Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “The Final Four…of the ShmooCon FireTalks”, 2) “Encrypting Tweets for Your Fun and Not Their Profit – Part II”, and 1) “SpeedTest.net Pushing Java Exploit”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Something’s Amiss On the Twitters this Evening – 250K Emails/Passwords Exposed: So I was having a nice relaxing Friday evening when I happened to check my email. And what should I find in my mailbox … but a nice little message from Twitter. It noted that my account may have been hacked and that I needed to reset my password. Wonder if this just another case of “me too” followed up by the recent big-media New York Times and Wall Street Journal hacks earlier this week? What’s your prediction for how the attack played out? Let us know in the comments below. (continued here)
The Final Four … of the ShmooCon FireTalks: Just a short post to close out the speakers for this year’s ShmooCon Firetalks… With several more submissions during the CFP extension, the selection committee has continued to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers. But before we get on to the talks I just wanted to again thank @jack_daniel, @jasonmoliver, @nathiet, and @dystonic for their continued hard work they’ve put in over the last few weeks. (continued here)
Sequestration Anxiety Axes Conference: We found this news very interesting… Apparently organizers have temporarily postponed the popular DC3 conference due to the uncertainty of budgets because of the upcoming federal budget ‘sequester’ deadline on March 1st. And no … it isn’t cancelled as some have reported. How’s the budget uncertainty affecting your organization? Let us know in the comments below. (continued here)
SpeedTest.net Pushing Java Exploit: First of all we love SpeedTest.net. Even with its Flash-based War Games effects, it’s still our goto site when investigating slow network connections. That’s why we were a little taken aback when we discovered an Invincea blog post noting that our beloved site being involved in exploiting visitors using one of the recent Java vulnerabilities. The main theme behind the Invincea post wasn’t necessarily their browser sandboxing product per se (although it does look helpful) but more on emphasizing “that the highest concentration of online security threats are in fact legitimate destinations visited by mass audiences.” Did you visit SpeedTest.net over the weekend? Notice anything odd? Let us know in the comments below. (continued here)
DoE Hacked in “Sophisticated” Attack: The Washington Free Beacon recently reported a “sophisticated” attack that resulted in the breach of 14 servers and 20 workstations at the Department of Energy (DoE) headquarters. The intruders got away with mostly Personally Identifiable Information, or PII, of several hundred of their employees. Fortunately, the breach didn’t result in any classified information being leaked that they know of. Of course everyone is pointing to China but there is still no word yet on the source. (continued here)
DoJ, USSC, DoE & Now the Federal Reserve: The government seems to be having some problems lately. Last week it started with the hack of the Department of Justice’s website, which was closely followed by attacks targeting the United States Sentencing Commission twice and an internal compromise of the Department of Energy. Now the Federal Reserve is joining the action with the breach of an internal website that led to Anonymous releasing logins, IP addresses and contact information for a number of bank execs. (continued here)
Encrypting Tweets for Your Fun and Not Their Profit – Part II: In part I of this topic we introduced the concept of encrypting your tweets and mentioned the possibility that an easy-to-use Twitter encryption system could impact their revenue model. Of course this isn’t going to happen as in general people are lazy, which is the same reason why email encryption services haven’t taken off. There are some convenient solutions like Wickr and Silent Circle but they require you communicate over their proprietary systems and not an already established stream like Twitter or Facebook. What do you think of these services? Are there any that we missed? Let us know in the comments below. (continued here)
ShmooCon FireTalks 2013 Schedule: Well … here it is the “final” ShmooCon FireTalks schedule. For all the details related to FireTalks be sure to check out its corresponding resource page. Can’t wait to see everyone next week! (continued here)
Hope everyone had a wonderful week. Have a great weekend!