Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NovaHackers May Meeting Videos Posted”, 2) “20% Discount on Level 1 Penetration Testing Class”, and 1) “NIST Releases Analysis of Cybersecurity Framework RFI Responses”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
20% Discount on Level 1 Penetration Testing Class: After the success of last month’s discount program, Bulb Security has once again decided to extend a deal to NoVA Infosec readers for one of their upcoming classes in June. This time it will be for a $100 Penetration Testing Level 1 class (a.k.a., Penetration Testing with Metasploit), which is probably much more accessible than the previous months “Intro to Exploit Development” topic. (continued here)
NIST Releases Analysis of Cybersecurity Framework RFI Responses: Earlier today NIST released a document covering their initial analysis of the hundreds of comments provided by industry as part of the RFI for the development of a critical infrastructure cybersecurity framework. The 33-page document starts out by introducing some of the overall categories and themes and culminates in Figure 1 to the right. This chart provides a map for the remainder of the document with each of the subsequent sections detailing a theme in terms of key phrases, statistics, example responses, and questions. How do you feel about NIST’s initial analysis? Let us know in the comments below. (continued here)
NovaHackers May Meeting Videos Posted: If you weren’t able to attend last week’s NovaHackers meetup, five of the presenters opted in to being recorded. Brett Thorson, of the Compute Cycle podcast, recorded and recently posted them. We weren’t able to attend but we heard it was a great time as usual. Did you attend May’s NovaHackers meeting and have any thoughts on any of the talks? Let us know in the commends below. (continued here)
Skype and the End to P2P Architecture & Privacy: I’ve been thinking about the recent discovery by H-Online.com of Microsoft visiting URLs used in the Skype chat window. Yeah, they may be scanning it for spam and such but in reality what we are really experiencing is the loss of the basic foundation on top of which Skype was built … encrypted peer-to-peer communications. Anyone know of a Skype-type application that still supports true peer-to-peer secured conversations? Obviously, open source is preferred… Let us know in the comments below. (continued here)
Amazon AWS Becomes FedRAMPable: Yesterday, we picked up on a bit of big news … Amazon and their AWS service officially received the stamp of approval in meeting FedRAMP in coordination with the US Department of Health and Human Services (HHS). It’ been three years in the making since the government announced FedRAMP and now Amazon joins the elite with only two other approved cloud offerings that include CGI Federal and Autonomic Resources. Will FedRAMPing systems into the cloud really make authorization easier and more secure? Let us know in the comments below. (continued here)
Twitter Adds Two-Factor Authentication but Still No Silver Bullet: Twitter has always had a special place in my heart and as a security professional I was pretty happy to learn that they finally implemented two-factor authentication earlier today. The second factor is a six digit code sent to your registered phone over SMS. In their blog post announcing the new feature, Twitter mentioned the following four simple steps in getting two-factor authentication setup. (continued here)
Hope everyone had a wonderful week. Have a great weekend!