If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There were a few events this past week. Did you get to attend any of them?
- Just got back from @novahackers. Gr8 talks as usual .. except the first one kinda sucked. 😉 #
- #MEETUP Learn electronics at HacDC! Our class starts tonight at 7PM and goes for 8-10 weeks. No prior XP needed. http://bit.ly/amd2fc #
- #CON Pen Test Summit 2010 Thoughts/Summary http://bit.ly/8ZCbJc (via @pauldotcom) [Sum of of con earlier this week in Balt.] #
Here’s an upcoming meetup for those of you who are interested.
- #MEETUP Propose 5min talk 4 #DCWeek HacDC Lightning Talks 6/19 (NOT 7/19) http://bit.ly/aP41iK (via @daniel_packer @hacdc) #
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. You can check out some of their articles below.
- #NOVABLOGGER Framing Software Security http://bit.ly/ctGIQa [@falconsview snuck a post in over at @fudsec] #
- #NOVABLOGGER: Maintaining Sec w/ Enterprise Virtualization http://bit.ly/9ysTM2 http://j.mp/nispblog [Pros & cons of virt.] #
- #NOVABLOGGER: June 2010 Hakin9 Mag Published http://bit.ly/cNvAHv http://j.mp/nispblog [Some nice reading for the weekend.] #
- #NOVABLOGGER Risk Appetite: Counting Risk Calories is All You Can Do http://bit.ly/aAH5DT #
In case you missed them, here were some of our blog posts from this week.
- BLOGGED: Top 3 NoVA Infosec Blog Posts of the Week http://tinyurl.com/37blns7 #
- BLOGGED: Grecs’ Weekly Infosec Ramblings for 2010-06-10 http://bit.ly/aglIxF #
- BLOGGED: AppSecDC Infosec Conference Event http://bit.ly/96aoAK #
- BLOGGED: Where You Want to Be This Week for 2010-06-14 http://bit.ly/bbiFyC #
And this guy is just too “ligatt” to quit…
- Review of ‘How 2 Become The Worlds No 1 Hacker’ http://bit.ly/bmTJ9l #LIGATT (via @benrothke @schuetzdj) [More #LIGATT fun.] #
- RT @dallendoug: If we can get ATT 2 sue LIGATT, we’ve got win! RT @danielkennedy74 @LIGATT Step 2) Predict seq num <- Plagiarizing Goatse #
- RT @LIGATT: If there is another computer hacker better than me…please stand up or shut the hell up! #
- RT @cktricky: RT @LigattHaxx0r: Hacking Tip # 13- Use a different password for your Twitter and Facebook accounts. <~Lol, nice <- +1 #
- Here U go http://bit.ly/99bodu 😀 (via @Equix3n @bitkitty) [Here’s Ligatt BSing it a/b women. Whatever. :)] #
In more pertinent things that went on this past week, there were plenty of career discussions and suggestions to improve yourself.
- #JOB Stratum Security is looking 4 software sec folks. Web app sec, rev eng, malware, protocol analysis.. Contact us. (via @packetwerks) #
- #JOB Sourcefire VRT Expansion Plans (We are Hiring) http://bit.ly/datFvK [I’m assuming this in their MD office. Good opp.] #
- Exploit writing tutorial 10 released http://bit.ly/aPCBA8 – Chaining DEP with ROP http://bit.ly/ayOy06 (via @mubix @corelanc0d3r) #
- #JOB 9 Career Tips 4 Security Pros http://bit.ly/brR7Uc [Good things 2 consider.] #
- #Job Trends http://bit.ly/9xeRQg [Mentions some good verticals to focus on.] #
- #EDU How Strong is Your Fu – 4 Charity http://bit.ly/b1oOuX (via @offsectraining) [Looks like still open. Gr8 way 2 improve skillz.] #
And of course there was a lot going related to cyber security in the federal government.
- FISMA Reform: Lieberman, Collins & Carper Intro Bill http://bit.ly/9s4X3k [Mention of @danphilpott, FISMApedia, and Guerilla CISO.] #
- Senate hearing tomorrow on Cybersecurity and legislation http://bit.ly/bBTb8Q (via @rybolov) #
- CBS re-aired 60 Minutes piece on cyberwar fr Nov & it hasn’t improved w/ age http://bit.ly/dex9Fa (via @danphilpott) #
- If U R in2 cyber, plz view archived testimony here.. HSGAC Hearings http://bit.ly/9mJehz (via @bobgourley) [#todo] #
- Who’s In Charge During Cyber Attack? http://bit.ly/9SSTgt [Aaaah, that guy. <WH/DHS pointing 2 each other when sh*t hits fan>] #
- DHS Voluntary Private Sector Prep Accred&Cert Prog http://bit.ly/c0tbcx (via @cyberwar) [Term that’ll ensure #fail “voluntary”.] #
- NIST rel draft SP 800-130 Framework 4 Designing Crypto Key Mgmt Systems http://bit.ly/aeghJr (via @danphilpott) #
- DHS Slams US Gov Network Security http://bit.ly/9Kzg2u [Interesting but bit over-the-top headline.] #
- Gov TLD Registry/Registrar Service RFP Posted http://bit.ly/c3akbJ (via @scottr_nist) [Get your prop team ready.] #
- NIST rel 2nd draft SP 800-131 Rec 4 Transitioning of Crypto Algs.. http://bit.ly/aeghJr (via @danphilpott) [I’m sleeping already. :)] #
- Switch 2 Cont Mon Requ New Skillz http://bit.ly/biLOSN [Really? Love this – “what we R doing .. is operationalizing compliance.”] #
You can also keep yourself busy with these interesting newsbites:
- Encrypted Laptop Stolen While in Use http://j.mp/ceExZ0 [Problem with existing solutions. Suggestions on how 2 address?] #
- AT&T Explains iPad email Breach http://nyti.ms/aVbIhi /via @dallendoug @WeldPond #
- Shed Vulns w/ 1 Simple Rule http://bit.ly/dlVfVY [Let’s get basics right. “uninstall software .. that R not in use”] #
- SAFECode Report Highlights Best Practices http://bit.ly/9fyK2V [Good 2 c this being taken more seriously.] #
- RT @spookerlabs: Awesome Read “IDS/IPS Evasion – Step 1. Awareness” http://j.mp/bTu8Qw /via @mubix #
- Cloud Keyloggers? http://bit.ly/9uuXBK (via @briankrebs) [Interesting insight into what loggers record.] #
- French ISP’s Attempt 2 Block File-Sharing Ends in Failure http://bit.ly/d95uhd [admin:admin anyone?] (via @DrInfoSec) [Nice.] #
- 10 of Top Data Breaches of Decade http://bit.ly/cZNLZu (via @DrInfoSec) [Not huge fan of Top 10s but interesting.] #
- Researchers probe net’s most blighted darknet http://bit.ly/aOXTkb [Interesting.] #
- http://j.mp/dzxWE3 now in beta – ff extension, auto redirect 2 https site /via @rgaucher @alien8 @fmavituna [Just need encryped proxy.] #
- (IN)SECURE Mag 26 rel http://bit.ly/cWj5tx (PDF) (via @helpnetsecurity @danphilpott) [iPhone encryption/forensics art.] #
- New Attack on AES Claims 2 Reduce Entropy from 128 to 32 Bits http://bit.ly/aHmDfu (via @ivanristic @jack_mannino) #
- .. cocreator of public-key crypto says “e-mail crypto is pain in the ass” http://bit.ly/btyPf6 (via @kanendosei @shpantzer) #
- July Edition of Crypto-Gram http://bit.ly/98XldU (via @ksignal9) #
And in closing, who could forget the tweet of the week?
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…