Weekly Rewind – Word 2007 Encryption, Hot Jobs, Compliance v Security, & More

Thought we would try a new type of blog where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week. If you missed anything or happened to be offline, we thought this post might be a good quick reference. Let us know what you think with a smiley or sad face in the comments.

Our Blog Posts

Where You Want to Be This Week for 2011-09-06: Where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night. If you would like your event listed in our Calendar and in this post, contact us or mention it to @grecs on Twitter. (continued here)

Is Word 2007 Encryption Secure?: There was an interesting discussion that took place on one of the mailing lists I follow the other day with people trying to figure out if the password encryption used in Word 2007 is secure. As most of us know, older versions are easily cracked however the more recent versions are suppose to be more secure. In the discussion there were lots of guesses however no concrete answers. (continued here)

How to Get the Hot Jobs: I marked this article over at GovInfoSecurity titled “Why IT Security Careers Remain Hot” a few weeks back and finally got a chance to read it a little closer and listen to the related podcast. I found it very interesting, especially for those mid-career pros like myself that are looking for the next step. Traditional advice usually included either digging deeper into a specific niche or leaving technology altogether and start working your way up the management chain. (continued here)

Top 3 NoVA Infosec Blog Posts of the Week: It’s that time of the week again: the time where we take a look at what local security bloggers have been up to. You can take a look at what local security bloggers have been up to but if you can’t get enough of the local security scene, check out our NovaInfosec Twits list for even more great security blogs and people to follow on Twitter. (continued here)

Video & Venn Diagram of the Day – Compliance v. Security: I’ve talked about compliance before however @carnal0wnage recently tweeted a great link to a video explaining the difference between compliance and security. I think this video makes it much more clear than any write-up could possibly do. And no … it isn’t for those of us in the echo chamber but rather something you might want to bring up when explaining it to a layman (e.g., that CIO that just cut your budget to only meet the relevant compliance standard). (continued here)

Top Industry Articles

Hidden Wi-Fi Diagnostics Tool In Mac OS X 10.7 Lion: Apple’s newest operating system, Mac OS X 10.7 Lion, hides a hidden application that allows the user to monitor and diagnose their wi-fi connection. The application, called Wi-Fi Diagnostics, is hidden in the CoreServices folder. To get the the application, simply open your hard drive and you will find the System folder. From there follow the path below to find the Wi-Fi Diagnostics application. (continued here)

Reverse Shell Cheat Sheet: If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former. (continued here)

The Top Three Hacker Movies Of All Time…: While the word hacker has expanded over the years, the original meaning, as far as the computer sense, means that it is someone who likes to explore the technology that is in front of them. We say the computer sense because originally the word hacker was used for model railroad enthusiast. It then switched to computer hackers later on. (continued here)

Facebook’s Profile Review and Tag Review: Turn Them On: Facebook is quietly rolling out the most dramatic updates to its privacy settings in a year. While critics have quickly dismissed the updates as typically lacking in user control, there are two new features that we believe you should turn as soon as they are available to you: Profile Review and Tag Review. Here’s how to activate Profile Review. (continued here)

Firesheep addon updated to exploit Google info leak: Researchers have released a Firefox extension that demonstrates the risks of using Google search services on Wi-Fi hotspots and other unsecured networks: With just a few clicks, attackers can view large chunks of your intimate browsing history, including websites you’ve already visited. (continued here)

Related posts:

1. Is Word 2007 Encryption Secure?
2. Video & Venn Diagram of the Day – Compliance v. Security
3. How to Get the Hot Jobs

Tags: summary