A few weeks back I noticed a great little CSI newsletter being passed around the office that provided links to three great guides on how to lock down your profiles on MySpace, FaceBook, and LinkedIn. As a paranoid security person I’ve severely restricted…
Category: News
Welcome OpenVAS – The New GPLed Version of Nessus
The folks over at Darknet just threw up a blog post entitled “OpenVAS – Open Vulnerability Assessment System (Nessus is Back!).” Finally! I won’t go into too much detail but was just excited to see this posted. Too bad BackTrack…
Bye-Bye Passwords – Maybe?
I came across an interesting New York Times story by Randall Stross over the weekend that discusses how we should be replacing passwords with information cards and how so-called single sign-on (SSO) services (e.g., OpenID and I’m sure any commercial…
The Way Not to Change NIST SP 800-30
Rybolov from The Guerilla CISO, a local infosec NoVA-based blog, has put together a great blog post about NIST’s latest effort to modernize SP 800-30: Risk Management Guide for Information Systems. In his post he stresses how NIST should not…
Updated Draft DoD 8570.1M
Over at the Carnal0wnage Blog, CG made a nice post about the updated draft version of DoD 8570.1M that is probably relevant to many of us in NoVA. This is the directive that requires many of us to have some kind of…
Federal Agencies Miss Deadline on Security Configurations
Since most of us deal with the federal government in Northern Virginia (NoVA), we thought you might find this article interesting. It’s an older but interesting SecurityFocus.com article by Robert Lemos about how most government agencies are failing to meet…
Infosec’s Dubious Future – Good or Bad for Our Careers
We came across an interesting InfoWorld article by Roger Grimes in which Bruce Schneier thinks computer security isn’t going to get any better in the next 10 years. Basically, security and complexity are interrelated. Security is getting better, but these…