Grecs’ Weekly Infosec Ramblings for 2011-03-03

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

There seemed to be quite a few meetups this past week. Did you get to attend any of them?

• CSA DC chapter Kick-off Meeting 2/25/2011 11:30AM-2PM: Jerry Archer,CISO,Sallie Mae
• @armitagehacker is speaking at @ReverseSpace Sat 4:30 (after Metasploit Unleashed).
• Unallocated Space: This Wed is first of our monthly lock picking sessions! http://bit.ly/iho1aq
• Thanks to both the newcomers &.. Charmsec 34 is set for March 31st. charmsec.org for more.
• OWASP NoVa is Thur .. 45min rant on Injection attacks http://bit.ly/equqfF
• Metasploit Unleashed at @ReverseSpace week 2 starts tomorrow 8pm.

And there was one big conference this past week – the SwA Forum.

• At DHS #swaforum Great talk by @joshcorman on an upd on Rugged Software,..
• indeed ++@danielcornell “@joshcorman: Great chats at #SwAForum – including @dallendoug @stacyasimpson @rybolov”

There’s also some upcoming meetups for those of you who are interested.

• ISACA NCAC March con-Emerging IT-3/15-@Holiday Inn Rosslyn
• DC CSA Chapter http://www.csadc.us/ [Future meetings at bottom.]

If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences? And be sure to check out our event calendar for even more upcoming meetups and conferences.

• WEIS submission deadline extended to 3/10. http://is.gd/7toLnR
• GovSec 2011: CONF24 will get you 10% off.
• GovSec conference is March 29-31 http://bit.ly/i2XjOf
• PrivacyCamp: @PrivacyCamp DC is 4/30 Reg here http://is.gd/a5Ggxq
• NIST Continuous Monitoring Workshop on 3-21 in Gaithersburg http://bit.ly/hzFlnl
• NIST Security Automation Dev Days 3/22-25 in Gaithersburg http://bit.ly/em1o7u
• NIST Safeguarding Health Info 3/10-11 http://bit.ly/gnfHGH
• SANS NoVA: @strandjs teaching SEC580 Metasploit Kung Fu http://bit.ly/gUhYoz

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• Patterns for Successful Incident Response http://bit.ly/eZTRA3 http://j.mp/nispblog
• Micro Digital Signatures Howto http://bit.ly/egxste [Cool post by @rybolov.]

In case you missed them, here were some of our blog posts from this week.

• Grecs’ Weekly Infosec Ramblings for 2011-02-24 http://bit.ly/hzlZ3V
• Where You Want to Be This Week for 2011-02-28 http://bit.ly/i2btoK
• NovaInfosec D-List Interview – Ken Johnson http://bit.ly/e3caBb

Wow, tons of stuff happening in the government this week related to infosec. NIST was very busy!

• The CIA’s Historic Spy Kit http://is.gd/z4Jxys [Neat stuff.]
• Google docs being used 4 FedRAMP cmts? http://is.gd/OQjG0V
• NIST seeks input for 2011 update of NIST SP 800-53 to rev 4 http://fis.ma/flqBGB
• NIST to Update Premier Guidance http://bit.ly/fVO1Q3 [Guess which one.]
• NIST rel SP 800-70 Rev 2 National Checklist Program for IT Products http://is.gd/h8VsEi
• NIST rel SP 800-126 Rev 1 Tech Spec for SCAP 1.1 http://is.gd/XUY2At
• NIST released SP 800-51 Rev 1 Guide to Using Vuln Naming Schemes http://is.gd/LvIOtv
• Agencies must det computer security teams in face of fed shutdown http://is.gd/PWbYMV
• NIST seeks appsec input for 2011 upd of 800-53 Rev 3 http://bit.ly/efGtY6
• FISMA Requirements Case Study http://bit.ly/eMi2PI [An interesting read.]
• NIST issues slew of new guidance http://bit.ly/ebrML7 [Yeah, they've been on a role lately.]
• Senator mks call 4 big sites 2 default 2 HTTPS http://cnet.co/g0Xywg
• NIST rel SP 800-39 Managing Infosec Risk http://bit.ly/gGpaaM [Finally out of draft.]
• NIST SP 800-39 is major new doc for risk mgmt in fed gov.
• Supreme Court: Corps don’t have personal #privacy rights under FOIA http://bit.ly/evFOyN
• House subcommittee plans Wed vote to overturn FCC net neutrality regs: http://is.gd/7UVfh5
• NIST Just-Issued ‘Capstone’ Guidance Focuses on Risk Mgmt http://is.gd/2SufEU
• NIST Seeks Cmts on Security Ctrl Catalog 4 Fed Info Systems & Orgs http://bit.ly/flq53g

There were lots of new tool releases and discussions as well.

• List of Vuln penetration testing Application http://is.gd/KhQkZP
• John Sawyer talks about two of his fave hacking tools. http://is.gd/8T9VFn
• Pineapple http://is.gd/NYUXKZ [Cool, altho no longer in pineapple shape.]
• Armitage 02.25.11 is ready. Several bug fixes & upd doc. http://is.gd/HnurmL
• Portable Hardware Devices for Penetration Testing http://bit.ly/hRgmRu
• UltimateLAMP 0.2 VM (Metasploitable 4 Web)  http://bit.ly/cFdUWW
• Scaly v2.2.0: supports 19 new protocols, including OSPF, CDP, VTP, IGMP, IKEv2, MPLS..
• I so want 1 http://bit.ly/eNjWoS [Nother good hardware hacking tool.]
• Pwnplug http://bit.ly/hpMPWG [More toys. ]

Here were a few interesting career tidbits.

• Blog post suggests doing résumé in LaTeX http://is.gd/Yb1OXA [Cool! Vs 4 the Mac?]
• Career Advice Tues – Rant Edition http://bit.ly/gSct6v [Infosec career is not 4 faint of heart.]
• Are certs valuable to your career? Survey underway. http://is.gd/2dUNrA
• IOActive hiring full time webapp/network pen testers in .. DC.

You can also keep yourself busy with these interesting newsbites:

• Mac OS X Lion: FileVault provides .. FDE for local .. drives” http://is.gd/To4s4C [Nice!]
• Apple shares Mac OS X Lion with security experts http://cnet.co/f7HVvd
• SS Numbers Easily Cracked: It is easier than ever.. http://bit.ly/gOrdaA
• Exxon, Shell, BP outed as mystery hack attack victims http://is.gd/7oaTQQ [APT? ]
• Mac OS X Backdoor Trojan http://is.gd/xvak9Z
• 500K Gmail accts reset; messages gone. http://is.gd/Vzs1ki [Availability fail.]
• HBGary Federal CEO Aaron Barr Steps Down http://bit.ly/gEKvNm
• Colbert Report on HBGary http://bit.ly/fKpMUj [In case U haven't seen this yet.]
• Spammers exploit Intl Domain Names 2 punt penis pills http://bit.ly/gEDrL0
• Password Mgmt Site Plugs Info-Leak Bug http://bit.ly/ghPDdM [Nooooooooooo.]
• Microsoft’s Autorun upd v2.1 now auto deployed fr Win Update http://is.gd/mUYxZN
• 50 Malware-Rigged Android Apps Removed fr Android Market http://bit.ly/hMKkG3
• Firesheep hack catches out Mr Demi Moore http://is.gd/HNoqFn [Don't let your guard down.]

And in closing, who could forget the tweets of the week? There were some good ones.

• My personal opinion, there should be a support grp 4 the spouses of security consultants. (via @cktricky)
• weird how goofy bit.ly has been today. What could possibly be wrong with .ly domain? (via @alexhutton)
• So, do cloud companies hire only 1099 contractors, so they can scale up and down rapidly? (via @Shpantzer)
• http://bit.ly/ezdXWX is why underfunded security shops get $ after 1) compliance fine or 2) public breach. (via @taosecurity)

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter