Grecs’ Weekly Infosec Ramblings for 2011-03-10

If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.

It wasn’t too busy last week but there were at least a few meetups and a conference. Did you get to attend any of them?

• #CON Mid-Atlantic InfoSec Forum 2011 3/8 – 9 in DC. Discuss on EH-Net http://bit.ly/hPFNSJ (via @ethicalhacker) #
• #MEETUP 2600 Meeting is today! #2600 #dc2600 (via @DC2600) #
• #MEETUP 12 people showed up to DC2600 meeting on 03/04 #2600 #dc2600 (via @DC2600) [Looks like good turnout this month.] #
• Tweetup! Tonight at 630pm w @travisgoodspeed at Bier Baron, 22nd & P. (via @Shpantzer) [Can't mk it but FYI 4 others.] #
• #MEETUP #EDU Metasploit Unleashed @ @ReverseSpace week 2 videos and slides: http://is.gd/kseUua (via @vincentkadmon) #

If you didn’t have time to make it to any of the weekly security meetups or conferences, why not try attending PrivacyCamp or BSidesLV? And be sure to check out our event calendar for even more upcoming meetups and conferences.

• #CON PrivacyCamp DC is on for 4.30 Reg here (Please Share) – http://is.gd/wXGHBn (via @PrivacyCamp @rybolov) #
• #BSIDESLV 2011 CFP opening day has been selected. MARCH 15. *extra cpf points if you know why* (via @indi303 #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER http://is.gd/Hb0R7e “Helping Your CIRT Enhance your Security Management” (via @alexhutton) #
• #NOVABLOGGER Thoughts on VeriFone vs Square fight (spoiler: only way 2 win is not 2 play) http://bit.ly/egAhLK (via @schuetzdj) #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2011-03-03 http://bit.ly/f2RhqD #
• BLOGGED: Where You Want to Be This Week for 2011-03-07 http://bit.ly/dMPNvW #
• BLOGGED: A Guide to Infosec Calendars http://bit.ly/eL72oe #

As usual … there continues to be lots of government activity.

• Risk Mgmt Elevated as Infosec Challenge. NIST’s big role. http://bit.ly/fvRhmN (via @GovInfoSecurity) [More on 800-39.] #
• DHS seeks increased cybersecurity funds for 2012 http://bit.ly/fP6Co6 (via @SCMagazine) #
• Homeland Security Bows to Real ID Outcry http://cnet.co/ff2fF3 [Pushed back to 2013.] #
• Supreme Court Says AT&T Not Exempt From FOIA http://is.gd/bGeCKu (via @carnal0wnage) [Interesting.] #
• Agentless FDCC/USGCB/CyberScope Reporting Webinar – 3/23 2PM EST http://is.gd/A0YHBd (via @pauldotcom) [Looks interesting.] #
• Whats w/ all Gov/Private Indust sharing wrt cybersec? http://is.gd/ujyn6q [Nice but culture will not allow it.] #
• If U do anything w/ 800-53 check this out -> NIST wants input on infosec http://is.gd/n6FxjO (via @sec0ps @DaKahuna2007) #
• Real ID deadline pushed back to January 2013 http://bit.ly/grqFPM (via @danphilpott) [In case U missed this.] #
• NIST rel draft FIPS 201-2 Personal Identity Verification of Fed Employees/Contractors http://1.usa.gov/fe3dN5 (PDF) (via @danphilpott) #
• NIST Issues PIV Guidance Draft: http://bit.ly/h4ZOej [Analysis of what NIST released yesterday.] #
• New Law Requires Sites 2 Have ‘Explicit Consent’ Before Tracking http://huff.to/gylpKr (via @jaysonstreet) [It's a start.] #
• Industry groups push for security incentives, not laws http://bit.ly/eZaWXT [Poll: Will this work?] #
• Looks like may be updating SP 800-57 part 3. Any (unofficial) cmts 2 start out? Else wait 4 1st pub draft. (via @scottr_nist) #

There seems to be some infosec jobs out there as well as good advice on how to get them.

• #JOB Intrepidus Group needs Managing, Principal, & Senior consultants. VA / NYC / BOS. Ping @schuetzdj for Qs. http://bit.ly/elROSH #
• #JOB What it Takes to be IT Risk Manager http://bit.ly/hmODjU (via @GovInfoSecurity) [A possible career move.] #
• #EDU Malware Analysis Challenge http://is.gd/4PPBR4 (via @EvilFingers @DaKahuna2007) #
• Job: Director of Infosec http://is.gd/Aq3QTp at Starbucks! cc:@beaker (via @derekcslater) [Ok, had to RT this.] #
• #JOB @danphilpott knows of opp 4 general IA mngr 20+ reports; 4+ years exp; need to pass TS clearance; in Crystal City, VA (via #
• #JOB RT @danphilpott: I know an experienced FISMA guy is rare as hens teeth, but any of you out there looking for a new gig? #
• #JOB Framework 4 Infosec Career Success http://bit.ly/hJhRu0 (via @InfoSec208) [Another nice article from Lee & Mike.] #

Here are some interesting updated or newly released tools.

• #TOOL WCE v1.1 is out! http://is.gd/SQV3WG (TGZ) reads creds fr mem, supports xp/2003/vista/7/2008 (via @hernano @carnal0wnage) #
• #TOOL Online WPA Cracker http://is.gd/uuchKr (via @opexxx @DaKahuna2007) [Nice.] #
• Metasploit Framework 3.6.0 Released! http://bit.ly/gNUm9Y (via @xanda @besecure @sans_isc) [Nice. "svn update"] #
• #TOOL Video: #PenTest Walkthrough w/ Metasploit Pro http://bit.ly/i3QZ5O (via @ethicalhacker) [Nice if U haven't seen.] #
• #TOOL Be sure to follow @wXframework for all the news on wXF. (via @InfoSec208 @cktricky) #
• Researchers build tool that roots out biz logic flaws in webapps http://bit.ly/e1Y1y8 [Will b interesting 2 see.] #

You can also keep yourself busy with these interesting newsbites:

• WordPress comes under ‘extremely large’ web attack http://bit.ly/ggwGwv (via @regsecurity) #
• Android malware attacks show perils of Google openness http://is.gd/UI2ZtT [There's always a trade off.] #
• How smartphone botnets spread via text message & how to shut ‘em down http://is.gd/jLOWdn (via @awawro @vincentkadmon) #
• New Twitter Scam http://bit.ly/hg9v2E [Note, there is no way to tell who views your profile.] #
• WordPress DDoS Attacks Mostly Came from China http://bit.ly/foHsNk [More on this ddos.] #
• Google Remotely Wipes Malware fr Android Handsets http://is.gd/m9IkHE (via @PhysicalDrive0 @jasonmoliver) #
• Android malware begs behavioural change (feat. @Veracode‘s @Weldpond) http://is.gd/QSz62z [agreed] (via @DrInfoSec) #
• Hacker kills his own Pwn2Own bug for Android phones http://is.gd/mjtW85 (via @regsecurity) #
• FB Will Continue 2 Share User Addresses & Numbers http://is.gd/ojd17y (via @angelinaward) [Just plain bad.] #
• Happy Fat/Patch Tuesday. (via @jack_daniel) [Lol, +1.] #
• Security on Shoestring Budget http://bit.ly/gyKbwL (via @CSOonline) [Gr8 suggestions for SMBs starting out.] #
• March 2011 Microsoft Black Tuesday Summary http://is.gd/FzS7X8 (via @sans_isc) [Small load this month.] #
• Pwn2Own 2011: IE8 on Win 7 hijacked with 3 vulns http://zd.net/hGAWfG (via @ryanaraine @DrInfoSec) #
• pwn2own 2011: VUPEN pwns Safari/Macbook. http://zd.net/hcCt98 (via @ryanaraine @DrInfoSec) [And there goes OS X.] #
• Making sport of browser security, hackers topple IE, Safari http://bit.ly/g3OGrf [Sum of pwn2own day 1 on @regsecurity.] #
• Router-rooting malware pwns Linux-based network devices http://bit.ly/gZgztV [Firemware upds anyone?] #
• It appears that appstore model may have some issues: iTunes (40% fraud), And.. http://bit.ly/i7vHII (via @IBMFedCyber) #
• Apple security update leaves iPhone 3G users unprotected http://bit.ly/gtzOCX [Shoot, my Mom is in trouble.] #
• android malware writers take page fr rogue av guys http://bit.ly/elusXv (via @briankrebs) [Geez, Android is so Win & IOS is so Mac.] #

And in closing, who could forget the tweets of the week?

• #TOTW What I taught my kids today: When gazing at a flock of birds flying overhead, close mouth. #yummy (via @rockyd) #
• What happens when U put girl in hotel corridor at night?You Freak.People.Out. http://bit.ly/gaK3SE(via @_joviann_ @briankrebs) [Lol.] #
• TCP packet walks in2 bar & sez “I want a beer”, barman sez “U want a beer?”, packet sez “yes, a beer” (via @alexhutton+) #
• Code walks in2 bar & barman hands it a beer. Code: “I know I normally get beer but I want gin 2night.” Barman: “Sorry, cache only.” (via ..) #
• A SQL Inject walks into bar, starts 2 quote something but stops, drops a table, then dashes out. (via @stevewerby @304geek @iFail) #
• The origins of Ctrl-Alt-Del http://youtu.be/K_lg7w8gAXQ (via @IBMFedCyber) [Nice find.] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

No related posts.

Tags: digest, grecs, twitter