Thoughts on Bluetooth Security & New Guidance from NIST

June 15, 2012
By
Thoughts on Bluetooth Security & New Guidance from NIST

Bluetooth started off very insecure with a number of attacks popping up to take advantage of various vulnerabilities in the early and mid-2000s. So many attack techniques came out that a whole vernacular appeared during this time. As per an earlier GCN.com post circa 2005, some of these terms included BlueSnarfing, BlueBugging, and BlueJacking. Other...
Read more »

Job: Cyber Exploitation Corps Development Program Candidate in Fort George G. Meade, MD

June 14, 2012
By
Job: Cyber Exploitation Corps Development Program Candidate in Fort George G. Meade, MD

We found a very interesting job posting for a position in cyber security.  The National Security Agency is looking for highly skilled computer scientists and engineers to be a part of their Cyber Exploitation Corps Development Program. Do you have a broad expertise in multiple operating systems and a strong networking background?  Then this may be...
Read more »

More Attacks Targeting US Defense Contractors

June 14, 2012
By
More Attacks Targeting US Defense Contractors

Seems some researchers have tied together a series of attack campaigns against defense contractors and others that *may* have originated in China. Those familiar with our site know this is nothing new. AlienVault first discovered the campaign in recent spear phishing attacks against Digitalbond. Later they noticed similarities to last year’s Shady Rat attack,...
Read more »

Hotmail Password Reset Fail in Pictures

June 13, 2012
By
Hotmail Password Reset Fail in Pictures

I’ve been internally brewing over the weakness of password reset questions for some time now. There have been many high profile examples the past few years where attackers have easily gained unauthorized access to other people’s online email accounts. Remember the Sarah Palin thing and her Yahoo account way back it 2008? The most...
Read more »

Salted Passwords – Only First Step for LinkedIn & Others

June 12, 2012
By
Salted Passwords – Only First Step for LinkedIn & Others

On the Twitters security journalist @briankrebs called last week “breach week” with the recent password/hash dumps of LinkedIn, eHarmony, and Last.FM. Of course the big advice from a consumer perspective was to change you passwords immediately. And those of us that had a little bit of tech curiosity could check if our password had...
Read more »

DHS Plans to Develop Cyber Workforce

June 12, 2012
By
DHS Plans to Develop Cyber Workforce

DHS is looking to to develop more infosec professionals in the coming years with a new initiative chaired by some familiar names. Their efforts will focus on beefed up involvement in “cyber” competitions and university programs as well as augmenting partnerships with others in the public and private sectors. As mentioned in one of...
Read more »

All Your MySQL DataBase Are Belong To Us

June 11, 2012
By
All Your MySQL DataBase Are Belong To Us

There’s a new vulnerability and exploit circulating around the Internet this morning. Discovered by MariaDB over the weekend, this time it’s a simply MySQL flaw that allows almost anyone to gain remote access to your MySQL databases. As noted from a Net-Security.org post on this vulnerability (see below), you only have to try authenticating...
Read more »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.