Grecs’ Weekly Infosec Ramblings for 2010-12-30

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-12-23 http://bit.ly/gos3Lh #
• #NOVABLOGGER The Only Trust Models You’ll Ever Need http://bit.ly/gcM7JV (via @alexhutton) #
• #CON #DojoCon My #Dojocon IDN preso slides are now online at http://bit.ly/g0y20B (via @jabolins @dojocon) #
• NIST rel IR 7502 Common Config Scoring Sys (CCSS): Metrics for Software Sec Config Vulns http://bit.ly/e8JWbM (via @danphilpott) #
• #CON Holiday gifts 4 U: We’re working w/ video vendor over break, & expect 2 see the 1st vids mid Jan! (via @AppSecDC) #
• Good read from @georgevhulme –> 2011: What’s Your IT Security Plan? https://bit.ly/gY58ZF (via @mschafer) #
• Getting Top Biz, Gov Leaders Involved in IT RIsk. NIST’s Compliance Guru Ron Ross on Risk Mgmt Framework. http://bit.ly/fdMuuO #
• Microsoft confirms IE flaw, not yet being exploited http://bit.ly/eRSL9E [Some1 is going to be busy over the holidays.] #
• 1964 300 baud acoustic modem loads Wikipedia {flash back time 4 U old timers} http://bit.ly/fiT7oQ (via @mubix) [Nice.] #
• Starting Nominations: 2010 MVP for InfoSec Volunteerism (please RT) #InfoSecVolunteerVMP (via @joshcorman @Shpantzer) #
• Thx @Paterva 4 free nice Christmas gifts: Copy of #Maltego 3.0.3 RC2 & full 1 yr lic key http://j.mp/fPfofQ (via @securityshell @mubix) #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-12-23 http://bit.ly/fJRASt #
• Woot! Cookies & carrots out and kiddos to bed. #
• Set Up and Get to Know Your New Mac http://j.mp/dN48h6 (via @lifehacker @jaysonstreet) #
• Set Up and Get to Know Your New iPhone, iPad, or iPod touch http://j.mp/fJyHxw (via @lifehacker @jaysonstreet) #
• #NOVABLOGGER Hacker Spaces: Hacking Your Social Life http://bit.ly/hCDhFX http://j.mp/nispblog (via @novainfosec) [Nice post.] #
• carders.cc hacked again. also exploit-db.org, linux-exploit.org + ettercap repository http://j.mp/gaaVlw (via @briankrebs) #
• An interesting vuln playground to learn application vulns http://j.mp/hHWzJu (via @sans_isc) [2 gr8 webapp environs.] #
• Attack code posted 4 new IE zero-day vuln http://j.mp/gAAyyH (via @teksquisite @jaysonstreet) [Wow, that was fast.] #
• Detecting Google Hacks Against Your Website http://j.mp/eczpGO (via @wireheadlance @jaysonstreet) [Interesting honeypot.] #
• Auto Computers May b Target of Hackers.. http://j.mp/gS0gYm (via @WebSecurityNews @mschafer) [Tk care of that old car.] #
• 3 Predictions re Cloud Computing for 2011 http://bit.ly/hcxFs8 <-#3 will make big diff (via @VanessaAlvarez1 @derekcslater) <- +1 #
• #JOB Opening – CIP Cybersec Specialist @ NERC http://bit.ly/fYCPnO (via @derekcslater) #
• 27th CCC – Programm: http://bit.ly/gqlBzW – Streams: http://bit.ly/dWHFmH – Hashtag: #27c3 (via @ppsde @tiffanyrad) #
• Top Ten Security Events of 2010 http://bit.ly/hNU6jV (via @wireheadlance @mschafer) [Another top 10 of 2010.] #
• #JOB OPM Creates Cybersecurity Career Path http://bit.ly/ey3aZI [Interesting. Who else is doing this?] #
• #JOB Mmmm? Path/results will be made available to private sector. #
• Here’s your weekly summary from Infosec Events.. http://bit.ly/hWfaLc #
• Secure Coding Practices Quick Reference Guide – Links to Vid and PDF http://bit.ly/hi0mKO #
• At 17 pages, it’s definitely not a quick cheatsheet .. great content though! #
• #CON EH-Net’s Global Calendar of Events http://bit.ly/huj2eq [@blackhatevents & @shmoocon for us.] #
• Privacy Alert: 10 Biggest Threats of 2010 http://j.mp/e8aN8g (via @Tynan_on_Tech @mschafer) [Nice summary.] #
• 8 IT Security Threats for 2011 http://j.mp/eAUU9C (via @GovInfoSecurity) [More predictions.] #
• Career Planning For Senior InfoSec Pros http://bit.ly/hXVxzJ [Came across this excellent article 4 mid-career infosec pros.] #
• Armitage 12.22.10 is now included in Metasploit: http://bit.ly/fTOmjb (tx @armitagehacker) (via @hdmoore @mubix) #
• One last CapSec this year this Wed! Come out to Stetson’s to say goodbye to 2010. http://bit.ly/fY64w8 (via @capsecdc) #
• Mozilla Exposes 44,000 Passwords http://bit.ly/i16HzR [At least they used good hashes this time.] #
• 10 Acts that Shaped Gov IT Security in 2010 http://bit.ly/fT9qem [Nice review.] #
• #MEETUP CALENDAR UPD: CapSecDC Meetup http://bit.ly/eImJM5 http://j.mp/nispcal (via @novainfosec) #
• Epic reply by Hansen/Poulson on Greenwald’s Wikileaks/Manning accusations http://j.mp/ebnUFX (via @hdmoore @jaysonstreet) #
• Breaking GSM Security with a $15 Phone http://j.mp/gktcfH (via @jaysonstreet) #
• Cambridge Boffins Rebuff Banking Industry Take Down Request http://bit.ly/eOc1OE [Nice.] #
• DC tops another list! Where the $200,000 Crowd Lives at http://bit.ly/h930qE (via @dsalons @dallendoug) [VA and MD up there too.] #
• Re prev tweet .. So where’s my 200K paycheck? #
• Apple No Longer Flying under Security Radar http://bit.ly/hQjcsN (via @netsec10 @jaysonstreet) #
• Good breakdown of new new Net Neutrality rules. http://bit.ly/gIebY4 #
• “2010 A Quick Look Back to Look Forward” http://j.mp/fwziKv (via @Wh1t3Rabbit @Shpantzer) #
• NIST rel SP 800-119 Guidelines for Secure Deployment of IPv6 http://j.mp/g6kpHR (PDF) (via @danphilpott) [Should b good.] #
• NIST issued ITL Security Bulletin Dec. 2010, Securing WiMAX Wireless Comms http://j.mp/gNTxNb (PDF) (via @danphilpott) #
• OWASP December 2010 Newsletter: http://j.mp/gwcwCL (via @manicode) #
• Latest NIST Guidance Targets Secure Deployment of IPv6. http://j.mp/f0hrtY (via @GovInfoSecurity) [More on IPv6.] #
• New WordPress Update Marked “Critical,” includes fix for core security bug. http://bit.ly/hZR01U (via @briankrebs) #
• More on WordPess update 3.0.4 that addresses a critical bug http://bit.ly/glAGIB #
• Civil War Message Decoded http://bit.ly/icSrKJ (via @schneierblog) [Stuff like this is always interesting.] #
• Skype Video Calling 4 iPhone is Official http://engt.co/hhR7Zm (via @0security @mubix) [Awesome. Just updated. Over 3G too.] #
• Another code cracked .. this time not Civil War era. http://bit.ly/e8rIqd #
• George Hulme’s IT Security Predictions for 2011. http://bit.ly/hByxxU @georgevhulme (via @GovInfoSecurity) #
• #JOB Top 5 IT Security Certs for 2011 http://bit.ly/hebXve [Altho certs are everything, they are part of the mix.] #
• #NOVABLOGGER I broke code fr Civil War! w00t! http://bit.ly/gQK0JM (via @schuetzdj) [Detailed analysis of Civil War cipher.] #
• U run? Got iPhone/Android? If so RunKeeper Pro (normally $10) is free thru Jan http://lifehac.kr/esmVFz Tx 2 @shpantzer 4 mentioning. #
• Another nice find by @Shpantzer .. “Beer Cannon” controlled by iPhone. http://engt.co/fVpxjr #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter