Weekly Rewind – Top Industry News, Local Jobs, ShmooCon Tics & More

I skipped last week but am back for more with another Weekly Rewind post… The industry news is from this past week however our blog posts go back about two weeks to the last Weekly Rewind. Also I didn’t include some of our standard articles due to their time relevancy.

For some of those readers that may not have noticed, I actually tack on commentary to the industry articles … so check out my italicized/bolded opinions and let me know if you agree in the comments. Lastly, take a zoomed up gander at the job application image to the right that @mubix posted earlier this week. North Carolina is probably one state I won’t be applying to…

Industry Articles

Cracking MD5 Passwords with BozoCrack: A couple of weeks ago I saw someone mention a little script called BozoCrack on Twitter and I decided to check it out. What caught my attention is that BozoCrack simply “cracks” md5 hashes by doing a search on Google for that hash. Once it finds the hash and the text that goes with it, it spits it back out on the screen. Not really cracking of course, but its pretty dang effective. (continued here) [@grecs: Here’s a useful tool that automates Google hash cracking.]

ARIN Launches WHOWAS: American Registry for Internet Numbers (ARIN) is running a trial service that gives users access to historical IP whois data — that is, it will tell you who was responsible for an IP address or block of IPs. The service is not automated and if you want to access it you will need to submit a request via email with information about not only what you want to know, but why you are interested in accessing the information. (continued here) [@grecs: Might be useful… How would you use this data on a pen test?]

Dutch Researcher Created A Super-Influenza Virus With The Potential To Kill Millions: A Dutch researcher has created a virus with the potential to kill half of the planet’s population. Now, researchers and experts in bioterrorism debate whether it is a good idea to publish the virus creation ”recipe”. However, several voices argue that such research should have not happened in the first place. (continued here) [@grecs: Maybe not an infosec story but it does parallel our disclosure debate some. Of course it’s a lot harder to biologically patch people.]

Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises: The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future… (continued here) [@grecs: Finally, someone is stepping up however there’s probably so many loopholes that it’ll probably be useless. For example, Facebook could simply pop up new mini-ToSs that people are just going to click though without reading.]

BUSTED! Secret app on millions of phones logs key taps: An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. (continued here) [@grecs: iPhone coverage regarding this came up later in the week. At least it was disabled by default in most cases.]

Our Blog Posts

Job: Security Engineer II in Fairfax, VA: Looks like a great job opportunity has turned up over at the NoVA Hackers Association’s facility host. I know several of the folks that work in their security department over there and it seems like a challenging and rewarding place to work. The Company ICF International (NASDAQ:ICFI) partners with government and commercial clients to deliver professional services and technology solutions in the energy and climate change; environment and infrastructure; health, human services, and social programs; and homeland security and defense markets. (continued here)

Skype and the Enterprise: I read an interesting article this morning over on InfosecIsland.com that discussed the security of using Skype in the enterprise. As expected it didn’t give us the magic “yes” or “no” but instead the typical “it depends.” Overall, I thought the author made a very good point in that we trust a lot of our data to third parties, as I’ve mentioned in my teleconference security post, and Skype is just another third-party. The decision to use Skype should just follow the same considerations you’d normally take when acquiring any new third-party service. (continued here)

Job: Senior Cyber SME in Dulles, VA: This position over at Technica looks like a great opportunity for any of the more seasoned among us. It requires a masters, 5 years experience, and someone that really knows how to reverse engineer malware. And I can tell this manager knows how to hire the right kind of people … “Required Technical Certifications: None Required”. 🙂 Company Description Technica is an innovative provider of high quality information technology solutions, process engineering and information assurance expertise. (continued here)

Top 5 Tips for Snagging that ShmooCon Barcode: Today’s the day … or at least one of three days throughout the year where we drop everything around 11:55 AM EST, head over over to the ShmooCon registration page, and starting F5ing the hell out of our computers with the hope of getting a barcode. Being someone that’s attended ShmooCon for four or so years now, I thought I’d pull together some of my tips for getting ShmooCon tickets. I’ve written about this previously however the ticket process has significantly changed since 2009. (continued here)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.