If you’re not already following some of our excellent NovaInfosec Twits and are wondering where to get the best NoVA-, DC-, and MD-related security tweets, look no further than this post. Published every Friday, our “Infosec Ramblings” post takes many of my security tweets/RTs from the past week and puts them into one easy to digest post. And if you don’t want to wait an entire week, just stop on by my @grecs Twitter account.
There seemed to be a few meetups this past week. Here’s one. Did you get to attend any others?
There’s also some upcoming meetups for those of you who are interested.
- Charmsec 36: Never been? It’s 20 or so security geeks chatting on security news, hacks,… # #
- OWASPNoVA: Please RSVP for the June chapter mtg. #
If you don’t have time to make it to any of the weekly security meetups, why not try attending this upcoming conference? And be sure to check out our event calendar for even more upcoming meetups and conferences.
For those of you that don’t know, we have some pretty awesome infosec bloggers in the local area. Here are some of my selections…
- Dumping Hashes on Win2k8 R2 x64 with Metasploit #
- Automated Coverage Validation in Special Scenarios #
In case you missed them, here were some of our blog posts from this week.
- NISPod 001: Length vs Width & the Relative Merits of Both #
- Where You Want to Be This Week for 2011-05-16 #
And in closing, you can also keep yourself busy with these [unorganized again] interesting newsbites:
- White House releases cybersecurity legislative proposal fact sheet: http://j.mp/iOnHuP (via @EnzOnInfoSec) #
- Twitter for Mac upd to 2.1. http://j.mp/lyIxaq (via @da_BiGKahuna @briankrebs) [Bout time they had multi-column support.] #
- WH Unveils Cybersec Legislative Plan: DHS Power Grows, No Senate-OKd Cyberczar, Nt’l Breach Notice Law. http://j.mp/ltQbRQ #
- BackTrack 5 – After initial download storm, direct downloads now enabled. http://j.mp/kfzVtv (via @jaysonstreet) #
- NIST rel draft SP 800-146 Cloud Computing Synopsis & Recommendations, cmts due 6/13 http://1.usa.gov/lZKaSQ (via @danphilpott) #
- Five Guys is ridiculously good food. They should buy McDonald’s & get it over with. #cuzyougottahavedreams (via @Shpantzer) [+1] #
- Skype for Mac 0day was XSS?!? *Facepalm* http://bit.ly/jKEYUA (via @dinodaizovi @Wh1t3Rabbit) [Pics showing it in action.] #
- Little new in Obama cybersecurity proposal http://j.mp/j1hNG5 (via @jaivijayan @mschafer) #
- One thumb up for Facebook security improvements http://j.mp/jHNOXd [Another step in right direction.] #
- What New WH Cybersecurity Proposal Means For IT Security Industry, Businesses, & Consum… http://j.mp/kJnt9c #
- Hackers turn Cisco phones into remote bugging devices http://bit.ly/jr6FXD [+1 for default settings. :)] #
- Sony yet to fully secure its networks http://j.mp/k7ozkK (via @Nathiet) [Yeah, pretty hard to do backwards.] #
- PlayStation Network Hack Launched from Amazon EC2 http://j.mp/lKrhCQ [Interesting. Will Sony sue Amazon?] #
- Password Managers, the good and the ugly: http://j.mp/mvNux5 (via @mubix) [Very nice writeup.] #
- Backtrack 5 – Full Disk Encryption How-to Published http://j.mp/ingsin (via @lizborden @jaysonstreet) [Nice.] #
- At least I’m also on show with good company. I’m looking at you @vincentkadmon! http://twitpic.com/4xs0pb (via @haxorthematrix) #
- Fingerprinting author of Zeus http://j.mp/kukeJy – think he/she is a native speaker of English? (via @briankrebs) #
- Report fr @TheHackersNews claims US DoD/NSA Hacked http://j.mp/lqiwyf (via @mikkohypponen @DaKahuna2007) #
- Here’s 12s clip of Armitage on Breaking In. http://j.mp/jvxSD8 (via @armitagehacker @mubix) [Nice, Congratz!] #
- Outstanding primer on latest vs of TDSS/TDL rootkit, TDL4, which infects 64-bit.. http://j.mp/m5TFXP (via @briankrebs) #
- #TOOL killerbee: Framework & tools 4 exploiting ZigBee/IEEE 802.15.4 networks http://j.mp/iM1dU0 (via @stalkr_ @mubix) #
- Dropbox Lied to Users a/b Data Security http://j.mp/jz8y6V (via .. @endrazine @jaysonstreet) [This really irks me.] #
- The Offline Social Network (YouTube) http://j.mp/iW8nRk (via @ksignal9) [Pretty funny.] #
- Hackers used fake info 2 reg server on EC2 cloud service & attack PSN. http://j.mp/kf6x4g (via @stevewerby @angelinaward) #
- Anyone out there having probs buying/updating stuff from iTunes/App Store? Recently been getting billing addy errors. #
- Something old is new again: Mac RATs, CrimePacks, Sunspots and Zeus leaks http://j.mp/jG13HA (via @briankrebs) #
- Evil flash cookies easier to delete with new Adobe player http://j.mp/jOnKp2 (via @regsecurity) [Yeah!] #
- Proposed CA Law Would Require Social Networks Private by Default http://j.mp/k3tspy (via @jasonmoliver) #
- Week 19 In Review – 2011 http://bit.ly/jBix2x [Good read as always.] #
- 10 Facebook settings to check right now http://j.mp/l8vCaV (via @Nathiet) [Notes 4 my upcoming book on securing FB. :)] #
- WH sets global cybersec strategy policy that makes it clear that this is an international effort. http://j.mp/jEqeAZ #
- Star-Studded White House Unveiling of Int’l Cybersecurity Strategy. http://j.mp/kCh7b9 [More on this.] #
- #IsItJustMe Whenever U read Mother Goose Nursery Rhymes, next line you’re thinking about is always old Dice Clay version. #
- Quick Test: Little Boy Blue; ___ ___ ___ ___. #diceclay #isitjustme #
- Latest WHID Entries (@wascwhid) – http://bit.ly/lU9QzW (via @ryancbarnett @manicode) [Good ref.] #
- #JOB DHS posted some interesting new cybersec jobs, from analysts to directorships http://j.mp/c3To6V (via @danphilpott) #
- #TOOL OWASP ESAPI 2.0GA released http://j.mp/j0F7uo via #OWASP (via @endrazine @danphilpott) #
- PC emulator in JS. U can run linux on it, right in your browser. http://ljv.me/4Z (via @carnal0wnage) [Can it run msf tho?] #
- MS’ security report shows Win7 is safer http://j.mp/iQaQeS [safer than what is better Q] (via @DrInfoSec) [Looks like XP.] #
- Well, good. @kriggins now has @securitytwits. (via @quine) [@quine tx 4 your efforts.] #
- DoD issued Instruction 8520.03 Identity Authentication for Info Systems http://j.mp/lcvtqa (PDF) (via @danphilpott) #
- #CON Follow the MD Cyber Challenge and Conference (@MDC3_2011) http://j.mp/iBzHiI (via @EnzOnInfoSec) #
- Journo was arrested, says Qld cop http://j.mp/jVomeh (via @regsecurity) #
- RT @SaveBreakingIn: @AlyssaMilano, @LaurenConrad, @MichaelIanBlack don’t want to see us go! #SaveBreakingIn (via @mubix) #
- #TOOL OpenDLP 0.2.6 rel w/ pass-the-hash support. Tx @steponequit! http://j.mp/k7HUWF (via @mubix) #
- #EDU Wi-Fi Challenge 3 Posted! http://j.mp/kQUwaH Prize: $50 Gift from Amazon! (via @digininja @DaKahuna2007) #
- #JOB Information Security Careers Cheatsheet http://j.mp/kkNqJ3 (via @espreto @securitytwits) [Nice!] #
- Looking for additional wiki contributions for the OWASP Mobile Security Project. http://j.mp/m5df5X (via @jack_mannino) #
- When in-house rivalries, bureaucracies impede security monitoring: http://j.mp/muOw5a [So true.] #
- Sony’s PlayStation Network hacked again.. http://j.mp/jpnUpC (via @adrianweckler @jaysonstreet) [Man, tough month.] #
- Top Cybersecurity Official Resigns – Wednesday, May 18, 2011 http://j.mp/j6YWJ9 (via @mschafer) [Mmm? Odd?] #
- Browse/search security conf spkrs http://cc.thinkst.com/ Speaker timelines & links .. (via @Beaker @haroonmeer @schuetzdj) #
- #TOOL EMET 2.1 published http://j.mp/l64L43 (via @fjserna @mubix) #
- Cool to see drive-by downloads for Mac OS X http://bit.ly/iq0wlZ who shared this pic http://j.mp/jBvCOZ (via @taosecurity) #
- SCADA hack talk canceled after DHS/Siemens complain http://j.mp/jyhgkj (via @elinormills @WeldPond @jaysonstreet) #
- [email protected] continues to disappoint with another pointless dick move. http://j.mp/l6zsrZ (via @samerfarha @dallendoug) #
- Apple App Store apps are often old, vulnerable versions http://j.mp/k2d0rO [Downside to app stores.] #
- #TOOL Release of Gorilla – A Security Tool 4 Apple’s iOS http://j.mp/kDaUin (via @tobiklein @alexhutton) [Required jailbrk.] #
- Reitinger quits DHS cybersecurity post http://j.mp/igl4Go [In case U missed.] #
- New AWS Security Whitepaper http://j.mp/kiKWWr plus a bonus on risk and compliance (via @justin_foster @danphilpott) #
- US CDC has guide on surviving zombie apocalypse http://j.mp/iI51E9 (via @LO_TEK @danphilpott) [What a sense of humor.] #
- Consulting 4 Profit: Building Biz on Sec Assessments http://j.mp/m0h797 (via @iFail) [Wait, when did @jack_daniel goto @rapid7?] #
- Schmidt: Google will let you erase yourself from it http://j.mp/jr90hM [Let’s see how hard they mk it.] #
Well, that’s all for this week. Be sure to follow me on Twitter at @grecs for more great tweets during the week! See ya…