Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “New Version of Nmap Released”, 2) “ITU DPI Document Leaked”, and 1) “4 Steps to Anonymous & Secured Communication (aka – What Petraeus Should Have Done)”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
We’re Calling It – Four Horseman Win! ;): This just in… With only one hour of voting left for the ISC2 Board of Directors election, the top four new ISC2 board members remain Dave Lewis, Christopher Nickerson, Boris Sverdlik, and Scot Terban according to our Exit Poll. (continued here)
New Version of Nmap Released: Nmap, the popular software used in security auditing and network exploration, just released its newest official version today – Nmap 6.25! This release is the much anticipated holiday update of Nmap 6.01 from five months ago. Fyodor sure has been busy … the newest version of adds hundreds of major enhancements…What do you think about Nmap 6.25? Post your comments below. (continued here)
4 Steps to Anonymous & Secured Communication (aka – What Petraeus Should Have Done): A few weeks ago we started writing a blog post about being anonymous using web mail in regards to the whole Petraeus scandal. Unfortunately, we weren’t quick enough as the EFF seems to have put out a better post than we were writing. Based on their advice as well as some other ideas we were brainstorming, we came up with the following 4-step process. Got any other anonymous/security advice to add? Let us know in the comments below. (continued here)
DARPA’s New Program Threatens Supply Chain Vulnerabilities: The Department of Defense (DoD) announced a new program aimed at what is becoming a growing trend in the IT industry called “purchased technology” – hardware or software that manufacturers or resellers can reprogram to infiltrate sensitive, top-secret information. Also known as Supply Chain Security and exemplified by the recent Huawei fiasco, the new program from the Defense Advanced Research Projects Agency (DARPA) is called VET (Vetting Commodity IT Software and Firmware – don’t ask how they got that acronym). The program’s primary purpose is to verify DoD-purchased IT devices are free of hidden backdoors and malicious functions. What do you think about DARPA’s new program, VET? Post your comments below. (continued here)
Gattaca Wins #ISC2 Board Seat!: ISC2 just released the results of this years election and Dave “@gattaca” Lewis made it! Not much to say beyond that… The other members elected to the board included Diana-Lynn Contesti, Corey Schou, and Hiroshi Yasuda. The write-in campaign for the rest of the “Four Horseman” was a valiant try but alas it was not meant to be … this year. The other three are returning board members after taking their “year off.” Not that that’s a bad thing for ISC2 however it does mean a trend towards more of the same. (continued here)
NIP Tip: Removing EXIF Data from Images & More: With all the discussion going on re EXIF data from John McAfee photos I thought I’d finally put out a quick reference post with some commands I had tucked away in some obscure text file on my computer. This isn’t anything new except for the fact that now it’ll be out there for me to reference instead of having to search through the many text files I on my hard drive. Does anyone out there know the exiftool command to set individual coordinates and time? Let us know in the comments below. (continued here)
Hacking Hollywood Follow-Up – More Videos: In our previous Hacking Hollywood post we covered Chris Chaney, who successfully infiltrated celebrity inboxes and other web-based accounts to get an inside look at what’s really going on among these elite. At the end of that post we included a little clip of one of Johnny Long’s old Hacking Hollywood presentations from 6 years ago. People seemed to like that … and given we had a hard time finding the whole talk ourselves, we thought we’d post it here (in 15 min segments) in case anyone wants to watch this very entertaining talk in its entirety. (continued here)
ITU DPI Document Leaked: Wow, don’t know how this happened… I thought these types of things were suppose to be kept secret from the vast unwashed like ourselves. Anyway, The Register reported that an activist had requested a copy of the document on Twitter. For some reason … someone … somewhere … sent all 95 pages of it to her. After realizing their mistake, the sender asked for her to treat the standard as FHEO. Unfortunately, it was too late as the document had already been distributed to several journalists. (continued here)
Disclosure Foils New Pregnancy Test: This post is a great article on why disclosure is necessary (not going to get into an argument on which type) and security research should never ever be illegal. You may remember this story from last year where Epic Marketplace used a decade-old browser flaw to illegally analyze visitor surfing habits. By detecting the color of the links displayed to visitors, they could more easily categorize users into one of several special interest groups, including “pregnancy-fertility getting pregnant,” “incontinence,” “memory improvement,” and “arthritis.” As expected this information allowed the marketer to better serve more targeted ads. Do you think that Epic Marketplace’s punishment was appropriate? Post your comment below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!