NovaInfosecPortal.com

• CLEARANCE MONSTER: This post rings so true for most of us in NoVA. http://bit.ly/do1J #

• HARDWARE HACKING: Listened to this on PDC a few weeks back. Excellent and well put together. http://bit.ly/bWY #
• MS08-67 CHECK: If you havn’t applied this out of band patch yet, here is a quick way to find unpatched boxes using nmap. http://bit.ly/14FMI #
• MAIL YOURSELF TO FREEDOM: This is just funny. An inmate packs himself up and mails himself out of jail. http://bit.ly/hvSN #
• HOLIDAY HACKING CHALLENGE: EHN has a new challenge. Want more? The end of the post links to prior ones. Enjoy! http://bit.ly/3tee #edu #
• NEWSBITES: Here’s your weekend edition. http://bit.ly/g9Yl #
• FINAL FIREFOX 2 VERSION: So it won’t contain any anti-phishing features but who’s still using this older version? http://bit.ly/3z3Hp3 #

• RUXCON SLIDES UP: Noticed on PDC list that these slides are up. Unfortunately no audio/video. http://bit.ly/RTHU #
• PREORDER NMAP BOOK: Finally! http://bit.ly/i63O #edu #
• 2 FACTOR CREDIT CARDS: What a great idea. Hopefully they don’t cost too much to implement & maintain. http://bit.ly/GTg5 #
• NEWSBITES: Issue 94 from earlier this week. http://bit.ly/g9Yl #
• MACS DON’T NEED AV: In an about face now Macs don’t need AV software. Claim article is old & inaccurate. http://bit.ly/G2Yl #
• BRUTEFORCE SSH: I’ve always loved these Infocus articles. Here’s their latest. http://bit.ly/S0yW #
• ALL COMPUTERS RUN VULN SOFTWARE: Well almost all according to the latest Secunia report. This time it’s 98%. http://bit.ly/990h #
• BAD LICENSING SVRS: Here SonicWall svr causes minor outages. 1 day this could cause serious probs if things don’t change. http://bit.ly/w7WE #
• DISABLE UPNP ON ALL DEVICES: Excellent article that explains UPnP from a security perspective. http://bit.ly/3ZVSVv #
• DHS REALITY SHOW: Is this a joke? http://bit.ly/tk3H #
• MS TO RELEASE 8 PATCHES TO CLOSE OUT ‘08: Happy holidays. http://bit.ly/zPIl #

• RT Nice article. @rybolov: Writing a response to @steinnon’s post-election letter to the president-elect http://piurl.com/s62 #
• RT & his related pres. @rybolov: It’s transition time, guess I had better pitch my Gov InfoSec presentation again: http://tinyurl.com/6f6jd9 #
• RT @rybolov: “Cyberspace: Challenges and Solutions for National Security” with @afcea http://piurl.com/s6H #
• RT @rybolov: Oh cool, @afcea will be broadcasting the conference http://piurl.com/s6J #
• RT Another group. @rybolov: @securitytwits Hey, GovTwits copied the Python twits idea! Claim prior art! #

• RT I’ve been looking for this. Thx. @rybolov: Surprised I haven’t seen this tweeted yet: http://tinyurl.com/5afybt #

• SHMOOCON TICS IN 20 MINUTES: Just wanted to get a quick reminder out. https://www.shmoocon.org/cart/ #
• RT @rybolov: Get yer Government Twits right here: http://tinyurl.com/5jont7 #
• REASONS FOR DOD USB BAN: Computers in war zones apparently come under a malware attack. http://tinyurl.com/5rtdch #
• TWITBACKS: For all us Twitters, TwitBacks.com allows you to create backgrounds with more personalized information. http://tinyurl.com/68e7qa #
• APPLE PUSHING AV: In a marketing “switch” Apple is now encouraging the installation of anti-* software on Macs. http://tinyurl.com/5pkdv9 #
• FIND ROGUE AP’S: Larry of PaulDotCom put out this last month. Interesting read; maybe something useful in future. http://tinyurl.com/5eamc4 #
• CLOUD COMPUTING SEC: Rich pointed out a series of podcasts from Craig Balding on the security of cloud computing. http://tinyurl.com/62m6v4 #
• TWITTER & MUMBAI ATTACKS: Post by Schneier on how Twitter worked well as communication tool during these attacks. http://tinyurl.com/6jcsgm #
• VICKI’S & HACKED E-VOTING: E-voting is hard to secure. E.g., see results of recent Victoria’s Secret competition. http://tinyurl.com/5g2zqo #
• SAFE HOLIDAY SHOPPING: Here are 6 simple rules for safe online shopping this holiday season. http://tinyurl.com/5avhzm #
• WMAP: Interesting Metasploit add-on. It is a web app scanning framework. CG posted how to use it here. http://tinyurl.com/6yxtnc #tool #

Since the last NovaInfosec Twits post there have been a lot of updates to the NovaInfosec Twits page that everyone may find useful. First off, we’ve sloooooowly been adding people… The list is still quite small but we hope that it continues to grow. To be added to NovaInfosec Twits, just message @grecs that you would like to be added and follow @novainfosec. We’ll then follow you back.

We’ve also added some standard hashtags. The idea is to help organize tweets somewhat. For example, adding #con to the end of a tweet lets others know it relates to conferences and appending #edu shows the tweet is about training. Beyond this tagging feature, we’ve also added an automated retweet capability. Once you are part of the NovaInfosec Twits group, all you need to do is direct message (dm) novainfosec and your post will automatically be retweeted.

Lastly, @rybolov pointed out in one of his tweets the formation of another Twit directory focused on government agencies and associated organizations. So we thought that it would be convenient to include a list of related Twit directories on the page as well. Right now we just have the original Security Twits and rybolov’s tweeted GovTwits directories but we hope to grow it. If you know of any other groups, please message @grecs or Contact Us.

Well that is about it. For more information head on over to the NovaInfosec Twits page. Oh, and if you want to add me to your Twitter feed, I am over here. Additionally, feedback is always encouraged - again just message @grecs or Contact Us.

• SHMOOCON TICS TOMORROW: The second round of ShmooCon tics go on sale tomorrow (Monday) at noon! Goodluck to all. #

• SPAM CREEPING UP AGAIN: After a big 80% drop due to an ISP closure, spammers are moving on as expected. http://piurl.com/qLL #
• NEWSBITES: Here’s the latest issue. The story on CAG looks interesting. http://piurl.com/qLc #
• STANDING ON SHOULDERS: Excellent write-up on how we as security researchers need to do a better job of referencing. http://piurl.com/qLk #
• PSI FINAL RELEASED: Free for personal use, this helps you keep up to date with patches for all your software. http://piurl.com/qLr #tool #
• RPC WORM: No it’s not 2003 but people who have yet to apply MS’s recent out-of-cycle patch can be infected. Patch! http://piurl.com/qLy #
• US VULN TO CHINESE CYBER ATTACKS: Nice write-up on a recent congressional report. http://piurl.com/qM3 #
• CAREER OPTION: If r economy tanks further, we can always find jobs in underground according to this Symantec report. http://piurl.com/qM8 #
• SYMANTEC REPORT WRITE-UP: Another nice write-up on the recent Symantec report. http://piurl.com/qMC #

• CSI 2008 SLIDES: Saw these slides from last week’s con on the PDC mailing list. http://piurl.com/pHU #con #
• OWASP DC MEETUP ON 12/10: Mark your calendars. http://piurl.com/pHc #
• OWASP VA OCT MEETING SLIDES: Saw this message on the mailing list awhile back & just getting around to it. Enjoy. http://piurl.com/pHl #mtg #
• OWASP VA NOV SLIDES & NEXT MEETING: Title says it all. Plus next meeting looks like it is on 1/8. http://piurl.com/n5m #mtg #
• BOTHUNTER: Free software from SRI that helps admins detect bots on their network. http://piurl.com/pI9 #tool #
• VISTA NETWORKING WOES: Well they rewrote the stack so stuff like this is bound to pop up. http://piurl.com/pIH #
• UNOFFICIAL VISTA FIX: Well they’ve decided to wait until SP2 to fix it so someone created an unofficial fix. http://piurl.com/pIK #
• TWITTER & FACEBOOK: One way for them to cash out. Fortunately, a no-go. Start doing AdSense. Even Yahoo considered it. http://piurl.com/pKB #
• DEVICE AUTHEN: IEEE 1667 looks interesting. It’s a way for companies to control devices employees stick into their PCs. http://piurl.com/pKK #