NovaInfosecPortal.com

• NEWSBITES: Here’s some Sunday reading. Lots of great articles in this edition. http://bit.ly/g9Yl #

• MIRANDA PNP: Listening to PDC again & just wanted to note this #tool / script for testing UPnP devices. Definately something to check out. #
• 2009 PREDICTIONS: It’s that time of year again. Here’s a report from Sophos. http://bit.ly/AZzo #

• RT @danphilpott: Heard W. Hord Tipton of (ISC)2 speak at ISSA-NoVA, he’s not seeing much impact on security job market from downturn. Yay! #
• RT @rybolov: @danphilpott We’ve had Hord as a guest speaker at PF, he’s a good guy. #
• RT @danphilpott: @rybolov Talked w/ him after & agree, he’s good guy. But wonder how ISC2 will adapt CAP/ISSEP to NIST/DoD/ODNI changes. #
• C99 PHP BACKDOOR: Listening to old PDC episode and they mentioned this. Sounds interesting. #tool #
• MS GETTING HIT HARD WITH 0-DAYS THIS WEEK: And here us another one. http://bit.ly/46rI7J #
• CUSTOM WORD LISTS: Was skimming old PDC posts & came across this. Remember them talking about on podcast. Nice writeup. http://bit.ly/CRfg #

• BLACKHAT JAPAN AUDIO: Saw this on PDC mailing list. http://bit.ly/MQVH #con #
• HAPPY HOLIDAYS FROM MS: On Tuesday MS released 8 patches, most of them focusing on client-side apps. http://bit.ly/uExn #
• NMAP BOOK IS A WINNER: Rave reviews for the new nmap book. http://bit.ly/RSUr #
• BROWSER SECURITY HANDBOOK: Interesting book put out by Google that highlights security issues in major browsers. http://bit.ly/mGo4 #

Here is some information regarding this week’s Thursday ISACA - Central Maryland (CM) Chapter infosec meetup event.

In conjunction with the Association of Government Accountants, the ISACA Central Maryland Chapter will discuss how technology and other security trends will impact the audit field in the future. If you are an IT, security, accounting, and auditing professional or an internal control specialist, this meeting will not only be of interest to you, but will also inform you about the future of your respective field.

As the abstract of the meeting points out “[t]echnology is already having an impact on the field of accounting and audit and the fact is we have only just seen the beginning.” While that prognosis sounds ominous, the goal of the ISACA - Central Maryland chapter meetup this Thursday is to prepare professionals for whatever may happen in the field — good, or bad — while encouraging them to stay abreast of what’s going on. As the abstract goes on to say “[n]ot only will we gain a new vocabulary, we will also be able to take back ideas and concepts that will create interesting discussions with our peers.”

And if none of that interests you, cling to the last part of the meeting’s abstract, which states that the meeting will “share some interesting stories about what is going on in the war between the bad guys and civilians in the computer security field. Most people think the Internet is becoming safer, they may not feel that way after this session…” So, if nothing else, think of it this way: you’ll get to hear some really cool stories that you can tell at parties for the next year or so.

(more…)

What do the CISSP, the CAP, and the CSSLP mean to you? If you’ve been thinking about taking any of these certifications — whether to achieve a personal goal or to up your professional status — this Thursday’s ISSA - NoVA meetup is something you don’t want to miss.

Hosted in the Nortel Government Solutions Building, the meeting — led by W. Hord Tipton of Ironman Technologies — promises to draw a unique pool of professionals with opinions to match. So whether you’re looking for individuals who agree with your stance on certifications or you’re looking to start a good debate (remember to keep it civilized folks!) chances are that you will be able to do that and more at the ISSA - NoVa meetup this Thursday.

If you plan on attending this event please RSVP by visiting the ISSA - NoVA website. While we doubt you would be kicked out if you didn’t RSVP, we would hate to see our fellow infosec peers left out in the bitter cold, forlornly staring up at the Nortel Government Solutions Building.  

If you’d like more information about this meetup, check out our original post. If you’d like to learn more about other infosec events in and around the NoVA area, please take a moment to check out our calendar for a complete list of events.

• REPORT RECOMMENDS WHITEHOUSE SECURITY CHIEF: Hopefully some of these recommendations will be made. http://bit.ly/2AofRl #
• SECURITY - RECESSION PROOF?: It seems it may be with so many compliance & regulatory requirements. http://bit.ly/13sm5 #
• BOTNETS ATTACKING SSH: By spreading attacks out among multiple hosts, attackers are able to get by rate-based defenses. http://bit.ly/9ZV2 #

After receiving some new informational tidbits about the DC/MD OWASP meetup scheduled for this Wednesday, we figured that one of the tidbits in particular (there’s going to be food!) might make the difference for those of you who were teetering on the fence of uncertainty about attending the event.

However, there is one catch about the food: those managing the OWASP meetup kindly request that you RSVP in advance lest all of the food be eaten in one frenzied scoop. As OWASP is not in favor of breaking up fights over who’s going to get the last pizza roll, visit http://upcoming.yahoo.com/event/1334575 to RSVP within the next day to secure your spot (and your food) at the meetup.

For those of you not familiar with OWASP, their meetings are always free of charge and open to anyone who is interested in learning more about the infosec community. The group encourages those who attend to bring friends, therefore growing the community (and the food table). While you might come for the food, you’ll stay for everything else that OWASP has to offer.

To get the details about where the meetup is being held, see our original post for more information. Also take a moment to view our calendar for a complete list of infosec events in and around the NoVA area.

• CLEARANCE MONSTER: This post rings so true for most of us in NoVA. http://bit.ly/do1J #

• HARDWARE HACKING: Listened to this on PDC a few weeks back. Excellent and well put together. http://bit.ly/bWY #
• MS08-67 CHECK: If you havn’t applied this out of band patch yet, here is a quick way to find unpatched boxes using nmap. http://bit.ly/14FMI #
• MAIL YOURSELF TO FREEDOM: This is just funny. An inmate packs himself up and mails himself out of jail. http://bit.ly/hvSN #
• HOLIDAY HACKING CHALLENGE: EHN has a new challenge. Want more? The end of the post links to prior ones. Enjoy! http://bit.ly/3tee #edu #
• NEWSBITES: Here’s your weekend edition. http://bit.ly/g9Yl #
• FINAL FIREFOX 2 VERSION: So it won’t contain any anti-phishing features but who’s still using this older version? http://bit.ly/3z3Hp3 #