[Sorry but I haven't had time to summarize this like I usually do but just wanted to get it off my plate so I can focus on more important things (like prepping for BSidesLV and Defcon). Anyway enjoy the dump and be sure to say hi if you are going to be in Vegas this week. Grecs]

• #CON #NOVABLOGGER: Thoughts on SANS WhatWorks Summit in Forensics & IR 2010 http://bit.ly/9xbNbz (via @novainfosec) [Good recap.] #
• #NOVABLOGGER: Network Forensics Vendors: Get in the Cloud! http://bit.ly/92Opw6 http://j.mp/nispblog (via @novainfosec) #
• #BSidesLV Participant sign-up list will close on 7/20. U MUST B on official list 2 gain entry. http://bit.ly/doE06e (via @mschafer) #
• #MEETUP DNSSEC/FISMA Seminar in DC w/ DNSSEC Experts fr NIST, MS & Secure64 http://bit.ly/ah5NaF (via @danphilpott @vapigilt) #
• HTCIA “Vetting Ligatt” http://bit.ly/9mrTpn (via @attritionorg @marcusjcarey) [In case U missed earlier today.] #
• Vuln Report – July 2010 http://bit.ly/awGLyl [Get a quick 3 min summary of the July patches fr @VRT_Sourcefire.] #
• RT @rybolov: Dear @whitehouse & OMB: can U please make your memoranda available in RSS? http://bit.ly/aKGKPc [Plz RT.] #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-07-15 http://bit.ly/bjQcTs #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/aTWhQJ #
• IN CASE U MISSED IT: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/9iZHXD #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-07-15 http://bit.ly/cAGenr #
• #MEETUP Can’t get enough #DNSSEC? Reg 4 DNSSEC/FISMA seminar at Spy Museum 7/27 (http://j.mp/dvhHUh) (via @scottr_nist) #
• Just heard that MS is going to support Window XP SP3 through 2010. I just can’t imagine using XP 10 yrs from now. #
• WackoPicko vuln webapp released! – http://bit.ly/cbKCvp (via @carnal0wnage) [@dallendoug - another free webapp 2 use 4 that VM distro.] #
• #MEETUP CapSecDC Not in Vegas edition is early this yr. Come 2 Stetson’s 7/21 before people head 2 Vegas http://bit.ly/aV59MZ #
• Nmap 5.35DC1 (Defcon edition) released! 17 new NSE scripts & much more: http://bit.ly/aUuO2j (via @mubix) [Woot!] #
• Feds Look for Wikileaks Founder at NYC Hacker Event http://bit.ly/djJIgd (via @WeldPond) [Drama at #thenexthope.] #
• Defcon & Blackhat Parties List Updated http://bit.ly/c6psXT #Blackhat2010 #Defcon Help me add! pls RT (via @Jhaddix @jaysonstreet) #
• #NOVABLOGGER: Review of The Cuckoo’s Egg Posted http://bit.ly/dbukvP (via @novainfosec) [Agree. Loved this book.] #
• #NOVABLOGGER: Review of Crypto Posted http://bit.ly/dcwBWH http://j.mp/nispblog (via @novainfosec) [Another awesome book.] #
• #NOVABLOGGER: Review of Code Version 2.0 Posted http://bit.ly/9pihz8 (via @novainfosec) [I have v1.0 & read when I can't sleep. ] #
• New Metasploit GUI Written in Java: If you don’t like cmd mode 2 interact w/ metas.. http://bit.ly/9MQnfw (via @sans_isc) [Cool.] #
• BLOGGED: Win Three TaoSecurity Recommended Books http://bit.ly/cUiA4K #
• #JOB NPR had a story on Cybersecurity specialist shortage this AM http://n.pr/93nOhm (via @danphilpott) #
• Running a little contest giving away 3 @taosecurity recommended books. See http://bit.ly/cUiA4K for details & RT my next tweet to enter. #
• I want 2 win 3 @taosecurity recommended books from @grecs. #infosecclassics http://bit.ly/cUiA4K #
• MS Confirms Windows Shortcut Zero-Day flaw http://bit.ly/8YZzDR [Nother reason to disable autoplay.] #
• #MEETUP Just a reminder that @CapSecDC is THIS Wed. “After Work” at Stetson’s, 1610 U St NW. Looks like a full house this month! #
• Our Infocon is at Yellow: 4 details: http://bit.ly/cXlMZ6 We R trying 2 mk our Infocon more useful.. (via @sans_isc) [This is new. ] #
• IN CASE U MISSED IT: Win Three TaoSecurity Recommended Books http://bit.ly/c7u5MS #
• #NOVABLOGGER: The Biggest Problem http://bit.ly/ap4UCm (via @novainfosec) ["Learn how to write." Nuff said.] #
• #NOVABLOGGER: Notes fr The Next HOPE http://bit.ly/avN5Kh http://j.mp/nispblog (@novainfosec) [Wish I could have made it.] #
• BLOGGED: Where You Want to Be This Week for 2010-07-19 http://bit.ly/bJuNQn #
• Exploit 4 Windows Shell flaw (LNK) added 2 #metasploit http://bit.ly/a5OwFm (via @hdmoore @TheCustos) [Wow, that was fast.] #
• Court Fails to Protect Privacy of Whistleblower’s Email http://bit.ly/aQrryY (via @GoldbergLawDC) [Not good.] #
• TrueCrypt 7.0 Released http://bit.ly/9r7Yxk [Woot! No whole disk encryption support for Mac tho. ] #
• BLOGGED: Starbucks VPN Options for Wifi Security http://bit.ly/d1KFnH #
• Adobe to Fortify Widely Exploited Reader with Security Sandbox http://bit.ly/98BMFf #
• #EDU Certified Ethical Hacker Courses – Again.. http://bit.ly/aXJdMn (via @jaysonstreet) [Good for baseline knowledge.] #
• IN CASE U MISSED IT: Starbucks VPN Options for Wifi Security http://bit.ly/cB0VLu #
• IN CASE U MISSED IT: Where You Want to Be This Week for 2010-07-19 http://bit.ly/b5BYyA #
• Opinion: Apple App Store’s security track record unblemished after two years http://bit.ly/9GGbtQ (via @krvw) [True.] #
• Lowering infocon back 2 green .. http://bit.ly/9sFpLl (via @sans_isc) [Darn, it was so cool being yellow 4 a change. ] #
• Security BSides Announces 2010 Speaker Line-Up at BSides LV http://bit.ly/bqRJs4 (via @mschafer) [I'm finally in the mix. ] #
• Reminder: CapSecDC Meetup @ Wed Jul 21 6pm – 9pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #
• Nonprofit Launches Open-Source IDS/IPS http://bit.ly/batnao [Interesting.] #
• Hackers Unite! .. #BSidesLV http://bit.ly/aIJqDe (via @adamely @petermannmc @mschafer) [Woot! Tx 4 rec. Hope I don't disappoint..] #
• Harsh Words 4 Professional Infosec Certification http://bit.ly/aefdkn ["Creating a Dangerously False Sense of Security." Nuff said.] #
• Innovation – You Keep Using That Word http://bit.ly/9gKc9O [@VRT_Sourcefire 's response to Suricata v1.0 release.] #
• BSides Las Vegas 2010 Speaker Line-Up Announced http://bit.ly/bVhu9F [More #BSidesLV press and not-to-miss talks.] #
• #CON Metricon 5.0 http://bit.ly/9TI2yM [And heading back to DC, another interesting event 2 attend.] #
• Tool Blunts Threat from Windows Shortcut Flaw http://bit.ly/djxaIB [MS released a FitIt tool 2 mk same registry changes.] #
• RT @TheCustos: RT @secureideas: Submitted Friendly Traitor 2 & Social Zombies Gone Wild 2 AppSec DC! <- register now 4 @appsecdc! <- +1 #
• Dell Warns on Spyware Infected Server Motherboards http://bit.ly/aBNkzZ [Wow, taking it a step further.] #
• BLOGGED: Winner of TaoSecurity Recommended Books http://bit.ly/9aZn1j #
• NIST Static Analysis Tool Exposition 2009 reports & data are online http://bit.ly/d8MEGA (via @rgaucher) [Worth a read.] #
• BackTrack 4 R1 BlackHat Edition http://bit.ly/a6nXI2 (via @ @security4all @jaysonstreet) [Nice!] #
• IN CASE U MISSED IT: Winner of TaoSecurity Recommended Books http://bit.ly/awOyUB #
• Is ubiquitous encryption technology on the horizon? http://bit.ly/aDVioI [Hopefully..] #
• RT @capsecdc: CapSecDC is TONIGHT. Hope to see you there! Stetson’s, 1610 U Street NW. Follow us here & check for updates if you are late! #
• Google: Plug Critical Holes within 60 Days Across Industry http://bit.ly/aTDxZ3 [Not perfect but at least a start.] #
• RT @angelinaward: RT @Beaker: We’d b grateful if U could spread word a/b sponsorship of non-profit HacKid con. http://www.hackid.org #
• Survey: security pros feel underpaid, but willing to take a pay cut in some cases http://j.mp/dtw0S5 [Interesting.] #
• #EDU University Offers New Cybersecurity Degrees http://bit.ly/chWlCB [Yep, online and from UMUC.] #
• Astaro Security Gateway Vs 8 Home http://bit.ly/bmuNoI [As I mentioned in http://bit.ly/d1KFnH nice free product 2 play w/.] #
• Demonstration of Scriptless XSS http://bit.ly/b5XrIm (via @peterkruse @mubix) [Interesting.] #
• #CON RT @falconsview: anybody else planning to go to the Cybersecurity Symposium in DC next Tues (7/27)? <- Nope #
• Don’t Wait 4 Adobe Sandboxing 2 Secure Your PDF Viewing (via @bobgourley) http://bit.ly/9p5hhv [Yep, FoxIt and Nuance alrdy have.] #
• IT Security Professional: Heal Thyself: Cybersec Lessons 2 b Learned fr Medicine Field http://bit.ly/afx3oM [Interesting.] #
• #JOB Apply now! #InfoSecMentors Meetup 4 all project participants 7-9pm 7/28 @ BSides http://bit.ly/cf4ae0 (via @joshcorman @petermannmc) #
• MS’s Mike Reavey Talks a/b New “Coordinated Vuln Disclosure” Approach http://bit.ly/dzurYv [Will rebranding really help?] #
• RT @InfoSecMentors: #BSidesLV InfoSec Careers Grand Slam! Wed 4pm-@grecs 5pm-@jsokoly 6pm-@infosecmentors 7pm-Mentors Meetup! #
• Dissecting the Hack: How We Rewrote STAR Section http://bit.ly/cH1×9n (via @bbaskin @jaysonstreet) [I'm getting stressed just reading this.] #
• Fed Cyber Strategy Gets Modestly Clearer http://bit.ly/b99bPZ <- Disagree, it made responsibilities much less clear. (via @danphilpott) #
• #JOB We’re hiring again see http://bit.ly/9I5v5P and http://bit.ly/aljRLn (via @VRT_Sourcefire) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There aren’t a lot of meetups going on due to summer vacations but a summary and an event did pop up.

• #MEETUP Meeting: 2010.06.10 0×0004 http://bit.ly/cLkftm (via @novahackers) [Notes fr last meeting.] #
• #MEETUP Baltimore Node is showcasing Powertool Drag Racing Sat & Sun. http://bit.ly/bLnk8v [This could get dangerous. ] #

But have no fear … more meetups are coming…

• #MEETUP State of the Hack: M-Trends- The Advanced Persistent Threat, 7/20 at 6:30 PM (via @dallendoug @Mandiant @issa_dc) #
• #MEETUP Not going to Defcon? Need a pity party? Good news! Charmsec 27 is Thur, July 29th 7:00PM at @Slaintepub (via @charmsec) #

If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences?

• #CON NIST will host National Initiative Cybersec Education (NICE) Workshop on Aug 11-12, 2010 http://bit.ly/bZgEbX (via @danphilpott) #
• Black Hat, DefCon & B-Sides: A Survival Guide http://bit.ly/cY0WBm [Good read for 1st time attendees .. ahhh hem] #
• #AppSecDC 2010 CFP closes end of this month. Get that submission in before U head 2 Black Hat! http://bit.ly/c3RzxJ (via @appsecdc) #
• #CON Registration is NOW OPEN for #AppSecDC 2010. http://bit.ly/dg4zDp 1 month 2 take adv of early bird discounts! (via @appsecdc) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: My Article on APT Posted http://bit.ly/9LnwPT http://j.mp/nispblog (@novainfosec) [Check it out.] #
• #NOVABLOGGER: Code w/ JavaScript: Letters & Numbers Optional http://bit.ly/bxiJiB (via @novainfosec) [Interesting.] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-07-08 http://bit.ly/baJWOu #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/aVr97J #
• BLOGGED: Where You Want to Be This Week for 2010-07-12 http://bit.ly/ctfn88 #

As usual there are lots of education, career enhancement, and potential job opportunities floating around.

• #EDU First 2-Year Schools 2 B Designated Centers of Excellence by NSA. http://bit.ly/aQXCrO [Hey, there's 2 close by.] #
• #JOB RT @Shpantzer: RT @gattaca: Any one interested in a certification & accreditation gig in DC? Drop me a DM #job #jobs #
• In Security? Check out InfoSec Mentors: http://bit.ly/9Wrjvh. Spread the love. (via @DrInfoSec @kriggins @RonW123) #
• #JOB Three new software security consultant jobs posted for VA.. http://bit.ly/cFa7Bm (via @cigital) #
• #JOB “Skill Matrix 4 CISO of Future” http://j.mp/di1yd7 (via @LJKush @mschafer) [Looks interesting. Unfort need 2 reg.] #

And in closing, you can also keep yourself busy with these interesting articles and newsbites:

• New AV Testing Methods Stir Debate http://bit.ly/9ZWUAH [Yeah, whoever scores low will debate. ] #
• Reverse engineer extracts Skype crypto secret recipe http://bit.ly/bLtGvM [Interesting.] #
• “The Time is Now 4 WiFi Neighborhood Watch Programs” http://bit.ly/aJf9Ic (via @DrInfoSec @burgessct) [Excellent idea.] #
• Apple Ranks 1st in Surging Security Bug Count http://j.mp/awti3h [Should I head back to a PC? ] #
• “When all else fails, sue” ..hilarity from #LIGATT http://bit.ly/cvlskq (via @danphilpott @RafalLos) [@tiffanyrad called this 1.] #
• #NEWS Security Rule No. 1: Assume You’re Hacked http://bit.ly/dBZsHv (via @DaveMarcus @DrInfoSec) [fully agree!] <- +1 #
• Microsoft Fixes Ormandy Zero-Day, Four Other Bugs http://bit.ly/bh4D1Q [Finally!] #
• Mozilla Snuffs Password Pilfering Firefox Add-On http://bit.ly/bKtFZb #
• Secunia Half Year Report for 2010 Shows Interesting Trends http://bit.ly/d8nepa (via @sans_isc) [Interesting. ] #
• “Millions” Of Home Routers Vulnerable To Web Hack http://bit.ly/dlVYmk [DNS bites us again] (via @DrInfoSec) #
• Winners 4 #DHS #cybersecurity awareness challenge http://j.mp/bePtiJ (via @werntzp) #
• Password length more important than complexity #R00t$H3ll = 195 yrs 2 crack; abcdefg1234567 = 5722 yrs http://j.mp/cY1gWR (via @mubix) #
• Researchers Expose Privacy Flaws in Chatroulette http://j.mp/aNuiE5 (via @regsecurity) [Uh oh..] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

Not many meetups/cons this past week but you can’t beat a free SANS evening and their annual forensics summit.

• #CON OPEN TO ALL – Digital Forensics Awards Night – 7/8/10 http://bit.ly/8Xezfm (via @Shpantzer) [Get chance 2 experience SANS 4 free.] #
• #CON Last minute change #forensicsummit. Mischel Kwon 2 keynote day 2. http://bit.ly/bELuyU (via @Shpantzer @robtlee) #

SANS is on the ball announcing an upcoming conference later this year.

• #CON Once again chairing SANS Virtualization & Cloud Computing Summit http://bit.ly/9NmKss (via @Shpantzer @tliston) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Did U Know? US has an Industrial Ctrl Systems (SCADA) CERT.. http://bit.ly/9fU1AW (via @novainfosec) [Interesting.] #
• #NOVABLOGGER Forget Trying 2 Color the Swan, Focus on What You Do Know http://bit.ly/cGB0kw #
• #NOVABLOGGER: Intro 2 RailGun: WIN API for Meterpreter http://bit.ly/aVA701 http://j.mp/nispblog (via @novainfosec) [Nice!] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-07-01 http://bit.ly/bllHyh #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/asbKgf #
• BLOGGED: Where You Want to Be This Week for 2010-07-05 http://bit.ly/cJijMs #
• BLOGGED: Upcoming Conferences for July, August, September http://bit.ly/aM1prA #
• BLOGGED: Starbucks and Wifi Security Awareness http://bit.ly/ar6Wox #
• BLOGGED: Forget this Network, Pretty Please http://bit.ly/bijcse #

As usual … lots of stuff going on in the government related to infosec…

• Agencies moving slowly to TICs. http://bit.ly/a4iduG #cybersecurity #OMB #DHS (via @werntzp) #
• US DHS shares privacy expertise in new handbook http://bit.ly/9eapkF [interesting read] (via @DrInfoSec) #
• NIST rel Interagency Report 7559 Forensics Web Services http://bit.ly/cHNeLA (PDF) (via @danphilpott) #
• NIST draft SP 800-38A Rec 4 Block Cipher Modes of Op http://bit.ly/daqlB3 (via @danphilpott) [More NIST candy.] #
• Threat of Cyberwar .. Grossly Exaggerated http://bit.ly/bD9f4N (@schneierblog calling it like he sees it.] #
• NIST rel draft of SP 800-125 Guide 2 Security 4 Full Virtualization Technologies http://bit.ly/970Lhx (PDF) (via @danphilpott) #
• OMB M-10-28 Clarifying Cybersec Responsibilities & Activities of EOP/DHS http://bit.ly/bIgDNS (via @danphilpott) #
• DHS Given More Cybersecurity Responsibilities http://bit.ly/b25tSD Will they step up? And who defends .com? (via @taosecurity) #
• Proposed #HHS #rulemaking 4 #HIPAA #HITECH sec, privacy, & enforce rules, 60-day cmt period http://bit.ly/bJcq3a (via @rybolov) #
• NSA Plan 2 Monitor Cyberthreats Draws Cautious Support http://bit.ly/d1eki9 (via @jaysonstreet @AndLax) [Name sounds Orwellian.] #

Some job postings and trends for an infosec career…

• #JOB Stach & Liu has positions open 4 security consultants w/ focus on risk assess/pen testing.. (via @vinnieliu @mschafer ) #
• #JOB When 2 Leave a Job http://bit.ly/cymG5M (via @mschafer) [More good career advice from @LJKush & Mike Murray.] #
• #JOB Career Opps on Legal Side of Information Security http://bit.ly/ap55oV [Not interested but m/b @GoldbergLawDC could cmt on. ] #
• #JOB DHS has a cybersecurity job ensuring app security is considered in dev & acquisitions http://bit.ly/dC73kc (via @danphilpott) #
• #JOB My friend at infolock is hiring a senior security consultant. http://bit.ly/9WrgEn (via @pacohope) #
• #JOB Jobs Aplenty 4 IT Security Pro. Infosec is among most difficult positions 2 fill. http://bit.ly/9epGm2 [Yeah!] #

And in closing, you can also keep yourself busy with these interesting newsbites:

• Suspicious login protection extended 2 all Google accts http://bit.ly/9Sk3ea (via @mubix) [Nice, didn't realize was everything.] #
• Youtube Vulnerable to HTML Code Injection http://bit.ly/9o20Ph (via @mubix @TinKode) [Big news for a holiday Sunday.] #
• App Store, Hacked http://bit.ly/b2m62c (via @SecBarbie @jeffisageek) [In other big Sunday news..] #
• Big W Infecting Photo Printing Customers? http://bit.ly/d188rw (via @securityninja @mikkohypponen @drinfosec) #
• Twitter Kit, a Spammer’s Dream Come True http://bit.ly/cHYE07 [And it's only $20!] #
• Credit Card Hackers Visit Hotels All Too Often http://nyti.ms/bq7kfb (via @Nathiet) #
• ‘Robin Sage’ Profile Duped Military Intelligence, IT Security Pros http://bit.ly/cHkc3q [Well that answers that question.] #
• Hi! I’m security researcher & here’s your invoice. http://bit.ly/9rCQsj (via @lcamtuf @mubix) [Interesting read & good cmts.] #
• PCI Security Stds Go 2 3 Year Lifecycle http://bit.ly/9PfMqh (via @mckeay @BrandenWilliams) [Haven't they learned anything from FISMA?] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There seemed to be quite a few meetups this past week. Did you get to attend any of them? And don’t forget … there are two 2600 meetups later this evening.

• #MEETUP Holy heck! Look at time! CapSec is NEXT WED! Stetson’s, 1610 U Street, around 5, yadda yadda. See you there! (via @capsecdc) #
• #MEETUP W/ so much going on, we’re testing waters w/ meetup grp 2 get word out. Join at http://bit.ly/dze4dW (via @hacdc) #
• Reminder: InfraGard NCMA Meetup @ Tue Jun 29 6pm – 8:30pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #
• #MEETUP Updated our meetup URL since last tweet! Join our meetup grp. “Use your brain again.” http://bit.ly/beQktG (via @hacdc) #
• Reminder: CapSecDC Meetup @ Wed Jun 30 6pm – 9pm (NovaInfosecPortal.com Calendar) (via @novainfosec) #

If you didn’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences?

• #CON Digital SANS Forensics/IR Summit 2010: Advanced Persistent Threat Panel Questions Released! http://bit.ly/dDktdc (via @taosecurity) #
• #CON Planning my trip 2 SANS “What Works in Forensics & Incident Response Summit 2010″ http://bit.ly/aA7fOK (via @angelinaward) #
• #CON NIST 2 hold symposium on 7/27, Cybersecurity & Innovation in Info Economy http://bit.ly/b4780Y (via @danphilpott) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Secure UR WordPress by Learning fr My Mistakes http://bit.ly/ah34aW (via @novainfosec) [Gr8 read 4 all bloggers.] #
• #NOVABLOGGER: iPhone Geo Blocking http://bit.ly/bwlGYT (via @novainfosec) [Tx @mubix. Any quick ways of rm loc data fr existing pics?] #
• #NOVABLOGGER Thinking a/b Cloud Security & Vuln Research: 3 True Outcomes http://bit.ly/bYuyBM #
• #NOVABLOGGER: Firefox Saved PWs http://bit.ly/aYX33I http://j.mp/nispblog (via @novainfosec) [B sure 2 set master pw!] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-24 http://bit.ly/bIUlsl #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/ckRXsw #
• BLOGGED: Where You Want to Be This Week for 2010-06-28 http://bit.ly/cfCHbJ #
• BLOGGED: Cookie Use … How Agencies Should Set Example for Broader Industry http://bit.ly/c3ASpP #
• BLOGGED: IE6 ‘More Security’ than Chrome/Opera … Really? http://bit.ly/daovt7 #

I noticed a lot of career-related information as well as a number of job posts.

• #JOB Looking 4 candidates interested in data analytics/mining http://bit.ly/9JTqtt (via @DuvalSearch) [1 NoVA spot too.] #
• #JOB Ever wanted 2 lead a #DHS #cybersec ctr? http://bit.ly/bURVgu (NCCIC Director job posting) (via @werntzp) #
• #JOB Prepare for Careers in the Cloud http://bit.ly/bSXMBq [Some career advice to consider.] #
• #JOB VA & CA Security Specialist – JASON Program FSO: Location: McLean, VA an.. http://bit.ly/duASN6 #
• #JOB NoVA Sr IT Audit opening, 3-7yrs exp, GCC’s, App, SDLC reviews. CISA preferred. http://bit.ly/bxFJYK #
• #JOB Stratum looking 4 ppl w/ nunchuku, bow hunting, & hacking skills. Mostly hacking tho http://bit.ly/94cvOr (via @packetwerks) #

And if you work in the federal government space, you’ll definitely want to take a look at these posts.

• Agencies Get Rdy 4 FISMA Changes http://bit.ly/aBnIAX (via @danphilpott) #
• WH Unveils Online Authentication Plan: Internet Fraud, ID Theft Prompts Nt’l Strategy 4 Trust Initiative http://bit.ly/cpQKCr #
• Use TrueCrypt 2 encrypt ur sensitive data,.. Don’t cross border w/ unencrypted data. http://bit.ly/cdduNL (via @GoldbergLawDC) #
• US Gov Sites Can Now Use Cookies/Web Analytics http://oreil.ly/9Ev8UU (via @ibmfedcyber @digiphile) [Google Analytics 2 get boost.] #
• BREAKING: Supreme Court strikes down SOX http://bit.ly/bgHXeU (via @alexhutton) [Just part of it. Not whole thing.] #
• #NEWS OMB Ends Fed Agency Cookie Ban http://bit.ly/aO1wlH [Decision 2 use opt-in/out up 2 agency. As exple all shld use opt-in.] #
• #EDU NIST has online course “Applying Risk Mgmt Framework to Fed Info Systems” http://bit.ly/9c04rR (via @danphilpott) #
• Supreme Court Ruling Will Have Little Impact On SOX.. Sorry http://bit.ly/9p1aUl [Commentary no morning's big news.] #
• NIST rel SP 800-53A Rev 1 Guide 4 Assessing Security Ctrls in Fed Info Systems/Orgs http://bit.ly/92G8xc (via @danphilpott) #

And in closing, you can also keep yourself busy with these interesting newsbites:

• How 2 Access the Internet (A Guide fr Year 2025) http://bit.ly/dg0U5l (via @mikkohypponen @drinfosec) [Slipperly slope?] #
• Hacker High http://bit.ly/bj9cdP [Just a reminder and a trip down memory lane.] #
• Google Can Kill or INSTALL Apps on Androids http://bit.ly/8Xt6jy [Whoa!] #
• Rancid IE6 ‘More Secure’ than Chrome/Opera US Bank Says http://bit.ly/cbhlak [Really? Again there's that "more secure" argument.] #
• Russian Spy Ring Bust Uncovers Tech Toolkit http://bit.ly/at3sSL [Fascinating read.] #
• How 2 B Better Spy: Cybersec Lessons fr Recent Russian Spy Arrests http://bit.ly/b8ns2N (via @sans_isc) [Nice follow-up.] #
• Facebook Apps Must Now Seek Permission 4 User Data http://bit.ly/bDdcpO [Definately a step in right direction.] #
• The Failure Of Cryptography To Secure Modern Networks http://bit.ly/bdwjQG [Nice read.] #
• Top Apps Largely Forgo Built-In Windows Security Protections http://bit.ly/cMIVZL (via @briankrebs) [Nice read.] #
• Social Security Number Format http://bit.ly/c5NQ4F (via @carnal0wnage) [Awesome find!] #
• How 2 Stay Safe on Public Wi-Fi Nets http://bit.ly/aydfJd (via @bvPredator) [Basic but timely given Starbuck's new free service.] #
• #EDU 15 Must-Listen Podcasts 4 Security Pros http://bit.ly/9rUN9z [Great list! L listen 2 about 5 of them.] #

Well, that’s all for this week. And hey, you should congratulate me for not mentioning the “L” word. And I only mentioned the “F” word once. Anyway, be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There were a few meetups this past week. Did you get to attend any of them?

• #MEETUP .@Defcon410 Thanks for the shout outs on http://bit.ly/cLSm6W. See you on Thursday! (via @charmsec) #
• #MEETUP To Whom It May Concern: Charmsec 26 is this Thur at 7:00PM. Sincerely, @charmsec PS http://bit.ly/devJRV (via @charmsec) #
• #MEETUP Our #dcweek HacDC Lightning Talks were awesomesauce. Updated wiki, including pic & some slides. http://bit.ly/9ejO0B #
• And speaking of @charmsec, there is a #meetup in a few hours… #
• #MEETUP Charmsec 26 is 2night! 7PM. We’ll b on 2nd floor past bar at @Slaintepub <- I’ll be there. Who else? (via @dionthegod) #

If you didn’t have time to make it to any of the weekly security meetups, were you at least able to hit some of the local conferences?

• #CON Who’s coming to Gartner security in DC tonight/this week? /via @Shpantzer #
• #CON On my way 2 Software Assurance Working Groups #SwA /via @dallendoug [Sounds like fun. I need co that supports such things.] #

For those of you that don’t know, we have some excellent infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER AT&T is Wrong About iPad Breach & I have code to prove it http://bit.ly/aBFvLI #
• #NOVABLOGGER: FD 4 Attacker Tools http://bit.ly/cRDPge http://j.mp/nispblog /via @novainfosec [Very interesting read fr @taosecurity.] #
• #NOVABLOGGER: Charmsec http://bit.ly/9Rdm5O http://j.mp/nispblog (via @novainfosec) [Nice history of @charmsec.] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-17 http://bit.ly/cvgvJd #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/ayGMAK #
• BLOGGED: Where You Want to Be This Week for 2010-06-21 http://bit.ly/a98mEk #

And this whole LIGATT thing broke big time. I hope next week not to have an entire section dedicated to this guy…

• The #ligatt exclusive interview 4 #shitcast is out. http://bit.ly/9Wz0Nn Please RT & spread word. (via @matthewhughes @mubix) #
• RT @carnal0wnage: sweet, i’ve been plagiarized by LIGATT.. http://bit.ly/9HZE31 & article… http://bit.ly/dkdx15 any1 have copy? #
• ‘World’s No. 1 Hacker’ Tome Rocks Security World http://bit.ly/cK5Scs [Article on @regsecurity a/b our fav guy.] #
• InfoSec Community Launches Campaign Against Security Firm http://bit.ly/aXfbmj (via @cktricky @benrothke) [Nother #LIGATT article.] #
• Big update to http://bit.ly/9JvWMP #ligatt (via @simplenomad) [At least he's getting a free pen test.] #

More importantly there’s been a lot of progress in enacting a cybersec law. For a quick review of the whole process, you may want to check this video out.

• Full text of S.3480 Protecting Cyberspace as a National Asset Act of 2010 http://bit.ly/bDEnXu #FISMA (via @danphilpott) #
• New Bill Grants Fed Power to Shut Down Web http://bit.ly/cNxtMP [Same 1 fr earlier this week but hadn't noticed this point.] #
• Senate Panel Clears Major Cybersecurity Bill http://bit.ly/96Aood [I'm just a Bill.] #

And on other government news…

• Darpa Taking Fire for Its Cyberwar Range http://bit.ly/bRtwTc (via @0xjudd @danphilpott) [Moving too slow.] #
• Microsoft Execs Like What They See in DC http://bit.ly/achp51 [Stuff like this makes me suspicious.] #
• Einstein Presents Big Challenge to U.S.-CERT http://bit.ly/8ZGIPD [IG says they're not sharing info.] #
• #EDU NSA pub National Centers of Academic Excellence in IA Education (CAE/IAE) List http://bit.ly/9TyqF0 (via @danphilpott) #
• #EDU MD has 3 community colleges in Nat Ctrs of Acad Excel in IA 2-year Education (CAE2Y) (via @danphilpott) #
• NIST Issues Computer Security Division Annual Report http://bit.ly/cniq44 [Looks like they've been busy.] #
• Howard Schmidt on cybersec: “The more complex it is, the less people use it.” http://bit.ly/9SvA37 (via @DrInfoSec) [So true.] #
• FTC Forces Twitter 2 Upgrade its IT Sec Program http://bit.ly/9ONQlW [No 1 wants 2 do sec by themselves. Gotta b forced I guess.] #
• #JOB Want 2 help DHS w/ national communications infrastructure & support NCCIC? http://bit.ly/96vwHP (via @werntzp) #

And if you haven’t heard, this fancy new mobile OS and phone were released this week. … No, I didn’t get one yet but as you can tell below I did do the OS upgrade.

• Any1 notice passcode being disabled after upgrading to iOS4? I had it set in 3.x but now it’s disabled by default. #
• Also noticed podcasts that deleted earlier reappearing after upgr to #ios4. #
• More #ios4 upgr annoyances.. Some cool cover art lost. No custom background on 3G. No multitasking on 3G. Total unread email counts off. #
• “The Complete Guide to Using iOS 4″ http://bit.ly/bnsYMP (via @jaysonstreet) [Enjoyed reading.] #
• Apple #iOS4 deals w/ 60+ Vulns http://bit.ly/biO7Vq (via @jaysonstreet @CyberCrime101) [Now the security stuff.] #
• Apple Collecting/Sharing iPhone Users’ Precise Locations http://bit.ly/a5OYwh (via @techsavvy @Shpantzer) [And then privacy issues.] #
• iPhone Encryption in iOS4 .. few extra steps U must take 2 mk it actually work http://bit.ly/dAHIuA (via @IBMFedCyber) [Good 2 know.] #
• iPhone iOS 4 Security http://bit.ly/ah3qwM (via @DrInfoSec @georgevhulme) [Step in right dir but far fr where need 2 go.] #
• Re iOS 4 security .. Can’t we just have full “disk” encryption? #
• & what’s w/ weird backup/restore/run around circle/reset/throw salt over shoulder thing we need 2 do? & that’s just 2 get sucky encryption. #
• I mean come on .. I thought Apple was known for this whole magical simple and usable thing. I feel like I’m back on a PC. #

You can also keep yourself busy with these interesting newsbites:

• And on other non-Ligatt security news .. Researcher shows how to strike back at web assailants http://bit.ly/alpuJq #
• Firefox add-on does ‘HTTPS Everywhere’ http://bit.ly/c5RJRb [Will have 2 try out. Obviously doesn't work with all sites.] #
• Danger Room: DHS Geek Squad: No Power, No Plan, Lots of Vacancies http://bit.ly/bVUCBx (via @danphilpott) #
• Looking 4 Vulns in All Right Places: Experts Say U May B Missing Few http://bit.ly/cgJv0v [Don't forget all those "appliances."] #
• It’s Signed, therefore it’s Clean, right? http://j.mp/aINbGj [Malware authors using code signing techniques 2 their advantage.] #
• When Twitter Resets Your Password http://bit.ly/aC6jrZ [Interesting on how they do do things like this.] #
• Testing Reveals Security Software Often Misses New Malware http://bit.ly/9Ix9CF (via @CSOonline) [We're always reacting.] #
• Defenders of the Faith http://bit.ly/dDfq86 (via @VRT_Sourcefire). [More on recent FD debate.] #
• Say Goodbye 2 WEP & TKIP http://bit.ly/9dK0EW (via @aircrackng @nickitsec) [Only in new devices & starting in 2011.] #
• Case 4 Cybersec Insurance http://bit.ly/a42IJ0 (via @DrInfoSec) [Nice read fr @BrianKrebs. And wow, it actually worked.] #
• YouTube Wins Case Against Viacom http://bit.ly/aNCzQF (via @bobgourley) [Wow.] #
• Exploiting the Exploiters http://bit.ly/criHhX [Nice read.] #
• Google Vanishes Android Apps fr Citizen Phones http://bit.ly/bpDw9Y [Freakin security researchers messing w/ marketplace.] #

And in closing, who could forget the tweet of the week?

• Finally iPhone wallpaper 4 Security folks still doing obscurity thing http://bit.ly/bjDQim (via @IBMFedCyber) #totw #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There were a few events this past week. Did you get to attend any of them?

• Just got back from @novahackers. Gr8 talks as usual .. except the first one kinda sucked. #
• #MEETUP Learn electronics at HacDC! Our class starts tonight at 7PM and goes for 8-10 weeks. No prior XP needed. http://bit.ly/amd2fc #
• #CON Pen Test Summit 2010 Thoughts/Summary http://bit.ly/8ZCbJc (via @pauldotcom) [Sum of of con earlier this week in Balt.] #

Here’s an upcoming meetup for those of you who are interested.

• #MEETUP Propose 5min talk 4 #DCWeek HacDC Lightning Talks 6/19 (NOT 7/19) http://bit.ly/aP41iK (via @daniel_packer @hacdc) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER Framing Software Security http://bit.ly/ctGIQa [@falconsview snuck a post in over at @fudsec] #
• #NOVABLOGGER: Maintaining Sec w/ Enterprise Virtualization http://bit.ly/9ysTM2 http://j.mp/nispblog [Pros & cons of virt.] #
• #NOVABLOGGER: June 2010 Hakin9 Mag Published http://bit.ly/cNvAHv http://j.mp/nispblog [Some nice reading for the weekend.] #
• #NOVABLOGGER Risk Appetite: Counting Risk Calories is All You Can Do http://bit.ly/aAH5DT #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://tinyurl.com/37blns7 #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-10 http://bit.ly/aglIxF #
• BLOGGED: AppSecDC Infosec Conference Event http://bit.ly/96aoAK #
• BLOGGED: Where You Want to Be This Week for 2010-06-14 http://bit.ly/bbiFyC #

And this guy is just too “ligatt” to quit…

• Review of ‘How 2 Become The Worlds No 1 Hacker’ http://bit.ly/bmTJ9l #LIGATT (via @benrothke @schuetzdj) [More #LIGATT fun.] #
• RT @dallendoug: If we can get ATT 2 sue LIGATT, we’ve got win! RT @danielkennedy74 @LIGATT Step 2) Predict seq num <- Plagiarizing Goatse #
• RT @LIGATT: If there is another computer hacker better than me…please stand up or shut the hell up! #
• RT @cktricky: RT @LigattHaxx0r: Hacking Tip # 13- Use a different password for your Twitter and Facebook accounts. <~Lol, nice <- +1 #
• Here U go http://bit.ly/99bodu (via @Equix3n @bitkitty) [Here's Ligatt BSing it a/b women. Whatever. ] #

In more pertinent things that went on this past week, there were plenty of career discussions and suggestions to improve yourself.

• #JOB Stratum Security is looking 4 software sec folks. Web app sec, rev eng, malware, protocol analysis.. Contact us. (via @packetwerks) #
• #JOB Sourcefire VRT Expansion Plans (We are Hiring) http://bit.ly/datFvK [I'm assuming this in their MD office. Good opp.] #
• Exploit writing tutorial 10 released http://bit.ly/aPCBA8 – Chaining DEP with ROP http://bit.ly/ayOy06 (via @mubix @corelanc0d3r) #
• #JOB 9 Career Tips 4 Security Pros http://bit.ly/brR7Uc [Good things 2 consider.] #
• #Job Trends http://bit.ly/9xeRQg [Mentions some good verticals to focus on.] #
• #EDU How Strong is Your Fu – 4 Charity http://bit.ly/b1oOuX (via @offsectraining) [Looks like still open. Gr8 way 2 improve skillz.] #

And of course there was a lot going related to cyber security in the federal government.

• FISMA Reform: Lieberman, Collins & Carper Intro Bill http://bit.ly/9s4X3k [Mention of @danphilpott, FISMApedia, and Guerilla CISO.] #
• Senate hearing tomorrow on Cybersecurity and legislation http://bit.ly/bBTb8Q (via @rybolov) #
• CBS re-aired 60 Minutes piece on cyberwar fr Nov & it hasn’t improved w/ age http://bit.ly/dex9Fa (via @danphilpott) #
• If U R in2 cyber, plz view archived testimony here.. HSGAC Hearings http://bit.ly/9mJehz (via @bobgourley) [#todo] #
• Who’s In Charge During Cyber Attack? http://bit.ly/9SSTgt [Aaaah, that guy. <WH/DHS pointing 2 each other when sh*t hits fan>] #
• DHS Voluntary Private Sector Prep Accred&Cert Prog http://bit.ly/c0tbcx (via @cyberwar) [Term that'll ensure #fail "voluntary".] #
• NIST rel draft SP 800-130 Framework 4 Designing Crypto Key Mgmt Systems http://bit.ly/aeghJr (via @danphilpott) #
• DHS Slams US Gov Network Security http://bit.ly/9Kzg2u [Interesting but bit over-the-top headline.] #
• Gov TLD Registry/Registrar Service RFP Posted http://bit.ly/c3akbJ (via @scottr_nist) [Get your prop team ready.] #
• NIST rel 2nd draft SP 800-131 Rec 4 Transitioning of Crypto Algs.. http://bit.ly/aeghJr (via @danphilpott) [I'm sleeping already. ] #
• Switch 2 Cont Mon Requ New Skillz http://bit.ly/biLOSN [Really? Love this - "what we R doing .. is operationalizing compliance."] #

You can also keep yourself busy with these interesting newsbites:

• Encrypted Laptop Stolen While in Use http://j.mp/ceExZ0 [Problem with existing solutions. Suggestions on how 2 address?] #
• AT&T Explains iPad email Breach http://nyti.ms/aVbIhi /via @dallendoug @WeldPond #
• Shed Vulns w/ 1 Simple Rule http://bit.ly/dlVfVY [Let's get basics right. "uninstall software .. that R not in use"] #
• SAFECode Report Highlights Best Practices http://bit.ly/9fyK2V [Good 2 c this being taken more seriously.] #
• RT @spookerlabs: Awesome Read “IDS/IPS Evasion – Step 1. Awareness” http://j.mp/bTu8Qw /via @mubix #
• Cloud Keyloggers? http://bit.ly/9uuXBK (via @briankrebs) [Interesting insight into what loggers record.] #
• French ISP’s Attempt 2 Block File-Sharing Ends in Failure http://bit.ly/d95uhd [admin:admin anyone?] (via @DrInfoSec) [Nice.] #
• 10 of Top Data Breaches of Decade http://bit.ly/cZNLZu (via @DrInfoSec) [Not huge fan of Top 10s but interesting.] #
• Researchers probe net’s most blighted darknet http://bit.ly/aOXTkb [Interesting.] #
• http://j.mp/dzxWE3 now in beta – ff extension, auto redirect 2 https site /via @rgaucher @alien8 @fmavituna [Just need encryped proxy.] #
• (IN)SECURE Mag 26 rel http://bit.ly/cWj5tx (PDF) (via @helpnetsecurity @danphilpott) [iPhone encryption/forensics art.] #
• New Attack on AES Claims 2 Reduce Entropy from 128 to 32 Bits http://bit.ly/aHmDfu (via @ivanristic @jack_mannino) #
• .. cocreator of public-key crypto says “e-mail crypto is pain in the ass” http://bit.ly/btyPf6 (via @kanendosei @shpantzer) #
• July Edition of Crypto-Gram http://bit.ly/98XldU (via @ksignal9) #

And in closing, who could forget the tweet of the week?

• Now that’s a music video http://j.mp/baBH7T /via @danphilpott [Whoa!] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There seemed to be quite a few meetups this past week. Did you get to attend any of them?

• #MEETUP Looking forward 2 cing every HacDC member (& potential member) at mo member meeting 2morrow, 6/8 7:30PM! /via @hacdc #
• #MEETUP Reminder — This Wed! #OWASPDC at 6:30 on 7/9 at 2201 G St. NW, Rm 553D GWU Campus in Foggy Bottom (via @owaspdc) #
• #MEETUP C U TONIGHT! #OWASPDC at 6:30, 2201 G St. NW, Rm 553D GWU Campus in Foggy Bottom, going for drinks after.. (via @owaspdc) #
• #MEETUP Alex Meisel http://bit.ly/aATuOQ speaking at @owaspdc on distrib WAFs. @rybolov answers some of hard questions (via @Shpantzer) #

There’s also some upcoming meetups for those of you who are interested.

• #MEETUP Give 5 min talk at HacDC Lightning Talks @DCWeek on 7/19! Tweet @daniel_packer w/ your proposal! http://j.mp/aP41iK /via @hacdc #
• #MEETUP Charmsec 26 will b at @Slaintepub on 6/24 at 7:00. http://bit.ly/devJRV (via @charmsec) #
• #MEETUP Charmsec 26 will b @Slaintepub on 6/24 at 7:00. You should come. http://bit.ly/devJRV (via @capsecdc @charmsec) #
• #MEETUP HacDC iz in ur city, teaching ur workshops! We’ve got electronics & disassembly workshops.. http://bit.ly/bwatLV #

If you don’t have time to make it to any of the weekly security meetups, why not plan on attending AppSecDC in November?

• RT @AppSecDC: And, in case U missed it.. we’re back! Here again in 2010, http://appsecdc.org – CFP now open, closes 7/31! #
• #CON RSVP for #AppSecDC on LinkedIn http://bit.ly/9Vbp8c (via @AppSecDC @TheCustos) #
• #CON “Keeping the Crooks out of your Webapp: AppSecDC CFP” http://bit.ly/avwC1I (via @AppSecDC @translucent_eye) #
• AppSecUS site now up http://is.gd/cKo02. Reg: http://is.gd/cKo1H #CFP 6/30: http://is.gd/cKo3E, hit up US then swing by DC @appsec2010 #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Evolving Changes, Challenges for FISMA http://bit.ly/bC9QVf http://j.mp/nispblog (via @novainfosec) [Nice sum.] #
• #NOVABLOGGER: How 2 Not Let FISMA Become Paperwork Exercise http://bit.ly/cfLrzJ http://j.mp/nispblog /via @novainfosec [Nice!] #
• #NOVABLOGGER: “Untrained” IT Workers R Not Primary Sec Prob http://bit.ly/dA96XA http://j.mp/nispblog (via @novainfosec) [Nice post.] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-03 http://bit.ly/asR8b0 #
• BLOGGED: Where You Want to Be This Week for 2010-06-07 http://bit.ly/cQMDLz #

And Ligatt seems to be all over Twitter as well…

• Now there’s @FakeLIGATT. Wonder if Twitter will cave & shut that 1 down, too. (via @quine) [Excellent!] #
• RT @FakeLIGATT: Yo twitter, hook me up with a new logo. #1 Hacker needs a new look (via @rybolov) [Lol.] #
• ROFL! Full page #LIGATT ad in new hackin9.. http://bit.ly/d7W1dF (via @kodefupanda) [Have U stopped laughing yet?] #
• My 1 star review of “How To Become The Worlds No. 1 Hacker” http://amzn.to/d62J5W (via @jack_mannino) [Nice job Jack.] #

And of course we have our usual stream of government related stuff going on.

• NIST has released SP 800-34 Rev 1 Contingency Planning Guide 4 Fed Info Systems http://bit.ly/98nTR9 (via @danphilpott) #
• 7-Step Contingency Planning Process. Revised guidance from NIST. http://bit.ly/bzwkwk [Quick summary of new NIST doc.] #
• DoD issued Instruction 8581.01 IA Policy 4 Space Systems Used by the DoD http://bit.ly/bi8Ty2 (via @danphilpott) #
• Senators Unveil Long-Awaited Cyber Bill That Est Senate-OK’d WH Cybersec Director http://bit.ly/9NmAzj [2 leads? WTF?] #

There seemed to be a lot of job/career stuff out there too.

• #EDU New Honeynet Project Forensic Challenge) http://j.mp/chIEpg (via @sans_isc) [Summer fun.] #
• #JOB So U Want 2 Get Started in an Infosec Career http://bit.ly/9M2f2m (via @quine @marcinw) [Nice way to pull it all together.] #
• Career insights fr sr leaders who have md it 2 top of infosec profession. http://j.mp/9vHlwK [This could b interesting.] #
• How Strong is your Fu – 4 Charity. Reg 2 the evt is open! http://j.mp/b1oOuX Please re-tweet harder! /via @jaysonstreet @bufferzone #
• #JOB So who’s going 2 apply 4 Twitter Gov Relations position? wht a super cool job! http://bit.ly/akWtXr (via @danphilpott) #
• #EDU A challenge 4 U? -> http://bit.ly/a1Y3lD #Honeynet #VoIP Challenge (via @briankrebs @sjurusken) [Fun times.] #
• WH Commission Debates Cert Requirements 4 Cybersec Feds/Contractors http://bit.ly/aVTWFC [Interesting read.] #

Here are some quick how-to’s that were floating around there last week.

• “How to Encrypt and Hide Your Entire Operating System from Prying Eyes” http://j.mp/a5IbL0 (via @jaysonstreet) [Wow.] #
• Competitive Intel Tools (useful in cyber threat analysis) http://bit.ly/9BaEHf (via @IBMFedCyber) [Vid w/ tons of online tools.] #
• Changed how SYN scan detects open ports based on split-handshake http://bit.ly/tcp-sh. Details http://bit.ly/sh-disc (via @mubix @nmap) #
• “Here is script that grabbed 114K iPad ownrs info fr AT&T http://bit.ly/9VRovi (via @bvPredator @ThisIsHNN) [Cool!] #

And in closing, you can also keep yourself busy with these interesting newsbites:

• Adobe warns hackers targeting prev unknown flaw in Flash Player, Reader & Acrobat http://j.mp/dvevya (via @briankrebs) #
• History of Hacking Timeline http://bit.ly/dC7d93 [Of course the more interesting things will never mk it 2 such a timeline.] #
• Opt-Out Required 2 Prevent Your Yahoo! Mail Contacts Fr Being Used 4 Social Net http://bit.ly/d4iGY1 [Will they ever learn?] #
• Go2 http://bit.ly/cmFxPw & uncheck Share My Updates box. #yahoofail #
• Also go2 http://bit.ly/bsONmF & uncheck “Allow my connections to share..” #yahoofail #
• Details on iPhone security weakness : http://j.mp/anj3an /via @IBMFedCyber [Upds on this bug.] #
• Researchers Release Point-and-Click Website Exploitation Tool http://bit.ly/a8tNSl [Problem w/ implementing AES/DES..] #
• June 2010 Microsoft Black Tues Sum http://bit.ly/dnGF86 (via @sans_isc) [Looks like it's going 2 b busy week.] #
• MS Patches Bug Used in Pwn2Own Contest Win that Bypassed DEP/ASLR http://bit.ly/aecemq [Wasn't that like 3 months ago?] #
• Encrypted Laptop Stolen While in Use http://j.mp/ceExZ0 [Problem with existing solutions. Suggestions on how 2 address?] #
• Mules. Villains or Victims? http://bit.ly/b5flYM [MUST READ! simply amazing acct of ops] (via @Shpantzer @DrInfoSec) [+1] #
• Security Breach Allows Hackers 2 Obtain Info on 114,000 AT&T iPad Owners http://bit.ly/cTXZ0U (via @cktricky @cyberlocksmith) #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There seemed to be … aaaahhhh … one meetup this past week. Did you get to attend it? (Of course tonight two local 2600s will be in action.)

• #MEETUP #OWASP #NoVA come here @alexhutton talk a/b risk (what? no way!) Thu 6pm @ OWASP NoVA in Herndon (via @falconsview) #

There’s also an upcoming meetup I tweeted three times about for those of you who are interested.

• #MEETUP Next #OWASPDC is 6/9. Location TBD. http://bit.ly/cdzXhe Alex Meisel Art of Defence CTO speaking a/b WAF in Cloud (via @owaspdc) #
• #MEETUP Next #OWASPDC is 6/9. http://bit.ly/cdzXhe Alex Meisel speaking a/b WAF in Cloud (via ~owaspdc @Shpantzer) #
• #MEETUP June #OWASPDC will b at 6:30 PM on 6/9 at 2201 G St NW, Rm 553D (Duques Hall on GWU Campus in Foggy Bottom) (via @owaspdc) #

If you don’t have time to make it to any of the weekly security meetups, why not try attending this upcoming conference? It’s sort of a big deal.

• #CON #OWASP AppSecDC 11/8-11 at DC Convention Ctr http://bit.ly/9equvP #CFP now OPEN http://bit.ly/aZrghQ (via @AppSecDC) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Lessons from Google Wi-Fi Gaffe http://bit.ly/a5VPtk http://j.mp/nispblog #
• #NOVABLOGGER: SANS WhatWorks Summit in Forensics & Incident Response http://bit.ly/9BEkel http://j.mp/nispblog #
• #NOVABLOGGER: Exploit Kit Try-out http://bit.ly/afpBwY http://j.mp/nispblog #
• #NOVABLOGGER: Wepaweb Deficiency http://bit.ly/dqmExK http://j.mp/nispblog #
• #NOVABLOGGER: Chinese Hack 101 http://bit.ly/9ywHh1 http://j.mp/nispblog #
• #NOVABLOGGER: Happy Memorial Day! http://bit.ly/d48Kwl http://j.mp/nispblog (via @novainfosec) [Awesome post by @cyberhiker. +1] #
• #NOVABLOGGER: “Best Practice” (You’re Saying it Wrong) http://bit.ly/cDDvOq http://j.mp/nispblog (via @novainfosec) [So true.] #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/a4mLsW #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-05-27 http://bit.ly/axjRLF #
• BLOGGED: Where You Want to Be This Week for 2010-06-31 http://bit.ly/cT7yr2 #

And if you haven’t heard, I am trying to clean up my Twitter stream a bit.

• Trying to clean up my Twitter stream some. From now on.. #
• ..#NOVABLOGGER tweet stream & other related website stuff is only going 2 b published on @novainfosec instead of both @novainfosec & @grecs. #
• Please follow @novainfosec 2 continue receiving website-related updates. Just trying to mk @grecs a bit more personal focused. #

NIST is busy as usual.

• NIST released draft IR-7298 Rev. 1 Glossary of Key Information Security Terms http://bit.ly/a3HaoJ (PDF) (via @danphilpott) #
• NIST rel 2nd draft of Technical Specification 4 SCAP 1.1 http://bit.ly/cFuraV (via @danphilpott) #
• NIST FAQ on Continuous Monitoring, clarifies it does not replace FISMA: http://bit.ly/cVhz0o (PDF) (via @danphilpott) #

And Facebook gets its own category again…

• What sites such as Facebook & Google know & whom they tell http://bit.ly/aYkaCS (via @manicode @dshiao) [Nice read. Scary!] #
• “Quit Facebook Day Flops” http://bit.ly/aBKZeQ [Well it was a worthy attempt.] #
• Download @agent0×0’s updated FB Privacy & Security Guide. http://bit.ly/brZ3b7 (via @jaysonstreet @streetsec) #
• “Facebook ‘likejacking’ attacks continue..” http://bit.ly/aosmk1 (via @jaysonstreet) [Nother cool term 2 latch on2.] #
• FB Cracks Down on Rogue Apps w/ New Verification Prog http://bit.ly/aC9kZE (via @sarahintampa @evejou +) #

And in place of LIGATT, who has apparently been shamed out of the press, we have tons of Google news.

• Heh. Google moving to Mac/Linux internally http://bit.ly/95YKFh (via @schuetzdj) [Cool. Don't know if would stop APT tho.] #
• Re Google phasing out Windows.. Maybe it’ll just make other companies more attractive targets. That whole bear thing.. #
• Poll: Would U consider phasing out Win in your org due 2 security? http://bit.ly/a9sE06 [After 7 hours .. 17% Yes 78% No] #
• Google Browser Targets Fed Market http://bit.ly/bDRY0d (via @DrInfoSec) [Interesting. Looking 2 get Google Apps FISMA certified.] #

You can also keep yourself busy with these other interesting newsbites:

• (ISC)²® Evolves Name, Structure Of CAP® Credential 2 Reflect New NIST Guidance http://bit.ly/abz2qJ (via @danphilpott) #
• Sameer Bhalotra named senior director of cybersec under Howard Schmidt, White House confirms (via @iweeknick @danphilpott) #
• House Adopts Cybersec Measure. [Good] FISMA Reform Fate Tied to Don’t Ask, Don’t Tell. [WTF?] .. http://bit.ly/cESNnD #
• Woman Scammed Out of $50k http://bit.ly/b0zBtQ (via @DrInfoSec) [Hey & she's from Fairfax County.] #
• “An Overview of Exploit Packs” http://bit.ly/de6181 [Nice quick discussion. Wow, up to $1000 for one of these.] #
• “$2.95 – Price 4 All Your Personal Details” http://bit.ly/bzn5ou [Downside of all this public info. U can save $3 by using Google.] #
• Should we be encrypting backups? http://bit.ly/bBIcEt [Well yeah .. key mgmt is hard tho.] #
• Cybersecurity: A Year in Review http://bit.ly/bZYMwh (via @IBMFedCyber) [I thought these only occured in December. ] #
• House Approves FISMA Reform http://bit.ly/9H0lJh (via @danphilpott) [Except how much is actually going 2 b "reformed"?] #
• Gr8 article on cloud ITAR compliance, presents variety concerns http://bit.ly/9TBKTI (via @danphilpott) [Wow, more cloud issues.] #
• Windows, Mac, or Linux: It’s Not the OS, It’s the User http://bit.ly/dl96aQ (via @Nathiet) [Interesting.] #
• Adobe #1 target 4 Hackers in Q1 2010 http://bit.ly/b07Dog [PDF accounts for 47.5%] (fixed link) (via @DrInfoSec) [Wow!] #
• New Open-Source OS Will Come w/ ‘Disposable’ VM http://bit.ly/cAyBmh [This could work .. maintenance a pain tho.] #

And in closing, who could forget the tweet of the week?

• Can’t stop laughing at this. http://bit.ly/asShRC (via @rgaucher @manicode) [I agree. ] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

There seemed to be quite a few meetups and conferences this past week. Did you get to attend any of them?

• #MEETUP #25: ~25 folks, epic @shpantzer v. @electricfork cage match, @grantstavely skipping town, CTF qual-chatter, &c. (via @charmsec) #
• #MEETUP RT @capsecdc: CapSec is Next Week! 26-May at Stetson’s, 1610 U St NW! http://bit.ly/9WhjR7 or on Upcoming at http://bit.ly/bdYesS #
• Reminder: SecureAmericas Conference @ Mon May 24 – Tue May 25, 2010 (NovaInfosecPortal.com Calendar) #
• Reminder: ISSA Baltimore Meetup @ Wed May 26 4:30pm – 6:30pm (NovaInfosecPortal.com Calendar) #
• Reminder: CapSecDC Meetup @ Wed May 26 6pm – 9pm (NovaInfosecPortal.com Calendar) #
• #MEETUP CapSecDC, Wed. 26 May 2010, Stetson’s, 1610 U St NW Wash, DC 20009, 5 p.m. – (via @capsecdc @sabletek) [2 more hours!] #

There’s also some upcoming meetups for those of you who are interested.

• CALENDAR UPD: ISSA NoVA Meetup http://bit.ly/cT3R1w http://j.mp/nispcal #
• CALENDAR UPD: ISSA Baltimore Meetup http://bit.ly/c7pNIO http://j.mp/nispcal #
• CALENDAR UPD: Charmsec Meetup http://bit.ly/9OLi5B http://j.mp/nispcal #

If you don’t have time to make it to any of the weekly security meetups, why not try attending one of these upcoming conferences?

• #CON SANS Forensics & IR Summit, Washington, DC July 6-8 http://bit.ly/cohF2r (via @namedeplume @sans_isc) #
• #CON SANS 2010 Digital Forensics Summit – APT Based Forensic Challenge http://bit.ly/cicsiO (via @sans_isc) #
• #CON RT @charmsec: .@stephenNorthcut has invited any1 fr Charmsec out 2 SansFIRE’s Reception on Mon the 7th. .. RSVP is required. DM me #
• #CON NoVA Hackers Metasploit Workshop CFP is open http://bit.ly/9rzDR1 (via @novahackers) #

For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.

• #NOVABLOGGER: Digital Signatures DII Workshop http://bit.ly/a5ePOV http://j.mp/nispblog #
• #NOVABLOGGER: Watch Your WHOIS Entries http://bit.ly/aQWP6N http://j.mp/nispblog #
• #NOVABLOGGER: FACTA Red Flags and Credit http://bit.ly/dfWixH http://j.mp/nispblog #
• #NOVABLOGGER: More on Black Hat Costs http://bit.ly/bNrmFj http://j.mp/nispblog #
• #NOVABLOGGER: Forget Pre-Incident Cost, How Much Did Your Last Incident Cost? http://bit.ly/9jaax2 http://j.mp/nispblog #
• #NOVABLOGGER: On Greed and Complianciness http://bit.ly/9N6CgK http://j.mp/nispblog #
• #NOVABLOGGER: Categories of Security Controls in Outsourcing http://bit.ly/bujSFk http://j.mp/nispblog #
• #NOVABLOGGER: Compliance & Risk Management Are Not the Devil http://bit.ly/c92y6h http://j.mp/nispblog #
• #NOVABLOGGER: Genealogy Research – aka stalking http://bit.ly/d1ciJo http://j.mp/nispblog #
• #NOVABLOGGER: “Machines Don’t Cause Risk, People Do!” http://bit.ly/bqGwFa http://j.mp/nispblog #
• #NOVABLOGGER: Burp 1.3.5 & Android SSL Apps update http://bit.ly/bc0JKj http://j.mp/nispblog #
• #NOVABLOGGER: LOLCATS Building Firewalls http://bit.ly/b0Qgrz http://j.mp/nispblog #

In case you missed them, here were some of our blog posts from this week.

• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/dyg91J #
• BLOGGED: Where You Want to Be This Week for 2010-05-24 http://bit.ly/dcBdLU #

And here are a few of our friendly reminders…

• NOVAINFOSEC TWITS: Haven’t mentioned in while. Localized vs of @securitytwits. We’d love 2 have u. http://bit.ly/nisptwit #
• ADD YOUR MEETUPS: Want to add your #meet up events to our calendar at http://bit.ly/nispcal? Contact us at http://bit.ly/nispcontact. #

There was so much talk about LIGATT this week, there getting their own section. When is this company and the self-proclaimed “world’s greatest hacker” going to go away?

• Awesome sum of #LIGATT BS .. Fundamentals of Manipulating Perception thru Press Rel http://bit.ly/cjWx3C (via @dallendoug) [Wow.] #
• Hey @LIGATT, nice plagiarism. http://is.gd/cjXIj (via @ksignal9 @attritionorg @dan_crowley) [U gotta b kidding me.] #
• LIGATT Twitter Plagiarism http://bit.ly/9g7TGW (via @quine) [Can this guy at least try. I mean come on. Just paraphrase it a bit.] #
• Infosec TV Commercial: LIGATT Sec hopes 2 scare people.. http://bit.ly/a6lL0e (via @schneierblog) [More LIGATT LOLZ.] #

Not to be outdone by LIGATT, Facebook probably won this week with all the latest privacy brouhaha.

• Zuckerburg’s WP Column http://j.mp/9QwVl3 (via @mckeay) [Article is total BS! We choose 2 share. Right? Your default is 4 us 2 share.] #
• Great @quine line on NetSecPodcast: You are not Facebook’s customer. You’re Facebook’s Product. (via @joshcorman @mckeay) #
• Facebook’s Culture Problem May Be Fatal http://bit.ly/befqLw (via @hackernewsbot @evejou) [Nice write up.] #
• Facebook Forces Users 2 Expose or Remove Connections http://bit.ly/aUYr5n [WTF R they thinking. Really bad timing.] #
• Facebook Unveils New Privacy Controls http://tcrn.ch/csSUIS [We'll see how this plays out. Still missing private defaults.] #
• Facebook Reveals New Privacy Setting Changes http://bit.ly/bm2nfH [Here's @DarkReading 's writeup. Yep, weak defaults.] #
• Security’s Top 4 Social Engineers of All Time http://bit.ly/d01iMd [Nice. ] #
• R very own @theharmonyguy was quoted in this SC Mag art a/b FB’s simplified privacy ctrls http://bit.ly/cGiqWF (via @geminisecurity) #

And in closing, you can also keep yourself busy with these interesting newsbites:

• #Blog Twitter Attack http://j.mp/aWcNZ3 (via @FSLabs) [Watch out.] #
• Google SSL beta is live. .. U can now search more securely using http://bit.ly/9dxO3L (via @geekgrrl @evejou) #
• Google Turns on SSL Encryption 4 Search http://bit.ly/9bziDZ [SSL 4 other services too .. didn't see iGoogle mentioned tho.] #
• VA Senator’s Credit Card Used 2 Buy Pot http://bit.ly/cVfwBw (via @DrInfoSec) [Pretty funny.] #
• Is Your Home Printer a Security Risk? http://j.mp/bHjXjF (via @securitywatch @mschafer) [We all too often forget these.] #
• SW Liability Settlement http://bit.ly/c0fHME < vendor liable beyond purchase price 4 unfit SW (via @manicode @rickmoy..) [Wow!] #
• “Top 10 Privacy Tweaks You Should Know About” http://bit.ly/94uiWm (via @jaysonstreet) [Some really nice tips!] #
• Hey kids, go get your shiny new Threatpost iPhone app! http://bit.ly/dxfnvM. (via @mckeay @dennisf) [Nice!] #
• V2 of my History of Web Application Scanning project http://bit.ly/bgpi1r (via @silvexis @mubix) [Great project..] #
• Interesting site of day: W3Domain Tools http://bit.ly/96YbVu Port scan, HTTP Header Retrieval, HTTP “Recon”. (via @mubix) [Nice!] #
• Daily Dashboard 4 Sec & Biz Continuity http://bit.ly/aIevKY [Interesting. Like http://bit.ly/9vkDjL better.] #
• Tabnapping Attack Baits Phishing Trawl http://bit.ly/c2b1TY [I love these names. Look interesting tho.] #
• The Society of Information Risk Analysts – NewSchool Blog http://bit.ly/bZoUbz (via @alexhutton) #
• Fun w/ Printers Part 1 http://bit.ly/97AzjA Part 2 http://bit.ly/drf5zn Part 3 http://bit.ly/cgWhPQ (via @pauldotcom) [Nice!] #
• Online #tool 2 check if URLs R infected http://bit.ly/aQOzBv (via @NickITSec @cedricpernet) [Metascanner using 12 scanners.] #
• Vuln in iPhone Data Encryption http://bit.ly/c9VcQ5 (via @907tothe703) [Wow, didn't know was encrypted by default. Darn, it's broke.] #
• DARPA is building the National Cyber Range for security testing http://bit.ly/aB8uqf (via @danphilpott) [Nice.] #
• RT @zwned: @grecs NCR range for nex gen threats, DISA has a range for current threats and exercises #IARange #
• DoD 2 shift focus to protecting .coms? http://bit.ly/aQjRRw (HT several) (via @dallendoug) [Where 2 draw the boundary tho?] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…

• #JOB Six Hot & Sought-After IT Security Skills http://bit.ly/bcWAxG [Didn't know "clearance" was a skill. ] #
• Single Group Did 66% of World’s Phishing http://bit.ly/9iHKZq [Interesting.] #
• Twitter-Controlled Botnets Come 2 Unwashed Masses http://bit.ly/bJDQC1 [Doing C&C via Twitter.] #
• Great article on creating a malware analysis lab by @lennyzeltser at http://bit.ly/9PZ8XJ (via @RayDavidson @moranned) #
• #NOVABLOGGER: Kish Cypher http://bit.ly/dpD7YN http://j.mp/nispblog #
• #NOVABLOGGER Scale Of Vendor Lameness & FUD http://j.mp/a7ipnF <–please participate, help improve. (via @Shpantzer @nselby) #
• #NOVABLOGGER: Using the Metasploit PHP Remote File Include Module http://bit.ly/a4Dp6t http://j.mp/nispblog #
• #NOVABLOGGER: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/dwBOnY http://j.mp/nispblog #
• BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/dwBOnY #
• #NOVABLOGGER: GoDaddy XSS http://bit.ly/9TfVOE http://j.mp/nispblog #
• BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-05-13 http://bit.ly/ddRbMI #
• #NOVABLOGGER: Grecs’ Weekly Infosec Ramblings for 2010-05-13 http://bit.ly/ddRbMI http://j.mp/nispblog #
• IN CASE U MISSED IT: Grecs’ Weekly Infosec Ramblings for 2010-05-13 http://bit.ly/btrqxh #
• IN CASE U MISSED IT: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/bMWkST #
• Boffins Warn on Car Computer Security Risk http://bit.ly/bOgqIR (via @EASIserv @Nathiet) [Wow, let's hack a car.] #
• #NOVABLOGGER: This week’s in review http://bit.ly/d62Mp6 http://j.mp/nispblog #
• #MEETUP CharmSec 25 will be next Thursday, the 20th of May, at @slaintepub, at 7PM. http://bit.ly/devJRV #
• Wow.. Twitter botnet SDK. These R fascinating. http://bit.ly/9l6mjU (via @helpnetsecurity @IBMFedCyber) [Nice article.] #
• #CON And speaking of AppSecs, you might want to save these dates: 8-11 November 2010..(via @AppSecDC) #
• #NOVABLOGGER: Facebook Backlash http://bit.ly/cbGrcw http://j.mp/nispblog #
• #NOVABLOGGER: How To Get OPEN NAT with Multiple 360’s. http://bit.ly/bdzwJM http://j.mp/nispblog #
• FB Intros Security Measures http://j.mp/cqkfl5 (via @Nathiet) [Nice but not enabled by default & least of their probs right now.] #
• #CON A friendly reminder: Metricon 5.0 CFP ends May 30. http://j.mp/dtIIaj (via @rybolov) #
• #EDU Honeynet project announces winners 2 last challenge http://j.mp/9vyRO2 (via @SecShoggoth @taosecurity) #
• Reminder: GMU – AFCEA Symposium @ Tue May 18 – Wed May 19, 2010 (NovaInfosecPortal.com Calendar) #
• #NOVABLOGGER: Review of Masters of Deception Posted http://bit.ly/acURn6 http://j.mp/nispblog #
• #NOVABLOGGER: Review of Cyberpunk Posted http://bit.ly/d1DbWv http://j.mp/nispblog #
• #NOVABLOGGER: Review of The Hacker Crackdown Posted http://bit.ly/9nBPST http://j.mp/nispblog #
• CALENDAR UPD: CharmSec Meetup http://bit.ly/ahLH8y http://j.mp/nispcal #
• CALENDAR UPD: Gartner Security & Risk Management Summit http://bit.ly/9OjXa9 http://j.mp/nispcal #
• CALENDAR UPD: OWASP AppSecDC Conference http://bit.ly/cnVcZF http://j.mp/nispcal #
• Reminder: ISACA NCA Meetup @ Tue May 18 8am – 4:30pm (NovaInfosecPortal.com Calendar) #
• Google 2 Offer Encrypted Search http://bit.ly/bd6cle (via @appsecurity @mubix) [Why can't they offer encrypted everything?] #
• Have U seen Secure Web App Framework Manifesto? http://bit.ly/aMKvUn (via @mcgoverntheory @DinisCruz @manicode) [Interesting.] #
• #NOVABLOGGER: Metricon is Coming to DC http://bit.ly/d0O0d3 http://j.mp/nispblog #
• #NOVABLOGGER: Professor Rybolov’s Guide to InfoSec and Public Policy Analysis http://bit.ly/cGQILr http://j.mp/nispblog #
• #MEETUP This Thursday (20th) – C @charmsec or http://bit.ly/dhODuM 4 details. (via @pusscat @dionthegod @charmsec) #
• Teach a Man to Phish http://bit.ly/brgjnp (via @briankrebs) [Nice research. Followed a phisher 4 18mos. Great insight.] #
• JS based Independent & Open Tool 4 Scanning ur FB Privacy Settings. http://bit.ly/cimhPO (via @packetwerks) [Nice.] #
• #NOVABLOGGER: Where You Want to Be This Week for 2010-05-17 http://bit.ly/9WFuS6 http://j.mp/nispblog #
• BLOGGED: Where You Want to Be This Week for 2010-05-17 http://bit.ly/9WFuS6 #
• IN CASE U MISSED IT: Where You Want to Be This Week for 2010-05-17 http://bit.ly/cwYEP1 #
• Reminder: OWASP VA Meetup @ Tue May 18 6pm – 9pm (NovaInfosecPortal.com Calendar) #
• Reminder: ISSA DC Meetup @ Tue May 18 6:30pm – 8pm (NovaInfosecPortal.com Calendar) #
• Facebook Privacy Check http://bit.ly/9UDXcH [Nother FB privacy checker. Although @fslabs found some probs with it.] #
• Coming Wave of Mobile Attacks http://bit.ly/96YPro [let users install malware themselves] (via @DrInfoSec) [Nice read.] #
• Most Browsers Leave Fingerprint that Can ID Users http://bit.ly/a302Jc [Wasn't there article a/b this few months back?] #
• #MEETUP 24 seats left! NCAC conf Fed IT-Trends/FISMA http://bit.ly/djd0SN < Wish I were going. (via @ISACA_WashDC @danphilpott) #
• #NOVABLOGGER: Hardening Adobe Reader http://bit.ly/aehbaA http://j.mp/nispblog #
• NOVAINFOSEC TWITS: Friendly reminder.. NovaInfosec Twits list is opt-in. Find list & instructs 2 join at http://bit.ly/nisptwit. #
• Triggered bug in OSX Snow Leop – could still click & view things on locked screen. http://bit.ly/anDwiW (via @pmhesse) [Great find.] #
• Huge ’sexiest video ever’ attack hits Facebook http://bit.ly/dj0pNx [Mmmm? Hotbar is back.] #
• Public SSL Server Database / SSL Server Test http://bit.ly/bUzsht (via @danphilpott) [Cool site to test certs/ssl.] #
• Symantec 2 Buy Verisign Security Biz 4 $1.3B http://bit.ly/bDPeiq (via @jaivijayan @jolenebonina @jsutera654) [Whoa.] #
• ADD YOUR CONS: Want to add your #con events to our calendar at http://bit.ly/nispcal? Contact us at http://bit.ly/nispcontact. #
• Reminder: ISSA NoVA Meetup @ Thu May 20 5:30pm – 8:30pm (NovaInfosecPortal.com Calendar) #
• #NOVABLOGGER: DirSnatch_v2.1 http://bit.ly/9mgfqJ http://j.mp/nispblog #
• Facebook Readies Simpler Privacy Options http://bit.ly/9ih9TJ [I'll believe it when I see it.] #
• Calling All Security Bloggers, Come Out, Come Out Where Ever U Rhttp://bit.ly/c8P9fJ (via @ashimmy @darkreading) #
• We just released Metasploitable, a target VM 4 testing Metasploit: http://bit.ly/acDikg (via @hdmoore @mubix) [Awesome!] #
• Recs on 500G hardware encrypted hard drive? Prefer not 2 install app on machine 2 unlock. Thinking something like IronKey but a hard drive. #
• Reminder: CharmSec Meetup @ Thu May 20 7pm – 10pm (NovaInfosecPortal.com Calendar) #
• #MEETUP Looks like OWASP VA will b on 6/3 at BAH. They’re looking 4 speakers (contact @falconsview if interested). #
• #MEETUP Wow, just learned that @capsecdc will b next week on 5/26 .. same time (6ish) .. same place (Stetson’s). #
• CALENDAR UPD: OWASP VA Meetup http://bit.ly/9xOY2K http://j.mp/nispcal #
• CALENDAR UPD: CapSecDC Meetup http://bit.ly/bY2Y8T http://j.mp/nispcal #
• #NOVABLOGGER: Beware the Audit Hammer http://bit.ly/acPLvf http://j.mp/nispblog #
• #NOVABLOGGER: To Buy Shiny New Products Or Not To Buy http://bit.ly/9k4YUa http://j.mp/nispblog #
• HELP US HELP U: Friendly reminder.. Support NovaInfosecPortal by purchasing thru 1 of our affiliates. More info at http://bit.ly/nisphelp. #
• #NOVABLOGGER: I’m Your Huckleberry http://bit.ly/dgFmMR http://j.mp/nispblog #
• #NOVABLOGGER: Education, Training, and Awareness – There’s a Difference! http://bit.ly/bQEzkV http://j.mp/nispblog #
• #NOVABLOGGER: I’m Your Huckleberry http://bit.ly/bcg0v7 http://j.mp/nispblog #
• #CON Rob Lee set up LinkedIn page http://bit.ly/ase4VJ 4 his July SANS IR & Forensics Summit http://bit.ly/c0uWO7 (via @taosecurity) #
• Hah, thanks @woot 4 Sending Over Bag’s O Crap 4 Shmoocon http://bit.ly/dwXyuS (via @haxorthematrix) [Memooorrreeeiiis.] #
• Symantec’s $1.28 bn Purchase of VeriSign’s Authentication Biz http://bit.ly/9mXwmQ [Consolidation time. So many buys lately.] #
• Technically it’s not a #novablogger blog but @danphilpott ’s FISMApedia is a great resource. http://bit.ly/bUYCgZ #
• Detecting Browser History http://bit.ly/aH1LET (via @schneierblog) [Interesting. I use clear browser cache upon close method.] #
• Detecting Browser History http://bit.ly/aH1LET (via @schneierblog) [Interesting. I use the clear browser cache on close method.] #
• Most Browsers Silently Expose Intimate Viewing Habits http://bit.ly/bSCo8t [More on this. Known 4 a decade. FF4 2 b 1st to fix.] #
• ReclaimPrivacy.org: FB Privacy 101 http://bit.ly/atuXmk [More on this. Detects stuff fine but fix button doesn't always work.] #
• #NOVABLOGGER: ReclaimPrivacy.org http://bit.ly/d8Konz http://j.mp/nispblog [Nother article on this tool.] #

Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…