3qwM (via @DrInfoSec @georgevhulme) [Step in right dir but far fr where need 2 go.] #
- Re iOS 4 security .. Can’t we just have full “disk” encryption? #
- & what’s w/ weird backup/restore/run around circle/reset/throw salt over shoulder thing we need 2 do? & that’s just 2 get sucky encryption. #
- I mean come on .. I thought Apple was known for this whole magical simple and usable thing. I feel like I’m back on a PC.
#
You can also keep yourself busy with these interesting newsbites:
- And on other non-Ligatt security news .. Researcher shows how to strike back at web assailants http://bit.ly/alpuJq #
- Firefox add-on does ‘HTTPS Everywhere’ http://bit.ly/c5RJRb [Will have 2 try out. Obviously doesn't work with all sites.] #
- Danger Room: DHS Geek Squad: No Power, No Plan, Lots of Vacancies http://bit.ly/bVUCBx (via @danphilpott) #
- Looking 4 Vulns in All Right Places: Experts Say U May B Missing Few http://bit.ly/cgJv0v [Don't forget all those "appliances."] #
- It’s Signed, therefore it’s Clean, right? http://j.mp/aINbGj [Malware authors using code signing techniques 2 their advantage.] #
- When Twitter Resets Your Password http://bit.ly/aC6jrZ [Interesting on how they do do things like this.] #
- Testing Reveals Security Software Often Misses New Malware http://bit.ly/9Ix9CF (via @CSOonline) [We're always reacting.] #
- Defenders of the Faith http://bit.ly/dDfq86 (via @VRT_Sourcefire). [More on recent FD debate.] #
- Say Goodbye 2 WEP & TKIP http://bit.ly/9dK0EW (via @aircrackng @nickitsec) [Only in new devices & starting in 2011.] #
- Case 4 Cybersec Insurance http://bit.ly/a42IJ0 (via @DrInfoSec) [Nice read fr @BrianKrebs. And wow, it actually worked.] #
- YouTube Wins Case Against Viacom http://bit.ly/aNCzQF (via @bobgourley) [Wow.] #
- Exploiting the Exploiters http://bit.ly/criHhX [Nice read.] #
- Google Vanishes Android Apps fr Citizen Phones http://bit.ly/bpDw9Y [Freakin security researchers messing w/ marketplace.] #
And in closing, who could forget the tweet of the week?
- Finally iPhone wallpaper 4 Security folks still doing obscurity thing http://bit.ly/bjDQim (via @IBMFedCyber) #totw #
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…
No related posts.
