It’s that time of the week again: the time where we take a look at what local security bloggers have been up to. As ShmooCon 2011 was this past weekend, it only proper for us to name our number three post a review of the conference since not all of us could make it. We are still doing our own little review of the conference so that would be something to look forward too in the coming days/weeks and our top two topics are very important as they can very much change the way we use the internet and we need everyone to discuss the topics.

With that, you can also take a look at what local security bloggers have been up to but if you can’t get enough of the local security scene, check out our NovaInfosec Twits list for even more great security blogs and people to follow on Twitter.

Also be sure to follow myself (@nathiet), @grecs, and @novainfosec on Twitter if you want to know more about what’s going on in the local security community during the week. Without further ado … here are the top picks for this week.

#3 -ShmooCon 2011 After-Report: We just had to put this post out for those who missed out on ShmooCon 2011 and if you didn’t miss it, here’s a time to reminisce about what to0k place at ShmooCon 2011. We are not going to be spilling any more beans on this post so click here to read the ShmooCon 2011 report yourself. If your looking for a different perspective about the con, then you can click here as Ben shares his with us.

#2 -The Internet Should Not Be Anonymous: Here is a quote from the post to give you an idea what the post is about “The news of the U.S. government’s latest attempt at a national citizen “Internet ID” brought yet another round of choruses: The Internet must be free! Any government ID plan is bad! Anonymity for all forever.” Ned Moran shares with us his thoughts on the matter. Click here to read his thought.

#1 -Net neutrality vs. the “Internet kill switch”: If you attended Firetalks during ShmooCon 2011 then you’d know a little bit about what’s being mentioned on this post. Either way, we feel it’s another important topic that everyone should chime in on as it could affect how we use the internet and Mike “theprez98″ does just that and shares his opinion on the matter. Click here to read what he had to say about the matter.

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.

The first day of the GovSec Expo & Conference event was held at the Washington DC Convention Center yesterday. It featured a rich variety of topics and focused on various IT solutions and critical technology.

The conference delivered topics from different security sectors, including cloud computing, cyber security, data center and virtualization, and defense innovations. The event featured top industry experts from well known companies and government institutions.

The keynote speeches at GovSec included its usual mix of law enforcement and technology with Bill Bratton, former police chief of Los Angeles, New York and Boston, Anthony Zuiker, creator and executive producer of CSI: Crime Scene Investigation, and Steven R. Chabinsky, the deputy assistant director in the FBI’s Cyber Security Division.

Bratton talked about technology’s role in police work and its likely role in the future.  He also noted that local police departments have the knowledge but lack the resources for cyber security-related police efforts.

Meanwhile, Zuiker discussed cross-platforming. He noted “traditional media is dead, and that newspapers, magazines and TV must become more interactive.”

In the last keynote of the day Chabinsky said that “How the United States handles cybercrime could help determine the future of the country.” He framed the issue of online crimes, including hacking and copyright infringement, as a question of both economic and national security. Chabinsky added that almost every cyber criminal is now a member of an online forum or chat service and that “… like you have doctors who are specialists instead of general practitioners, we have cyber criminals who are specialists instead of general practitioners.”

Chabinsky described 10 types of specialized cyber criminals:

• Programmers who write malware and exploits
• Vendors who sell stolen data
• Techies who maintain the needed information technology infrastructures
• Hackers who exploit the vulnerabilities
• Fraudsters who create social engineering schemes
• Hosters
• Cashiers who control accounts
• Money movers
• Tellers
• Leaders, who assemble the teams

The only education session that I was able to attend was the International & Initiatives on Cybersecurity. The training included six mini sessions and was presented by the American Bar Association’s Privacy & Computer Crime Committee. The discussion focused on an international legal framework to counter cyber security. Some countries have no cybercrime laws and to close this divide in cyber security, an ITU Toolkit for Cybercrime Legislation is made available. The ITU Toolkit aims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonized cybercrime laws and procedural rules.

Well those are some quick notes on some of the activities from day 1. We’ll be in attendance tomorrow as well and look forward to some interesting topics. If you would like to learn more about GovSec, see its description in our Infosec Conferences section as well as the main GovSec conference site. They also have a Twitter account at @GovSecUSLaw so be sure to follow them tomorrow for all the latest conference happenings.

It took a month but we’ve done it; after ShmooCon 2010, we decided to pay homage to our local speakers at the conference. We had Doug Wilson speaking on Friday and Trevor Hawthorn, Richard Goldberg and Pete Markowsky on Saturday. All four speakers are respected in their fields and have been in the field for more than five years. Below is a brief description of what they talked about.

Doug Wilson discussed an OWASP project that combine a variety of vulnerable web applications on a virtual machine that can be used for testing web application security tools and techniques. The project is entirely free and open source. The project is also useful for testing white box tools and techniques such as source code analysis.

Trevor Hawthorn’s talk “The New World of Smartphone Security” tackled security concerns that are not being discussed and have not been publicly disclosed. In the talk he examined mobile-to-mobile attacks within cellular IP networks, specifically focusing on iPhone attack surfaces,  worms, location-based gaming privacy concerns, and web application security.

Richard Goldberg’s discussion was about the less obvious legal risks inherent in storing and accessing data in the cloud. He focused on real-world problems and solutions.

“The aim is to foster a greater understanding of the relevant issues, legal and privacy risks, potential solutions, and which problems do not have solutions.”

Finally, Pete Markowsky covered the differences among reviews system management mode and the relationship between SMM and Virtualization on the AMD-V platform and how to install a SMI handler.

See InfosecEvent’s ShmooCon 2010 - Wrap Up post for a complete list of all conference coverage.

If you haven’t had a chance to already, be sure to check out the CharmSec meetup this upcoming Thursday, September 24th.

Taking place over dinner and drinks, the CharmSec meetups are a relaxed way to meet local security professionals.

If you’d like more details about this meetup, continue reading below.

• Who: CharmSec
• What: Normal Meeting
• When: 09-24, 7:00 PM EST
• Where: Slainte (1700 Thames St. Baltimore, MD 21231)

For more information on CharmSec, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Also be sure to check out the CharmSec meetup page.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Open to the public, HacDC will be hosting their usual “Microcontroller Mondays” meetup this upcoming Monday, September 14th.

HacDC ecourages people to stop by with their microcontroller project to either “learn, teach or just hang out with other microcontroller enthusiasts.”

If this sounds like a meetup you’d be interested in attending, continue reading below.

• Who: HacDC
• What: “Microcontroller Mondays”
• When: 09-14, 7:00 – 8:00 PM EST
• Where: HacDC (1525 Newton St NW, Washington DC 20010; near the corner of 16th and Newton NW)

For more information about HacDC, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area.

o o o o o

Get your own Microcontroller Kit if you don’t have one already.

The world certainly would be a boring place without security bloggers in the NoVA, DC, and MD area. Where else can you find security news that’s applicable to where you live or work?

But speaking of interesting, here’s our pick for tweet of the week:

grecs RT @dallendoug @rybolov has QOTD “It’s Hactivism 4 tech challenged. Just tell them to click link & leave their computer on.” #OWASPDC #totw

We also wanted to give this #totw honorable mention:

grecs RT @briankrebs lol, there’s prob no surer way to push a site that’s having trouble over the edge than asking if ppl can get to it. #totw

In addition to the three bloggers we’ve featured this week, you can find a list of other great bloggers in the NoVA, DC, and MD area here.

You can also follow us @grecs during the week for more great blog posts as they happen. Now, on to those posts!

#3 – Wade Is Back: Like we mentioned last week, Wade is back on the blogging scene with some great weekly commentary. Choosing six posts to comment on this week, Wade provides some insightful and in-depth commentary on subjects ranging from the National Retail Federation Poll to the trials and tribulations of public sector CISOs. Definitely be sure to check out the full post here.

#2 – Risky Business: It’s hard to remember what existed before risk management. It seems to be on the tip of everyone’s tongue, and when used correctly, it can be pretty effective. In their post “Risk Management,” @geminisecurity discusses risk management in detail, exposing both the pros and the cons. If you’re interested in finding out if risk management is really ‘worth the risk’ (pun intended), you can check out the full post.

#1 – OWASP and SAMM: It seems that @danphilpott is on a roll. Not only did he make our Top 3 last week, he takes the top slot this week for his guest post “OWASP and Uncle SAMM.” Writing for the Ariel Silverstone blog, @danphilpott addresses the goal of OWASP as well as a specific OWASP project— the Software Assurance Maturity Model (SAMM). Describing SAMM as “an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization,” @danphilpott goes on to say that “SAMM seeks to improve security by enhancing application development business functions.” You can read more about those specific functions as well as the rest of @danphilpott’s excellent post here.

Well, that’s all for this week. Be sure to check back next week for more great posts by local security bloggers.

Aside from it’s clever name, this month’s ISACA – Central Maryland (CM) Chapter meetup promises to provide some much-needed information for those that are facing budget cuts due to the economy.

Because while we can all whine until the cows come home that cutting security budgets is wrong and unwise, that won’t change the reality that security budgets will continue to be cut or significantly reduced. So instead of just complaining about it, why not attend this meetup? And while you’re at it, why not write about if for us.

If you’d like more information about this meetup (extra incentive because it’s being held at a restaurant), continue reading below.

• Who: Frank Aiello
• What: “Dude, Where’s My Security Budget?”
  • Will discuss effective strategies for coping with the reductions in information security spending while still managing your organization’s risk.
• When: 09-09, 3:00 – 8:00 PM EST
• Where: Chiaparellis Restaurant (237 South High Street, Baltimore, MD)

For more information on the ISACA – CM Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the ISACA meetup page.

For those of you who didn’t see our previous post, the DojoSec scheduled to take place today has been canceled.

Please spread the word so no one shows up at Capitol College and has nothing to do!

Open to the public, HacDC will be hosting their usual “Microcontroller Mondays” meetup this upcoming Monday, September 7th.

HacDC ecourages people to stop by with their microcontroller project to either “learn, teach or just hang out with other microcontroller enthusiasts.”

If this sounds like a meetup you’d be interested in attending, continue reading below.

• Who: HacDC
• What: “Microcontroller Mondays”
• When: 09-07, 7:00 – 8:00 PM EST
• Where: HacDC (1525 Newton St NW, Washington DC 20010; near the corner of 16th and Newton NW)

For more information about HacDC, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area.

o o o o o

Get your own Microcontroller Kit if you don’t have one already.

Recently moved into what they call the “the Load Of Fun building,” Baltimore Node has its weekly meetings on Tuesdays at 7:30pm.

These meetings take place at the Load of Fun building (also known as a hackerspace), and are for members or prospective members only.

While the membership fee to belong to Baltimore Node is currently $50 per month, they do their best to work with those that are unable to pay the full amount. You can read more about that here.

For additional details about the weekly Baltimore Node meeting, continue reading below.

• Who: Baltimore Node
• What: Normal Meeting
• When: 09-08, 7:30 PM EST
• Where: The Load of Fun Building (120 W North Ave Baltimore, MD 21201)

For more information about Baltimore Node, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Check out the Baltimore Node page for even more hacker goodness.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.