Grecs’ Weekly Infosec Ramblings for 2011-01-13

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be quite a few meetups this past week. Did you get to attend any of them?

• #MEETUP January Meetup on the 10th of January 2011 http://bit.ly/eEOJHP (via @novahackers) #
• Reminder: 2600 Baltimore Meetup @ Fri Jan 7 5pm – 10pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #
• Reminder: 2600 Arlington Meetup @ Fri Jan 7 7pm – 10pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #
• #MEETUP 12 talks slated 4 #NoVAHackers on Mon.. All awesome topics, but it’s going to b LATE night. See you there? (via @mubix) #
• 2600 Meeting is today! #meetup #2600 #dc2600 (via @DC2600) #
• 2 people showed up to the DC2600 meeting on 01/07/2011 #meetup #2600 #dc2600 (via @DC2600) #
• #MEETUP #NoVAHackers tomorrow.. CTF, ShmooCon meetup announcement, & bunch of talks. Turning into monthly Con… (via @mubix) #
• Monthly meeting tonight @ 7:30pm. Come out and become a member. Pizza and beer at @joesquared before ~6:00pm (via @baltimorenode) #
• #MEETUP NoVa Hackers January Meeting Videos: http://j.mp/gW6nkV (via @vincentkadmon) #

If you didn’t make it to any of the weekly security meetups, why not try attending one of these upcoming conferences? And be sure to check out our event calendar for even more upcoming meetups and conferences.

• #CON Just a reminder to get those #ShmooCon #FireTalks submissions in. #CFP closes on in 1 week on 1/14 at midnight. #
• #CON Black Hat DC 2011 Jan 16 – 19 Share thoughts & experiences on EH-Net http://j.mp/g0P3D7 (via @ethicalhacker) #
• #CON #ShmooCon CTF Warmup 2011 http://j.mp/if7uao (via @h4z3dic @mubix) #
• #NEWS #CON Cloud-Based Crypto-Cracking Tool 2b Unleashed at BlackHatDC http://bit.ly/gz6YPm [Cloud .. double edged sword.] #
• #CON Want to win a tic to Shmoocon? My employer, NWN is giving 1 away! http://on.fb.me/eUzfHH (via @haxorthematrix) #
• Johnny Long (@ihackstuff) will be at #ShmooCon http://bit.ly/hSV9Ut (via @MJCdotMe) #
• #CON Email Crashspace@HacDC.org if U want 2 watch #shmoocon at HacDC (via @haxwithaxe @mubix) [Heard @reversespace maybe doing same.] #
• #CON Reminder .. CFP for #ShmooCon 2011 #FireTalks closes in 2 days. Sponsor slots still open too. http://bit.ly/gYiNg8 #
• #CON 2011 Sleuth Kit & Open Source Digital Forensics Conf http://bit.ly/hfRPPR 6/14 in McLean, VA (via @taosecurity) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER #MOBILE: WFTS ABC Action News Smartphone Security Piece http://bit.ly/fPSv9X http://j.mp/nispblog [Nice post.] #
• #NOVABLOGGER Happy 8th Birthday TaoSecurity Blog http://bit.ly/f9o1rW http://j.mp/nispblog (via @novainfosec) [Congrats!!!] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2011-01-06 http://bit.ly/hA47Y5 #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/grhpyy #
• BLOGGED: Where You Want to Be This Week for 2011-01-10 http://bit.ly/eBjTyS #
• BLOGGED: NoVA CTF January 2010 Challenge http://bit.ly/g2EDT9 #
• BLOGGED: ShmooCon 2011 FireTalks http://bit.ly/hOK1nT #

As usual there’s been a lot of federal government activity going on.

• Rooting out bad actors inside org before they do harm is not simple:, but OMB promoting it: http://bit.ly/faVGat (via @DarkReading) #
• #NEWS 5 Obstacles to Government IT Security Reform in 2011. http://bit.ly/gqES3K (via @GovInfoSecurity) #
• NIST released errata for SP 800-34r1 Contingency Planning Guide 4 Fed Info Systems http://j.mp/g0QxH8 (via @danphilpott) #
• Feds relax export curbs on open-source crypto http://j.mp/hgPqxY (via @regsecurity) [Interesting.] #
• NSA breaks ground on $1.2 bil cybersecurity facility http://j.mp/gFhqNN (via @SCMagazine) #
• Feds subpoena Twitter for info on WikiLeaks backer http://j.mp/i6lLRa (via @regsecurity) [DMs?] #
• DISA creates DMZ 4 better network security. Welcome to 1998. http://j.mp/hx4PPP (via @WeldPond @jaysonstreet) [Really?] #
• #NEWS Final 5 Named in Secure Hash Competition http://bit.ly/e3t0uH [And then there were 5.] #
• #NEWS White House Advances “Trusted Identities” Program http://bit.ly/gJYxzk #
• U.S. planning on dev “Insider Threat” program to prevent another Wikileaks.. http://bbc.in/faY3m6 (via @fishnetsecurity @cktricky) #
• NIST released SCAP Content Validation Tool 1.1.2.2 for SCAP 1.0 & DRAFT 1.1 http://bit.ly/hGOxg9 (PDF) (via @danphilpott) #
• NIST rel Updated Schedule 4 FISMA Docs Development & Release (Phase 1 v47): http://bit.ly/hGOxg9 (PDF) (via @danphilpott) #
• NIST posted video from 1/7/2011 NSTIC talk: http://bit.ly/f3Yy0m (via @danphilpott) #
• NIST Cloud Computing Collaboration Twiki Launches http://j.mp/fEJs1X #CTO #Twiki (via @bobgourley) [Interesting.] #

The job market continues to look good and there’s some good career advice out there.

• #JOB VRT is hiring, this is going to be a year full of awesome. Check it out & apply. http://bit.ly/gqGsrx (via @kpyke) #
• #NEWS 10 Hot Infosec Careers: Profiles of Top Opps 4 Sec Pros http://bit.ly/e5lepW [Go cryptographers!] #
• #JOB To CISSP or Not to CISSP http://bit.ly/evNFnx http://bit.ly/hmXh3J (via @akinog1 @ethicalhack3r @mjcdotme) #
• #JOB RT @MJCdotMe: RT @oneeyedcarmen: Wanna work with me? We’re looking 4 PKI consultant in MD/VA/DC region. Cool gig. #
• #JOB Want to lead #cybersec analysis at NCCIC? U know U want 2. http://j.mp/hg5utI #DHS #homelandsecurity (via @werntzp) #
• #JOB Move your security career forward by looking back http://bit.ly/foaZSo (via @carnal0wnage) #
• You Should Work for Symantec: http://j.mp/eIHQzk (via @alexsotirov @taosecurity) [Hilarious.] #
• On-the-Job Cybersec Training: Growing Ones Own Pool of IT Sec Experts http://bit.ly/gdjhs2 [More orgs need 2 do this.] #

You can also keep yourself busy with these interesting newsbites as well as some other analysis and commentary:

• Researcher Breaks Security Sandbox in Adobe Flash http://bit.ly/gDLV3Y (via @regsecurity) [What'd ya expect?] #
• Mac App Store Giving Away Pay Apps http://bit.ly/ejsEsv (via @regsecurity) [I'd tk adv of this but too lazy to upd Mac.] #
• Hidden device distorts news at hotspots http://j.mp/eXniUQ <- Both hilarious and concerning. (via @danphilpott +) [Nice.] #
• Anyone else think “Security 3.0″ is delusional? http://j.mp/fRvmJi (via @taosecurity) [Whoa, missed 1.0 & 2.0. Darn it.] #
• latest exploit packs advertise spreading via built-in feature of Java http://j.mp/ePauR5 (via @briankrebs) [Screenshots too.] #
• Infamous Insiders: 10 Eye Popping Heists By Insiders (by @ThreatPost @DrInfoSec) http://bit.ly/gmqXBg #
• #TOOL BeEF Browser Exploitation Framework 0.4.2.1 alpha rel http://bit.ly/hsm46e (via @evejou) [Nice vid too demoing.] #
• Is Truly Anonymous Web Browsing Possible? http://bit.ly/gcMJvt (via @Wh1t3Rabbit) [Nope.] #
• Apple 4 Verizon http://bit.ly/e4hefh [Not security related but news confirmed. Still CDMA but includes hotspot capability.] #
• Researcher cracks Wi-Fi passwords with Amazon cloud http://bit.ly/gLc8YZ [More cloud cracking news.] #
• Exploits target SAP apps: http://bit.ly/gaAKCn [More #blackhatdc coverage.] #
• Dashboards Are Dumb http://j.mp/gxFUcC (via @alexhutton) [Some great points here.] #
• Bogus Kama Sutra Presentation Opens Your Backdoor to Hackers http://bit.ly/gv2Nxw [The old *.pptx.exe trick.] #
• If U self-host WordPress site, U shld read http://bit.ly/fnADkc (via @bnmeeks @thisishnn) [Lots of encoded content in free themes.] #
• Security: Best Practice or Ancient Ritual? http://bit.ly/gryXKd (via @DrInfoSec) #
• Lifestream? Yet another Aggregated Personal Data Broker? http://bit.ly/i2PQvD (via @sans_isc) [WTH?] #
• Peep show: inside the world of unsecured IP security cameras http://bit.ly/eFJzmc (via @opexxx @907tothe703) #
• 3rd-party Software Responsible 4 Most Vulns http://bit.ly/f0YuHw (via @imrim_security @mschafer) [Interesting.] #
• Adobe (finally) makes it easier to delete Flash cookies http://j.mp/glVO2S (via @regsecurity) #
• Google pays record bounty for Chrome bug http://j.mp/dIqOH0 (via @securityninja @DrInfoSec) [Nice to see.] #

And in closing, who could forget the tweet of the week?

• #TOTW Huh, it turns out that “feature creep” isn’t slang for “salesman” (via @jack_daniel) [Lolz.] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter