Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “iKAT 2013 Released”, 2) “FISMA Reloaded: Is a Makeover in Near Future?”, and 1) “ShmooCon 2013 Videos Released”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Upcoming Malware Analysis Training: I usually participate in several activities a month over at Nova Labs, a year-old hackerspace out in Reston. One thing that I’ve been interested in lately is learning some basic malware analysis. I have a presentation that I give on my experiences in trying to attain some baseline experience in this very interesting field. From that interest myself and Andy “@tribe92z” White have started monthly malware analysis group learning sessions called “Binary Bashes” at Nova Labs, where we give a quick intro and then do an analysis challenge from one of the recent CTFs. We’ve done two so far and the next one will be this coming week on Thursday the 21st. (continued here)
NIST NVD is Back…: Just a quick update regarding the malware infestation on two NIST-run servers, one that hosts the National Vulnerability Database (NVD)… After a week of downtime resulting from a compromise of a ColdFusion vulnerability, everything is back to normal as of mid-day Friday according to GovInfosecurity.com. Checking out the NVD we did a quick lookup on the vulnerabilities that the culprits exploited (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632) … and yes, they were indeed listed. What are your thoughts on how NIST handled this incident? Let us know in the comments below. (continued here)
ShmooCon 2013 Videos Released: We noticed a tweet earlier today from @mubix through @aestetix that The Shmoo Group must apparently have posted the ShmooCon 2013 videos and not told anyone. Unfortunately, no official quick YouTube videos to link to … just the schedule page with right-click/download links to MP4s. What are your favorite talks? Let us know in the comments below. (continued here)
NovaHackers March Meeting Videos Posted: If you weren’t able to attend last week’s NovaHackers meetup, most of the presenters opted in to being recorded. Brett Thorson, of the Compute Cycle podcast, recorded and posted them over the weekend. It was a pretty amazing night with six excellent talks on a range of interesting topics. My favorites were the ones on Bro IDS, password complexity, and a panel on REDACTED. Did you attend the NovaHackers meeting last week and have thoughts on any of the other recorded talks? Let us know in the comments below. (continued here)
Only You Can Prevent Account Hijacking – Origin’s Second Factor FTW: Fellow NovaBlogger Peter “@pmhesse” Hesse of Gemini Security Solutions put out a great post earlier on his corporate Security Musings blog about a personal experience where the Origin game platform’s two-factor authentication saved him. Yes … he chose a pretty weak password but even with that, the Origin’s second factor kept things from getting much worse. Of course it looks like Origin is having other problems right now…(continued here)
iKAT 2013 Released: Looks like @webbreacher (via @xme) discovered and tweeted another big tool update this morning … the next version of iKAT (Interactive Kiosk Attack Tool). According to the full disclosure post yesterday, Paul Craig noted that the update is “generally a refinement of the iKAT software, with a smoother exploitation path – more exploits, and better compatibility.” Other big news is that iKAT Desktop is back and already included in Kali Linux. What do you think of the new iKAT tool? Let us know in the comments below. (continued here)
FISMA Reloaded: Is a Makeover in Near Future?: Contributed by Matt Westfall – From the same House Oversight Committee that brought you the investigation into Jose Canseco’s steroid use comes proposed legislation, called the Federal Information Security Amendments Act of 2013 (HR 1163), that would update the Federal Information Security Management Act (FISMA) of 2002. The new bill (PDF) dictates the need for continuous monitoring of government systems and more frequent threat assessments. This approach would be a departure from the current model – a static “checklist” methodology for configuring networks and updating software. Do you think this bill is a step in the right direction? Let us know in the comments below. (continued here)
Controversial National Security Letters Found Unconstitutional: Wow, didn’t see this coming… In case you missed this story late last week, apparently a federal judge has found the gag order associated with National Security Letters (NSL) unconstitutional. Of course I’m sure there’s a lot of appeals left but still. For those that aren’t familiar with NSLs, they simply allow the FBI to obtain customer data without warrants from internet service providers, credit companies, financial institutions and others. The kicker is that any company that receives a NSL can’t disclose they received the request. Do you agree with the judge’s decision? Post your comments below. (continued here)
Why Isn’t XP the Most Secure OS on the Planet?: Contributed by Robert “@pwcrack” Weiss – Microsoft Windows XP was released in 2001 and is scheduled for end of life less than a year from now in 2014. At that time Microsoft will discontinue critical and security patches for the aging operating system. When this happens it will have had an unprecedented run of over a decade as a dominant operating system – a record unlikely to be broken. What are your thoughts on Windows XP? Post your comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!