If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday (well Monday this week), our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There seemed to be quite a few meetups this past week. Did you get to attend any of them?
- #MEETUP Looking forward 2 cing every HacDC member (& potential member) at mo member meeting 2morrow, 6/8 7:30PM! /via @hacdc #
- #MEETUP Reminder — This Wed! #OWASPDC at 6:30 on 7/9 at 2201 G St. NW, Rm 553D GWU Campus in Foggy Bottom (via @owaspdc) #
- #MEETUP C U TONIGHT! #OWASPDC at 6:30, 2201 G St. NW, Rm 553D GWU Campus in Foggy Bottom, going for drinks after.. (via @owaspdc) #
- #MEETUP Alex Meisel http://bit.ly/aATuOQ speaking at @owaspdc on distrib WAFs. @rybolov answers some of hard questions (via @Shpantzer) #
There’s also some upcoming meetups for those of you who are interested.
- #MEETUP Give 5 min talk at HacDC Lightning Talks @DCWeek on 7/19! Tweet @daniel_packer w/ your proposal! http://j.mp/aP41iK /via @hacdc #
- #MEETUP Charmsec 26 will b at @Slaintepub on 6/24 at 7:00. http://bit.ly/devJRV (via @charmsec) #
- #MEETUP Charmsec 26 will b @Slaintepub on 6/24 at 7:00. You should come. http://bit.ly/devJRV (via @capsecdc @charmsec) #
- #MEETUP HacDC iz in ur city, teaching ur workshops! We’ve got electronics & disassembly workshops.. http://bit.ly/bwatLV #
If you don’t have time to make it to any of the weekly security meetups, why not plan on attending AppSecDC in November?
- RT @AppSecDC: And, in case U missed it.. we’re back! Here again in 2010, http://appsecdc.org – CFP now open, closes 7/31! #
- #CON RSVP for #AppSecDC on LinkedIn http://bit.ly/9Vbp8c (via @AppSecDC @TheCustos) #
- #CON “Keeping the Crooks out of your Webapp: AppSecDC CFP” http://bit.ly/avwC1I (via @AppSecDC @translucent_eye) #
- AppSecUS site now up http://is.gd/cKo02. Reg: http://is.gd/cKo1H #CFP 6/30: http://is.gd/cKo3E, hit up US then swing by DC @appsec2010 #
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.
- #NOVABLOGGER: Evolving Changes, Challenges for FISMA http://bit.ly/bC9QVf http://j.mp/nispblog (via @novainfosec) [Nice sum.] #
- #NOVABLOGGER: How 2 Not Let FISMA Become Paperwork Exercise http://bit.ly/cfLrzJ http://j.mp/nispblog /via @novainfosec [Nice!] #
- #NOVABLOGGER: “Untrained” IT Workers R Not Primary Sec Prob http://bit.ly/dA96XA http://j.mp/nispblog (via @novainfosec) [Nice post.] #
In case you missed them, here were some of our blog posts from this week.
- BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-03 http://bit.ly/asR8b0 #
- BLOGGED: Where You Want to Be This Week for 2010-06-07 http://bit.ly/cQMDLz #
And Ligatt seems to be all over Twitter as well…
- Now there’s @FakeLIGATT. Wonder if Twitter will cave & shut that 1 down, too. (via @quine) [Excellent!] #
- RT @FakeLIGATT: Yo twitter, hook me up with a new logo. #1 Hacker needs a new look (via @rybolov) [Lol.] #
- ROFL! Full page #LIGATT ad in new hackin9.. http://bit.ly/d7W1dF (via @kodefupanda) [Have U stopped laughing yet?] #
- My 1 star review of “How To Become The Worlds No. 1 Hacker” http://amzn.to/d62J5W (via @jack_mannino) [Nice job Jack.] #
And of course we have our usual stream of government related stuff going on.
- NIST has released SP 800-34 Rev 1 Contingency Planning Guide 4 Fed Info Systems http://bit.ly/98nTR9 (via @danphilpott) #
- 7-Step Contingency Planning Process. Revised guidance from NIST. http://bit.ly/bzwkwk [Quick summary of new NIST doc.] #
- DoD issued Instruction 8581.01 IA Policy 4 Space Systems Used by the DoD http://bit.ly/bi8Ty2 (via @danphilpott) #
- Senators Unveil Long-Awaited Cyber Bill That Est Senate-OK’d WH Cybersec Director http://bit.ly/9NmAzj [2 leads? WTF?] #
There seemed to be a lot of job/career stuff out there too.
- #EDU New Honeynet Project Forensic Challenge) http://j.mp/chIEpg (via @sans_isc) [Summer fun.] #
- #JOB So U Want 2 Get Started in an Infosec Career http://bit.ly/9M2f2m (via @quine @marcinw) [Nice way to pull it all together.] #
- Career insights fr sr leaders who have md it 2 top of infosec profession. http://j.mp/9vHlwK [This could b interesting.] #
- How Strong is your Fu – 4 Charity. Reg 2 the evt is open! http://j.mp/b1oOuX Please re-tweet harder! /via @jaysonstreet @bufferzone #
- #JOB So who’s going 2 apply 4 Twitter Gov Relations position? wht a super cool job! http://bit.ly/akWtXr (via @danphilpott) #
- #EDU A challenge 4 U? -> http://bit.ly/a1Y3lD #Honeynet #VoIP Challenge (via @briankrebs @sjurusken) [Fun times.] #
- WH Commission Debates Cert Requirements 4 Cybersec Feds/Contractors http://bit.ly/aVTWFC [Interesting read.] #
Here are some quick how-to’s that were floating around there last week.
- “How to Encrypt and Hide Your Entire Operating System from Prying Eyes” http://j.mp/a5IbL0 (via @jaysonstreet) [Wow.] #
- Competitive Intel Tools (useful in cyber threat analysis) http://bit.ly/9BaEHf (via @IBMFedCyber) [Vid w/ tons of online tools.] #
- Changed how SYN scan detects open ports based on split-handshake http://bit.ly/tcp-sh. Details http://bit.ly/sh-disc (via @mubix @nmap) #
- “Here is script that grabbed 114K iPad ownrs info fr AT&T http://bit.ly/9VRovi (via @bvPredator @ThisIsHNN) [Cool!] #
And in closing, you can also keep yourself busy with these interesting newsbites:
- Adobe warns hackers targeting prev unknown flaw in Flash Player, Reader & Acrobat http://j.mp/dvevya (via @briankrebs) #
- History of Hacking Timeline http://bit.ly/dC7d93 [Of course the more interesting things will never mk it 2 such a timeline.] #
- Opt-Out Required 2 Prevent Your Yahoo! Mail Contacts Fr Being Used 4 Social Net http://bit.ly/d4iGY1 [Will they ever learn?] #
- Go2 http://bit.ly/cmFxPw & uncheck Share My Updates box. #yahoofail #
- Also go2 http://bit.ly/bsONmF & uncheck “Allow my connections to share..” #yahoofail #
- Details on iPhone security weakness : http://j.mp/anj3an /via @IBMFedCyber [Upds on this bug.] #
- Researchers Release Point-and-Click Website Exploitation Tool http://bit.ly/a8tNSl [Problem w/ implementing AES/DES..] #
- June 2010 Microsoft Black Tues Sum http://bit.ly/dnGF86 (via @sans_isc) [Looks like it’s going 2 b busy week.] #
- MS Patches Bug Used in Pwn2Own Contest Win that Bypassed DEP/ASLR http://bit.ly/aecemq [Wasn’t that like 3 months ago?] #
- Encrypted Laptop Stolen While in Use http://j.mp/ceExZ0 [Problem with existing solutions. Suggestions on how 2 address?] #
- Mules. Villains or Victims? http://bit.ly/b5flYM [MUST READ! simply amazing acct of ops] (via @Shpantzer @DrInfoSec) [+1] #
- Security Breach Allows Hackers 2 Obtain Info on 114,000 AT&T iPad Owners http://bit.ly/cTXZ0U (via @cktricky @cyberlocksmith) #
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…