If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There seemed to be quite a few meetups this past week. Did you get to attend any of them?
- ISSA-DC: On 4/19 Georgia Weidman (@vincentkadmon) spoke on mobile exploits. #
- Metasploit Unleashed: Last Saturday was week 4 of this class. Guest speaker was @carnal0wnage. #
- Metasploit Unleashed: More goodness this past Thu with week 5; also “Metasploit Magic with @mubix. #
- Lock Picking: @unallocated did their weekly lock picking session. #
There’s also some upcoming meetups for those of you who are interested.
- OWASP NoVA: Next mtg is on April 7th at ReverseSpace. #
- Cybersec Seminar Series: New at U of MD with Google sponsoring. #
If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences? And be sure to check out our event calendar for even more upcoming meetups and conferences.
- SANS NoVA 2011: John Strand will be teaching SEC580 Metasploit Kung Fu #
- ISSA International Conference: The #CFP is open for a few good speakers. #
- Safeguarding Health Info: NIST hosting this event on 5/10-11 with the theme of Building Assurance thru HIPAA Security. #
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.
- RSA / SecurID Hack — what’s it mean to me? #
- Quantifying the Unknown: Measuring a Theoretical SecurID Attack #
- Low Orbit Ion Cannon – A Very Simple Tool for Broad Distribution #
- Exploitable Mobile App Challenge #
- The Details – Plugin Output #
In case you missed them, here were some of our blog posts from this week.
Stay on the cutting edge by continuing your education and looking for new jobs.
- Mid-Atlantic CCDC – Lessons Learned in Communication #
- Free Animated Courses on ISO 27001 #
- Damascus High Raising Next Generation of Cyber Security Experts: Start them young. #
- Careers in App Security: Infosec Pros Face Bright Future in Software Dev #
- Security Business is Growing & Changing #
- Plaid CTF 2011 Registration #
- Security Tester: Looking to do host/network pen testing & vuln assessments? There are some spots in Tysons. #
- Infosec Personnel Shortage? It’s All Relative. Feds Employ Equivalent of 79K IT Security Pros #
- Threats vs. Vulnerabilities: Infosec 101 .. know the diff between these. #
- Not specifically infosec but you can’t beat this local company .. ThinkGeek. http://bit.ly/hlWm29 #
- Ideal Skill Set For Penetration Testing #
Here’s some government stories you might be interested in.
- Cyber-Attacks against Fed Agencies up 40%: Or are they just detecting stuff prev missed? #
- New SCAP Releases #
- Why DHS, Not White House, Took Lead on RSA Breach Response: [Things that mk U go hmmm.] #
- Dozens of Exploits Released for Popular SCADA Programs: Can we plz just airgap these? # Also check out this interview with the author of the exploits. #
- US Court .. Gov has Right to Private Twitter Data #
- SCAP 1.0 Datastreams 4 FDCC & USGCB Programs #
- Fed Cyber Incidents Up 39%: Over half are phishing. #
Tools continue to be created or updated.
- Metasploit Unstable Module Tree:Â Now we can get all those @carnal0wnage talked a/b. #
- Top 5 Misconceptions about ClamAV #
- Turn Your Home Router into Super-Powered Router w/ DD-WRT: Been meaning 2 do this. #
- Burp v1.4 Preview: New update allows you to test access controls using your browser. #
- Browser Check tool from Qualsys: Great way 2 educate users a/b browser security. #
- UserAgent Breakdown: Want to have breakdown of what’s in UserAgent string? #
- Mutillidae 2.0 Beta #
You can also keep yourself busy with these interesting newsbites:
- RSA Hit by ‘Sophisticated’ Attack, SecureID Info Taken # Also check out this write-up. #
- Fox Sitcom Will Depict Pen Testing Firm #
- New PCI Guidance Issued: Council Releases Steps for Protecting Voice-Recorded Card Data #
- Rustock Botnet Takedown by Microsoft, Feds, Others #
- Dutch Court Rules WiFi Hacking Is Now Legal: Getting off on a technicality… # More on this here. #
- Google Patches Flash Bug before Adobe: Google is just always on top of these. #
- VA Forensic Investigators don’t Need PI License as of 1 Jul 11: Also see here. #
- BA Jihadist Relied on 2K Yr Old Encryption: Phrase that pays: “which they had invented themselves.” #
- PHP Developer Wiki Server Hacked: I’m sure you’ve all seen this by now. # Find more info here. #
- Apple Showers Love on Mac Malware Protection: This doesn’t happen that often. #
- Pen Test Stnd Aims to Improve Testing Quality #
- Comodo Compromised: Bad SSL certs were issued. Here’s how Google/Mozilla responded. # Also check out here #, here #, and here # for more coverage.
- “Am I Violating DMCA By Visiting NYTimes w/NoScript Enabled?“ #
- Securing the Virtual Desktop: I like the Phoenix idea for avg office users. #
- Detecting Words & Phrases in Encrypted VoIP Calls: I heard a/b this. Interesting. #
And in closing, who could forget the tweets of the week?
- Sometimes its better to strategically suck at some tasks. U get to do what your good at folks. #
- If i tweeted my pwd, U wld only see 1st 140 chars.
#
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…
No related posts.
Loading ...