Wow, an actual second podcast! In this episode we discuss the beginning of the Mac malware cat and mouse game, how attacking critical infrastructure can be considered an act of war, the recent spat of defense contractors getting attacked, a new tool called FaceSniff, a run down of local events, and much more.

Download the Episode (33 mins)

Crew

• Grecs: NoVA Infosec Blogger/Tweeter/Event Finder
• Georgia: The Smartphone SMS Botnet Goddess
• Jason: Resident Security Evangelist & All Things Nessus
• Rae: The Trusty Security Intern and the One Making Us All Look & Sound More Beautiful

Announcements

• Looking for Sponsors for Podcast/Site (at @grecs on Twitter or contact us)
• Interested in Posting Job Opportunities

General News

• Top 10 Simple Privacy Tricks Everyone Should Use: A lot of articles like this offer great recommendations however it’s often impossible to live any kind of life. Lifehacker’s version offers tips that should inconvenient many of us.
• Mac trojan evades Apple’s brand new security fix: Mac had it’s first big malware attack recently in the form of MacDefender. First you needed an admin password for it to install. Now you don’t. Apple up dates their built-in malware software. The bad guys modify the malware. Let the cat and mouse games begin…
• Hackers steal more customer info from Sony servers: A group of hackers said today that they have broken into several Sony Web sites and compromised the personal data of more Sony customers.

Government Stories

• U.S. enables Chinese hacking of Google: In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
• Pentagon: Hack attacks can be act of war: The Pentagon has formally concluded that computer sabotage carried out by another nation can constitute an act of war that warrants a response of traditional military force. The problem was and still is proving where the attack came from.
• <insert government contractor here> May Have Been Hit by Cyberattack: Lockheed Martin had disclosed that it was the victim of a hack attack. Now there are reports that Northrop Grumman and L-3 Communications have also been hacked. Some are speculating that the attacks on military suppliers is tied to the RSA Security breach earlier this year.

Tools

• Using Kon-Boot from a USB Flash Drive: Great little utility that IronGeek write up an updated article about. The tool helps you bypass Windows and Linux logons. The key is that he could get it to run off of a USB thumbdrive versus a CD.
• Cheat Sheet Galore: We all love cheat sheets and here is a bunch of them … mostly focusing on network protocols.
• Sniff and intercept web session profiles on Android: FaceSniff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK).

Events

Next Week

• NoVA Hackers Association Meetup: Bar meetup out in Tysons on Monday 6/6.
• NSTIC Workshop: Thurs, 9-10 in DC
• OWASP NoVA Meetup: Thurs, 9th in Reston

Week after Next

• NoVA Hackers: Monday the 13th in Fairfax
• Sleuth Kit & Open Source Digital Forensics Conferecne: Tues 14th in McLean
• Workshop on Economics of Information Security: 14th and 15th in Arlington at GMU
• ISSA NoVA Meetup: Thurs 16th in McLean (Ron Ross speaking)

Some of our region’s local hacker spaces have a lot of fun things going on as well. Head on over and check out some of their activities.

• Baltimore Node Calendar
• HacDC Calendar
• Reverse Space Calendar
• Unallocated Space Calendar

And don’t forget to visit to our calendar for a lists of all our upcoming events. Is your event not there? Let us know!

Closing

Reminders

• Looking for Sponsors for Podcast/Site (at @grecs on Twitter or contact us)
• Interested in Posting Job Opportunities
• Georgia & Grecs @ BSidesCT
• Georgia in Malaysia

Where to Find Us

• Rae: NovaInfosecPortal.com; @Raelyn75
• Jason: BlackHat.org; @jasonmoliver
• Georgia: GRMNoobs.com; @vincentkadmon
• Grecs: NovaInfosecPortal.com; @grecs

Intro/Outro Music

• “For You” by Dual Core

I just want to shoot out a quick post letting you all know that over the past two weeks I’ve been experimenting with some podcast editing here and there. Well I think all the hard work paid off as I was able to cut about 30 minutes out  bringing it down to 42 minutes. I also experimented with adding some intro and outro music (thanks to Dual Core) as well as included some meta data (e.g., show notes, cover art, …). To grab the latest copy head on over to the original post and look for the new download link. I’m interested in hearing what you all have to say… See ya!

Welcome to our first ever podcast that a some of us having been thinking of doing the past few months. After a few practice tries we finally got one out! Anyway, in this episode we discuss some general infosec news, rant on video game policies, and talk about some recent government happenings as well as some other interesting tidbits … like intern sandwiches, girls, length vs. width and the relative merits of both, and whether or not Georgia is wearing pants. Also in a NovaInfosecPortal exclusive, find out where Georgia’s new job is.

Download the New Epic Remix Episode (42 mins)

Crew

• Grecs: NoVA Infosec Blogger/Tweeter/Event Finder
• Georgia: The Smartphone SMS Botnet Goddess
• Jason: Resident Security Evangelist & All Things Nessus
• Rae: The Trusty Security Intern and the One Making Us All Look & Sound More Beautiful

Announcements

• Looking for Sponsors for Podcast/Site (at @grecs on Twitter or contact us)
• Georgia’s New Job
• Georgia Speaking at TakeDownCon in Dallas

General News

• Sony delays PSN restart as third breach is discovered
• Your photos? Not so according to many popular photo-sharing apps
• Twitter for Mac Updated
• Blizzard ENT & Protecting Data with Higher Value Sources

Government Stories

• Mom’s Guide to the NSA’s Home Security Guidelines: … (discussed on Tenable Network Security Podcast too)
• What The New White House Cybersecurity Proposal Means For The IT Security Industry, Businesses, And Consumers
• Fed IT Security Workforce to Double?
  • More: Cyber Hiring to Surge by 2015 & Real Story Behind Fed IT Security Job Growth

Tools

• theHarvester
• BackTrack 5 Release (also contains Nessus; you just need to activate it)
• SWFRETools v.1.1.0 Released

Events

References Over Past Week

• NovaHackers May Videos

Next Week

• SANS Cyber Guardian Conference: Starting on Sunday, 5/15-22 in Baltimore
• ISACA NCA Meetup: Annual Meeting of Chapter Membership with a networking mixer to follow in VA on Tues the 17th
• ISSA DC Meetup: “Secure Use of Cloud Computing” by Earl Crane in DC  on Tues the 17th
• ISACA CM Meetup: “Interview and Communication Techniques for Internal Audit/Fraud Investigations” by by Dean Jones in MD on Wed the 18th
• ISSA NoVA Meetup: “NIST’s NICE Program” by Ernest McDuffie in VA on Thurs the 19th

Week after Next

• GMU – AFCEA Symposium on 24th-25th
• CharmSec on 26th

Some of our region’s local hacker spaces have a lot of fun things going on as well. Head on over and check out some of their activities.

• Baltimore Node Calendar
• HacDC Calendar
• Reverse Space Calendar
• Unallocated Space Calendar

And don’t forget to visit to our calendar for a lists of all our upcoming events. Is your event not there? Let us know.

Closing

Reminders

• Looking for Sponsors for Podcast/Site (at @grecs on Twitter or contact us)

Where to Find Us

• Rae: NovaInfosecPortal.com; @Raelyn75
• Jason: BlackHat.org; @jasonmoliver
• Georgia: GRMNoobs.com; @vincentkadmon
• Grecs: NovaInfosecPortal.com; @grecs

Intro/Outro Music

• “For You” by Dual Core

Where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night.

• Monday (10/26):
  • InfraGard IMMA Meetup (Gaithersburg, MD)
  • HacDC Meetup – Microcontroller Mondays (Washington, DC)

• Tuesday 10/27): Baltimore Node Meetup – Regular meeting (Baltimore, MD)

• Wednesday (10/28) : CapSecDC Meetup – Normal meeting (Washington, DC)

• Thursday (10/29) :
  • CharmSec Meetup (Baltimore, MD)
  • Baltimore Node Meetup – Open Hack Session (Baltimore, MD)

Be sure to subscribe to our RSS Feed to be alerted about any last-minute events, or to receive updates on the events listed above.

Check out our Calendar for more upcoming events, and follow us @grecs if you’re interested in hearing more security-related babble.

Where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area.  

• Monday – HacDC Infosec Meetup Monday, 10-19: Microcontroller Mondays (Washington, DC)
• Tuesday – ISACA NCA Meetup Tuesday10-20: (Arlington, VA)
• Tuesday – ISSA DC Meetup Tuesday, 10-20: Mobile Device Forensics & Security Concerns by Amber Schroader of Paraben Corporation. (Washington, DC)
• Tuesday – Baltimore Node Meetup Tuesday, 10-20: Normal Meeting (Baltimore, MD)
• Tuesday – HacDC Meetup, Tuesday10-20: Monthly Member Meeting (Washington, DC)
• Wednesday – Infragard NCMA Meet-up Wednesday, 10-21: State of the Hack by Rob Lee, Director-MANDIANT and Faculty Fellow at SANS (Arlington, VA)
• Wednesday – HTCIA DC Meet-up Wednesday, 10-21:  Covert Remote Forensics: The New Black Bag Job by Cary Moore, Senior Enterprise Consultant (Dulles, VA)
• Wednesday – HacDC Info-sec Meet-up Wednesday, 10-21:  FPGA Workshop (Washington, DC)
• Wednesday– Baltimore Node Meet-up Wednesday, 10-21: Learn to Solder and Build A Multimeter (Baltimore, MD)
• Thursday – Baltimore Node Meetup Thursday, 10-22: Open Hack Session (Baltimore, MD)

Be sure to subscribe to our RSS Feed to be alerted about any last-minute events, or to receive updates on the events listed above.

Check out our Calendar for more upcoming events, and follow us @grecs if you’re interested in hearing more security-related babble.

If you haven’t had a chance to already, be sure to check out the CharmSec meetup this upcoming Thursday, October 22nd.

Taking place over dinner and drinks, the CharmSec meetups are a relaxed way to meet local security professionals.

If you’d like more details about this meetup, continue reading below.

• Who: CharmSec
• What: Normal Meeting
• When: 10-22, 7:00 PM EST
• Where: Slainte (1700 Thames St. Baltimore, MD 21231)

For more information on CharmSec, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Also be sure to check out the CharmSec meetup page.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Taking place on October 21st, the InfraGard – Nations Capital Members Alliance (NCMA) Chapter infosec meetup event will cover what they call “The State of the Hack.”

The presenter will be Rob Lee of MANDIANT and SANS. He will be presenting on many of the topics found in his book Know Your Enemy: Learning about Security Threats.

For additional information about this event, continue reading below.

• Who: InfraGard and Rob Lee
• What: “State of the Hack”
• When: 10-21, 9:15 AM – 12:00 PM EST
• Where: George Mason University, School of Management Executive Programs (4400 University Dr, Fairfax, VA 22030)

For more information on the InfraGard – NCMA Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Next Wednesday, October 21st, Baltimore Node will be hosting a workshop on how to solder and build a multimeter.

According to the Baltimore Node event site, “[t]his workshop  will give you an opportunity to build  a circuit by soldering components such  as resistors, capacitors and ICs onto  a printed circuit board.  You will  learn how to solder and de-solder through-hole  components, and (hopefully) have a functional  multimeter when the whole thing is done.”

The workshop will take place at Baltimore Node’s very own “Load of Fun building.”

For additional details about this workshop, continue reading below.

• Who: Baltimore Node
• What: “Learn to Solder Workshop (Build a Multimeter!)”
• When: 10-21, 7:30 PM EST
• Where: The Load of Fun Building (120 W North Ave Baltimore, MD 21201)

For more information about Baltimore Node, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Check out the Baltimore Node page for even more hacker goodness.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Recently moved into what they call the “the Load Of Fun building,” Baltimore Node has its weekly meetings on Tuesdays at 7:30pm.

These meetings take place at the Load of Fun building (also known as a hackerspace), and are for members or prospective members only.

While the membership fee to belong to Baltimore Node is currently $50 per month, they do their best to work with those that are unable to pay the full amount. You can read more about that here.

For additional details about the weekly Baltimore Node meeting, continue reading below.

• Who: Baltimore Node
• What: Normal Meeting
• When: 10-20, 7:30 PM EST
• Where: The Load of Fun Building (120 W North Ave Baltimore, MD 21201)

For more information about Baltimore Node, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Check out the Baltimore Node page for even more hacker goodness.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

The upcoming ISACA – Central Maryland (CM) Chapter infosec meetup event on October 20th covers a topic that has been on everyone’s minds: How to establish a cost-effective application security program.

Application security speaker Jeff Williams will cover the following points during the meetup:

• Establishing a foundation for developing secure code

• Designing and implementing secure code Verifying the security of applications

• Managing an application security program

According to the ISACA – CM meetup page, these discussion points “will provide a holistic view and provide a tested approach philsophy to assist you in solving this complex vulnerability.”

$40 for members and $65 for non-members, atendees also have the option of earning up to 3 CPE credits after attending this meetup.

For more details about this meetup, continue reading below.

• Who: Jeff Williams of Aspect Security
• What: “Establishing a Cost-Effective Application Security Program”
• When: 10-20, 7:30 AM – 1:30 PM EST
• Where: Snyder’s Willow Grove Restaurant (841 North Hammonds Ferry Rd, Linthicum, Maryland)

For more information on the ISACA – CM Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the ISACA – CM meetup page.

o o o o o

Know of a security event we should cover? Drop us a line and we’ll be happy to look into it!