Grecs’ Weekly Infosec Ramblings for 2010-08-05

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

Didn’t have much time to look for any local meetups and conferences this past week but I did come across a few upcoming conferences as well as a community announcement.

• #CON Reg open 4 6th Annual IT Security Automation Conference 9/27-29, Baltimore CC #SCAP http://bit.ly/9ayeni (via @danphilpott) #
• #CON RT @dallendoug @AppSecDC: Present 4 those in Vegas: still time 2 submit papers 4 AppSec DC 2010! CFP is now open until Aug 15th! #
• #CON Just a reminder, we’ve extended our CFP to 15-August. http://bit.ly/c3RzxJ Any issues, email cfp@appsecdc.org (via @AppSecDC) #
• #CON #NOVABLOGGER: Metricon is Next Week http://bit.ly/b0Houu http://j.mp/nispblog (via @novainfosec) #
• #CON Dusting off cobwebs of feed 2 announce ShmooCon 2011. 1/28-30 at Wash Hilton. http://www.shmoocon.org/ (via @shmoocon) in reply to shmoocon #
• Hello Reverse Space friends! Join our Google Group http://bit.ly/b5iDVx (via @ReverseSpace @mubix) [New hacker space in Herndon!] #
• #CON #ShmooCon 2011 – Jan 28 through Jan 30: http://bit.ly/9Yvo0S (via @mubix) [In case any1 missed this.] #

I guess the same goes for tracking some of our awesome local infosec bloggers and us actually putting out NovaInfosecPortal posts.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/aX0JlE #
• July 2010 Hakin9 Magazine Published http://bit.ly/biqXRh (via @taosecurity) #
• August 2010 Digital Forensics Magazine Published http://bit.ly/c1YstZ (via @taosecurity) [And for those in forensics.] #
• #NOVABLOGGER Illogical Cloud Positivism http://bit.ly/cyPgla #

And the reason why I didn’t have much time … as you may have expected … there was a lot of Vegas activity. First from BSidesLasVegas and BlackHat (although most of those tweets showed up last week)…

• The Irony – Black Hat Video Stream Hack http://bit.ly/9ycQ3t (via @DrInfoSec) [Nice writeup.] #
• How malware authors leave behind their fingerprints: http://bit.ly/aHUKTf [Was reading @taosecurity 's tweets bout this.] #
• Black Hat 2010: Even with SSL/TLS, browsers still R susceptible 2 attack http://bit.ly/abvNKg [What a/b SSL over a VPN? ] #
• Real-World Attacks With Social Engineering Tookit http://bit.ly/aBwOR7 [Nice talk from #BSidesLV.] #
• BSides LV Videos Up http://bit.ly/doE06e (via @Jhaddix @mschafer) #

And then finally the big weekend party that is Defcon. Here is my running commentary throughout the con.

• RT @schuetzdj: @grecs We eventually got the last key http://bit.ly/an6H5l #
• The making of the #defcon badge .. http://bit.ly/cjU0LC Now I’m really upset I didn’t get one. #
• RT @schuetzdj: iPhone app 4 #defcon is in app store. New features: what’s happening “right now” & mark fav talks 4 later. Woot! #
• In track 4 to watch this whole badge hacking thing (that I didn’t get ) #
• Enjoyed the badge talk. Wow what a line afterwards. Just walking around exploring. Oh, & 3G sux here. #defcon #
• My #DEFCON 18 Badge portfolio page is up. Schematics, etc. http://tinyurl.com/dc18badge (via @joegrand @mubix) [Re 1 talk went 2.] #
• In Got Root talk. Avoiding Dan’s #
• Whoa, this is deep? Interesting tho. #defcon #
• How to Steal Corporate Secrets n 20 Minutes: Ask http://j.mp/c9HTid (via @petermannmc) [Fun at #defcon.] in reply to petermannmc #
• Social-Engineering Contest Exposes Secret info at BP http://j.mp/bGi4Xo [Very good summary article. #defcon] #
• Podcasters meetup – Track 2 at 21:00 #defcon (via @ChrisJohnRiley @mubix) [Heading over. #defcon ] in reply to mubix #
• WTF. I just paid $4 for a small cup of ice. Oh & there was little bit of Diet Pepsi. The @jaysonstreet diet is expensive. #defcon #
• Checked out some of hacker jeopardy at #defcon. Looked like a good time. The room was packed. #
• Cell-Phone Tapping Device Demo http://yhoo.it/9M5OCH [For all those waiting in line at #defcon.] #
• Hackers Pick Up Where Facebook Privacy Leaves Off http://yhoo.it/aysE2X [Nice sum of yesterday's talk 4 those that missed it.] #
• Don’t forget Hacker Pyramid, we’re going crazy this year – 9pm Sat – #defcon (via @spacerog @chrisclymer @jaysonstreet) #
• In App Attack at #defcon. Should b interesting look at mobile apps. #
• Waiting for Spyware Developer talk to start at #defcon. #
• Re Spyware talk .. A bit dated but fascinating look into the who, what, and how of this industry. #defcon #
• RT @rmogull has 4 Ninja badges he’s giving away. To win one, the codephrase is “The Travelocity gnome digs handjobs” RT to win #defcon #
• I’m desperate to replace my plastic #defcon badge. #
• Checking out iPhone/TOR talk at #defcon. So many good talks during the timeframe. #
• There is the home router dns rebinding one that was presented at BlackHat and now #defcon. Here’s an art for it. http://bit.ly/bPQKVV #
• And of course @jaysonstreet ‘s social engineering talk. #defcon #
• Researcher intercepts cellphones in live GSM hack at #Defcon: http://bit.ly/d2KboD [Guess he went thu w/ demo.] #
• Generic DefCon Report: <Hacker> demonstrated dangerous vuln in <Technology> which puts ur <TechnologyFunction> at risk! (via @danphilpott) #
• Getting ready to watch #Defcon Security Jam. Technical problems tho. #
• Fail panel is freaken hilarious but time to move on. #defcon #
• Fumbled into a DualCore concert at #defcon. #
• 1st groups in Hacker Jeopardy were hilarious. Going into final, winning team had -$500. #defcon #
• Gonna check out this whole freakshow thing. #defcon #
• Oh what the hell, that world buffet breakfast thing for 4th day in a row. #
• Twitter down for hours of ‘planned maintenance’ http://yhoo.it/9cex5F [And I thought it was just a #defcon problem.] #
• In PowerShell talk at #defcon. Gonna hang in Track 2 for the afternoon. #
• Backtrack 4 on phone bank of the riv #defcon http://bit.ly/abdjKK (via @tinman2k @mubix) [Saw this. Pretty funny.] #
• PowerShell preso was good. Plus entertaining stories. SOC talk bout 2 start in Track 2 at #defcon. #
• SOC talk was a little basic. In Secubus talk now at #defcon. Basically a tool to schedule vuln scans & allow quick review of results. #
• Heading off to my final #defcon session .. Social Networking Special Ops. #
• Chargin up and then to head home fr #defcon. I’m goin back to NoVA, NoVA, NoVA. #
• Trying 2 figure out Project Vigilant story. They say they just spy on ISP users running nmap? http://j.mp/9W8hqe (via @packetwerks) in reply to packetwerks #
• Using 36 Strategems 4 Social Engineering (feat. @JaysonStreet) http://bit.ly/axByXa (via @DrInfoSec) [Nice recap of #defcon talk.] #
• Hack Uses Google Street View Data 2 Stalk Victims http://bit.ly/98N4Uq [Nother #defcon sum.] #
• Researcher Reads RFID Tag From Hundreds Of Feet Away http://bit.ly/dwhNvD [One of 2 of his great #defcon talks.] #
• Razorback Presentation from #Defcon http://bit.ly/dy3Ggv (via @Sourcefire @mroesch) #

Well that was enough for Vegas. Now onto enhancing our careers so we can get “the man” to pay next year.

• #JOB Who wants 2 b Director, Network Security Deployment at DHS’ Nat. Protection &..? http://bit.ly/ay33xv (via @danphilpott) #
• #JOB wow we may need to be hiring again soon here at @geminisecurity (via @pmhesse) in reply to pmhesse #
• #JOB Career advice fr @mmurray & @LJKush: “If U don’t invest in yourself, don’t expect any1 else 2″ http://j.mp/auxi2W (via @DrInfoSec) in reply to DrInfoSec #
• #JOB CND Web Services Systems Analyst http://bit.ly/cVPn0B (via @derekcslater) #
• #JOB RT @gdead: Like travel? Like breaking things? Interested in a job at @pontetec? Contact me for more info. #
• #JOB Hiring Sr Data / DB Security Specialist in Washington, DC – http://bit.ly/ba5EEA #itjobs (via @Shpantzer) #
• #JOB Who wants to be Chief of Staff 4 Director of DHS/NPPD/Office of Cybersec & Comms? http://bit.ly/9Sq0eH (via @danphilpott) #

Plus cyber security continues to hum along in the government sector.

• New Draft Computer Security Doc Focuses on #CloudComputing & Virtualization http://bit.ly/9CVJUO #NIST (via @rgaucher) #
• NIST Info Security & Privacy Advisory Brd is broadcasting its 8/4-6 meetings, on now http://bit.ly/d8vAjP (via @danphilpott) #
• NSA & National Cryptologic Museum http://bit.ly/a305h7 (via @schneierblog) [If you're around DC, this is def something to checkout.] #
• NIST published public cmts 4 drafts of SP 800-131 & SP 800-132, both #crypto docs http://bit.ly/9laJ5N (via @danphilpott) #

You can also keep yourself busy with these interesting newsbites:

• Internet Infrastructure Reaches Long-Awaited Security Milestone http://bit.ly/8ZnH4T [Wow, took 2 years.] #
• Symantec 2010 predictions prove to be [mostly] on track http://bit.ly/cTrz3I [interesting] #CrystalBall (via @DrInfoSec) #
• CSA Launches Security Certification 4 Cloud Computing http://bit.ly/adxDgH (via @mschafer) [Let the cert debates begin.] #
• Decision a/b our con speakers: Greg Evans removed from our list:.. http://bit.ly/9U8ket <–It’s official #ligatt (via @Shpantzer) #
• JailbreakMe 2.0 for iOS 4 http://bit.ly/9jY2c3 [Wow, this looks easy.] #
• Patch 4 Critical Windows Flaw Available http://bit.ly/b3yLcv (via @briankrebs) [Now 2 see how long it will take 4 people 2 apply it.] #
• Wall Street Journal Reveals how MS’s Advertising Biz Sabotaged Web Privacy http://bit.ly/9CiyeK (via @EFF @carnal0wnage) #
• ZDI Bug Bounty Program Imposes Fix Deadline for Vendors http://bit.ly/9wNGQu [6 months..] #
• Do Not Share ur Device’s Files When Join Public Wi-Fi http://bit.ly/brma5x [Nice art. Didn't mention VPN. http://bit.ly/d1KFnH #
• AV Detects Avg of <19% of Malware http://bit.ly/aApYnR [30%-93% by day 30] <- AV #fail (via @DrInfoSec) [+1] #
• My Smartphone Can Beat Up ur Phone http://bit.ly/dARTMH (via @hdmoore @mubix) ["best case scenario is drive-by jailbreaking"] #
• Cloud-Based DoS Attacks Looming http://bit.ly/axwOaN [Wow, only $6 to take down a SMB.] #
• Researchers Throw Down Gauntlet in Vuln Disclosure http://bit.ly/dq7rfK [Things starting to take form. 15 days to 6 months.] #
• Cracking Software Retrieves iPhone 4 Passwords http://bit.ly/aznoeQ [Interesting.] #
• Crimepack: Packed with Hard Lessons http://bit.ly/cHrGoO [Nice post by @BrianKrebs re this kit.] #

And in closing, who could forget the tweet of the week?

• RT @danphilpott: RT @myrcurial: It doesn’t matter NIST doesn’t offer RSS feeds of new or updated content, we have @danphilpott #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter