Grecs’ Weekly Infosec Ramblings for 2010-11-11

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

• Security laws, regulations and guidelines directory http://j.mp/aLS6g4 (via @CSOonline) [Nice reference.] #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-11-04 http://bit.ly/9SNguq #
• SQL Slammer Clean-up: Roundup and Review http://j.mp/alFWOB (via @sans_isc) [Nother good summary fr their Oct posts.] #
• Election Impact on Cybersec. Passage of Sig Infosec Bill in 2010 in Doubt. New GOP Cybersec Leaders. http://j.mp/ankJdr #
• WH Secure Cloud Computing Guidance: FedRAMP Reqs Aimed to Ease Cloud Computing Adoption http://j.mp/d96Hvx [We'll see.] #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-11-04 http://bit.ly/cUfnji #
• NIST released SB Oct. 2010 Cyber Security Strategies For The Smart Grid http://j.mp/cBBFkF (via @danphilpott) [PDF.] #
• Another day, another update https://www.shmoocon.org/news (via @shmoocon) [Waiting for Monday.] #
• #CON #ASDC10 is NEXT WEEK! A little bit of everything left (hotel rooms, training slots). Sign up! http://j.mp/9jY0m0 (via @AppSecDC) #
• Finished #BSidesDE talk on getting into infosec. Hope everyone enjoyed it. Now can relax and enjoy rest of #CON #
• Lockpick village closing down for lunch at #BSidesDE Next intro session looks to be at around 1:00 or so. #
• #BSidesDE streaming links are on the wiki page http://bit.ly/BSidesDE play along at home (via @kickfroggy @SecurityBSides) #
• Woot! Lunch at #BSidesDE #
• Checking out lockpick intro at #BSidesDE #
• Hacking Your Way into an Infosec Career #BsidesDE http://j.mp/c0SGIu via uStream (via @grauwulf) [Look ma, I'm on TV.] #
• “How 2 Pwn an ISP in 10 mins or less (without really trying)” at 3pm in Track 1 at #BSidesDE (via @theprez98) [Lookin forward 2 this.] #
• Heard @MJCdotme crushed it at #BSidesDE #
• Listening to “How to PWN an ISP in 10 Minutes” by @theprez98 #BSidesDE (via @azretd) [+1] #
• Watching ShoNuff talk at #BSidesDE #
• I’ve been faithfully plugging @reversespace all day here at #bsidesde @tiffanyrad (via @chop_sey) #
• #BSidesDE @rossja kickin it real in Track 1! Sho—-nuf! (via @mubix) [Nuff said. ] #
• Checking out SE talk at #BSidesDE #
• Listening to good marriage advice from @phat32 in his SE talk #BSidesDE (via @bbaskin) [Yep, we're all still learning.] #
• . @phat32 SE tip: active listening or “how not to sleep on the couch” #BSidesDE (via @kickfroggy) [And in a related note.] #
• #BSidesDE Ex of non-verbal communication: Go home & pet your cat wrong way. Audience member: Is that a euphamism? (via @SinderzNAshes) #
• Hanging out at Iron Hill w/ @bvpredator. Where’s everyone? #BSidesDE #
• Watching ShoNuff talk at #BSidesDE #
• Obviously Twitter client #fail on last tweet. #
• Continuous Monitoring on Hacking The Universe http://j.mp/c7hvyk (via @samjcurry @danphilpott) [Nice read 4 those in fed space.] #
• At #ASDC10 RT @DarkReading: Researchers to demonstrate new method of slow HTTP POST DDoS: http://j.mp/9bRUIN (via @AppSecDC) #
• In case U missed it: FedRAMP. My first impression? We’re gonna need bigger boat. http://j.mp/djBxdt (via @Beaker @danphilpott) #
• #JOB Tech Skills Not Enough to Advance http://j.mp/cTpXco [Worth a listen.] #
• ShmooCon Ticket Update Posted http://bit.ly/cjjvO9 [Looks like it will be a few more days.] #
• IN CASE U MISSED IT: Where You Want to Be This Week for 2010-11-08 http://bit.ly/9PG9Ec #
• How to Break Into a Mac (And Prevent It from Happening to You): http://j.mp/aISME5 (via @mushy99 @jaysonstreet) #
• #NOVABLOGGER Just for @joshcorman – A newshcool post – Cloudiots on Parade: http://j.mp/ahN3Bh (via @alexhutton) #
• BLOGGED: Where You Want to Be This Week for 2010-11-08 http://bit.ly/9LdVVd #
• #NOVABLOGGER Buyer Beware on SSL Certificates http://j.mp/bKZHBk (via @fudsec @pmhesse) #
• #MEETUP Next Mtg: Dec 2, 6-8pm @ReverseSpace (http://bit.ly/avcQmE), 2011 Planning + Lightning Talks! http://bit.ly/bcCfRh (via @OWASPNoVA) #
• So you want to be an exploit developer? A realistic guide: http://j.mp/9pkQdM (thanks to @Myne_us) (via @hdmoore @mubix) #
• #MEETUP Little under week until open invite @Unallocated Space opening party! http://j.mp/9bkBto Sat 11/13 8PM. (via @Unallocated) #
• #CON Use hash tag #ASDC10 for AppSec DC on twitter! (via @AppSecDC) #
• 4 Benefits of Common Criteria Product Evaluations http://j.mp/arT2f2 #CC #NIAP #infosec (via @DJWILS285 @danphilpott) #
• Had pleasure of being speaker handler for @neildaswani at #asdc10 Watching him give an awesome talk re drive by downloads. #
• Also finally met @mschafer at #asdc10 Go NoVA!!! #
• #AppSecDC heading into the afternoon. CTF is up and running, shirts are on sale, talks are rolling along. #ASDC10 (via @AppSecDC) #
• Cool DNSSEC talk by Suresh at #ASDC10 See http://j.mp/bFjVdw for more. #
• Watching Dave Wichers talk about strengths of combining code review and pen testing at #asdc10 #
• Dinner 2night 4 #asdc10 crew @ Zengo 6:30pm. Res under Schafer. 781 7th St NW. 3 miles fr show. (via @mschafer) [Note: 0.3 miles!] #
• QOTD: “It’s hard 2 reverse engineer something that wasn’t engineered in 1st place” – Andrew Wilson #asdc10 (via @chuckatsf) #
• David Shelly talking about some of his research at VA Tech re comparison of web app scanners. #asdc10 #
• Will Dave Shelly reveal the best webappsec scanner? … Nope. More a/b methodology & ways to improve. #asdc10 #
• At Zengo with 25 if my closest appsec friends. #asdc10 #
• Large group at Zengo for #ASDC10 http://post.ly/1BLQ6 (via @agent0x0) [Here's the crew!] #
• .@kodefupanda is “Heavy” in real life #TF2 #ASDC10 RT @nahsra: 2 reasons 2 come to #appsecdc http://j.mp/dCENdF (via @AppSecDC) #
• Thanks to @falconsview and @geminisecurity for dinner after #ASDC10 #
• #CON Come hear #Verizon Wade Baker at Gov Security Con #govsecurity 11/16-11/17 in DC. http://j.mp/aTdM2I (via @alexhutton) #
• NIST has Online DB 4 Spec Pub 800-53 Sec Ctrls: http://bit.ly/bRAoWt (I’m still partial to: http://bit.ly/3NmOLU ) (via @danphilpott) #
• Watching Ron Ross give his keynote at #asdc10 Got to shake hands with THE man prior to his talk. #
• A Security ‘Patch’ for Web Development Frameworks http://bit.ly/bKyDHC #ASDC10 (via @DarkReading) #
• Changing Passwords: How often should you change your password? http://bit.ly/aXCl6Q (via @schneierblog) #
• Watchin “Coudy w/ Chance of Hack” by Lars Ewe at #asdc10 #
• If U need another reason to make it to AppSecDC, your not doing it right! http://bit.ly/9NImzJ HT @ibuetler #ASDC10 (via @AppSecDC) #
• Lar’s Top 5 WebAppSec Myths at #asdc10 We use SSL so that’ll protect my site. We have never been hacked. #
• Lar’s Top 5 cont at #asdc10 We’re PCI compliant. We test some of our webapps once a year. Too expensive. [Enjoyed these.] #
• Alt way to follow tweets by those at AppSecDC. http://bit.ly/a9qWOH #asdc10 (via @stevewerby) #
• New techniques render bots useless to Zeus, other info-stealing botnets: http://bit.ly/9Jtj4h #ASDC10 (via @DarkReading) #
• Learning about exploiting media for fun/profit by @ayampolskiy at #asdc10 Very interesting.. #
• OWASP Secure Coding Practices Quick Ref Guide v2 http://bit.ly/a1or1V #asdc10 (via @stevewerby) [Nice.] #
• Lessons learned at #asdc10 and media security .. don’t install the free required encoder. #
• In Social Zombies Gone Wild at #asdc10 Can U say nerf war? I’m sitting behind all the peeps with guns. #
• t-minus 3 hours and change until my talk at #ASDC10 – what are *you* doing todaY? (via @falconsview) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter