Grecs’ Weekly Infosec Ramblings for 2011-01-06

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

Well, there wasn’t too much meetup activity this past week but why not try attending one of these upcoming conferences?

• #CON CFP for #ShmooCon 2011 FireTalks is now open. Also looking for sponsors. http://bit.ly/gYiNg8 #
• #CON Miss getting a Shmoocon ticket? Win 1 at GitS CTF warmup event! http://bit.ly/h9jkXr (plz rt) (via @ShellGhostCode @mubix) #
• #CON Hacker Karaoke: #Shmoocon Edition – Fri, 1/28 at Peyote Cafe. (via @bNull @mubix) #
• #CON Hyatt Regency Crystal City Group rate 4 #BlackHat DC 2011 closes 1/7. http://bit.ly/e2Bc63 (via @BlackHatEvents) #
• #CON Going to shmoocon? Prepare for Hack Fortress http://bit.ly/gLnhYx (via @jordansissel @mubix) #
• #CON Miss getting a Shmoocon ticket? Win one at the GitS CTF warmup event! http://bit.ly/h9jkXr (plz rt) (via @gdead) #
• Note we will close CFP at midnight on 1/14. #CON CFP for #ShmooCon 2011 #FireTalks is open. #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER Courtesy of APT http://bit.ly/esSjMR http://j.mp/nispblog #
• #NOVABLOGGER Bottom Line on CRISC & a Happy New Year! http://bit.ly/fEeZ3V (via @alexhutton) #
• #NOVABLOGGER Starting New Year Right http://bit.ly/gjokwV (via @novainfosec) [Aaah, the old C64. Wish saved mine.] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-12-30 http://bit.ly/ecotL0 #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/i1jdq7 #
• BLOGGED: ShmooCon 2011 FireTalks – CFP / Sponsor Support http://bit.ly/gYiNg8 #
• BLOGGED: Where You Want to Be This Week for 2011-01-03 http://bit.ly/fT47Cl #

There seemed to be lots of federal government happenings … and there’s even an Apple story in there.

• Take Our Quiz: Test Your Government IT Security Knowledge for 2010. http://bit.ly/fa85l2 [Fun.] #
• More FedRAMP cmts from my end. If U have not submitted cmts, they keep pushing deadline back. Send yours in, even small ones. (via @rybolov) #
• Pentagon, Industry to Wwap Cybersec Experts http://bit.ly/gLDFyi (via @DrInfoSec) [Like as in high school exchange program. ] #
• Fed workers practice good infosec hygiene in office; less so remotely.. http://bit.ly/eQTI1O #
• Tightening Security in the “Post-WikiLeaks” Era http://bit.ly/hPnfQd (via @Nathiet) [We even get an OMB memo.] #
• #NEWS Government Seeking Comments on Cloud Security Proposal http://bit.ly/hyDlGQ [Everybody get out there and comment. ] #
• #NEWS Fed Agencies’ WikiLeaks Assessment Deadline Set for 1/28. http://bit.ly/fClm5u #
• #NEWS Obama inks law reorging NIST for 1st time in generation. Law also fosters dev of cloud computing stnd. http://bit.ly/g5Yjqd #
• #NEWS Apple Seeks to Better iPad, iPhone Security via FIPS 140-2 Compliance http://bit.ly/dI0ZZZ [Looks interesting.] #
• 2 NIST Pubs Recommend Org-Wide IT Security Risk Mgmt http://bit.ly/dLp6Ak (via @DrInfoSec) #

The job market continues to look up for infosec pros and there are lots of learning opportunities.

• #EDU Last day! @edskoudis Xmas Hacking Challenge http://bit.ly/h8yF8z Even wrong answers can win signed book (via @ethicalhacker) #
• #JOB Shortage of skilled infosec pros looms http://bit.ly/eM0qB3 (via @Nathiet) [Job security..] #
• How to set up a pentesting lab – http://bit.ly/htp6cx > Nice! (via @securitymoey @jaysonstreet) [+1] #
• #JOB What it’s Like to Make the Wrong Job Switch http://bit.ly/hcmkOf [Something to consider.] #
• #EDU 6th CyberWatch Mid-Atlantic CCDC: Virtual Qualifying Round Schedule Set http://bit.ly/ev8FmX (via @vincentkadmon) #
• #JOB Senior Security Consultant / PM, McLean, VA http://bit.ly/fz14NO (via @sec0ps @mjcdotme) #

And in closing, you can also keep yourself busy with these interesting newsbites:

• Redsn0w 0.9.7b4 to Untethered Jailbreak w/o Need of ‘usbmuxd’ Process http://bit.ly/fEosYI (via @kingtuna) #
• Tor Routers: Home routers that automatically run Tor.. http://bit.ly/hGjt5W (via @schneierblog) [Cool.] #
• Security pros to follow on Twitter, 12-31 http://bit.ly/fZUvsR (Salted Hash with @BillBrenner70) (via @CSOonline) [Good list. ] #
• Wikileaks RIP. http://j.mp/dKdbXp (via @cyberwar @rybolov) #
• Building on @alexhutton last post, http://bit.ly/hY5prq PDCA for IT InfoSec, much assembly required (via @dunsany @alexhutton) #
• History of Computer Security http://bit.ly/g7UCxn (via @Shpantzer) [Forgot a/b this nice collection of early sec papers.] #
• Computer Security: How It Looks for 2011 http://bit.ly/dY7lnO (via @mschafer) [Prediction from several vendors.] #
• The Security Landscape from 2010 to 2011 http://bit.ly/id3HcK – thoughts from @ICSALabs (via @mschafer) [More predictions.] #
• #TOOL New Snort front-end offers speedy analyis, ease of use. http://bit.ly/hsst8R #
• Skirmish Over Cert Process Seen Continuing in 2011: Perceived Allies Split Over New Way to Certify. http://bit.ly/gfaMy4 #
• OWASP has introduced new guidelines & a checklist 2 promote secure programming. http://bit.ly/fiYUrb (via @MKassnerNet @mschafer) #
• Cellphone snooping now easier and cheaper than ever http://bit.ly/ibdGdb [In case U missed over the break.] #
• “Court clears warrantless cellphone searches” http://bit.ly/glWVgM (via @jaysonstreet) [Mmm?] #
• TPM is widely available in products, but rarely ‘switched on’ http://bit.ly/hz9flV [Interesting.] #
• Threatpost’s List of the Top 10 Security Top 10 Lists http://bit.ly/hNXQEm (via @mschafer) [Been waiting for this list.] #
• “Bypassing Flash’s local-with-filesystem Sandbox” http://j.mp/fbeRnO (via @jeremiahg @mubix) [Well so much for that.] #
• Security Onion 20110101 now available! Latest vs of Snort/Suricata/Sguil/OSSEC/Squert+ http://bit.ly/eRnXYN (via @DojoSec) #
• Sourcefire buys cloud security firm Immunet http://bit.ly/en15lT [I'm sure you've alrdy seen this .. but just in case.] #
• Self-Encrypted Drives Set to Become Stnd Fare http://bit.ly/fl7QbK (via @mschafer) [Can't wait. Hope SSD prices come down.] #
• S. Korean police: Google collected private data illegally http://j.mp/fGx3zb (via @CSOonline) [OMG, this is still going on.] #
• Assange ‘threatened to sue’ Grauniad over leak of WikiLeak http://j.mp/eWglNC (via @regsecurity) [Pot, kettle, black ... WTH.] #
• Apple Unwraps App Store for Proper Computers http://bit.ly/hE3MDN [1st article I came across. Over 1000 apps so far.] #
• Mac OS X 10.6.6 Updates Security & Intro App Store http://bit.ly/eWn0aq [And it's even part of a security update.] #
• USB Attack Vectors Move Beyond Flash Drives http://bit.ly/fWiIzr (via @Cyberarms) [Mentions @irongeek_adc's Teensy research.] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter