Even Jedi Use Weak Passwords

February 23, 2016
By
Star Wars: Jedi Apprentice, Book 2 - The Dark Rival

I came across this doozy in a book my kid is reading — “Jedi Apprentice: The Dark Rival.” In one scene Jedi Master Qui-Gon Jinn is trying to access a computer of some sort of his former Padawan, Xanatos. Of course the information he is trying to access requires a password and Qui-Gon was...
Read more »

Where You Want to Be This Week for 2-22-16

February 22, 2016
By
meetup

isaca-ncaWhere do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night. If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form...
Read more »

Weekly Rewind – The Basics, QOTD & The Basics

February 19, 2016
By
Get caught up on this week's posts with Weekly Rewind

Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “The Basics – Block Uncategorized Websites”, 2) “QOTD: It’s Not About the Who…It’s About the How” and 1) “The Basics – Segment Your Network”. If you missed anything...
Read more »

In Defense of Threat Intel Feeds

February 18, 2016
By
Useless IOCs

Beyond being just a great resource on where to gather your own open source intelligence, @da_667‘s recent post makes a great point at the end in defense of the so called “easy” indicators (e.g., hash values, IP addresses, and domain names) in the popular Pyramid of Pain model. Many of us poo poo these indicators...
Read more »

The Basics – Segment Your Network

February 17, 2016
By
Ethernet Cable

Years ago I sat in my first network security class learning all about the OSI model, the operation of TCP/IP, port and protocols, and many other interesting topics. One of the main take-aways was to always segment your network for increased security. Almost 20 years later I am still surprised to find that most...
Read more »

The Basics – Block Uncategorized Websites

February 16, 2016
By
Website Construction

The HTTP protocol has long been used by bad guys as an infection vector, command and control channel, and of course data exfiltration. The countermeasure most organizations use to mitigate this attack path is a proxy server that monitors outgoing HTTP requests and blocks calls to undesirable websites. Apparently we didn’t learn anything from...
Read more »

QOTD: It’s Not About the Who … It’s About the How

February 15, 2016
By
Attribution Dice

For the past few years there has been a big focus on attributing attacks. The government has always been in the game (but obviously keeping it close to the vest) and recently vendors have been getting into the action for marketing, PR, and threat intel sales purposes (thanks to Mandiant for starting that one)....
Read more »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.