Grecs’ Weekly Infosec Ramblings for 2010-12-02

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

• #NOVABLOGGER Trying Ubuntu 10.10 in AWS Free Usage Tier http://bit.ly/h6LejJ http://j.mp/nispblog (via @novainfosec) [Nice!] #
• DNS hijack used to deface Secunia http://j.mp/gojW45 (via @regsecurity) #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-11-25 http://bit.ly/hCdRTM #
• VMWare Fusion Upgrade for $10 http://bit.ly/enpDsV Offer good til 12/31. (via @schottac @geekgrrl @jasonmoliver) #
• A ZeuS variant is getting selective.. http://bit.ly/i4mWN3 #
• Sidestep http://lifehac.kr/hLMZQm (via @jaysonstreet) [Nice app! Article has lots of other good articles to ref.] #
• Using Pwd Cracking as Metric/Indicator 4 Org’s Security Posture http://j.mp/h9jQIR (via @sans_isc) [Interesting.] #
• Minivan in little fender last week. Enjoying the rental .. a Swagger Waggon .. http://bit.ly/h1A3CD I still think this vid is hilarious. #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-11-25 http://bit.ly/guA2P1 #
• #MEETUP IEEE NoVA: Sit Awareness of Risk Mgmt Processes: Increasing Risk Analysis Effectiveness, 11-30 http://j.mp/f7Qzdp (via @danphilpott) #
• Interesting.. Kind of like dictionary attack against blurred images. http://j.mp/haSbkr (via @singe @0ph3lia @MJCdotMe) #
• DHS Seizes 70+ Sites 4 Copyright/Trademark Violations http://j.mp/fn50aS (via @kingtuna) [Will b interesting 2 C outcome.] #
• New Metasploit GUI just Released http://j.mp/fTOmjb (via @dave_rel1k @kodefupanda) [Hey, maybe now even I can use. ] #
• #NOVABLOGGER What is InfoSec – A New School Primer http://j.mp/hpDrMC (via @alexhutton) #
• #MEETUP 6 people showed up to the DC2600 meeting on 11/05/2010 #2600 #dc2600 (via @DC2600) [Next one coming up soon.] #
• #NOVABLOGGER Created a script to validate rescan data from Nessus. http://j.mp/gbuvT1 fun stuff. (via @jasonmoliver) #
• I need to find time to play with this http://j.mp/fTOmjb Armitage metasploit GUI (via @jasonmoliver) [<- Dev is local to DC too.] #
• Cables Obtained by WikiLeaks Shine Light into Diplomatic Channels http://nyti.ms/eNEN1o (via @manicode @kyrah @dallendoug) #
• Interesting info re Google attacks & China speculation fr Wikileaks http://tcrn.ch/eHfBtk (via @troyhunt @manicode) #
• Wikileaked US Cables Link China to Google Hack http://bit.ly/hkE6QQ [More via @regsecurity.] #
• Lone Hacker Theory in Wikileaks DDoS Attack http://bit.ly/eGgorV [Not 1 to support such activity however exception in this case.] #
• BLOGGED: Where You Want to Be This Week for 2010-11-29 http://bit.ly/f5YdVs #
• IN CASE U MISSED IT: Where You Want to Be This Week for 2010-11-29 http://bit.ly/eGzqwP #
• OMB released M-11-06 WikiLeaks – Mishandling of Classified Information today http://bit.ly/fVZJ3F (PDF) (via @danphilpott) #
• Researcher Warns of iPhone Phishing Peril http://bit.ly/eYL831 [Hey if U can do it on a browser, you can do it on an iPhone.] #
• #MEETUP Recovered fr your turkey yet? Come out to #CapSecDC this Wed the 1st! ~6PM at Stetson’s (via @capsecdc) #
• #EDU So you wanna be a “cyber warrior”? http://bit.ly/eEiHEY (via @IBMFedCyber) [Interesting.] #
• #CON See http://www.shmoocon.org/news for updates concerning December 1st. (via @shmoocon) #
• #MEETUP Last reminder: RSVP for Th chapter mtg, bring lightning talk, & BYOB!! http://bit.ly/cHH19L (via @falconsview @OWASPNoVA) #
• The Security Data & Survey Directory http://bit.ly/hN20OV (via @derekcslater) [Another nice resource.] #
• Also took chance to upd Security Metrics: Critical Issues http://bit.ly/euFxXL (via @derekcslater) [Anther good resource.] #
• Pentagon Attempts to Fight Leaks by Disabling “Write” Access http://bit.ly/dWDXwN (via @weldpond @mikkohypponen @danphilpott) #
• New HTTP POST DDoS Tools Unleashed http://bit.ly/h7QVnf [They presented this at AppSecDC.] #
• White House Orders Security Clampdown http://bit.ly/dKyTMn (via @Nathiet) [Agreed but .. Can U say kneejerk reaction?] #
• We should have been doing this all along.. #
• EFF Updates Us on ICE Domain Seizure Issue http://bit.ly/e9p77r (via @ioerror @carnal0wnage) [Interesting.] #
• How to Mitigate Slow HTTP DoS Attacks w/ @ModSecurity http://bit.ly/gBthK6 (via @lennyzeltser @drinfosec) [Wow, what a post.] #
• #CON DojoCon 2010 Schedule http://bit.ly/egH7R5 (via @MJCdotMe) [All speakers up .. check it out!] #
• #NOVABLOGGER Cyber Defense Competitions: Still Good After Graduation http://bit.ly/fiTwdc http://j.mp/nispblog (via @novainfosec) #
• Is iPhone identifiable on WiFi network? http://bit.ly/i6t9jo (via @securityninja @drInfoSec) [More helpful iPhone sec advice.] #
• “Redefining APT” http://bit.ly/g37YQM (via @stiennon @cyberwar) [Worth a quick read. What do you think?] #
• BLOGGED: WikiLeaks and the Infosec Political Reaction Lifecycle http://bit.ly/hpbUT9 #
• IN CASE U MISSED IT: WikiLeaks and the Infosec Political Reaction Lifecycle http://bit.ly/hbMGMj #
• China blocks WikiLeaks – Does not want to damage relations with US http://j.mp/gOe2qy (via @thetecheye) (via @tmacuk @jaysonstreet) #
• Why Fed Gov Wage Freeze Shouldn’t Deter Hiring, Retention of Cybersecurity Pros. http://j.mp/fkbZHb [Really?] #
• Wikileaks hit by second DDoS http://j.mp/htBkSZ (via @regsecurity) #
• Brucon 2010 Videos Released http://j.mp/ew6aDz (via @security4all @carnal0wnage) #
• Is the wikileaks backlash already here, moving away from info sharing? http://j.mp/gDK8gW (via @Shpantzer) #
• #CON DojoCon 2010 is next weekend Dec 11-12 http://j.mp/eKS3cc #dojocon (via @MJCdotMe) #
• Replicating functionality of SteadyState in Win7 http://bit.ly/ejWTOq (via @DrInfoSec) [No easy solution. Go DeepFreeze.] #
• Dec 2010 @hakin9 Issue! Botnets, Malware, Spyware http://bit.ly/htiiSa (via @Israel_Torres @drinfosec) #
• #CON EH-Net’s Global Calendar of Security Events 4 Dec 2010 http://bit.ly/ihid7P [2 around DC. See http://bit.ly/nispcal 4 more.] #
• How 2 get invite 2 RSA Security Bloggers Meetup http://bit.ly/esQ6gv (via @petermannmc) [Hey, NoVA Bloggers check this out.] #
• #MEETUP Oh & charmsec #31 is scheduled 4 Dec 16th (a Thursday) to avoid holiday mayham. charmsec.org for details. (via @charmsec) #
• Tool named after Chinese goddess who “patched the sky” patches offline VMs http://bit.ly/fpb20m [Interesting.] #
• #CON SANS CDI: Dec 10 – 17 in DC. Discuss on EH-Net http://bit.ly/ig9f7C 10% w/ code Connect_EHN10 (via @ethicalhacker) #
• #CON DojoCon 2010 Dec 11-12 in Dulles, VA. Still time to reg! http://bit.ly/dUWeX7 (via @ethicalhacker) #
• F5 and Command-R ready to go. #shmoocon #
• I wish the #shmoocon reg page had a countdown timer or something.. #
• Woot! Nuff said.. #shoocon #
• Woot! Nuff said. #shmoocon (with proper spelling of ShmooCon this time) #
• My better half was even F5 for me. Next year I need to get my son involved. #shmoocon #
• 10 Biggest Security Stories of 2010: http://bit.ly/hTEQEJ (via @mschafer) [That time of yr again. Still have 1 mo left tho.] #
• Come on @regsecurity .. using “Russia beats off US, floods world with spam” at title. Think you stepped over it this time. #
• Maybe I’m just reading it wrong. #
• John the Ripper – Why U Are Doing It Wrong http://bit.ly/dP4mJQ (via @ethicalhacker) [Who could pass pass up a JTR article?] #
• More @regsecurity odd titles.. “German exec banged up in private-dick wiretap ring probe”. #
• #EDU Course Review: Cracking the Perimeter by @offsectraining http://bit.ly/gfBkEt (via @ethicalhacker) [4 when training budget returns.] #
• What it’s like to be a woman in a mostly male industry http://bit.ly/g7zm2E [Good read.] #
• Google extends security sandbox to Adobe Flash http://j.mp/eRiwAw [Nice. Unfort not for Mac yet.] #
• Cloud computing goes big time with a big gov contract.. Guess who. http://bit.ly/gzFM7W #
• Nice move by Amazon re hosting WikiLeads.. http://bit.ly/gQT0lk #
• To all you self-hosted WP bloggers out there .. time to update. Doesn’t look too bad but still. http://bit.ly/hHfrfQ #
• Fed cybersec spending heading to $13B .. more job “security” (no pun intended ) http://bit.ly/ecLQn6 #
• Nice year in review from @SCMagazine in list format. http://bit.ly/hDH0vm #
• Cloud Increasingly Being Used by Criminals http://bit.ly/h0F6VW (via @teksquisite @derekcslater) [Figured this would happen.] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter