Weekly Rewind – Top Industry News, Infosec Degrees, LastPass Updates & More

Icon of Rewind ButtonWell it’s been a few weeks since I got one of these Weekly Rewind posts out… The industry news is from this past week however our blog posts go back to the last Weekly Rewind post. I didn’t include some of our standard articles due to their time relevancy. And for some of those readers that may not have noticed, I actually tack on commentary to the industry posts … so please check out my italicized and bolded opinions and let me know if you agree in the comments.

Industry Articles

Twitter Ordered to Yield Data in WikiLeaks Case: A federal judge on Thursday ruled that Twitter, the popular microblogging platform, must reveal information about three of its account holders who are under investigation for their possible links to the WikiLeaks whistle-blower site. The case has become a flash point for online privacy and speech, in part because the Justice Department sought the information without a search warrant last year. Instead, on the basis of a 1994 law called the Stored Communications Act, the government demanded that Twitter provide the Internet protocol addresses of three of its users, among other things. An Internet protocol address identifies and gives the location of a computer used to log onto the Internet. (continued here) [@grecs: Bravo to Twitter for trying to fight for their users.]

Mobile app helps clean up your Facebook image: Programmer Michael Devine was looking for a job earlier this year and realized that not all potential employers would appreciate his Facebook posts as much as his friends do. So he wrote a mobile app that allowed him to clean up his potentially off-color and political posts and comments. “I’m an impulsive guy,” Devine said in a recent phone interview with CNET. “I like making people laugh and I also have strong political views. Given that, you can imagine the kinds of things I post on Facebook. So I wanted to clean up my own profile and thought others might want this as well.” (continued here) [@grecs: Wonder if there is a Twitter app coming anytime soon?]

Mac OS X has its own sandbox security hole: Move over, iOS: CoreLabs Research has posted a public notification of a potential security vulnerability in Mac OS X’s sandboxing mechanisms. According to CoreLabs, it’s possible for sandboxed apps to trigger external processes that aren’t sandboxed and possibly gain privileges not granted by a particular sandboxing profile. The revelation comes shortly after Apple announced it would force apps distributed via its Mac App Store to use sandboxing, ostensibly to increase security for Mac OS X users. Apps that conform to Apple’s sandbox design use a set of “entitlement” profiles defined by Apple; those profiles determine which system resources it can use and which are off limits. (continued here)

Will IT Certs Get You Jobs and Raises? Survey Says Yes: Debate rages among IT professionals over the value of certifications, but a survey of 700 network professionals jointly conducted by Network World and SolarWinds may help put that argument to rest. Among those who earned certifications, most saw a significant boost in their careers as a result. Some 60% said a certification led to a new job; 50% said they earned more pay, with 40% saying their pay increased by more than 10% directly because of a certification; and 29% said a cert led to a promotion. Respondents also offered advice on when to get certifications and which ones to get. Interestingly, they named Cisco certifications as both the most, and the least, valuable. (continued here) [@grecs: I think a few certs might help early in your career or maybe if you are switching into a new niche. For mid-career professionals though I don’t think it’s going to get you that job or raise.]

Let’s scuttle cybersecurity bachelor’s degree programs: It may sound counterintuitive, but the way to increase the number of cybersecurity professionals is not to start granting degrees in cybersecurity. I suppose it sounds logical. We’re hearing that the best way to deal with the shortage of cybersecurity professionals is to funnel students into cybersecurity degree programs. And while we’re at it, let’s address the problem of all those hackers who are thinking outside of the box by recruiting them for these degree programs. Unfortunately, the logic of these statements is about a micron thick. (continued here) [@grecs: The more I read this article, the more I tend to agree with it. I think it’s important to establish a base with a traditional undergrad degree and several years real world IT experience. And then maybe at that point you are ready for a full-time infosec gig. In hindsight I realized this is actually how I did it! Now it’s still important to do some infosec stuff in undergrad and that initial job … but maybe it shouldn’t be a full-time thing.]

IT Security Salaries Seen Rising in 2012: Salaries for IT security professionals are projected to increase by 4.5 percent in 2012, according to a new report from Robert Half Technology. Robert Half tracks 70 IT occupations, including six information security titles. A seventh IT title, mobile application, requires significant security know-how, which could explain why it should experience the largest annual increase of any IT occupation. (continued here) [@grecs: Given how most large corporations around DC are whining about the difficult economic climate and government spending cuts, I don’t think I’m going to see 4.5%. :(]

Our Blog Posts

Bagging Twitter Imposters: I noticed an odd thing the other day … I hadn’t seen any recent posts from one of my preferred Twitter security news feeds over at the @regsecurity account. I skimmed through the people I follow and noticed that I was no longer following them. Now I could have sworn I was following this account. Then I headed over to their Twitter page and noticed that they only had around 40 tweets and 60 followers. Was this a fake account? The real one wouldn’t be this sparse. Maybe I mistyped the account or something. After a few searches on SnapBird.org I found that it was indeed the correct Twitter account and the last time I tweeted a story by them was on September 28th. (continued here)

ISSA International Conference Follow-Up: One thing we like to do here is provide summaries of events that happen around the area. Recaps of multi-day conferences are pretty time-consuming to write and thus I don’t notice too many of them getting published. Fortunately, Ben “@falconsview” Tomhave wrote up his reflections on the ISSA Intentional Conference held last month and he gave us permission to repost his article. If you happen to attend one of the local meetups or conferences and want to write up your thoughts, we’d be glad to host it for you. Also even if you don’t have time to write a full recap, feel free to leave your take-aways and opinions by commenting on any of the events in our calendar. (continued here)

Getting Started in Cybersecurity – The University Way: The significant increase in the threats to our computer systems has created a huge demand for professionals with cybersecurity degrees over the last decade. Even though the expertise in information security has been around for a long time, there are estimated 30, 000 cybersecurity related jobs coming to the Baltimore-Washington, D.C. area as DC is specially in need of government IT security specialists according to the University of Maryland University College. This demand has urged many to begin careers in cybersecurity and infosec. Hence the question, what is the best way to prepare for a career in this field? (continued here)

New Multifactor Authentication for LastPass: I didn’t mention it in my previous post “Usable Browser Privacy & Security” but another Firefox plug-in I normally use is the popular online LastPass password manger. Well, the other day I noticed a new feature but hadn’t seen much discussion of it within the security community. Yes, I use LastPass and find it very useful in managing many of my passwords for low to medium value websites. I use roughly three different computers on most days and having to regularly sync a password archive across them is cumbersome so the online aspect of LastPass is a welcome solution. Although I probably wouldn’t store high value passwords using an online service like this, LastPass provides an simple way to use different strong passwords for every site you need to authenticate to. (continued here)

NoVA CTF November 2011 Challenge: After taking a few months off the folks over at NoVA CTF just released a new challenge to the NoVA Hackers list. They gave me permission to republish the challenge here for the rest of the community to enjoy. A terrible “cyber” attack has taken place but fortunately network sensors captured a pcap of all network activity during this time. Your job, should you choose to accept it, is to examine the pcap and answer the following questions. (continued here)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.