Local security Bloggers were on a roll this week; we had so many great posts to choose from that it was definitely a challenge to pick the top three. We highly encourage you to check out the other bloggers in the NoVA/DC area that didn’t make our list this week by visiting our Blogs/Podcasts section.

#3 – iPhone Security: This week, @geminisecurity wrote an interesting post entitled “iPhone 3G S – Hardware Encryption?” that discussed—you guessed it—whether or not the iPhone 3G S will really be as secure as Apple claims. Trying to get to the bottom of just how secure the iPhone 3G S will be, @geminisecurity did a bit of research and found… well, not much really. As they point out in their post, “mentioning that a device supports hardware encryption can mean a lot of things, and Apple isn’t very clear about what they mean by this. Trying to do some further research didn’t help much either as I only ended up being further confused with all the different mentions of this ‘hardware encryption.’” Listing all of the different things they found about the iPhone 3G S’s security (or lack thereof), @geminisecurity did an excellent job of explaining what each claim meant, and why they’re still too vague to mean much of anything. Closing their post with “[i]s this how security is being treated? Apple isn’t the only company being vague about these types of issues; it rolls all across the board,”  this post is definitely one that you should check out for yourself.

#2 – PDFs FTL: It’s no secret that PDFs have been getting quite a bit of attention lately; when your security resembles a slice of swiss cheese, people are bound to notice. In all seriousness however, what makes the vulnerabilities in PDFs so dangerous is the widely accepted idea that once you put something in a PDF you can put it up on the web and it’s perfectly safe. (Which, as we all know, it’s not.) The reality is that someone could put malicious content into the PDF that will affect anyone who views it, making that person one step closer to owning you and installing a keylogger onto your computer. @carnal0wnage makes many of these points and more in his “PDF Defiling Intro” post, and even goes so far as to list all of the recent vulnerabilities found in PDFs. It’s nice to have a comprehensive list of PDF vulnerabilities, and @carnal0wnage did an excellent job compiling it. Definitely be sure to check out this post for yourself.

#1 – And the List Goes On: As we found out two weeks ago, @mubix is becoming the go-to for security resources. In his latest post “Getting your fill of Reverse Engineering and Malware Analysis,” he provides an extensive list of individuals, groups, and companies that people who are interested in reverse engineering and malware analysis should check out. This is the absolute best resource list we’ve seen for this topic, so be sure to bookmark it for future reference or add it to your RSS feed.

Well, that’s all for this week. Be sure to follow me @grecs during the week for more great posts from local bloggers.

o o o o o

Speaking of great local bloggers… we’re looking for some great guest bloggers to feature on NovaInfosecPortal. If you’re interested, feel free to contact us or send us a tweet.