If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There seemed to be … aaaahhhh … one meetup this past week. Did you get to attend it? (Of course tonight two local 2600s will be in action.)
- #MEETUP #OWASP #NoVA come here @alexhutton talk a/b risk (what? no way!) Thu 6pm @ OWASP NoVA in Herndon (via @falconsview) #
There’s also an upcoming meetup I tweeted three times about for those of you who are interested.
- #MEETUP Next #OWASPDC is 6/9. Location TBD. http://bit.ly/cdzXhe Alex Meisel Art of Defence CTO speaking a/b WAF in Cloud (via @owaspdc) #
- #MEETUP Next #OWASPDC is 6/9. http://bit.ly/cdzXhe Alex Meisel speaking a/b WAF in Cloud (via ~owaspdc @Shpantzer) #
- #MEETUP June #OWASPDC will b at 6:30 PM on 6/9 at 2201 G St NW, Rm 553D (Duques Hall on GWU Campus in Foggy Bottom) (via @owaspdc) #
If you don’t have time to make it to any of the weekly security meetups, why not try attending this upcoming conference? It’s sort of a big deal. 🙂
- #CON #OWASP AppSecDC 11/8-11 at DC Convention Ctr http://bit.ly/9equvP #CFP now OPEN http://bit.ly/aZrghQ (via @AppSecDC) #
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.
- #NOVABLOGGER: Lessons from Google Wi-Fi Gaffe http://bit.ly/a5VPtk http://j.mp/nispblog #
- #NOVABLOGGER: SANS WhatWorks Summit in Forensics & Incident Response http://bit.ly/9BEkel http://j.mp/nispblog #
- #NOVABLOGGER: Exploit Kit Try-out http://bit.ly/afpBwY http://j.mp/nispblog #
- #NOVABLOGGER: Wepaweb Deficiency http://bit.ly/dqmExK http://j.mp/nispblog #
- #NOVABLOGGER: Chinese Hack 101 http://bit.ly/9ywHh1 http://j.mp/nispblog #
- #NOVABLOGGER: Happy Memorial Day! http://bit.ly/d48Kwl http://j.mp/nispblog (via @novainfosec) [Awesome post by @cyberhiker. +1] #
- #NOVABLOGGER: “Best Practice” (You’re Saying it Wrong) http://bit.ly/cDDvOq http://j.mp/nispblog (via @novainfosec) [So true.] #
In case you missed them, here were some of our blog posts from this week.
- BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://bit.ly/a4mLsW #
- BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-05-27 http://bit.ly/axjRLF #
- BLOGGED: Where You Want to Be This Week for 2010-06-31 http://bit.ly/cT7yr2 #
And if you haven’t heard, I am trying to clean up my Twitter stream a bit.
- Trying to clean up my Twitter stream some. From now on.. #
- ..#NOVABLOGGER tweet stream & other related website stuff is only going 2 b published on @novainfosec instead of both @novainfosec & @grecs. #
- Please follow @novainfosec 2 continue receiving website-related updates. Just trying to mk @grecs a bit more personal focused. #
NIST is busy as usual.
- NIST released draft IR-7298 Rev. 1 Glossary of Key Information Security Terms http://bit.ly/a3HaoJ (PDF) (via @danphilpott) #
- NIST rel 2nd draft of Technical Specification 4 SCAP 1.1 http://bit.ly/cFuraV (via @danphilpott) #
- NIST FAQ on Continuous Monitoring, clarifies it does not replace FISMA: http://bit.ly/cVhz0o (PDF) (via @danphilpott) #
And Facebook gets its own category again…
- What sites such as Facebook & Google know & whom they tell http://bit.ly/aYkaCS (via @manicode @dshiao) [Nice read. Scary!] #
- “Quit Facebook Day Flops” http://bit.ly/aBKZeQ [Well it was a worthy attempt.] #
- Download @agent0x0’s updated FB Privacy & Security Guide. http://bit.ly/brZ3b7 (via @jaysonstreet @streetsec) #
- “Facebook ‘likejacking’ attacks continue..” http://bit.ly/aosmk1 (via @jaysonstreet) [Nother cool term 2 latch on2.] #
- FB Cracks Down on Rogue Apps w/ New Verification Prog http://bit.ly/aC9kZE (via @sarahintampa @evejou +) #
And in place of LIGATT, who has apparently been shamed out of the press, we have tons of Google news.
- Heh. Google moving to Mac/Linux internally http://bit.ly/95YKFh (via @schuetzdj) [Cool. Don’t know if would stop APT tho.] #
- Re Google phasing out Windows.. Maybe it’ll just make other companies more attractive targets. That whole bear thing.. #
- Poll: Would U consider phasing out Win in your org due 2 security? http://bit.ly/a9sE06 [After 7 hours .. 17% Yes 78% No] #
- Google Browser Targets Fed Market http://bit.ly/bDRY0d (via @DrInfoSec) [Interesting. Looking 2 get Google Apps FISMA certified.] #
You can also keep yourself busy with these other interesting newsbites:
- (ISC)²® Evolves Name, Structure Of CAP® Credential 2 Reflect New NIST Guidance http://bit.ly/abz2qJ (via @danphilpott) #
- Sameer Bhalotra named senior director of cybersec under Howard Schmidt, White House confirms (via @iweeknick @danphilpott) #
- House Adopts Cybersec Measure. [Good] FISMA Reform Fate Tied to Don’t Ask, Don’t Tell. [WTF?] .. http://bit.ly/cESNnD #
- Woman Scammed Out of $50k http://bit.ly/b0zBtQ (via @DrInfoSec) [Hey & she’s from Fairfax County.] #
- “An Overview of Exploit Packs” http://bit.ly/de6181 [Nice quick discussion. Wow, up to $1000 for one of these.] #
- “$2.95 – Price 4 All Your Personal Details” http://bit.ly/bzn5ou [Downside of all this public info. U can save $3 by using Google.] #
- Should we be encrypting backups? http://bit.ly/bBIcEt [Well yeah .. key mgmt is hard tho.] #
- Cybersecurity: A Year in Review http://bit.ly/bZYMwh (via @IBMFedCyber) [I thought these only occured in December. ;)] #
- House Approves FISMA Reform http://bit.ly/9H0lJh (via @danphilpott) [Except how much is actually going 2 b “reformed”?] #
- Gr8 article on cloud ITAR compliance, presents variety concerns http://bit.ly/9TBKTI (via @danphilpott) [Wow, more cloud issues.] #
- Windows, Mac, or Linux: It’s Not the OS, It’s the User http://bit.ly/dl96aQ (via @Nathiet) [Interesting.] #
- Adobe #1 target 4 Hackers in Q1 2010 http://bit.ly/b07Dog [PDF accounts for 47.5%] (fixed link) (via @DrInfoSec) [Wow!] #
- New Open-Source OS Will Come w/ ‘Disposable’ VM http://bit.ly/cAyBmh [This could work .. maintenance a pain tho.] #
And in closing, who could forget the tweet of the week?
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…