Grecs’ Weekly Infosec Ramblings for 2010-09-30

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

[Sorry all for not cleaning this up. Real job is still hitting me hard. -Grecs]

• #CON At #ASDC10 Kevin Johnson (@secureideas) & Tom Eston (@agent0x0) of http://j.mp/ceKHDs Social Zombies Gone Wild (via @AppSecDC) #
• #CON At ASDC10#! Rafal Los (@Wh1t3Rabbit) Measuring Sec: 5 KPIs 4 Successful WebApp Sec Programs http://bit.ly/coRqAa (via @AppSecDC) #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-09-23 http://bit.ly/bPIokO #
• Chain of Trust? “Yeah, that’s the chain I keep hitting you with until you trust me.” (via @danphilpott) [Lol.] #
• #TODO Apple Security Update 2010-006, File Sharing and Mac OS X defaults http://j.mp/dtU5hf (via @TenableSecurity @pauldotcom) #
• The full story of the twitter worm from its creator @matsta http://j.mp/bNy72n (via @ThisIsHNN) #
• Different Flavors of Insider Threat http://j.mp/9zf0AV (via @DarkReading) [Interesting ways to categorize.] #
• “Security Lessons Learned From The Diaspora Launch” http://j.mp/asXuEr (via @theharmonyguy @pmhesse) [Doesn't look good.] #
• News-related-2-infosec Daily out! http://bit.ly/chPjb2 Top stories today by @regsecurity @securitystuff @roercom @grecs (via @jaysonstreet) #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-09-23 http://bit.ly/aWKTne #
• Here’s an idea I could buy into. RT @GuyKawasaki: Naps give powerful competitive adv http://j.mp/duMZzh (via @petermannmc) [Yes!] #
• #CON AppSecDC schedule of talks posted! http://j.mp/bpwi1L (via @wadew) #
• NIST rel draft SP 800-56C Recommendation 4 Key Derivation thru Extraction-then-Expansion http://j.mp/axcsYg (via @danphilpott) #
• The first article by @anton_chuvakin in Prism’s Newsletter on FISMA logging, “FISMA HowTo”: http://j.mp/aoC0T6 (via @danphilpott) #
• #EDU Quick Forensic Challenge http://j.mp/delV70 (via @sans_isc) #
• GSA Poised 2 Rel Security Guidelines 4 Cloud Products http://j.mp/9Nm9On (via @PhilHall @danphilpott) [Poised = 2 years? ] #
• #CON Our full training lineup is also online. Top training at fraction of cost of other events! http://j.mp/9WpMa2 (via @AppSecDC) #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/a01Sxk #
• IN CASE U MISSED IT: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/9Wq2uI #
• #MEETUP 1. No Sep mtg! 2. Oct date TBD, loc ReverseSpace, Lightning talks! 3. Nov. 4 info pen (via @OWASPNoVA) #
• #CON DojoCon 2010 is a free event, attendees bring food/drink 2 enter con, call it potluck w/ awesome talks. (via @DojoCon) #
• #CON DojoCon 2010: Reg will b done UnConference style via Wiki. Registration will open up October 15, 2010. (via @DojoCon) #
• #CON DojoCon 2010: DojoCon will have no corporate sponsors. This will be a Con by the people, for the people. (via @DojoCon) #
• Symantec report on PDF malware published as PDF http://j.mp/cQS0Ok Where’s Alanis Morissette when U need her? (via @werntzp) [Lol.] #
• Scareware Apes Microsoft Security Essentials – Security Watch http://j.mp/ae5FOw (via @bobgourley) [Watch out 4 imposters.] #
• #NOVABLOGGER 5 Reasons “dot-secure” Will Fail http://bit.ly/9Ar5uF http://j.mp/nispblog (via @novainfosec) #
• Titanic Sunk by Steering Blunder, New Book Claims http://j.mp/9FomkQ (via @b6n @GoldbergLawDC) [This always seems 2b interesting.] #
• Twitter fixed goat sex EXPLOIT (http://bit.ly/dfOwu4), not VULN (http://j.mp/dC44UV). (via @stevewerby @dallendoug) [Tough week.] #
• Software Security 4 Developers http://j.mp/b8GR0s (via @CSOonline) [Nice complete post.] #
• WTF Worm Makes Twitterers Declare Goat Lust http://j.mp/9UITZK [Man, Twitter is getting hit hard lately.] #
• Zeus botnets’ Achilles’ Heel Makes Infiltration Easy http://j.mp/cQGQAu [Hurry up & get your botnets patched. ] #
• #MEETUP Charmsec is this week. Thursday 7PM at @Slaintepub. Be there, don’t be square. (via @electricfork) #
• Court Says Pers Injury Plaintiff Has 2 Give Defendant Access 2 FB & MySP http://j.mp/bFjfiV (via @WeldPond @StrongwaterSec) #
• Re previous tweet .. Maybe this will cut down on friv lawsuits. #
• “Free Malicious PDF Analysis E-book” http://j.mp/dCZ0nO (via @DidierStevens @mubix) [Nice find.] #
• #JOB “Gartner-heads” vs “Packet-heads” http://j.mp/cwcrQF (via @anton_chuvakin @bvPredator) [Excellent post.] #
• ZeuS Variants Targeting Mobile Banking http://j.mp/b6kATW [MITMO attacks getting more prevalent.] #
• FYI: Cyber Storm III is taking place this week. Cover your tubes. (via @pmhesse) [Can't wait ] #
• #CON Just wrapped up #OWASP Day at DHS Software Assurance Forum. Great event, .. See U at @AppSecDC! (via @owaspdc) #
• #MEETUP CapSec is this Wednesday downtown. Security people in or near DC, come out for drinks (via @sintixerr) #
• Cyber Storm finally underway: http://j.mp/aYdS64 Will be a fun week. #cybersecurity #DHS (via @werntzp) #
• #EDU 5 Specialized Career Tracks-Opportunities Create New Educational Options 4 Security Pros http://j.mp/cQebTJ (via @InfosecCareer) #
• BLOGGED: Where You Want to Be This Week for 2010-09-27 http://bit.ly/91V1uZ #
• IN CASE U MISSED IT: Where You Want to Be This Week for 2010-09-27 http://bit.ly/97L2mK #
• #MEETUP Reminder, #CapSecDC is tomorrow! At Stetson’s, 1610 U Street NW, & maybe rambling down to DC9 later. (via @capsecdc) #
• MITRE has released Common Weakness Enumeration (CWE) version 1.10, changes: http://j.mp/azGTM1 (via @danphilpott) #
• We are at yellow for 24 hours for ASP OOB Microsoft vulnerability. We R planning on going back 2 Green tomorrow. (via @sans_isc) #
• Reminder: CapSecDC Meetup @ Wed Sep 29 6pm – 9pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #
• LOL @ responsible disclosure to botnet/malware authors http://j.mp/9yo99w (via @rybolov) #
• #CON #OWASP Agenda Post #APPSECDC2010 in the heart of Washington DC – Don’t miss this event ! (via @brennantom @mschafer) #
• Where the hell is FedRAMP? I was expecting ticker-tape parades earlier this month & it’s been eerily quiet. (via @rybolov) <- +1 #
• #NOVABLOGGER Evidence Based Risk Management & Applied Behavioral Analysis | http://j.mp/adaf0l (via @alexhutton) #
• When Fully Patched Browser Won’t Help http://j.mp/913Vjf (via @DarkReading) [Nice read.] #
• FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts http://j.mp/ce3FHd (via @carnal0wnage) [Whoa!] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter