Grecs’ Weekly Infosec Ramblings for 2011-02-17

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be a few meetups this past week. Did you get to attend any of them?

• #MEETUP Secure Deployment of IPv6 2-15-2011 @6:30 PM @issa_dc more info @http://issa-dc.org (via @issa_dc) #
• #MEETUP We R teaching Metasploit Unleashed at @ReverseSpace. Kickoff meeting this Thur 8pm. (via @vincentkadmon) #

There’s also some upcoming meetups for those of you who are interested.

• #MEETUP New post by katie: http://j.mp/dJESEH 2011 Annual Meeting #hacdc (via @hacdc) #
• #MEETUP Kick-off meeting of CSA DC chapter 2/25 11:30-2PM,2300 N St, NW WashDC 20037 Free RSVP @ http://j.mp/gQLoad (via @ISACA_WashDC) #
• #MEETUP Flex Your Rights Night at @Unallocated Space is Tues, Feb 22nd at 7PM: http://bit.ly/hQg9Z2 (via @theprez98) #
• Do all of you think a DC2600 meet-up account would help bring people to the meetings? #dc2600 (via @DC2600) #
• Insider Threat Testing webinar – http://j.mp/fMqhqu – Feb 24th (via @mubix) [Listen to this man.] #
• Pentesting your Security Team – http://j.mp/g4N3HU – March 17th (via @mubix) [More @mubix goodness.] #

Haven’t noticed much on the conference front but ShmooCon is still being mentioned. And be sure to check out our event calendar for even more upcoming meetups and conferences.

• #CON ShmooCon 2011 videos goodness: http://j.mp/h4bnLh (via @danphilpott) #
• #CON Most videos of #shmoocon are online: http://j.mp/e7uLMB (via @cryptax @mubix) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER 2-Factor Authentication Goes Mainstream http://bit.ly/fEZ6HL http://j.mp/nispblog (via @novainfosec) #
• #NOVABLOGGER Why Normal People Skip Cyber Security Talks & How to Make Them Better http://bit.ly/geUxub (via @novainfosec) #
• #NOVABLOGGER Reinventing FedRAMP http://bit.ly/e7OB4p (via @novainfosec) [Some FedRAMP goodness from @rybolov.) #
• #NOVABLOGGER PKI’s Ubiquity http://bit.ly/dNd9C9 (via @novainfosec) [An interesting view fr @pmhesse.] #
• #NOVABLOGGER Scanning NIST High system & it sent me validating authed scans. http://bit.ly/fA6wMR (via @jasonmoliver) #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2011-02-10 http://bit.ly/f1vGso #
• BLOGGED: Where You Want to Be This Week for 2011-02-14 http://bit.ly/ehDiZd #
• BLOGGED: Reinventing FedRAMP http://bit.ly/fWaoLO #

NIST continues to be busy…

• NIST released draft FIPS 180-4 Secure Hash Standard (SHS) http://j.mp/eVFDwH (via @danphilpott) #
• NIST rel draft SP 800-147 BIOS Protection Guidelines http://j.mp/ecgj5p (PDF) (via @danphilpott) [Looks interesting.] #
• Obama Increases Budget For NIST’s Tech Efforts http://j.mp/hckNDP (via @danphilpott) [Expect more NIST goodness.] #
• NIST rel final vs of IR 7298 Rev. 1 Glossary of Key Infosec Terms http://bit.ly/eBR6jV (via @danphilpott) [Good 2 know.] #

And there’s some good high-level cyber security jobs if anyone is interested.

• #JOB Who wants to be Chief of Staff at DHS’ National Cyber Security Division? http://bit.ly/iif9U3 (via @danphilpott) #
• #JOB CIP Cybersecurity Specialist: Location: Washington, DC http://bit.ly/fPiP6R (via @CSOonline) #
• #JOB Chief Data Security for Board of Directors in Washington DC http://bit.ly/f7y88L (via @CSOonline) #
• Info Risk Manager/IT Security Consultant in DC for IMF http://bit.ly/fw2N0F (via @CSOonline) #

There continue to be a lot of great tool updates.

• wXf beta is now available for public downloads. Instructions on wiki – http://j.mp/gj5UZr Thanks! (via @cktricky) #
• #TOOL Last bug for nikto 2.1.4 release closed… Coming soon to a gz near you! (via @chrissullo @jaysonstreet) #
• We launched @openWAF project today! Open Src distrib webapp firewall http://j.mp/heyboJ (via @Hyperguard @StrongwaterSec) #
• 5 Best VPN Providers (via @jaysonstreet) http://lifehac.kr/e3Ag9X [I've used HotSpotVPN & WiTopia & seemed to work well.] #
• WirelessKeyDump – http://j.mp/gc9gIM (console based wifi credential dumper) (via @mubix) [Nice.] #

Check out these great learning opportunities as well.

• #EDU http://j.mp/i3wxvx Feb 13, 12-4pm Pacific – Cracking The Code Challenge. (via @Mr_Protocol @mubix) #
• Just learned SANS offering high school national ‘cyber’ competition. Sign up as mentor. http://bit.ly/fi1pMh (via @electricfork) #

You can also keep yourself busy with these interesting newsbites:

• Google adds 1-time pwds 2 Gmail 2 combat acct hijacking http://j.mp/h13bHq (via @briankrebs) [Nother nice move by Google.] #
• Cybersec Enhancement Act Redux. Bill that passed House in 2010 to reappear in Senate in 2011. http://j.mp/efiRYD #
• By studying Gawker & Rootkit.com breaches, even security guys reuse pwds http://j.mp/igQR7o (via @WeldPond @SecuraBit_Jay) #
• FB will allow iframes inside apps – bad 4 security http://j.mp/gf5bqj (via @lennyzeltser @rik_ferguson @jasonmoliver) #
• Google, MS, Mozilla: 3 ‘Do Not Tracks’ 2 woo them all http://j.mp/dPQqtC (via @regsecurity) [Can't we all just agree?] #
• 5 IPad security tips http://j.mp/gr75tH (via @CSOonline) [Good but question is how. Any suggested solutions?] #
• Plenty of debate in DC a/b cybersec jurisdiction @FederalTimes has more: http://j.mp/gpm1fn (via @danphilpott) #
• WH CIO lays out ‘cloud 1st’ strategy to streamline gov IT http://bit.ly/hEJ9Qq #RSAC (via @DarkReading) [Interesting.] #
• #NEWS Fed CIO Kundra unveils policy so 1/4 of $80bb feds spend on IT would employ cloud solutions. http://bit.ly/eQeeLc #
• Visa’s chip-&-PIN exemption rules given cautious welcome http://bit.ly/hLvZlv [Interesting PCI developments.] #
• Kundra Eyes 25% of Fed IT Spend on Cloud Services http://bit.ly/eQeeLc (via @danphilpott) [Speaking of cloud & FISMA.] #
• Long-patched vulns still dominate threat list, new study shows: http://j.mp/h1sI8O [Going 2 cont 2 b a problem.] #
• Patched vulns remain prime exploit vector http://j.mp/hghaXb (via @danchodanchev @DrInfoSec) [We can't even get basics right.] #
• News of AutoRun’s Death Has Been Greatly Exaggerated http://j.mp/foyYJw (via @security4all @jaysonstreet) #
• #NEWS Contrary to popular opinion, FISMA can improve security http://j.mp/gzxwnq (via @SecMash @danphilpott) [+1] #
• US Gov mistakenly shutters 84,000 Web sites. Whoops. http://bit.ly/fPyHOm (via @briankrebs) [In case U missed this.] #
• Anonymous security firm hack used every trick in book http://bit.ly/fHsbMR [Interesting.] #

And in closing, who could forget some of the tweets of the week?

• #TOTW Overheard at #RSAC “We’re just one breach short of a budget increase.” (via @nullsession @alexhutton) #
• #TOTW If u put too much stuff on glass, eventually it’s gonna shatter. #
• #TOTW @andrewsmhay on ‘single pane of glass’ that SIEM vendors promise #BSidesSF (via @Shpantzer) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter