Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NoVA & Metro DC Jobs Thread”, 2) “Air Force Cadets P0wn NSA Red Team in Annual CDX”, and 1) “CISPA Infographic: Double-Edged Sword”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Malware Analysis Slides from AIDE Conference: This past weekend I had the honor of presenting an introduction to malware analysis talk at AIDE. The goal of the presentation was to give newcomers an idea of where to start in this very interesting field. Here’s the title, abstract, and link to download the slides. (continued here)
REMnux Install Guide: In our continued quest to become the ultimate REMnux fanbois we thought we’d point to a recent post by Lenny Zeltser that provides a basic overview of how to setup and install the popular malware analysis distro. The article covers using both the Open Virtualization Format (OVF) and VMware’s own proprietary format for most VMware products. He also discusses setting the OVF file up on Virtual Box as well. The setup for VMware fans is pretty much dead simple. (continued here)
CISPA 2.0 Passes House … Anonymous Calls for Monday Blackout: We’re a little late on this one but just in case you haven’t heard … the House passed the controversial Cyber Intelligence Sharing and Protection Act (CISPA) this past Thursday with a 288-127 vote. For those that need a little background, CISPA would basically make it easier for private industry and the government to share threat information with each other. This collaboration would theoretically make it easier for all involved to identify and stop attacks. Sounds reasonable … but companies sharing the information would also be shielded from any legal repercussions of passing along sensitive data such as personally identifiable information (PII). What are you thoughts on CISPA 2.0? Let us know in the comments below. (continued here)
Air Force Cadets P0wn NSA Red Team in Annual CDX: Congratulations to the U.S. Air Force cadets for their win in the annual Cyber Defense Exercise (CDX) held in Hanover, MD last week. In this three-day exercise, now in their 13th year, “blue teams” from various military colleges defend their computer networks against simulated attacks from a “red team” of National Security Agency (NSA) and other industry experts. One of the red team members, Raphael “@armitagehacker” Mudge, maintains the popular Armitage tool that he developed specifically for red team coordination in these types of exercises.(continued here)
NoVA & Metro DC Infosec Jobs Thread: Just thought we’d try something like this for those seeking new job opportunities and recruiters looking to hire in our area. This idea basically works just like the Reddit netsec quarterly comment thread but focuses on NoVA and other locales in the metro DC area and uses blog comments instead. For those not familiar with Reddit’s threads here is the overview from their most recent thread. (continued here)
CISPA Infographic: The Double-Edged Sword: We’re not a huge fan of infographics but we thought this one on CISPA posted to Wil Wheaton’s Tumblr laid things out nicely. As you can see there are some significant benefits to CISPA coming in the form of better defense against threats through improved information sharing. But of course without careful controls there is also an issue with abuse, including massive privacy concerns. What other concerns do you see with CISPA? Let us know in the comments below. (continued here)
Two-Factor Authentication Continued to Gain Steam: We’ve covered Evernote and WordPress in the past. Now Microsoft is jumping on board. For Windows Phone devices you can use the Microsoft Authenticator app. iOS and Android devices can use any system that the Microsoft system supports, including the defacto standard – Google Authenticator. (continued here)
ACLU Files Complaint Against Android Wireless Carriers: Carriers dragging their feet on pushing Android OS upgrades and patches out to its over 100 million devices is just a huge security issue. Especially when you consider that a recent survey found that more than 50% of these devices have vulnerabilities that have already been patched by Google. (continued here)
REMnux on Hak5: We came across this nice video of Shannon “@snubs” Morse giving a quick overview of Lenny Zeltzer’s recently updated REMnux distro. It starts around 1 minute in and lasts about 7 minutes. At around the 5 minute mark, Shannon covers Lenny’s excellent cheatsheet for those needing a quick reference or just getting started. (continued here)
Women Rule 40% of Federal Cyber Workforce: Here’s another useful infographic … this time from FCW.com illustrating the state of the cyber workforce in the federal government. Most of the stats simply quantify the expected, such as 36% of the workforce being at the Department of Homeland Security. Others were quite surprising though. One example is the finding that 39% of the workforce are women. From my experiences in the industry, this percentage seems very high. I would probably peg it at no more than 5% based on my interactions. (continued here)
Ding-Dong CISPA Is Dead: Looks like the House version of Cyber Intelligence Sharing and Protection Act (CISPA) is dead… According to USNews.com the Senate will be drafting its own version of the legislation with more emphasis on privacy. If you would like to learn more about CISPA checkout this infographic as well as several of our other posts on this controversial bill. What do you think of the failure of CISPA 2.0? Let us know in the comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!