Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “BackTrack 6 Speculations”, 2) “How Are Infosec Pros Affected by Pentagon’s 46K Layoffs Plans”, and 1) “DoJ USSC Site Re-Hacked into Asteroids Game”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
NoVA Labs Binary Bash Slides: Yesterday evening I had the pleasure of presenting a malware analysis overview at NoVA Labs. Now I’m no expert but I’m “teaching” in the hopes of “learning” even more. And that I did… This session is the first of a series of events that myself and @tribe92z are organizing appropriately named Binary Bash. The goal is to learn the basics of malware analysis from each other and, most importantly, have fun. Did you attend this event? If so, what did you think of it? Let us know in the comments below. (continued here)
How Are Infosec Pros Affected by Pentagon’s 46K Layoffs Plans?: I just read this article tweeted by @edkennedy9 … and it’s about to get scary for many of those in the metro DC area … and no I’m not talking about a 1? snow storm. It’s about how the Pentagon’s #2 guy just announced the layoffs of over 46,000 contractors and temporary employees. According to the article on the HuffingtonPost.com, the Pentagon will not only begin laying off these individuals but will also be furloughing full time civilian employees 1 day a week for the next 5 or 6 months. How do you think these mass layoffs could effect the infosec industry? Let us know in the comments below. (continued here)
ShmooCon FireTalks … More Speakers, More Sponsors, More Time: Just a short post … well actually it’s turned into a long post … to announce the second round speakers for this year’s ShmooCon Firetalks… With several more submissions at the last minute in mid-January, the selection committee has continued to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers. But before we get on to the talks I just wanted to again thank @jack_daniel, @jasonmoliver, @nathiet, and @dystonic for their continued hard work they’ve put in over the last few weeks. (continued here)
DoJ USSC Site Hacked in Response to Swartz Suicide: Looks like on Saturday the website of the United States Sentencing Commission (USSC) (www.ussc.gov), part of the U.S. Department of Justice, was hacked in protest to the recent treatment of Aaron Swartz that led to his eventual suicide. The perpetrators also posted a series of nine encrypted files, named after the Supreme Court’s justices, containing potentially damaging information and encouraged their followers to download and distribute them. Now there’s a crypto challenge if anyone is up for it…(continued here)
DoJ USSC Site Re-Hacked into Asteroids Game: After our previous post a few hours ago about the hack of the Department of Justice United States Sentencing Committee (USSC) website early Saturday, I received a odd mention on Twitter…(continued here)
Pentagon (and NSA) Taking Offensive with Cybersecurity: We just asked “How Are Infosec Pros Affected by Pentagon’s 46K Layoffs Plans?” on Friday and now it looks like we may have our answer. A story on the front cover of the Washington Post this morning cites the Defense Department’s Cyber Command calling upon a 500% increase over the next several years. Do you think the increased cybersecurity measures of the DOD are a good thing, and do you think the NSA’s involvement will help or hurt their efforts? Post your comments below. (continued here)
BackTrack 6 Speculations: Late last week we put out a quick post on the forthcoming BackTrack 6. @ciphersson started to write a comment on that post but then somewhere along the way a short comment turned into a long response and hense a full blog post on his N00bFu.com site. With his permission we are republishing that post here. (continued here)
Did You Say More PINs?: Following up on our story last week we came across another study related to PINs … this time from Nick Berry of DataGenetics. Like last week’s post many of you have probably seen this information but we’re just placing it here for a quick reference if you ever get into a case where you need a reference to do some manual testing. This goal of the DataGenetics study was to determine which four digit PINs are least and most predictable but it has a nice outcome as to provide a longer list of PINs to try. Any other interesting studies out there on common PIN use? Let us know in the comments below. (continued here)
Exposure of UPnP and Rapid7?s Whitepaper on Disabling It.: If you haven’t already heard, the good folks at Rapid7 have recently released a whitepaper describing the culmination of a project from the latter half of 2012 – the exposure of UPnP (Universal Plug-and-Play, or Useful plug-and-pwn in some circles) to the Internet with a capital I. Even the US-CERT has recommended disabling it. (continued here)
Doing CYA Instead of CIA: I enjoyed this article Gunnar Peterson wrote a few weeks ago titled “What Is It You Would Say That You Do Here?” on Dark Reading. It asks the rhetorical question “Does your company need a security department?” and relates this to the catchprhase “Doing CYA Instead of CIA.” (continued here)
Someone in China Hacked the New York Times … Surprise Surprise:China made the headlines last night in an article published by the New York Times stating that for the last four months Chinese hackers have been infiltrating its computer systems and obtaining passwords of reporters. The New York Times also noted the timing of the attack and its possible link to an article recently published on the Chinese prime minister, Wen Jiabao, and his family’s ties to shady business dealings. While the Chinese government has publicly denied claims of a military backed attack, we think it’s pretty much safe to say it was. What do you think? Chinese hacking the New York Times more of the same or a new trend in high profile attacks? Let us know in the comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!