http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2012-05-11 18:28:35 - NovaInfosecPortal.com : Here it is again another of our weekly Best Bets posts As we ve previously noted most local meetups seem to be crowded into weekday evenings with almost nothing on the weekend The purpose of this post is to advertise some of the smaller events that are occurring over the weekend Most of these events occur at local hackerspaces Usually we don t include hackerspace activities in the full calendar as they tend to bury everything else Anyway, here are some happenings I ve picked through that you might want to attend this weekend You can also use the comments of this Best Bets post to announce or discuss other events happening this weekend that I may have missed Friday 5 11 CarolinaCon from Friday through Sunday if you can get the rest of Friday off, maybe you might want to head down more info Saturday 5 12 Advanced Soldering Skills from 1 00 to 4 00 PM at Nova-Labs more info Sunday 5 13 Nada Remember to checkout some of the other activities at Baltimore Node, HacDC, Nova Labs, Reverse Space, and Unallocated Space as they hold several standard activities throughout the week as well And be sure to subscribe to our RSS feed or http://www.secuobs.com/revue/news/375080.shtmlhttp://www.secuobs.com/revue/news/375080.shtml Secuobs.com : 2012-05-11 14:18:42 - NovaInfosecPortal.com - Ahhhh a classic video from back in the day Most of us have probably forgotten about it but maybe a new generation of infosec pros will find it useful My favorite scene is the router at 3 15 Here are some of my other favorite quotes We are now ready to enter the world of the Internet 7 15 You ll never know when you meet the dreaded ping of death 7 55 But they will get there Eventually Maybe that s why it s sometimes called the world wide wait 8 20 What are your favorite scenes or quotes Know of any oldie classic vids we should feature Let us know in the comments below Today s post pic is from Sitecom See ya http://www.secuobs.com/revue/news/375037.shtmlhttp://www.secuobs.com/revue/news/375037.shtml Secuobs.com : 2012-05-11 06:09:51 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Antivirus Founder, John McAfee, says politics caused GSU raid John McAfee is the founder of McAfee Antivirus has been a philanthropist and investor in Belize How rich is McAfee We re not sure, but rich enough to donate a vessel worth one point two million dollars to the Belize Coastguard in January 2009 McAfee lives in Belize and he says that he has become a target of the Gang Suppression Unit continued here grecs I just find this story weird but interesting Everyone Has Been Hacked Now What On Apr 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on http://www.secuobs.com/revue/news/374975.shtmlhttp://www.secuobs.com/revue/news/374975.shtml Secuobs.com : 2012-05-10 16:49:09 - NovaInfosecPortal.com - Today s interview is with aspiring penetration tester Mark Shrout Practically a life-long metro-DC resident, Mark has served in various DoD network analysts positions and is is currently the primary engineering for several clients In his free time he s studying pen testing and contemplating some good relevant certs to tackle As usually we would like to give a big shout-out to Andrew andrewsmhay Hay, who started this whole Information Security D-List Interview idea Similar to how we created the NovaInfosec Twits concept based on the popular Security Twits lists, we decided to bring this interview format to our blog but just focused on people that live, work, or play in NoVA, DC, and MD The whole idea is to help the local infosec community get to know one another a little bit better Finally, if you d like to nominate someone for a NovaInfosec D-List Interview, please Contact Us and let us know why they should be featured And without further ado, here s the interview Q1 How did you get started in infosec and end up in the metro-DC area A Perhaps I ve always been a bit of a hacker, taking things apart when I was younger to figure out how they http://www.secuobs.com/revue/news/374821.shtmlhttp://www.secuobs.com/revue/news/374821.shtml Secuobs.com : 2012-05-09 22:01:46 - NovaInfosecPortal.com - Contributed By Mrs Y The other day a few of us at work were looking through the April Fool s RFCs If you haven t seen them, they re only for the most dedicated nerds Almost every year, on April 1st, the IETF publishes facetious RFCs It s a tradition that started in 1973 with the Arpawocky RFC, which was a parody of Lewis Carroll s Jabberwocky Beware the ARPANET, my son The bits that byte, the heads that scratch Beware the NCP, and shun the frumious system patch, I ve generally seen them referenced by subversive engineers in project or team meetings to make a point about the absurdity of an endeavor It s an inside joke and usually goes right over everyone s head, except for the other engineers, of course One of the most popular is the IP over Avian Carriers IPoAC RFC and in 2001, the Bergen Linux User Group set up a proof-of-concept Avian carriers can provide high delay, low throughput, and low altitude service The connection topology is limited to a single point-to-point path for each carrier, used with standard carriers, but many carriers can be used without significant interference with each other, outside of early spring This is because of the http://www.secuobs.com/revue/news/374647.shtmlhttp://www.secuobs.com/revue/news/374647.shtml Secuobs.com : 2012-05-09 16:27:29 - NovaInfosecPortal.com - As a follow-up to Monday s post, Is Your Email Client Leaking Sensitive Information , I reached out to the developer of EmailPrivacyTestercom for some quick Q A about his site The developer, Mike Cardwell, was kind enough to take part and provided very thoughtful answers to some questions I thought many of us would probably have Some of the highlights for me were confirmation that the iOS email client triggers many of these checks by default, the testing of DNS prefetches to discover your DNS settings, the existence of a few XSS techniques to checkup on web-based clients, and of course the fact that the source is available for all to see and contribute to And without further ado, here s the Q A session Why did you create this email privacy testing service It has been common and accepted practice for a while now for organizations to add tracking images to their mailshots Using this technique, they can tell when you read an email, what your IP address is when you read it, and sometimes, even the client you re using Now, I m not particularly fond of this practice, and I m not sure why it doesn t get more attention It s nobody else s business when http://www.secuobs.com/revue/news/374548.shtmlhttp://www.secuobs.com/revue/news/374548.shtml Secuobs.com : 2012-05-08 18:10:12 - NovaInfosecPortal.com - TechWeekEurope published some interesting research in their Dirty Disk Vulnerability Threatens The Cloud post several weeks ago and I ve been brewing on it since The problem harkens back to the original delete function present in most OSs Instead of really deleting a file, OSs simply remove the pointer to where the file was stored on disk The same problem could occur in the cloud as demonstrated by Context Information Security s research except the non-referenced data would find it s way into part of a newly created VM Besides being able to break out of the VM, this issue might just be the next worst problem in terms of data leakage As mentioned in the article, the solution is pretty simple just zero-out the storage where the VM was after deletion Most major cloud providers ie, Rackspace, VSPNET, Amazon, and Gigenet have either implemented this or similar solutions Some VSPNET derived services might still be vulnerable though I also imagine this issue would still exist within private cloud implementations in use by a single organization or several partners Instead of the suggestion in the article to just zero-out the disk, the paranoid person in me would also recommend a pass of http://www.secuobs.com/revue/news/374310.shtmlhttp://www.secuobs.com/revue/news/374310.shtml Secuobs.com : 2012-05-08 15:38:08 - NovaInfosecPortal.com - Well the poll for this week is a little self-serving but before making any changes we just like to run things by you, the readers, to see what everyone thinks This change would just involve changing the title of the site from NovaInfosecPortalcom You d see a name change in the header of the site, in search results, etc as being NovaInfoseccom instead of NovaInfosecPortalcom The URL would probably remain the same but http wwwnovainfoseccom would just point to http wwwnovainfosecportalcom Anyway, we d appreciate your opinion If there are other answers I may have missed or opinions you want to mention, please add them to the comments below And as usual let us know if there are other poll questions you d like to see us ask Today s post pic is from Wikipediaorg See ya http://www.secuobs.com/revue/news/374283.shtmlhttp://www.secuobs.com/revue/news/374283.shtml Secuobs.com : 2012-05-07 17:08:28 - NovaInfosecPortal.com - As most of you probably already know we are always looking for guest bloggers and with the addition of our new Submit Article form we hope that this makes it makes it easier than ever Just fill in the info and your submission will be on it s way to us Now this doesn t mean we are going to blindly post anything submitted to us We ll be vetting all posts for relevancy and coolness And obviously locals or their extended family friends will have precedence The form itself is pretty simple Just enter your name and email followed by the article title and text During the submission process you also have several other options for example you can choose to remain anonymous and specify a specific release date This submission form is primary meant for those quick one-off submissions however if you think you d like to blog on a regular basis, we can also set you up with a blog account after a few posts And for any submissions that we publish you re entitled to infosec fame and glory as well as one free beer at the following month s NovaInfosec Meetup oh and it s the good stuff no http://www.secuobs.com/revue/news/374092.shtmlhttp://www.secuobs.com/revue/news/374092.shtml Secuobs.com : 2012-05-07 16:11:06 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter Light week, with nothing serious and all you have to do is just show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Wednesday 5 09 InfraGard NCMA Meetup- The Insider Threat by Terry Valois Robert Spelbrink at Lockheed Martin Crystal City from 5 00 to 8 00 PM more info NovaInfosec Meetup- CitySec movement at Velocity Five Falls Church from 6 30 to 9 30 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week ISACA NCA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them http://www.secuobs.com/revue/news/374071.shtmlhttp://www.secuobs.com/revue/news/374071.shtml Secuobs.com : 2012-05-07 15:19:08 - NovaInfosecPortal.com - In following up with some interesting security services I came across another great website on Reddit last week called EmailPrivacyTestercom Created by Mike Cardwell over the past year or so, the service performs 38 privacy checks to test your email client for privacy leaks and security bugs In this post I plan to explain how the service works, some concerns I originally had, and some pics I took when testing the service Later in the week I plan to post a chat I had with developer over email with his permission of course To use EmailPrivacyTestercom just enter your email and hit enter The site sends that address a message containing a number of tricks the typical ones marketers generally use to track email campaigns as well as some more nefarious techniques Your spam filter may detect some of these baddies so you might need to add emailprivacytestercom to your whitelist Regardless after you receive the message, simply open it and see if the results page lights up Hopefully your email client isn t set to load remote images by default Mike recommends allowing remote images as a second step to watch what your email client did block by http://www.secuobs.com/revue/news/374064.shtmlhttp://www.secuobs.com/revue/news/374064.shtml Secuobs.com : 2012-05-04 17:49:44 - NovaInfosecPortal.com - Here it is again another of our weekly Best Bets posts As we ve previously noted most local meetups seem to be crowded into weekday evenings with almost nothing on the weekend The purpose of this post is to advertise some of the smaller events that are occurring over the weekend Most of these events occur at local hackerspaces Usually we don t include hackerspace activities in the full calendar as they tend to bury everything else Anyway, here are some happenings I ve picked through that you might want to attend this weekend You can also use the comments of this Best Bets post to announce or discuss other events happening this weekend that I may have missed Friday 5 4 HAM Radio Night from 6 00 to 9 00 PM at Unallocated Space more info 2600 Arlington Meetup from 7 00 to 10 00 PM at Champps Pentagon Row more info Introduction to Brewing from 7 00 to 8 00 PM at Nova-Labs more info Saturday 5 5 NOVARRG Monthly Meeting from 2 00 to 4 00 PM at Nova-Labs more info Sunday 5 6 Sunday Crafternoon at HacDC from 3 00 to 6 00 PM at HacDC more info Remember to checkout some of the other activities at Baltimore Node, HacDC, http://www.secuobs.com/revue/news/373735.shtmlhttp://www.secuobs.com/revue/news/373735.shtml Secuobs.com : 2012-05-04 05:45:01 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Microsoft Squashes Hotmail Password Hijack Bug Microsoft has smacked down a Hotmail bug that allowed hackers to lock users out of their own accounts Redmond took one day to slap down a glitch that allowed anyone with a Firefox add-on to remotely reset the password of a Hotmail account continued here grecs Time to change my password on my spam collection account I think I registered mine way back in 1996 That might be older than some of you reading this post Skype Slurping Software Threatens IP Exposure Code posted online that can skim the last known IP address of users is being checked out by Skype as a possible security flaw The http://www.secuobs.com/revue/news/373652.shtmlhttp://www.secuobs.com/revue/news/373652.shtml Secuobs.com : 2012-05-03 17:43:00 - NovaInfosecPortal.com - Came across this awesome position on EthicalHackernet s forums Although the req reads like they are looking a mid-career candidate, in the forum post they mentioned that they have multiple pen testing positions at various levels The POC is listed at the end of the req below If you decide to apply, please mention that you heard about this position through NovaInfosecPortalcom And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Senior Penetration Tester Location Reston, VA Company Name Knowledge Consulting Group Job Description Candidate will be responsible for performing various security assessments, educating the client on the inherent risks, and providing meaningful hardening and mitigation strategies Job responsibilities include network and web-based application penetration tests, physical security assessments, logical security audits, and hands-on technical security evaluations and implementations Additionally, this person will be expected to develop subject matter expertise or focused capabilities in the topics of database security, wireless security, or application and development security Responsibilities with specifically include Conduct network and web-based application penetration tests Conduct physical security assessments Conduct logical security http://www.secuobs.com/revue/news/373422.shtmlhttp://www.secuobs.com/revue/news/373422.shtml Secuobs.com : 2012-05-03 02:23:32 - NovaInfosecPortal.com - In the past few weeks Google has been back in the news for their whole wifi slurping mess First it was the FCC slap on the wrist 25K fine More recently, Google disclosed the name of the programmer responsible for the wifi software It turns out it was none other than Marius Milner of NetStumbler fame And then there was the recollection that he wrote down in his todo list to speak to legal about possible privacy issues Of course he never got this task Geeze, over the years there are tons of things on my todo list that I never got done I hope one of those items doesn t lead to a big privacy lawsuit From a programmers perspective I see why this wasn t too high on his list though I mean the software might accidentally swipe a split second of network traffic Further the chances that someone is doing something sensitive at that exact time is even lower And even if they did swipe a username, password, birthday, or social security number, who cares Your private information is going to be just a tiny speck compared to the universe-size mound of data they collect And what are they http://www.secuobs.com/revue/news/373301.shtmlhttp://www.secuobs.com/revue/news/373301.shtml Secuobs.com : 2012-05-02 19:42:33 - NovaInfosecPortal.com - On Monday we talked about skills to obtain if you want to be a CISO But maybe that isn t your career goal and you d rather stay technical or you are just starting out TimesUnioncom posted a good article based on research from Wanted Analytics and Hiring Scale that details the most in-demand infosec skills based on resent job ads To improve your chances of better growth and being more in demand, the following skills may be something you might want to pickup now for that next job Firewall UNIX Linux Intrusion Prevention Systems IPS Network Routers Penetration Testing Microsoft Office Really Maybe they re just getting at the ability to communicate Virtual Private Networks VPN I did remove some of the vague ones like information assurance and cyber security I m thinking they might have meant focusing on the paper aspects of security such as security engineering, C A, FISMA, and other compliance requirements Here are some relevant snip-its from the source article that some of you might be interested in Note that there is a lot of emphasis on the metro DC area via TimesUnioncom During March 2012, more than 5,500 jobs for Computer Security Specialists were advertised online, Concerns http://www.secuobs.com/revue/news/373190.shtmlhttp://www.secuobs.com/revue/news/373190.shtml Secuobs.com : 2012-05-02 00:29:04 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter Uh-Oh, this post almost escaped me this week, anyways there s a couple of meetups this week and all you have to do is just show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Thursday 5 03 OWASP NoVA Meetup- Starting a Security Group by Ken Johnson at Living Social Reston from 6 00 to 9 00 PM more info Friday 5 04 2600 Arlington Meetup- Normal Meetup at Champps Pentagon Row from 7 00 to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Nothing scheduled yet Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces http://www.secuobs.com/revue/news/373034.shtmlhttp://www.secuobs.com/revue/news/373034.shtml Secuobs.com : 2012-05-01 17:57:01 - NovaInfosecPortal.com - Yes, it s that time of the month again when many of those friendly MailMan services email password reminders to us I ve covered this before and it s very easy to disable the whole password reminder feature from a subscribee perspective To jog your memory, below is the relevant setting within your MailMan configuration panel The reminder email should contain a link to your preferences page where you can find this option Change this setting from the default of Yes to No If you are signed up for more than one list on that server, select the Set globally option as well Then just hit the Submit My Changes button below and you should be all set As previously noted the default setting for this option can also be changed on the MailMan server See the picture below for the relevant setting Obviously, I think most of us would agree that the default setting for send_reminders, especially for security lists we subscribe to, should emphatically be set to No I recommend contacting the administrator of any site that sends cleartext passwords in this manner and seeing if they can resolve this matter Usually for MailMan lists, the administrative email would be mailman-owner lists http://www.secuobs.com/revue/news/372947.shtmlhttp://www.secuobs.com/revue/news/372947.shtml Secuobs.com : 2012-04-30 17:26:51 - NovaInfosecPortal.com - You may remember last week we did a quick post on four cyber-related bills being voted on in the House Well since then we ve done a poll and kept up on some of the news regarding this legislation Apparently no one in the House saw our poll results Over 82pourcents of the people responded with Definitely not the new bills are there only to fulfill an agenda We ve heard a lot about Cyber Intelligence Sharing and Protection Act CISPA but what ever happened to the other three bills Here s a quick run-down based on a few articles I ve found Bill Result Comment Cyber Intelligence Sharing and Protection Act CISPA HR 3523 Passed 248-168 This is the big controversial one that will be heading to the Senate The Senate s version is quite different so we really don t know what s going to happen there Also it looks like the White House would veto this bill in its current form as they feel it infringes too much on privacy Federal Information Security Amendments Act FISCAM HR 4257 Passed via Voice Vote Known as the FISMA Act of 2012, this piece of legislation would require agencies to be more proactive and implement continuous http://www.secuobs.com/revue/news/372743.shtmlhttp://www.secuobs.com/revue/news/372743.shtml Secuobs.com : 2012-04-30 15:06:48 - NovaInfosecPortal.com - For many of us in the infosec industry one of our ultimate career goals might be to become the CISO of an organization Phil Muncaster posted a interesting article on this topic titled Wannabe infosec kingpins Forget tech, grab a clipboard on The Register recently In it he recommended focusing on improving your business, communication, and risk management skills rather than getting to bogged down in the tech I guess we can t have our cake and eat it too Well maybe I feel it depends on the size of your organization If you re talking about a small or medium sized company, you may be able to stay technical while at the same time fill the CISO role You ll still have to learn and be able to perform the boring business, communication, and risk management skills mentioned above but at least you can have some fun once in a while On the other hand if you have dreams of being the CISO of a very large organization, you ll probably end up having to forgo the tech and instead only focus on Muncaster s recommends via TheRegistercom Budding chief information security officers CISOs would be better off boning up on business, communication, and http://www.secuobs.com/revue/news/372711.shtmlhttp://www.secuobs.com/revue/news/372711.shtml Secuobs.com : 2012-04-27 21:19:30 - NovaInfosecPortal.com - Here it is again another of our weekly Best Bets posts As we ve previously noted most local meetups seem to be crowded into weekday evenings with almost nothing on the weekend The purpose of this post is to advertise some of the smaller events that are occurring over the weekend Most of these events occur at local hackerspaces Usually we don t include hackerspace activities in the full calendar as they tend to bury everything else Anyway, here are some happenings I ve picked through that you might want to attend this weekend You can also use the comments of this Best Bets post to announce or discuss other events happening this weekend that I may have missed Friday 4 27 Byzantium Sprint from 8 00 to 10 00 PM at HacDC more info Saturday 4 28 Basic Melt-and-Pour Soap Crafting Class from 10 00 AM to 12 30 PM at Nova-Labs more info Arduino 101 from 1 00 to 2 30 PM at Nova-Labs more info Learn Basic Soldering Skills from 3 30 to 5 00 PM at Nova-Labs more info Monthly Unallocated LAN Party from 5 00 to 12 00 PM at Unallocated Space more info Sunday 4 29 Nada Remember to checkout some of the other activities at Baltimore Node, HacDC, http://www.secuobs.com/revue/news/372485.shtmlhttp://www.secuobs.com/revue/news/372485.shtml Secuobs.com : 2012-04-27 05:38:29 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Alan Turing Papers on Code Breaking Released by GCHQ Two 70-year-old papers by Alan Turing on the theory of code breaking have been released by the government s communications headquarters, GCHQ It is believed Turing wrote the papers while at Bletchley Park working on breaking German Enigma codes continued here grecs Love older crypto historical stuff like this MD Becomes First to OK Password Protection Bill Maryland is poised to become the first state that bans employers from demanding applicants or workers hand over their log-in information for social media sites like Facebook The measure, , keeps companies from snooping on password-protected content, continued here grecs Nice to see a local state blazing http://www.secuobs.com/revue/news/372348.shtmlhttp://www.secuobs.com/revue/news/372348.shtml Secuobs.com : 2012-04-25 19:56:39 - NovaInfosecPortal.com - I was searching around looking for a solution on changing my Apple Remote s default settings and was particularly interested in knowing if someone could use it s out-of-the-box settings to perform nefarious activities I couldn t find anything but during my search I came across a great site called ExploitSearchnet I remember hearing about this website before on one of the many podcast I listen to but never really had time to check it out I was thinking that it was just a Google Custom Search but this assumption is definitely not the case according to their FAQ This site, wwwexploitsearchnet, is an attempt at cross referencing correlating exploits and vulnerability data from various sources and making the resulting database available to everyone Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases websites and parses the contained data Once the data is collected and parsed, it is inserted into the wwwexploitsearchnet database and becomes available for searching Right now they are pulling in, indexing, and providing search from 12 exploit sources, which include the following sites Exploit-DB Saint 1337day NVD OSVDB SecurityFocus PacketStorm Nessus OpenVAS Metasploit X-Force exploit-h ExploitSearchnet supports all the typical search operators http://www.secuobs.com/revue/news/371987.shtmlhttp://www.secuobs.com/revue/news/371987.shtml Secuobs.com : 2012-04-24 16:30:05 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter A moderate week this week with plenty to keep you busy during the week and all you have to do is just show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Tuesday 4 24 EnergySec Tweetup- An informal tweetup of some of the local luminaries at Clyde s Reston from 6 30 to 9 30 PM more info Wednesday 4 25 CapSecDC Meetup- Normal Meetup at Fado Irish Pub Restaurant from 7 00 to 10 00 PM more info ISSA Baltimore Meetup- US-CERT 101 General Briefing by Brian Zeitz at Concurrent Technologies Corporation from 5 00 to 7 00 PM more info Thursday 4 26 CharmSec Meetup- Normal Meetup at Slainte Irish Pub Restaurant from 7 00 to 10 00 PM more info Next Week And for those http://www.secuobs.com/revue/news/371699.shtmlhttp://www.secuobs.com/revue/news/371699.shtml Secuobs.com : 2012-04-24 15:42:17 - NovaInfosecPortal.com - In honor of this week informally being called Cyber Week with all the legislation up for grabs on the hill as discussed yesterday, we thought it would be an appropriate topic for this weeks survey As mentioned yesterday the bills we ve come across that are being voted on this week include the following Cyber Intelligence Sharing and Protection Act CISPA Federal Information Security Amendments Act FISCAM Cybersecurity Enhancement Act Advancing America s Networking and Information Technology Research and Development Act There are some in the community that say we need such legislation to update or better define existing laws to be more relevant in today s world Others say that existing laws are good enough and that these bills are only being used to serve someone s agenda What do you think If there are other answers I may have missed or opinions you want to mention, please add them to the comments below And as usual let us know if there are other poll questions you d like to see us ask Today s post pic is from SableVeritycom See ya http://www.secuobs.com/revue/news/371686.shtmlhttp://www.secuobs.com/revue/news/371686.shtml Secuobs.com : 2012-04-23 16:31:09 - NovaInfosecPortal.com - I m not too much of a politics sort of guy but several headlines caught my attention for this upcoming week Being a suspicious person many of these bills often sound good on the surface but I often question the true motives behind each Maybe there are no motives and people are just trying to make the world a better place but more than likely they aren t But that s how our government runs and I guess we have to take the good with the bad Here s a quick run-down of all the bills being looked at this week Cyber Intelligence Sharing and Protection Act CISPA Yeah, this is that really controversial one you ve been hearing about On the cover HR 3523 looks like the government is just trying to improve information sharing Underneath the sheets though many are worried about extended government surveillance Expect lots of headlines on this story throughout the week track it on GovTrackus Federal Information Security Amendments Act FISCAM Also known as the FISMA Act of 2012 or HR 4257, this bill would require agencies to be more proactive and implement continuous monitoring efforts Is anything going to improve FISMA Maybe but it s the http://www.secuobs.com/revue/news/371472.shtmlhttp://www.secuobs.com/revue/news/371472.shtml Secuobs.com : 2012-04-23 15:44:44 - NovaInfosecPortal.com - On Friday Forbe s columnist Andy Greenberg wrote a very interesting piece entitled Cybercrime Game Theory Why Apple s Malware Grace Period Ended Early In it he discusses how SourceFire researcher Adam J O Donnel used Game Theory to predict the market share at which Macs would have to achieve in order for it to be worthwhile for cyber criminals to start attacking the Mac platform This research occurred almost four years ago and that percentage was 16pourcents Macs currently take up about 11pourcents market share as of the fourth quarter from 2011 but due to recent rise in Mac malware, Greenberg suggests the grace period has already ended In order to explain this difference the article continues on to discuss one possibility being that antivirus is more effective than O Donnel originally thought He assumed 80pourcents effectiveness but recent tests showed that even the worse antivirus programs detected up to 93pourcents Substituting in this higher detection rate lowered the predicted market share from 16pourcents to 65pourcents Given that Macs probably passed that threshold years ago I guess we are already in over our heads Or maybe not First of all the 93pourcents antivirus effectiveness seems off to me Maybe the 300,000 test samples http://www.secuobs.com/revue/news/371457.shtmlhttp://www.secuobs.com/revue/news/371457.shtml Secuobs.com : 2012-04-23 14:10:30 - NovaInfosecPortal.com - We ve discussed this topic before in our Operation Deadline Extension article but in the month since that post, it seems a significant number of bots are still reporting into the two temporary DNS servers the FBI setup to keep DNSChanger Trojan-infected computers from losing Internet access First off, they wouldn t be loosing Internet access just the ability to translate domain names into IP addresses But that s a nit as it s essentially the same thing from the average users perspective As previously noted, in March the FBI extended the deadline they would be maintaining these two servers until July 9th to give organizations more time to discover and address infected computers The numbers don t look promising though In five months the estimated number of compromised machines have decreased from 568K only down to 360K Of the 360K only 85K appear to be in the US Given that most of these US users are probably non-technical home users as the article states, I personally think the FBI should just pull the plug already What s the worst that going to happen The DNS servers go down and my Mom won t be able to access her Yahoo Mail or embarrass me on Facebook http://www.secuobs.com/revue/news/371440.shtmlhttp://www.secuobs.com/revue/news/371440.shtml Secuobs.com : 2012-04-20 16:58:14 - NovaInfosecPortal.com - Well we decided to continue this for another week since a few people said they found it useful As I ve previously noted most local meetups seem to be crowded into weekday evenings with almost nothing on the weekend The purpose of this post is to advertise some of the smaller events that are occurring over the weekend Most of these events occur at local hackerspaces Usually we don t include hackerspace activities in the full calendar as they tend to bury everything else Anyway, here are some happenings I ve picked through that you might want to attend this weekend You can also use the comments of this Best Bets post to announce or discuss other events happening this weekend that I may have missed Friday 4 20 Nada Saturday 4 21 Soiree the Mini-Con from 5 00 to 9 00 PM at Unallocated Space more info Dupont Circle Bar Hopping late Saturday night with Dave Aitel ping him on Twitter daveaitel to get vectored in Sunday 4 22 Nada Remember to checkout some of the other activities at Baltimore Node, HacDC, Nova Labs, Reverse Space, and Unallocated Space as they hold several standard activities throughout the week as well And be sure to subscribe to our http://www.secuobs.com/revue/news/371089.shtmlhttp://www.secuobs.com/revue/news/371089.shtml Secuobs.com : 2012-04-20 06:04:50 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Why Airport Security Is Broken And How To Fix It Airport security in America is broken I should know For 3½ years from my confirmation in July 2005 to President Barack Obama s inauguration in January 2009 I served as the head of the Transportation Security Administration You know the TSA continued here grecs Finally somebody said it but I doubt much will change New Mac OS X Backdoor Trojan Discovered Security firm Sophos has discovered more malware for the Mac OS X platform Called Sabpab, this new threat uses the same Java vulnerability used by the Flashback botnet malware that netted over 650,000 Macs earlier this month continued here grecs Apple can no longer hide http://www.secuobs.com/revue/news/371007.shtmlhttp://www.secuobs.com/revue/news/371007.shtml Secuobs.com : 2012-04-20 04:28:18 - NovaInfosecPortal.com - A few weeks ago I came across a mobile security article entitled Five Steps to Enhance Mobile Device Security In it the author stresses the increasing number of attacks on mobile devices and continues on to point out five steps he thinks will help solve the problem We ve touched on articles like this before but I like noting pieces like this so I can add it to my collection of references I m building for the Ultimate Mobile Security post I ve been working on Here s the start of the article for you reading pleasure via Net-Securityorg Mobile devices are quickly becoming a target rich and high return on investment environment for malicious attackers Their use is expected to surpass the use of existing laptops and desktop computers by a factor of at least three in the next five years The rapid innovation that is often associated with these devices also means that in the near future they are expected to have expanded capabilities, including touch less payments, personal data repositories, fully functional local applications, and the ability to simultaneously enable high-speed access to corporate and personal networks and applications There are numerous behaviors and capabilities that users can adopt to help http://www.secuobs.com/revue/news/371003.shtmlhttp://www.secuobs.com/revue/news/371003.shtml Secuobs.com : 2012-04-19 05:31:52 - NovaInfosecPortal.com - The Lightweight Portable Security LPS distribution has been around for awhile but I thought I d put out a quick post for those that might not be familiar with it The DoD created this Linux distro shown at right a few years ago with the goal of providing telecommuters an option for using home or other untrusted computers to access limited functions of the same networks and systems they use while at work Built as a LiveCD, LPS ensures your physical system is booted up into a known good state and is pre-configured with all the necessary settings to facilitate connections back to your home organization DoD describes LPS as the following Lightweight Portable Security LPS creates a secure end node from trusted media on almost any Intel-based computer PC or Mac LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive Administrator privileges are not required nothing is installed The LPS family was created to address particular use cases LPS-Public is a safer, general-purpose solution for using web-based applications The accredited LPS-Remote Access is only for accessing your organization s private network LPS-Public allows general web browsing and connecting to remote networks http://www.secuobs.com/revue/news/370798.shtmlhttp://www.secuobs.com/revue/news/370798.shtml Secuobs.com : 2012-04-18 17:09:30 - NovaInfosecPortal.com - I thought this article over on InfoRiskToday brought up a interesting question we might all need to ask ourselves at some point Although it s a formal opinion survey, which I normally don t like because it s not fact-based, it got me thinking how I do things via InfoRiskTodaycom Should you accept a Facebook friend request from your boss And if you don t accept the invitation, could that decision possibly hurt your career According to a new survey of 1,000 US residents by Russell Herder, a marketing firm in Minneapolis, many professionals now find themselves faced with this dilemma, which often challenges their definition of the boundary between personal and professional lives There is no black-and-white answer Each of us has differing perspectives on the distinction between our personal and professional lives Continued here As expected the key takeaway was that younger people would be more likely to friend their bosses 26pourcents versus 10pourcents Unfortunately, I fall in the older range but I use a slightly different approach so in a lot of cases I would actually friend my boss I generally keep two Facebook profiles yes I m pretty sure this is against their terms of service , one for family and close http://www.secuobs.com/revue/news/370663.shtmlhttp://www.secuobs.com/revue/news/370663.shtml Secuobs.com : 2012-04-18 00:17:46 - NovaInfosecPortal.com - So I decided to go for the whole Apple TV thing and it was very easy to install as expected The only odd thing was that as I was navigating through the NetFlix menus, I noticed my Mac s volume going up and down Or sometimes it would launch iTunes and start playing a song I searched around for this problem and found it detailed on AskDaveTaylorcom Apparently any of the newer Apple Remotes will control many of the more recent Apple-based products by default In Dave s case pushing play would cause three different devices to start playing via AskDaveTaylorcom This is kinda crazy, but if I have my MacBook Pro running when I m controlling my new Apple TV with the little remote, it actually also responds to the button pushes Where this gets crazy is if I m looking for a video or popping around on Netflix suddenly my laptop starts playing music too Is there some way to disable this weird feature Dave s Answer This is a legitimate problem and I see it even worse because my standard charging dock for my Apple iPhone is the A V dock from the company Turns out that also has the ability to listen http://www.secuobs.com/revue/news/370529.shtmlhttp://www.secuobs.com/revue/news/370529.shtml Secuobs.com : 2012-04-17 19:21:05 - NovaInfosecPortal.com - There s been a lot of discussion lately around usefulness of antivirus software after Rob Lee released his blog post Is Antivirus Really Dead last week In case you missed his analysis Rob s team was able to use fairly simple attack sequences to bypass any of the controls they had in place The scary thing is that the systems they attacked even included more protections than just antivirus Some of the other components included antispyware, surfing protection, antispam, device control, and HIPS among other things from a certain big vendor Many jumped on the Antivirus Is Dead bandwagon even though that was not Rob s conclusion while others disagreed I wrote up my opinion in The Death of Mr Norton Has Been Greatly Over Exaggerated From the title you can see which side I fell on I basically concluded that antivirus is not the silver bullet however it s useful as part of a defense-in-depth approach Anyway, based on all this discussion I thought this topic would make a good poll question If there are other answers I may have missed or opinions you want to mention, please add them to the comments below And as usual let us know if http://www.secuobs.com/revue/news/370457.shtmlhttp://www.secuobs.com/revue/news/370457.shtml Secuobs.com : 2012-04-16 19:06:09 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter A moderate week this week with plenty to keep you busy during the week We are also having our first NovaInfosec Meetup on Wed so don t forget to RSVP by commenting on post w yes no maybe and yes, fake names are OK With that said, here are your meetups for this week and as well as a preview for next week This Week Tuesday 04 17 ISACA NCA Meetup- Federal IT Security at Holiday Inn Rosslyn at Key Bridge from 7 30 Am to 4 30 PM more info ISSA DC Meetup- Highlights from NIST Special Publication 800-53 Revision 4 by Ron Ross at Government Printing Office from 6 30 to 8 00 PM more info Wednesday 04 18 NovaInfosec Meetup- Meetup at Velocity Five Falls Church from 6 30 to 9 30 PM more info Thursday 04 19 OWASP NoVA Meetup- Normal Meetup at LivingSocial in Reston from 6 00 http://www.secuobs.com/revue/news/370234.shtmlhttp://www.secuobs.com/revue/news/370234.shtml Secuobs.com : 2012-04-16 17:25:59 - NovaInfosecPortal.com - A few weeks ago I received a call from the doctor s office during a busy day The nice women on the other end of the call mentioned that I had a past due balance and asked if I had received the bills in the mail I m really bad at going through mail so I probably received them but they re in the big pile of stuff that I m going to go through someday Being very busy at the time and just wanting to knock this task out so I wouldn t have to deal with it anymore I reached for my credit card Situations like this have happened to me in the past and as far as I know I don t think I was phished or maybe the correct term is vished for my credit card number As I reached for my card this time though a thought entered my mind How do I know this nice sounding lady is from the doctors office The area code looked right but I didn t happen to have the office s full number And even if I did have their phone number, it s easy nowadays to spoof your number eg, setting up your own VoIP http://www.secuobs.com/revue/news/370204.shtmlhttp://www.secuobs.com/revue/news/370204.shtml Secuobs.com : 2012-04-14 06:02:54 - NovaInfosecPortal.com - Just a little something I d thought I try here Most meetups seem to be crowded into weekday evenings with almost nothing on the weekend So I thought I d start up something to post about upcoming weekend activities Most of these events occur at local hackerspaces when for some reason non-hackerspace organizations take a break Usually we don t include hackerspace events in the full calendar as they tend to clutter up it too much so we hope this post makes up for that some Anyway, here are some happenings I ve picked through that you might want to attend this weekend You can also use the comments of this Best Bets post to announce or discuss other events happening this weekend that I may have missed Friday 4 13 Nada Saturday 4 14 Nada Sunday 4 15 Analog Gaming Sunday from 2 00 to 7 00 PM at Unallocated Space more info Remember to checkout some of the other activities at Baltimore Node, HacDC, Nova Labs, Reverse Space, and Unallocated Space as they hold several standard activities throughout the week as well And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events http://www.secuobs.com/revue/news/369969.shtmlhttp://www.secuobs.com/revue/news/369969.shtml Secuobs.com : 2012-04-13 05:59:37 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Apple Malware Flourishes in a Culture of Denial It looks as though Apple s Mac OS X users have seen their first significant outbreak of malware, with Dr Web researchers claiming that more than 600,000 Macs have been botted by the drive-by Trojan, BackDoorFlashback39 Since Macs make up only a small percentage of the PC market 65 million Macs vs 13 billion PCs , this would be roughly equivalent to the Conficker outbreak, continued here grecs Less risk when using Macs but as they get targeted more, the risk goes up When You Share with Facebook Friends, You Share with All the Apps They Use Raganwald describes a Facebook privacy-leak that s creepy even by http://www.secuobs.com/revue/news/369738.shtmlhttp://www.secuobs.com/revue/news/369738.shtml Secuobs.com : 2012-04-13 00:22:24 - NovaInfosecPortal.com - I saw VPN Hunter posted on Twitter a few weeks ago and have been meaning to put out a quick post on it Basically, it is the Shodan of VPNs Currently it detects SSL VPNs, remote access points, email portals, and generic login sites Below is a more detailed list of the services VPN Hunter detects SSL VPNs Juniper, Cisco, Palo Alto, Citrix, Fortinet, F5, SonicWALL, Barracuda, Microsoft, Array Remote Access Services IPsec, PPTP, OpenVPN, RDP, SSH Email Portals Outlook Web App, Gmail, Zimbra I ran the VPN Hunter against a few domains just to get a feel for things and found it to be very accurate As an example, here are some screenshots when I ran it against novainfosecportalcom First, I entered the domain into the search field and hit Enter VPN Hunter return the following results click to enlarge A little further down it provided some more information click to enlarge Overall, VPN Hunter is a very nice free tool It s creator, Duo Security, seems to monetize it by advertising upgrades to help close any of the holes it finds Regardless, VPN Hunter will definitely be something to complement your Shodan searches in the recon phase How http://www.secuobs.com/revue/news/369705.shtmlhttp://www.secuobs.com/revue/news/369705.shtml Secuobs.com : 2012-04-11 20:46:45 - NovaInfosecPortal.com - As most of you have probably already heard Marriott has been found injecting ads or at least space where ads could be injected into their free wifi I first read about this story in the New York Times but the blog- twitter-sphere has been full of follow-up commentary Since then Marriott s ISP ensured that the ad injection has been disabled and Marriott themselves finally came out with their own statement specifically noting unbeknownst to the hotel, the Internet service provider ISP was utilizing functionality that allowed advertising to be pushed to the end user The ISP has assured the hotel that this functionality has now been disabled That s nice but I would like proof rather than just being assured and unfortunately I don t see myself traveling to New York anytime soon Maybe by accident the ad injection could get enabled again Or perhaps other hotels and restaurants are knowingly or unknowingly injecting ads to supplement their wifi service costs If you want to protect yourself here are some options I ve covered in previous articles on NovaInfosecPortalcom Per one of our Starbuck s wifi posts some basics you can do include enabling locking down your firewall, using application specific secured proxies, and implementing http://www.secuobs.com/revue/news/369435.shtmlhttp://www.secuobs.com/revue/news/369435.shtml Secuobs.com : 2012-04-11 05:25:45 - NovaInfosecPortal.com - Over the past few months I had the opportunity to attend several awesome conferences and meetups One concept that keeps rearing its head is that antivirus is dead I m guessing this comes up a lot because of it s reliance on a reactive signature-based approach As most of us probably know this method doesn t work because signatures are in response to current attacks instead of being proactive All a person has to do is take an existing attack and change the signature so that it isn t detected anymore It s your classic cat mouse game Well maybe back in the old days when we had to look at that smug Norton guy on the face of all the boxes in Micro Center, the cat mouse issue was true however vendors have continued to evolve their products eg, the incorporation of behavior-based detection to address the ever changing attack techniques Yeah, antivirus products might be behind the leading edge of attacks but at least they help us in keeping up I liken the issues we have with antivirus with the complaints we have with passwords Yes, passwords suck at providing perfect security and we all know that But guess what http://www.secuobs.com/revue/news/369272.shtmlhttp://www.secuobs.com/revue/news/369272.shtml Secuobs.com : 2012-04-10 19:40:14 - NovaInfosecPortal.com - As most of you know I like talking about all this fun infosec career stuff And so I continue with an article that I came across last night that I thought I d pass along InformationWeekcom s Cindy Waxer conducted an interview with Brian Duckering of Symantec and provided 4 Tips How To Land An IT Security Job The interesting slant about this piece is that it assumes you are trying to migrate from being a seasoned IT generalist to a seasoned security specialist, which is a little different in terms of the typical how to get started in infosec posts In summary the article recommends the following four tips to get started Consider Certification Love em or hate em certifications are a piece of the puzzle or one of the tent poles as I like to say here and here Go Back To School They recommend getting an MBA Really Never heard anyone mention this approach before The author did mention an MBA in Information Systems ok that s a little better if you want to become someone at the CXO level Personally for most of those that probably read this blog, getting a masters or a graduate certificate in http://www.secuobs.com/revue/news/369155.shtmlhttp://www.secuobs.com/revue/news/369155.shtml Secuobs.com : 2012-04-09 22:22:03 - NovaInfosecPortal.com - Last Thursday had the opportunity to give a talk on the PHPIDS install I ve been running on several blogs for awhile This was the first time I gave it There s still a lot of additional research I need to do here and I m looking forward to updating this talk in the near future Anyway, here is the talk abstract as well as links to the slides Using PHPIDS to Understand Attacks Trends As described by its author, PHPIDS is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application As an open source project it provides web site owners unfamiliar with traditional log analysis an easy way to learn of attacks against their site This presentation will provide an overview of PHPIDS as well as instructions for incorporating it into your web infrastructure Specifically, the talk will start with a detailed description of PHPIDS, including its architecture and operational flow Next, the discussion will turn to the basics of installing, configuring, and testing it for any PHP web application Finally, the presenter will provide insight into operations and maintenance of PHPIDS from over two years of use, including calibration, signature updates, incident response, http://www.secuobs.com/revue/news/368988.shtmlhttp://www.secuobs.com/revue/news/368988.shtml Secuobs.com : 2012-04-09 16:39:17 - NovaInfosecPortal.com - I ve written about SharePoint before and felt that it s ok security-wise if you configure it right But then last week I saw a talk at AppSecDC titled SharePoint Security 101 and am very scared to say the least See my summary of the SharePoint talk here So I pass the question on to the NoVA and Metro DC security community as a whole If there are other answers I may have missed or opinions you want to mention, please add them to the comments below And as usual let us know if there are other poll questions you d like to see us ask Today s post pic is from BanglaVisioncom attacker annotation by grecs See ya http://www.secuobs.com/revue/news/368914.shtmlhttp://www.secuobs.com/revue/news/368914.shtml Secuobs.com : 2012-04-07 01:30:42 - NovaInfosecPortal.com - If you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles This Creepy App Isn t Just Stalking Women Without Their Knowledge, It s A Wake-Up Call About Facebook Privacy Boy, you sure have a lot of apps on your phone Well, it s my job What s your favorite Oh, I couldn t choose But hey, want to see one to set your skin crawling It was the flush end of a pleasurably hot day 85 degrees in March and we were all sipping bitter cocktails out in my friend s backyard, which was both his smoking room, beer garden, viticetum, opossum parlor and barbecue pit continued here grecs Hopefully this is a wake up call to everyone re privacy on social networks Card Processor Hackers Stole http://www.secuobs.com/revue/news/368700.shtmlhttp://www.secuobs.com/revue/news/368700.shtml Secuobs.com : 2012-04-06 02:56:44 - NovaInfosecPortal.com - Yesterday I had the opportunity to give another one of my infosec career talks this time AppSecDC In an effort to better link the general strategic advice we all usually get with more actionable tactical steps, I narrowed the talk to only focus on web application security This seemed to work well Anyway, here is the talk abstract as well as links to the slides and career exploit kit The Easy Button for Your Web Application Security Career The web application security field has been rapidly growing over the past decade due in part to the continued webinization of the world in combination of ever evolving government laws and regulations, industry compliance requirements, and the ongoing increases in online crime If you have an interest in the web and security, there has never been a better time to make the transition into this specialization For those already practicing in this field it s a great time to take advantage of this rapid growth and managing your career to most efficiently meet your goals Although many career presentations or articles leave people motivated, they don t often provide the quick next steps that participants can take home and immediately start implementing This http://www.secuobs.com/revue/news/368460.shtmlhttp://www.secuobs.com/revue/news/368460.shtml Secuobs.com : 2012-04-06 02:14:40 - NovaInfosecPortal.com - I ve written about SharePoint security before and my opinion was that it s getting much better however they have a lot of insecure stigma to shake off Additionally, securing it can be done however it may become very cumbersome to manage in large environments Rob Rachwald s talk pretty much confirmed my thoughts but also led me to believe that maybe things are worse than I thought First of all Rob noted SharePoint was designed to collaborate not to be secure and this is it s fundamental problem I thought this was the most thought provoking quote of his presentation Rob continued on discussing several polls that pointed out that SharePoint is being used to store sensitive information but no one is securing it The end result is that admins and many others have total access to everything As an example he pointed out how Bradley Manning was able to exfiltrate some of the data he obtained by using a simple wget script to crawl SharePoint sites he had limited access to Of course this incident didn t scare the federal government, or anyone else for that matter, as SharePoint use continues to rapidly grow Several of Rob s slides illustrated how Microsoft is working http://www.secuobs.com/revue/news/368455.shtmlhttp://www.secuobs.com/revue/news/368455.shtml Secuobs.com : 2012-04-06 02:14:40 - NovaInfosecPortal.com - Yesterday I had the opportunity to give another one of my infosec career talks this time AppSecDC In an effort to better link the general strategic advice we all usually get with more actionable tactical steps, I narrowed the talk to only focus on web application security This seemed to work well Anyway, here is the talk abstract as well as links to the slides and career exploit kit The Easy Button for Your Web Application Security Career The web application security field has been rapidly growing over the past decade due in part to the continued webinization of the world in combination of ever evolving government laws and regulations, industry compliance requirements, and the ongoing increases in online crime If you have an interest in the web and security, there has never been a better time to make the transition into this specialization For those already practicing in this field it s a great time to take advantage of this rapid growth and managing your career to most efficiently meet your goals Although many career presentations or articles leave people motivated, they don t often provide the quick next steps that participants can take home and immediately start implementing This http://www.secuobs.com/revue/news/368454.shtmlhttp://www.secuobs.com/revue/news/368454.shtml Secuobs.com : 2012-04-05 05:25:05 - NovaInfosecPortal.com - Back in the day web shells were all the rage so I was curious what new was happening in this area Ryan Kazanciyan started off with a summary of some of the more poplar web shells he s seen in the past several years Two examples included ASPXSpy and China Chopper He discussed how each worked and noted that there is nothing new about their operation The new aspect of these web shells isn t the web shells themselves or how they operate but rather how attackers install and use them In most situations they install web shells AFTER they re already within the target network The attackers usually compromise a machine through phishing and then laterally install the web shell on another system They seem to primarily be using these shells as a backup in case they lose their primary access mechanisms To illustrate this concept the Ryan detailed a case study involving an attack initiated through a spearphishing campaign From that already compromised host, the attackers installed several web shells that appeared to be used for command and control The attacker s primary means of access was a VPN server that they also compromised as part of the original spearphishing campaign It http://www.secuobs.com/revue/news/368157.shtmlhttp://www.secuobs.com/revue/news/368157.shtml Secuobs.com : 2012-04-04 22:40:58 - NovaInfosecPortal.com - I had the opportunity to attend the Python Basics for Web App Pentesters Part 2 by Justin Searle Being someone that hasn t program for a good number of years, this Python talk really appealed to me I ve been wanting to relearn to code again to simplify or automate some of my day-to-day security-related tasks This talk seemed right up my alley There are many languages out there that might fit the infosec pros needs however Justin suggested that if you are learning a language for the first time or picking it up again after a long break in my case , Python might be the way to go He touched on some of its advantages, eg, it being cross-platform assuming you use the standard library and fairly feature rich not as much as Perl but better than Ruby Of course there are some frustrations as well The language requires mandatory whitespace, which on the other hand, is probably a good thing You ll actually be able to read you code years down the road And if it turns out you really love Python you can even make it your permanent shell Justin continued on providing several code examples of things http://www.secuobs.com/revue/news/368111.shtmlhttp://www.secuobs.com/revue/news/368111.shtml Secuobs.com : 2012-04-03 20:56:29 - NovaInfosecPortal.com - As we announced last month AppSecDC is upon us and I m excited to be heading down into the city soon For those interested I m honored to be presenting twice at this event one on Wednesday at 2 30 and another on Thursday at 4 30 I ve included the title and abstracts below I always enjoy meeting new people so please don t be shy come up and introduce yourself I ll be doing a mix of attending talks, networking, blogging, and of course trying to keep up back at the office somewhat so please excuse me if I seem distracted When not attending sessions, you ll probably find me in the vendor or CTF areas or wherever I can find a power and Internet access hungered down over my laptop I ll probably be sporting my black t-shirt surprised with the grecs profile pic on it and maybe my ScotteVest vest if I can find it To get updates as to where I might be the best way is to probably track me on Twitter at grecs I ve been looking over the talks and following my three-a-day rule see rule 3 in my ShmooCon Fight Club Rules post from earlier this year these are http://www.secuobs.com/revue/news/367837.shtmlhttp://www.secuobs.com/revue/news/367837.shtml Secuobs.com : 2012-04-03 16:23:32 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter April see s us starting with a very light schedule, only one meetup scheduled this week Nothing formal, so all you have to do is show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Friday 04 06 2600 Arlington Meetup- Normal Meetup at Champps Pentagon Row from 7 00 to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Wednesday ISACA CM Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to http://www.secuobs.com/revue/news/367782.shtmlhttp://www.secuobs.com/revue/news/367782.shtml Secuobs.com : 2012-04-03 01:19:11 - NovaInfosecPortal.com - Last week in our Weekly Rewind post we covered the story Shopping For Zero-Days from Forbes via Forbescom A clever hacker today has to make tough choices Find a previously unknown method for dismantling the defenses of a device like an iPhone or iPad, for instance, and you can report it to Apple and present it at a security conference to win fame and lucrative consulting gigs Share it with HP s Zero Day Initiative instead and earn as much as 10,000 for helping the firm shore up its security gear Both options also allow Apple to fix its bugs and make the hundreds of millions of iPhone and iPad users more secure Continued here As part of my commentary I asked the question If a US citizen finds an exploit, creates a zero-day, and sells it to a foreign country as the highest bidder maybe China would he be committing treason At the time I was concerned if treason or espionage was the right term but good old eHowcom cleared it up for me The American Heritage Dictionary s second college edition defines espionage as the act or practice of spying or of using spies to obtain secret information http://www.secuobs.com/revue/news/367673.shtmlhttp://www.secuobs.com/revue/news/367673.shtml Secuobs.com : 2012-04-02 19:59:11 - NovaInfosecPortal.com - Don t know if you missed it or not but CultofMaccom had an interesting article on Friday called This Creepy App Isn t Just Stalking Women Without Their Knowledge, It s A Wake-Up Call About Facebook Privacy It discussed the privacy implications of a new iPhone app called Girls Around Me The application finds your current location, parses public data from FourSquare and Facebook, and shows profile pics of men or women that have recently checked in to a locations around you on a Google Map From there you can click on a profile pic and learn even more information about that person based on additional public data stored in their FourSquare and Facebook profiles The makers of Girls Around Me describe it on their site as Girls Around Me scans your surroundings and helps you find out where girls or guys are hanging out You can also see the ratio of girls to guys in different places around you Girls Around Me is a revolutionary new city scanner app than turns your town into a dating paradise Use it to see where hot girls and guys are hanging out in your area, view their photos and make contact Of course the app http://www.secuobs.com/revue/news/367625.shtmlhttp://www.secuobs.com/revue/news/367625.shtml Secuobs.com : 2012-04-01 22:51:06 - NovaInfosecPortal.com - In light of some of our recent research regarding peer pressure in getting certs, we at NovaInfosecPortalcom are happy to announce the start of our own new certification the CNIP or Certified NovaInfosec Professional To start the certificate off, we will be grandfathering people in over the next six months if you can prove you meet the following stringent criteria Have Lived in NoVA or the Metro DC Area for Past Year eg, for one utility provider provide the amount paid for each of the past 12 months Took Part In Not Be Kicked Off the NOVAH Email List for the Past Year we ll be verifying this through mubix and carnal0wnage s secret automated kick out Ruby script Attended at Least Six Local Meetups in the Past 12 Months we ll need a short 250 word summary of each meetup to document your attendance Attended the Most Recent ShmooCon yes, those old barcodes will still be needed hope you didn t toss them after the con To obtain a grandfathered status and add the prestigious CNIP certification to your list of qualifications, please complete our CNIP Submission Form with the above said information along with a 20 review processing fee http://www.secuobs.com/revue/news/367473.shtmlhttp://www.secuobs.com/revue/news/367473.shtml Secuobs.com : 2012-03-30 20:21:14 - NovaInfosecPortal.com - Hey, two weeks in a row for the Weekly Rewind post If you missed anything or happened to be offline, we hope you find this post useful as a quick reference For some of those readers that may not have noticed, I actually tack on commentary to the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles Fun With REMnux And New Malware Analysis Book In my last blog about Linux Live Environments, I mentioned REMnux, an environment specifically built for malware analysis I d spent a little time with REMnux when it first came out, but decided to take the latest version 30 for a test drive Since I just received the new Practical Malware Analysis book from No Starch Press, the detailed lab exercises seemed like a perfect way to test out the tools included in REMnux continued here Wi-Fi Hacking Burglars Get Busted In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along http://www.secuobs.com/revue/news/367235.shtmlhttp://www.secuobs.com/revue/news/367235.shtml Secuobs.com : 2012-03-30 05:03:05 - NovaInfosecPortal.com - Seems that FISMA overhaul discussions are making the news again This time the big item is transferring responsibility from DHS to OMB Based on the article from Information Week referenced below, I don t see much of a change beyond that It s the same old stuff we ve been hearing for years continuous monitoring, baseline controls, etc So far it s been all talk but no action I often wonder how much money and time is spent researching, proposing, arguing, updating, re-arguing, failing, being stagnant for awhile, re-researching, re-proposing, re-arguing, re-updating, re-re-arguing, re-re-updating, and finally agreeing on a proposal Is it a case where we actually spend more money and time agreeing to a compromised solution that will actually provide minimal improvements and cost savings Instead of trying to figure out one half-baked solution for everyone, maybe a more efficient approach is letting everyone figure things out for themselves With all the money saved from a much shortened argument cycle, organizations should definitely be able to hire the right people, purchase the best solutions, provide the necessary training, and have enough cash left over to go through many trial-and-error cycles to figure out what works best for them Anyway, let s waste some http://www.secuobs.com/revue/news/367078.shtmlhttp://www.secuobs.com/revue/news/367078.shtml Secuobs.com : 2012-03-29 20:37:15 - NovaInfosecPortal.com - Ok this post isn t directly security related but when doing infosec research, this little tool is something I find very helpful in finding and organizing web pages I m surprised at the number of security professions that have never heard of it The name of this little secret tool Tree-Style Tabs Tree-Style Tabs basically lets you move browser tabs to the left side and organize them into groups For me this layout is much easier than having a long list of flat tabs that scroll across the top As an example, right now I have 25 tabs open on the left side and can see what every one is at a quick glance Further, the plug-in allows you to arrange tabs into multi-level parent child-type relationships So as you are doing research on a certain infosec topic, you can group all related tabs under a common parent eg, your main Google search tab on that topic In the past I ve often grouped pages as much as four levels deep At a high-level the following features is why I love about this plugin Multi-Level Parent Child Relationships Collapse and Expand Levels Move Tabs Around into Groups Yeah, I know it s listed as http://www.secuobs.com/revue/news/367001.shtmlhttp://www.secuobs.com/revue/news/367001.shtml Secuobs.com : 2012-03-28 21:26:48 - NovaInfosecPortal.com - We all know that getting top management buy-in is crucial for any project to succeed Last week, NIST Senior Fellow Ron Ross discussed the difference between information risk management and information security and explained why risk management is critical for enterprises to achieve their core missions According to Ross, info risk management focuses on prioritizing risks and selecting recovery controls and continuity strategies It also addresses how much residual risk an organization is willing to accept Infosec, on the other hand, focuses on protecting the confidentiality, integrity, and availability of information systems The main challenge facing many organizations in implementing a good risk management program is getting senior leadership involvement Ross states that it is critical for senior leaders to understand the importance of protecting information assets as the technology must be dependable for any mission to be successful Ross put it nicely as we ve highlighted it below via InfoRiskTodaycom The biggest challenges to get organizations to successfully implement an information risk management program is to get buy-in from the organization s senior-most, non-technology leaders, NIST Senior Fellow Ron Ross says That s because all organizations are highly dependent on information systems to achieve their goals, says Ross, who leads the National http://www.secuobs.com/revue/news/366794.shtmlhttp://www.secuobs.com/revue/news/366794.shtml Secuobs.com : 2012-03-28 07:23:12 - NovaInfosecPortal.com - In a little experiment I am curious to see how much companies would be willing to pay for sponsorship of this site I ve estimated these costs before but really have no idea if we are even in the ballpark Anyway, to settle this internal debate I figured we d try out an auction to see how much companies that operate in the local area would be willing to pay for the heading banner space in the top-right area of the this website As with most small community-focused websites like ours, our goal is to bring in enough revenue to cover various hosting and operational costs For the past four years I ve personally been funding it and have been trying to get to the break-even point for some time But I am a security person not a salesman so this seems to explain my failure in the area I know most of the people reading this probably aren t in marketing or anything like that but if you work at a company that supports the security community, I d appreciate if you could pass this post or eBay link along to them The auction is going on for five days Thanks NovaInfosecPortalcom http://www.secuobs.com/revue/news/366633.shtmlhttp://www.secuobs.com/revue/news/366633.shtml Secuobs.com : 2012-03-28 03:06:43 - NovaInfosecPortal.com - Every once in a while I ll be out at a local infosec meetup and the subject of SharePoint will come up Many in the group immediately start bashing SharePoint s security Others are on the border but follow suit out of peer pressure, leaving the ones that don t know with the impression that SharePoint is horribly insecure The thing that I think is missing in a lot of these conversations is anyone actually clarifying what version of SharePoint they are talking about Yes, older versions were very insecure and Microsoft still has a lot of work ahead of them to overcome this stigma but the simple fact is that the more recent versions of SharePoint are very secure with just a little bit of configuration I blame Net-Security s article Securing SharePoint for motivating me to write the post In this article Jamie Bodley-Scott discusses the failing of SharePoint and goes on to describe a three-dimensional framework to secure it via Net-Securityorg Rather than ignoring what s happening, organizations need to recognize the increasing porosity of the perimeter and that, for some, it may not even exist Today, security tends to be focused on users and their location For example, what a http://www.secuobs.com/revue/news/366581.shtmlhttp://www.secuobs.com/revue/news/366581.shtml Secuobs.com : 2012-03-27 21:08:21 - NovaInfosecPortal.com - Last week Gizmodo had a nice article on the myth of Mac security fueled by Apple s announcement of Gatekeeper in Mountain Lion They discuss all the relevant pros and cons in comparing Windows and Mac security The author concludes To stay secure, Mac users need to follow the same fundamental steps as Windows users I agree however I think they and many others are arguing the wrong point We should instead be talking about things in terms of Risk And on that front I d pick Macs any day of the week and twice on Sunday Proving one OS is more or less secure than another OS is almost impossible because of one recurring phrase I hear a lot of in infosec it depends Well, what does it depend on It could depend on the number of people attacking an OS You could have the most horribly secure OS in the world but if no one is attacking it, does it really matter I think a more efficient discussion would be something Risk-based There are numerous formulas for risk and I m sure the risk gurus will hammer me here Anyway, based on our 6 Quick Steps for N00bs http://www.secuobs.com/revue/news/366483.shtmlhttp://www.secuobs.com/revue/news/366483.shtml Secuobs.com : 2012-03-27 00:26:21 - NovaInfosecPortal.com - As a follow up to our post last week I came across some great discussion of the topic on the DailyDave list late last week Basically, Christos Kalkanis started the thread defending Mark s work against the comments from the Ars article Specifically, he covered the SSID broadcast and MAC address disclosure vulnerabilities The author of the original Ars article, Robert Graham, queues in to add his input as well with a lot of the focus on the confusion around how Apple s iPhone wifi cards work Finally, Mark follows up with a detailed explanation debunking several myths people have about how the iPhone wifi capability works Specifically he addresses the following myths Apple products don t probe for known SSIDs Apple products are immune to KARMA-like attacks Apple keeps an internal list of MAC addresses of APs which I ve connected to therefore I m safe from all this stuff you are talking about The ARP disclosure you revealed at INFILTRATE doesn t effect me or my enterprise something about SSID probing and something about ARP disclosures Each is explained in detail and he closes with steps for debunking these myths yourself I d recommend checking out the full thread here for all the details if http://www.secuobs.com/revue/news/366261.shtmlhttp://www.secuobs.com/revue/news/366261.shtml Secuobs.com : 2012-03-26 16:35:04 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter The last week of March presents us with a very light schedule Only two meet ups scheduled this week and nothing formal, so all you have to do is show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Wednesday 3 28 2012 ISSA Baltimore Meetup ClearanceJobscom Security Clearance Compensation Survey results at SPARTA from 5 00 PM to 7 00 PM more info Thursday 3 29 2012 CharmSec Meetup - Normal Meetup at Slainte Irish Pub Restaurant from 7 00 PM to 10 00 PM more info Next Week Here s is a preview of events on our calendar for next week Friday 2600 Arlington Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week http://www.secuobs.com/revue/news/366155.shtmlhttp://www.secuobs.com/revue/news/366155.shtml Secuobs.com : 2012-03-23 23:21:38 - NovaInfosecPortal.com - I skipped the past few weeks I mean months however am finally back for more with another Weekly Rewind post If you missed anything or happened to be offline, we hope you find this post useful as a quick reference For some of those readers that may not have noticed, I actually tack on commentary to the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments A la Schneier you can also use this rewind post to talk about the security stories in the news that I haven t covered Industry Articles INFOCON Yellow Microsoft RDP MS12-020 As we feared the MS12-020 bulletin from last black Tuesday caused a race for finding an exploit The last few evolutions in that process cause our worries to increase significantly In order to help raise awareness and call administrators to action, we re raising our INFOCON to YELLOW for 24 hours continued here grecs I think this has only happened four or five times ever DuQu Mystery Language Solved With the Help of Crowdsourcing A group of researchers who recently asked the public for help in figuring out a http://www.secuobs.com/revue/news/365791.shtmlhttp://www.secuobs.com/revue/news/365791.shtml Secuobs.com : 2012-03-23 05:32:54 - NovaInfosecPortal.com - Well, we seem to be on a career kick the past few days With this in mind I thought I d point out another great piece of content this time a video from InfosecCynic that he put out a few weeks ago In this episode he answers the question How do I learn more about infosec You can find out more about InfosecCynic at his blog over at J4vv4Dcom http://www.secuobs.com/revue/news/365604.shtmlhttp://www.secuobs.com/revue/news/365604.shtml Secuobs.com : 2012-03-22 20:31:33 - NovaInfosecPortal.com - A while ago, we talked about different ways one can jump-start a career in infosec The first formal approach was the university way,which involved attending any of the CAE Schools, while the other approach was on the job training of existing employees Jason Andress of EthicalHackernet recently posted an article with similar arguments In order for employers to meet the high demand of infosec professionals, Andress suggests employers can hire out of the box graduates with no experience in the IT field or can cross-train existing IT specialists He also recommends a hybrid training approach, which includes taking some IT and computing courses before starting a formal security education He continues on bringing up four tenets to build a career around ie, education, training, certification, and experience and discusses the importance of maintaining a balance between them This concept is similar to our previous Top 4 Un-Certifications post except that we include Communication and Networking but lack Experience It s great to see our profession narrowing down to some common themes around career management via EthicalHackernet A commonly posed question, particularly among people looking to get into the information security field, is how do I get into information security This is an http://www.secuobs.com/revue/news/365524.shtmlhttp://www.secuobs.com/revue/news/365524.shtml Secuobs.com : 2012-03-22 04:16:04 - NovaInfosecPortal.com - If you have you have full tickets and looking to find that next step in year career, here is something we came across Doesn t look too glamorous but definitely a good move for someone looking to expand their understanding of the security engineering side of things Think mostly C A, SSPs, ATOs, etc And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title InfoSec Engineer Location Chantilly, VA Company Name SAIC Job Description The Intelligence Systems Business Unit of SAIC has a career opening for an InfoSec Engineer in Northern Virginia This position is in support of a classified government program A current TS SCI with Polygraph security clearance is required for consideration InfoSec Engineer Network Engineer will attend technical meetings and review policies for accuracy The successful candidate will use advanced investigative knowledge to assist in investigations and prove a working knowledge of Customer IT architecture, Windows and operating systems, field systems and field network architecture, Web based and virtual elements of future and emerging technologies Your primary responsibilities will include Analyze system policies, roles, protocols, http://www.secuobs.com/revue/news/365277.shtmlhttp://www.secuobs.com/revue/news/365277.shtml Secuobs.com : 2012-03-21 18:05:28 - NovaInfosecPortal.com - As we know, information assurance and information security is very important to our national defense Last week, DOD published a final rule document executing an Information Assurance Scholarship Program IASP as part of helping to meet the expected future demand in this area For those interested in becoming cybersec pros but need tuition assistance, DoD might have a solution for you The DoD IASP will provide scholarships and grants to active-duty service members, civilian DOD employees, and other qualified applicants who are enrolled in any of the schools accredited as National Center of Academic Excellence CAE The program will be launched in an effort to build an information technology talent which will aid in the security of critical infrastructures around the nation via GCNcom The Defense Department has published final rules for its Information Assurance Scholarship Program, which provides cybersecurity students with full rides for cybersecurity degree programs in exchange for commitments of military or civilian service in DOD The program is part of an effort to build a professional cybersecurity workforce needed to protect the nation s critical infrastructure and will be used to recruit and retain the nation s top information assurance and information technology talent, which is critical as DOD progresses http://www.secuobs.com/revue/news/365140.shtmlhttp://www.secuobs.com/revue/news/365140.shtml Secuobs.com : 2012-03-20 20:35:07 - NovaInfosecPortal.com - With the various RSA best of awards behind us as well as part of an update to our infosec blogs podcasts resource page, I thought I d do a little poll to see what everyone s favorite local podcasts are To be considered local at least one member of the podcast must reside in the Metro DC area and regularly appear on it In the survey below I ve included several that we currently list on our infosec blogs podcasts page as well as a few people notified me of based on an earlier tweet I sent out I know there are probably a lot of new ones out there or ones that should no longer be listed eg, people moved or it has pod-faded If there are any we should add or remove, just let me know in the comments and hopefully I can include the new ones before the survey gets too far along Another thing we ve been toying with is possibly resurrecting our own podcast We only got two episodes out as it took a lot more time than I anticipated to get the quality I was looking for However if you d like to see this podcast restarted, let us know in http://www.secuobs.com/revue/news/364948.shtmlhttp://www.secuobs.com/revue/news/364948.shtml Secuobs.com : 2012-03-20 15:28:33 - NovaInfosecPortal.com - I found this report by ElcomSoft pretty interesting You know all the password managers we rely on Well the good folks over at ElcomSoft did an in-depth analysis of those that have mobile phone versions of their apps Focusing on the iOS and Blackberry OSs, they ended up finding that many of the apps were not worthy of being used over the default device lock feature via Net-Securityorg ElcomSoft analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection None of the password keepers except one are utilizing the iOS or BlackBerry existing security model, relying instead on their own implementation of data encryption Research shows that those implementations fail to provide an adequate level of protection, allowing an attacker to recover encrypted information in less than a day if user-selectable Master Password is 10 to 14 digits long Continued here According to InformationWeekcom article the two researchers involved in the study seemed to prefer Strip Lite free or mSecure 10 if you were going to consider protection beyond the recommended OS security mechanisms Their method of http://www.secuobs.com/revue/news/364887.shtmlhttp://www.secuobs.com/revue/news/364887.shtml Secuobs.com : 2012-03-19 15:38:07 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter A very light week this week with one meetup Nothing formal, all you have to do is show up and be ready to talk shop With that said, here are your meetups for this week and as well as a preview for next week This Week Tuesday 3 20 20120 ISSA DC Meetup- Can Large Technical Systems Be Secured Marcus Sachs at Government Printing Office in Room A138 from 6 30 PM to 8 00 PM more info Next Week Here s is a preview of events on our calendar for next week Wednesday ISSA Baltimore Meetup Thursday CharmSec Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or http://www.secuobs.com/revue/news/364606.shtmlhttp://www.secuobs.com/revue/news/364606.shtml Secuobs.com : 2012-03-19 07:39:53 - NovaInfosecPortal.com - Surprised there wasn t more coverage on this story in the news on Friday Basically, Mark Wuergler of Immunity Inc found that the iPhone advertises the last three SSIDs it connected to, exposing the MAC addresses of those routers access points as well With this information anyone could then use a service like Google Location Services or Wireless Geographic Logging Engine to pinpoint exactly where a particular user has been The same vulnerability is present on many of Apple s other WiFi-enabled iOS devices as well Here s the relevant part of the ArsTechnica Loose-lipped iPhones top the list of smartphones exploited by hacker article I came across That s because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into He can then use off-the-shelf hardware to passively retrieve the routers MAC media access control addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks The article goes on to discuss an http://www.secuobs.com/revue/news/364483.shtmlhttp://www.secuobs.com/revue/news/364483.shtml Secuobs.com : 2012-03-16 21:10:38 - NovaInfosecPortal.com - Although I don t think compliance is the right answer, the general stats presented in the article scare me Only 7 out of 24 agencies tested are more than 90pourcents compliant with FISMA And this year FISMA will be 10 years old contemplate on that for a while Although agencies are making progress as noted in the report, many are still lagging way behind Geez, they can t even fake compliance for goodness sake Here are some more tidbits Top 3 Compliant Agencies National Science Foundation 988pourcents Social Security Administration Environmental Protection Agency Lowest Ranked Agencies Agriculture Department 325pourcents Defense Department 0pourcents note that they didn t even report anything back Weakest Compliance Areas Continuous Monitoring What This is like the most important area And I hope they aren t talking about continuous monitoring of security controls eg, reporting once a month vs every three years rather than continuous monitoring of our systems being attacked Configuration Management Another important one There s this theory that if CM is done properly, then all other security controls wouldn t be necessary Perhaps a future blog post Identity Management All that HSPD-12 stuff I don t understand via FCWcom Only seven out of 24 agencies are more http://www.secuobs.com/revue/news/364153.shtmlhttp://www.secuobs.com/revue/news/364153.shtml Secuobs.com : 2012-03-16 03:30:20 - NovaInfosecPortal.com - Looks like Versprite is in the hunt for a jack-of-all trades security pro in the Washington, DC area Got experience with firewalls, IPSs, IDSs, patching systems, vulnerability scanners, antivirus solutions, etc Oh, and excellent communications written and oral skills as well Then maybe this is the position for you And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Senior IT Security Engineer Location Washington, DC Company Name Versprite Job Description Position Summary As a Senior IT Security Engineer, the individual will be involved in the delivery of new technologies, services and solutions to meet critical customer requirements The candidate will provide security oversight and engineering recommendations on new development efforts, the network infrastructure, as well as providing quality assurance by ensuring that existing system and network configurations are in line with established security practices The candidate will be involved with projects that focus on designing and implementing LAN and WAN security technologies, product selection and evaluation, certification and accreditation process The candidate must be able to work with other engineers on system design http://www.secuobs.com/revue/news/363938.shtmlhttp://www.secuobs.com/revue/news/363938.shtml Secuobs.com : 2012-03-15 20:18:12 - NovaInfosecPortal.com - Following-up from our post on Monday re the top 5 certifications for 2012 and the one on Wednesday re some of the non-certification things to consider for someone considering a long-term career in infosec, we thought we d do a quick poll since it seems to be the season to see what other people thought Today s post pic is from MagenToCommercecom http://www.secuobs.com/revue/news/363860.shtmlhttp://www.secuobs.com/revue/news/363860.shtml Secuobs.com : 2012-03-15 05:01:44 - NovaInfosecPortal.com - On Monday I posted a quick review of top recommended certifications for 2012 One of the points that I tried to make in that article was that certifications aren t everything I proposed that certifications only make up maybe 10pourcents of what security professionals should be focusing on in managing their career In the end I pondered what makes up the other 90pourcents Well in today s post I hope to answer that question The analogy that I ve seen elsewhere is a canopy tent with a center pole see pic above Certifications may represent one of the poles The shorter the pole the less it can hold up So they all kind of have to balance each other out If one is too low and there isn t a counterbalance, then the entire tent ie, your career may flounder This suggests that you need to establish a minimum level in all five areas with maybe one or two that you excel in ie, the center pole So the question remains what are the other four poles Although there are no guarantees, here are my thoughts Formal Education to Lay Theory Foundation Yeah this is the thing that may professionals have been brainwashed http://www.secuobs.com/revue/news/363649.shtmlhttp://www.secuobs.com/revue/news/363649.shtml Secuobs.com : 2012-03-14 04:48:17 - NovaInfosecPortal.com - As part of the Operation GhostClick the FBI took over a botnet back in November and as a shim they setup temporary DNS servers to keep DNSChanger Trojan-infected computers running properly The servers were set to go offline last week but for various reasons, the FBI had to extend the deadline to July 9th Note that this is a full 9 months after the original take-over last November Really 9 months Personally, I think it comes down to procrastination and I m often guilty of this My guess is that the organizations waited until a week or two before the original deadline and then found that they didn t have enough time to find and fix the infected machines Now the date is out to the middle of July I hope they don t continue this trend via TheRegistercom The FBI s DNSChanger deadline extension has been approved by a US Federal Court, buying infected punters more time to clean up their systems The move means that machines riddled with the Trojan will still be able to use temporary DNS servers to resolve internet addresses until 9 July Before the order was granted, infected machines would not have been able to surf the http://www.secuobs.com/revue/news/363374.shtmlhttp://www.secuobs.com/revue/news/363374.shtml Secuobs.com : 2012-03-14 02:31:57 - NovaInfosecPortal.com - I came across an interesting feature that Canonical is planning to include in the next version of their OS, Ubuntu 1202 a whole OS privacy setting Much more than just running a browser in privacy mode, users will be able to control a range of tracking mechanisms that OSs and applications typically use for performance or debugging reasons Called Precise Pangolin, this next version of Ubuntu will allow users to control what activities and logs are retained via CSOOnlinecom Say the word privacy, and most of us think of online privacy along with the never-ending battle against spyware, tracking, and other opponents of the cause What many people don t realize, however, is that our operating systems typically record things about us, too, such as the activities we perform on them and the files we use That can be helpful, enabling things like quick access to that document we were just working on, for example it can also be a problem, since anyone who gains access to your computer can potentially see all that stuff as well We re all accustomed by now to Do Not Track features in our Web browsers, for example, but new technology in Canonical s forthcoming Ubuntu Linux http://www.secuobs.com/revue/news/363346.shtmlhttp://www.secuobs.com/revue/news/363346.shtml Secuobs.com : 2012-03-12 21:29:44 - NovaInfosecPortal.com - Fellow hacker Darren Kitchen seems to be getting some great press this week He s been at SXSW the past few days demonstrating the ever popular WiFi Pineapple as part of his Securing Your Information in a Target Rich Environment talk Those in the security community have obviously known about this device for a few years The latest incarnation, the Mark IV, continues to highlight wifi security flaws by confusing web surfers when expected web content is replaced by a Nyan Cat video with silly music blasting out of their computers speakers I think it is great that the security community is reaching out to other communities to make them more aware of security weaknesses like this Of course I don t know if anyone cares but press from the WiFi Pineapple is a good sign For those that aren t familiar with the WiFi Pineapple, it basically scans an area for wifi networks that computers by default are searching for think of that Save this wifi network checkbox after you join a new network The Pineapple pretends to be whatever network a computer is looking for and then essentially man-in-the-middles it In the recent demos at SXSW web content is simply swapped http://www.secuobs.com/revue/news/363034.shtmlhttp://www.secuobs.com/revue/news/363034.shtml Secuobs.com : 2012-03-12 18:54:23 - NovaInfosecPortal.com - In early December I came across an article on GovInfosecuritycom predicting the top 5 certifications of 2012 Given that we are a few months into the year I thought it d be interesting to take a look back and see how they fared so far As usual the topic of certifications brings up a lot of disagreement amongst many in the infosec community for those that value, condemn, or are indifferent towards them Personally I think certifications are valuable for what they are, giving a possible indication to a person s understanding of some minimum baseline set of knowledge, however there many other components to consider in assessing someone s ability or planning your career path forward As a quick review, Top 5 Certifications for 2012 recommended the following certs CISSP CISM GIAC CEH Vendors Cisco CCNA, Microsoft MCSE, Check Point CCSE Additionally, they advised relevant vendor certifications, Security and the CEH for most entry-level positions that require less than two years of experience The CISSP, CISM, and various GIAC credentials were more appropriate for mid-to-senior level positions demanding more mature training Rounding this set of other certifications out was OSCP, CCSK, SSCP, and CRISC First, I must say bravo for the http://www.secuobs.com/revue/news/363000.shtmlhttp://www.secuobs.com/revue/news/363000.shtml Secuobs.com : 2012-03-12 15:21:04 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter It looks like this will be the busiest week in March and we are sure that there s something for everyone but we suggest attending Tuesday s ISACA CM meetup as the topic looks pretty interesting With that said, here are your meetups for this week and as well as a preview for next week This Week Tuesday 3 13 20120 ISACA NCA Meetup - IT Governance, Risk Management, and Compliance GRC at Holiday Inn - Rosslyn at Key Bridge from 7 30 am to 4 30 PM more info ISACA CM Meetup - Systems, Applications, and Products in Data Processing SAP Reporting and Auditing Managing Controlling IT Costs by Heather Vahovich Scott Higgins at the conference center at the Maritime Institute of Technology from 7 30 am to 4 00 PM more info Wednesday 03 14 2012 OWASP NoVA Meetup - AppSensor Project by John Melton at Living Social http://www.secuobs.com/revue/news/362921.shtmlhttp://www.secuobs.com/revue/news/362921.shtml Secuobs.com : 2012-03-09 05:07:51 - NovaInfosecPortal.com - Another position for one of the more experienced among us You get to manage risk and report directly to the CISO of the IMF Interesting how they are looking for someone with an advanced degree in infosec with 7 years of experience Were there advanced degrees in infosec 7 years ago Anyway looks like someplace where you can make a difference And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Information Risk Manager IT Security Consultant Location Washington, DC Company Name International Monetary Fund IMF Job Description Under the general supervision of the Chief Information Security Officer, the role will require the candidate to provide information risk management and IT security expertise The expertise will take the form of risk analysis, consultancy, guidance, policies, standards, best practice, incident response, and process improvements The candidate with be required to work with project teams, service providers, and business units internal and external to the IT function The candidate is expected to bring pragmatic risk management experience allowing for the Fund to meet http://www.secuobs.com/revue/news/362475.shtmlhttp://www.secuobs.com/revue/news/362475.shtml Secuobs.com : 2012-03-09 00:33:42 - NovaInfosecPortal.com - Although this article came out a few months ago I ve been meaning to put it out there as it may give those unfamiliar with addressing risk a good overview of what s involved In this case study the author focuses on doing a security assessment for a cloud system but the same approach could be used in almost any IT scenario Yes, this article will probably get poo-pooed by the risk gurus out there but I think it does a nice job introducing the topic The basic scenario is is as follows via InfosecIslandcom Faced with a steep bill for securing a new cloud application, a client asked us to help find a way to reduce their risk exposure at the lowest possible cost By using the Business Threat Modeling methodology and PTA Practical Threat Analysis software, we were able to build a risk mitigation plan that mitigated 80pourcents of the total risk exposure in dollars at half the original security budget proposed by the vendor This paper describes a customer case study of a risk analysis for a next generation call accounting system provided as a cloud service Continued here The author then goes on to describe details of the http://www.secuobs.com/revue/news/362372.shtmlhttp://www.secuobs.com/revue/news/362372.shtml Secuobs.com : 2012-03-08 16:50:15 - NovaInfosecPortal.com - I ve always been a big fan of understanding the basics of infosec to help your career in the long run Fitting that this past weekend I came across a great little 5 minute video explaining how public key cryptography works in terms of the Diffie-Hellman Key Exchange Thanks to rgaucher for retweeting this awesome piece It starts out with a simple paint-mixing analogy and then heads into the heart of the matter explaining it in mathematical terms with moduluses, logarithms, and all that Enjoy At the end of the video they also mention a forthcoming RSA version I d watch out for that as well See ya This post s image is from Quoracom http://www.secuobs.com/revue/news/362260.shtmlhttp://www.secuobs.com/revue/news/362260.shtml Secuobs.com : 2012-03-08 05:11:52 - NovaInfosecPortal.com - Although client locations are mostly in NYC, you only have to head there periodically and you can t beat NYC every one in a while And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Security Analyst Location New York, New York Company Name N A W-2 Employee Job Description This is an Information Security position working with the a large financial institution and the US Government The position requires documentation and policy skill sets, however there is a large amount of technical work involved This position is on a long term contract with a small consulting company as a W-2 employee Benefits can be discussed with persons meeting the requirements The customer is located in New York, NY and the applicant must be able to travel for day trips the customer location Other continental US travel will be required periodically expenses to be paid by the company Applicants will be required to provide a writing sample, submit to background checks and possibly drug testing to be considered for the position The applicant must http://www.secuobs.com/revue/news/362132.shtmlhttp://www.secuobs.com/revue/news/362132.shtml Secuobs.com : 2012-03-07 22:10:27 - NovaInfosecPortal.com - We have all heard of the shortcoming of FISMA which ranges from poor compliance of infosec guidelines to poor reporting of the required controls for combating threats With the collaboration of the Department of Defense, Department of Homeland Security, Intelligence Community, and the Committee on National Security Systems, it looks like NIST has released a FISMA revision draft NIST proposed revisions incorporate new privacy controls for protecting feds information resources and aims at combating new threats such as cloud computing threats among others We d be curious to hear your thoughts on these revisions Personally, I think we already have all the controls we need to cover these new areas they are just embedded into what s already there We do not need new fad controls just to be buzzword compliant If this trend continues get ready for some new big data controls next year Instead, let s just enhance what we have instead of making it more complicated by bolting new controls on FISMA guru danphilpott has his comments as well His last tweet seems to sync up with my opinion NIST released draft SP 800-53 Rev 4 Security Privacy Controls for Federal Info Systems Orgs http fisma z2RZMx Gaping http://www.secuobs.com/revue/news/362036.shtmlhttp://www.secuobs.com/revue/news/362036.shtml Secuobs.com : 2012-03-07 17:18:05 - NovaInfosecPortal.com - As most people know we ve always provided a vetted list of events in the area but recently we also started posting job opportunities we think you might be interested in In the various event and job pages we ve always mentioned going to our Contact Us page to submit or suggest new items Unfortunately, it seemed like we buried these references in the text too much and visitors kept on asking how to submit new job posts It got to the point where I actually had some text saved in a editor so I could just easily copy paste in replies Well after getting some good feedback and analyzing what similar sites are doing, I finally found some time and created a Submit Job form And while I was at it I also created a Submit Event form You ll find them under the Events and Job Board menu items but I ve also listed them in the Featured Pages widget in the right-hand column for quick reference Note that we will continue to manually vet events and job submissions for only the ones we feel are most relevant to you And as we ve always done submissions from non-profits if approved will be posted http://www.secuobs.com/revue/news/361968.shtmlhttp://www.secuobs.com/revue/news/361968.shtml Secuobs.com : 2012-03-06 20:41:31 - NovaInfosecPortal.com - The folks over at NoVA CTF recently released a new contest to the NoVA Hackers list They again gave me permission to republish the challenge here for the rest of the community to enjoy If everything goes well expect two more follows-ons to this challenge in the near future You might also want to check out some of their previous challenges here and here Well on to the details of this contest Reverse Engineering CTF Part 1 Analyze the following file to find something Your hint is the name of the file Provide a small one paragraph write-up with the steps you did to complete the challenge Note Patching the exe takes away all the fun so I d avoid trying to do this And for those that might be concerned THIS IS SAFE TO RUN ON ANY COMPUTER, THERE IS NO EVIL HERE or at least I am told from the creator of the CTF obviously rename this too eastereggexe easteregg_x_pdf Good luck everyone Today s post image is from BreakTheSecuritycom http://www.secuobs.com/revue/news/361785.shtmlhttp://www.secuobs.com/revue/news/361785.shtml Secuobs.com : 2012-03-06 16:34:56 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter No scheduled meet ups for this week, and looking at next weeks preview, it looks like a busy week Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA Hackers Association Meetup Tuesday ISACA CM Meetup Wednesday OWASP NoVA Meetup Thursday ISSA NoVA Meetup and OWASP DC Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events or to receive updates on the meetups listed above Finally, check out our Calendar for a http://www.secuobs.com/revue/news/361704.shtmlhttp://www.secuobs.com/revue/news/361704.shtml Secuobs.com : 2012-03-06 16:34:56 - NovaInfosecPortal.com - I had the opportunity last week to attend a packet party at NOVA-Labsorg, one of the newest local hackerspaces out in Reston For those that aren t familiar a packet party is a challenge where you analyze pcaps and answer related questions This is the third time I attended one of these events and my WireShark skills have drastically improved well lots of improvement I guess from nothing to something For this particular event, I came across the US Cyber Challenge Cyber Quest February 2012 post a few weeks ago and suggested the group work through that for part of the evening From the website the challenge seemed more geared towards high school students so I thought it d take the group 30 minutes and then we d move onto something more difficult Well let me just say that the game provided much more of a challenge than I anticipated A group of about 13 supposedly security professionals including myself couldn t even make it through all the questions in the three hours we worked on it The results on the US Cyber Challenge site revealed several students with 100pourcents scores, and one person completing it in under 7 minutes They http://www.secuobs.com/revue/news/361703.shtmlhttp://www.secuobs.com/revue/news/361703.shtml Secuobs.com : 2012-03-06 03:12:42 - NovaInfosecPortal.com - We re usually not the press release kind of site but given that I was on AppSecDC s PC and am giving two talks I guess I can make an exception just this one time At just 445 for two days of great talks and networking possibilities, it seems like a good deal for those that work locally Plus if you are a student it s only 75 The event is already listed in our calendar but here is the press release with lots of extra details OWASP AppSec DC 2012 East Coast s Premier Information Security Conference Returns with OWASP AppSec DC 2012 Popular Event to Attract Leading Experts for Four Days of Discussion and Training, April 2 5 WASHINGTON, DC March 5, 2012 AppSec DC, the East Coast s premier information security conference, returns with AppSec DC 2012 http wwwAppSecDCorg Now in its third year, AppSec DC is the Open Web Application Security Project s OWASP s annual gathering of leading experts in the field of application security The event will be held at the Walter E Washington Convention Center, April 2-5 AppSec DC features two days of training April 2-3, followed by two days of talks, April 4-5 The event http://www.secuobs.com/revue/news/361589.shtmlhttp://www.secuobs.com/revue/news/361589.shtml Secuobs.com : 2012-03-06 00:23:01 - NovaInfosecPortal.com - Not sure if you missed it last night but CBS had a story on Stuxnet on Minutes If you didn t see it check out the video below I d be interested in hearing what people thought of it see the poll below http wwwyoutubecom watch v 6WmaZYJwJng http://www.secuobs.com/revue/news/361572.shtmlhttp://www.secuobs.com/revue/news/361572.shtml Secuobs.com : 2012-03-05 20:21:26 - NovaInfosecPortal.com - When is a game not just a game Well, when it s the new recruiting iPhone app released by NSA The application, NSA CryptoChallenge, is targeted at college students and young adults and takes them through a series of puzzles There s a social aspect to the app where players can publish their scores to Facebook and Twitter iTunes describes this game as the following Developed by the National Security Agency, NSA CryptoChallenge is a game that tests your pattern recognition skills through a series of cryptographs Your mission is to decipher encrypted quotes, factoids, historical events and more It s you against the clock to see how fast you can crack the code When grecs forwarded me InfosecIslandcom s blogpost on this, I was curious but do not posses an iPhone myself and if I did, am too much a paranoid conspiracy freak to install this app So I had a friend, David Provost, install it He reported back that the app didn t disclose any connectivity settings, like Android apps do, and it looked just like a game to him I wanted to know more about what the app could be getting into without telling us about it, so I went and grabbed my http://www.secuobs.com/revue/news/361508.shtmlhttp://www.secuobs.com/revue/news/361508.shtml Secuobs.com : 2012-02-27 17:12:12 - NovaInfosecPortal.com - I had the pleasure of attending the evening portion of the ShmooCon Epilogue a few weeks back Held as an extended version of the normal monthly NoVA Hackers meetup, this event offered a full day of talks with many of the regular attendees as well as some from ShmooCon All total there were around 14 talks covering everything from risk management metrics to JavaScript obfuscation Here are the second half of the recorded videos for your viewing pleasure Thanks to georgiaweidman for recording and publishing these Stratfor Password Analysis by Chris Tuncer christruncer Javascript Deobfuscation by Glen Pendley Better Delivery Better Exploits Building an Encoder for Fun Knowledge by Brandon Dixon 9bplus Debugging an IE NULL Pointer Bug by Matthew Wollenweber Security Onion Network Security Monitoring in Minutes by Doug Burks dougburks The Easy Button for Your Web Application Security Career by Grecs grecs Well that s it for the ShmooCon Epilogue videos Today s post image is from Coatedcom http://www.secuobs.com/revue/news/360104.shtmlhttp://www.secuobs.com/revue/news/360104.shtml Secuobs.com : 2012-02-27 16:27:39 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, let us know through our Submit Event form or mention it to grecs on Twitter A light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Without further ado, here are your meetups for this week with a preview for next week This Week Wednesday 02 29 CapSecDC Meetup- Normal Meetup at Fado in Chinatown from 6 00 PM to 9 00 PM more info Friday 03 02 2600 Arlington Meetup- Normal Meetup at Champps Pentagon Row from 7 00 PM to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week None Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out http://www.secuobs.com/revue/news/360096.shtmlhttp://www.secuobs.com/revue/news/360096.shtml Secuobs.com : 2012-02-24 17:30:23 - NovaInfosecPortal.com - Great news It looks like NIST will continue to enhance the economic security, which of course promotes our technological innovation NIST has just launched a Cybersecurity Center of Excellence A recent article by Eric Chabrow states that NIST will develop state-of-the-art tools which will enable consumers to address specific cybersecurity challenges such as cloud computing, mobile computing, and health IT solutions NIST s development of cybersecurity standards and guidelines will not only promote privacy of personal indefinable information PII , but also boost the trust of both businesses and consumers via infoRiskTodaycom The National Institute of Standards and Technology is establishing the National Cybersecurity Center of Excellence, a public-private collaboration aimed at accelerating the widespread adoption of integrated cybersecurity tools and technologies NIST Director Patrick Gallagher, at ceremonies on Feb 21, said the center would unite the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer Using a 10 million appropriation, NIST and its partners will provide a state-of-the-art computing facility near its Gaithersburg, Md, campus, where researchers from NIST will work with users and vendors of cybersecurity products and services The center will host multi-institutional, collaborative efforts that http://www.secuobs.com/revue/news/359743.shtmlhttp://www.secuobs.com/revue/news/359743.shtml Secuobs.com : 2012-02-24 06:03:31 - NovaInfosecPortal.com - Whoa this looks to be a great opportunity for someone looking to get into an SES position as the Director for the US CERT It opened yesterday and closes on March 7th so you might want to get started on their application process ASAP And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Director, United States Computer Emergency Readiness Team US CERT Operations Location Arlington, VA Company Name Department Of Homeland Security Job Description The Director, United States Computer Emergency Readiness Team US- CERT , National Cyber Security Division NCSD in the Office of the Assistant Secretary, Cybersecurity and Communications CS C reports directly to the Director, NCSD The Director, ,US-CERT Operations is responsible for building and maintaining a robust national level cyber security operations center to effectively operate the US-CERT to provide 24-7 watch center capabilities as well as a national cyber security response capability to respond to incidents of national significance The Director for US-CERT Operations manages 24X7 US-CERT Operations Incident Handling Center to execute the DHS responsibilities directed in the http://www.secuobs.com/revue/news/359645.shtmlhttp://www.secuobs.com/revue/news/359645.shtml Secuobs.com : 2012-02-21 16:40:43 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Without further ado, here are your meetups for this week with a preview for next week This Week Tuesday 02 21 ISSA DC Meetup- The Future of Cyber Security and Digital Forensics by Greg Kipper at Government Printing Office Room A138 from 6 30 to 8 00 PM more info Wednesday 02 22 ISSA Baltimore Meetup- iPhone Security by Peter Coddington at Cobham Analytic Solutions from 5 00 to 7 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Friday 2600 Arlington Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun http://www.secuobs.com/revue/news/359011.shtmlhttp://www.secuobs.com/revue/news/359011.shtml Secuobs.com : 2012-02-17 18:31:34 - NovaInfosecPortal.com - For the more seasoned pro Mandiant recently posted a director level position Although the primarily location is DC, the posting notes that it can be worked anywhere in the US And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Title Information Security Consulting Director Location DC Metro Area Company Name Mandiant Job Description MANDIANT seeks a Consulting Director within our Strategic Solutions group The Director will design and implement solutions to help Mandiant customers assess, build, and optimize all aspects of their computer incident response teams Strong technical and consulting skills, project management capability, and sound written and verbal communication skills are important for this role The candidates must have the ability to communicate with clients manage project timelines follow methodologies and create present clear, concise deliverables Essential Duties Responsibilities Work with clients to improve overall incident response capability and related processes, including network instrumentation, alert management, malware analysis, incident handling, log management, and escalation procedures Develop high-level designs for security operations centers SOC computer incident response teams CIRT , including organization design, staffing http://www.secuobs.com/revue/news/358490.shtmlhttp://www.secuobs.com/revue/news/358490.shtml Secuobs.com : 2012-02-17 05:41:30 - NovaInfosecPortal.com - It sounds like infosec has become one of the top recession-proof careers in today s market Even as the economy continues to plunge down, the demand for experience and qualified infosec professionals continues to rise An article by SC Magazine urges that both the public and private sectors are becoming aware of the need for practical infosec programs and professionals within their organizations The recent rise in security breaches has additionally created an urgency and high demand for infosec specialists via SCMagazinecom More than half of businesses plan to hire information security staff this year According to a survey by ISC ², the information security profession offers not only stability but upward mobility as nearly 70 per cent of employees in the sector reported a salary increase and 55 per cent expected to receive an increase in 2012 The ISC ² 2012 Career Impact Survey was conducted from December 2011 to January 2012 among 2,256 respondents In terms of hiring, 72 per cent said that in 2011, their organization hired individuals specifically for information security roles, while 62 per cent said they are looking to hire additional permanent or contract information security employees in 2012 Continued here Please let us know what http://www.secuobs.com/revue/news/358380.shtmlhttp://www.secuobs.com/revue/news/358380.shtml Secuobs.com : 2012-02-15 05:32:59 - NovaInfosecPortal.com - I had the pleasure of attending the evening portion of the ShmooCon Epilogue a few weeks back Held as an extended version of the normal monthly NoVA Hackers meetup, this event offered a full day of talks with many of the regular attendees as well as some from ShmooCon All total there were around 14 talks covering everything from risk management metrics to JavaScript de-obfuscation Here are the first half of the recorded videos for your viewing pleasure Thanks to georgiaweidman for recording and publishing these Resurrecting Ettercap by Eric Milam brav0hax Emilio Escobar eaescob Media Hype in the Information Security Industry Big Hacks that Never Really Happened by Space Rogue spacerog More Than One Way to Skin a Cat Identifying Multiple Paths to Compromise a Target through the Use of Attack Graph Analysis by Joe Klein joeklein Proper Depth Breadth for Vulnerability Analysis and Fun with Tailored Risk Reporting Metrics by Jason M Oliver jasonmoliver Extending INFOSEC Methodologies for Personal Use to Protect Sensitive Personal Information pINFOSEC Privacy Assessment Methodology by John M Willis Look for the second set of videos coming up soon Today s post image is from Coatedcom http://www.secuobs.com/revue/news/357896.shtmlhttp://www.secuobs.com/revue/news/357896.shtml Secuobs.com : 2012-02-13 16:44:23 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Without further ado, here are your meetups for this week This Week Tuesday 02 14 ISACA NCA Meetup- DoD Cybersecurity Challenges and the Advanced Persistent Threats at Holiday Inn Rosslyn at Key Bridge from 7 30 AM to 4 45 PM more info Thursday 02 16 ISSA NoVA Meetup- Current Trends in BCP DR by Paul Lazarr atMITRE-1 Building from 5 30 to 8 30 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Tuesday ISSA DC Meetup Wednesday ISSA Baltimore Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for http://www.secuobs.com/revue/news/357477.shtmlhttp://www.secuobs.com/revue/news/357477.shtml Secuobs.com : 2012-02-06 20:08:49 - NovaInfosecPortal.com - To follow up with Friday s post re getting a lot of the other awesome ShmooCon Firetalks out there, here is the complete line up from Saturday night And if you are interested in seeing all the talks from each night, IronGeek has just put out a post with two longer videos from each evening I again wanted to thank The Shmoo Group and our generous sponsors Lastly, thanks to our awesome volunteers that made this year s Firetalks the best so far Thanks CFP Review jack_daniel, Sarah dystonic Clarke, jasonmoliver, Nathi nathiet Thwala Judges DaKahuna2007, Rob mubix Fuller, Nicolle rogueclown Neulist, soapturtle Streaming Recording georgiaweidman, Adrian irongeek_adc Crenshaw Security Boris JadedSecurity Sverdlik, Casey caseydunham Dunham, judykavuo And finally be sure to check back to the master Firetalks post It provides the core content as well as quick links to all update blog posts Well on to the videos Cracking WiFi Protected Setup For Fun and Profit by Craig Heffner This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver Passive Aggressive Pwnage Sniffing the http://www.secuobs.com/revue/news/356229.shtmlhttp://www.secuobs.com/revue/news/356229.shtml Secuobs.com : 2012-02-06 16:57:17 - NovaInfosecPortal.com - I had the great opportunity to attend ShmooCon 2012 two weekends ago As most of you know, the con offered various hacker models and infosec discussions Friday and Saturday night activities concluded with a series of 15-minute sessions known as Firetalks in which the presenter cuts to the chase and discuses the core content of their presentation Here are some of my lessons learned for the next Shmooby Program Confusion As a first timer, I was obviously confused about the whole program It took me a while to figure out what I needed to do first and the different locations of the various activities and talks Talk Overload It s ok you do not have to attend all the talks This is extremely exhausting and you miss all the other fun stuff like lock picking, Hack Fortress, and so forth The sessions are usually recorded so you can always catch-up on what you missed later Stressful Commute If you are a local, I recommend staying at the hotel if possible as it ensures you do not get burned out with the commute each day This also gives you extra cycles to network with others in the evening as well as http://www.secuobs.com/revue/news/356178.shtmlhttp://www.secuobs.com/revue/news/356178.shtml Secuobs.com : 2012-02-06 16:08:29 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter No meetup scheduled for this week, and for those who would like to plan ahead, here is a preview of events on our calendar for next week Tuesday ISACA NCA Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events or to receive updates on the meetups listed above Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD http://www.secuobs.com/revue/news/356170.shtmlhttp://www.secuobs.com/revue/news/356170.shtml Secuobs.com : 2012-02-03 19:17:55 - NovaInfosecPortal.com - Here s something that most of us around DC have to worry about either directly or indirectly through our enterprise users First it was a spiked PDF document disguised as a CFP A few days later it was a list of conference attendees in a booby-trapped ZIP file Now it s back to malicious PDF files that install a Trojan that mimics Windows Update Seculert and Zscaler describes this most recent threat in their The MSUpdater Trojan and Ongoing Targeted Attacks report they released a few days ago The paper describes how attackers continue to target government contractors with the goal of stealing sensitive information using complex and difficult to detect Trojans that gain backdoor access to systems Ah the fight goes on via mycecom A joint report was just released that details attacks that have been targeted at government contractors since 2009 The attacks involve phishing emails under the guise of inviting people to conferences The report by Seculert and Zscaler, details that the phishing emails contain PDFs that when opened exploit Adobe Reader flaws These files then install an MSUpdater trojan, which does a very good job of posing as a legitimate Windows Update process What really happens is http://www.secuobs.com/revue/news/355842.shtmlhttp://www.secuobs.com/revue/news/355842.shtml Secuobs.com : 2012-02-03 17:01:24 - NovaInfosecPortal.com - Last night we put out a post with the ShmooCon 2012 FireTalks winners so this morning we thought we d follow up with a quick article on some of the other talks that occurred last weekend This post is dedicated to the talks on Friday night Thanks to Bulb Security and IronGeek for recording and processing the videos so fast And finally be sure to check back to the master Firetalks post It provides the core content as well as quick links to all update blog posts Well on to the videos Exploiting PKI for Pentesters by Thomas Hoffecker Based upon my hour long talk presented at DerbyCon and HackerCon This 15 minute version is specifically aimed at pentesters PKI provides a large source of information to pentesters Signed and encrypted email establishes a level of trust Many organizations employ PKI but do not provide much public information about it Pentesters are already trained to find this information using the recon phase of pentesting Analysis of public PKI certificates can provide information on the internal infrastructure of the target While the target may have deployed a split DNS architecture many times only a single PKI system is deployed If public certificates http://www.secuobs.com/revue/news/355804.shtmlhttp://www.secuobs.com/revue/news/355804.shtml Secuobs.com : 2012-02-03 04:52:10 - NovaInfosecPortal.com - Well you ve probably already heard by now but just in case you didn t here are the winners for this year s ShmooCon 2012 Firetalks Also, be sure to check back to the master Firetalks post It provides the core content as well as quick links to all update blog posts Well on to the winners Win Remotely Exploiting the PHY Layer by Travis Goodspeed Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur The attack works on perfectly standard-compliant implementations of 802154, 80211B, and most other wireless protocols Travis won a Parrot ARDrone Quadricopter along with an iPod Touch to control it Thanks to Milton Security Group supplying this awesome prize Place Cracking WiFi Protected Setup For Fun and Profit by Craig Heffner This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA WPA2 pass phrases in just a few hours, as well as my WPS brute force http://www.secuobs.com/revue/news/355710.shtmlhttp://www.secuobs.com/revue/news/355710.shtml Secuobs.com : 2012-01-27 17:09:27 - NovaInfosecPortal.com - Yes, the day is finally upon us ShmooCon there will be I ve been lucky enough to attend the past five or six years of this awesome conference You could almost call me a veteran attendee and as such I wanted to pass on a bit of advice for anyone heading down to DC today In honor of the movie Fight Club I present to you the The Rules of ShmooCon 1st RULE You do not talk about SHMOOCON unless it s on Twitter and you use the shmoocon hashtag 2nd RULE You DO NOT talk about SHMOOCON see the 1st Rule for details 3rd RULE Only three talks to a day And on a bit more serious side The first time I attended ShmooCon, I over-scheduled myself by focusing too much on the scheduled talks Overall, I probably attended about 20 talks At the end each day, I was exhausted and just headed home to recover What I hadn t realized was that I only took part in a small portion of what the conference had to offer Instead I m suggesting that you attend just three talks each day no cheating here and spend the rest of http://www.secuobs.com/revue/news/354458.shtmlhttp://www.secuobs.com/revue/news/354458.shtml Secuobs.com : 2012-01-26 18:44:16 - NovaInfosecPortal.com - Could the addition of a new maturity model to the Nation s Electrical Grid System improve security and protect the grid from cyber threats An article at InfosecIslandcom a few weeks ago discussed a recent White House initiative to add a maturity model to be used throughout the entire energy industry I ve always been a bit skeptical of maturity models Even though this approach could provide small steps for easy incremental security improvements, it could also result in people just finding ways to shortcut the system without actually strengthening anything Overall nice idea for people that really want to improve security or a shortcut for those just interested in reaching a certain level for contract, marketing, or PR purposes via InfosecIslandcom As part of the Obama Administration s efforts to enhance the security and reliability of the nation s electrical grid, US Energy Secretary Steven Chu today announced an initiative to further protect the electrical grid from cyber attacks The Electric Sector Cybersecurity Risk Management Maturity project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security DHS , will leverage the insight of private industry and public sector experts to build on existing cybersecurity http://www.secuobs.com/revue/news/354265.shtmlhttp://www.secuobs.com/revue/news/354265.shtml Secuobs.com : 2012-01-26 05:50:45 - NovaInfosecPortal.com - Well we are withing two days of ShmooCon and the first night of Firetalks and I m actually a little ahead this year I don t think I got last year s schedule out until late Thursday night Anyway, below you ll find the schedule for the talks Also some people might have heard that you can attend the Firetalks without a ShmooCon badge Unfortunately, this is not true You MUST have a badge to attend due to all those contracts, insurance, and other fun biz stuff associated with holding an event as big as ShmooCon If you want to keep up with all the Firetalks going-ons throughout the weekend, you might want to check back to the master Firetalks post or subscribing to one of our feeds novainfosec on Twitter, our FaceBook Page, or RSS But given the craziness of cons I d recommend just following my tweets grecs or the firetalks tag Finally, I want to put out one last reminder for the ShmooCon Epilogue event that is being held the Monday after ShmooCon If you are from out of town and can still grab one of the free tickets, why not extend your stay an extra day and get another dose of http://www.secuobs.com/revue/news/354156.shtmlhttp://www.secuobs.com/revue/news/354156.shtml Secuobs.com : 2012-01-24 19:03:42 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week This Week Wednesday 1 25 ISSA Baltimore Meetup- Metasploit by Joshua Smith kernelsmith at SPARTA from 5 00 to 7 00 PM more info Thursday 1 26 CharmSec Meetup- Normal Meetup at Slainte Irish Pub Restaurant from 7 00 to 10 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday ShmooCon Epilogue Friday 2600 Arlington Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS http://www.secuobs.com/revue/news/353827.shtmlhttp://www.secuobs.com/revue/news/353827.shtml Secuobs.com : 2012-01-24 02:54:07 - NovaInfosecPortal.com - Looks like SecureState is actively seeking a Security Specialist to provide security test evaluation assistance This is definitely not a starter position however if you are mid-career and have been working in the fed sector for several years, it just might be that right fit Oh and if you are just trying to get into infosec, they seem to also be continuously looking for infosec interns Not sure about the location on that one though And don t forget if your organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Job Duties Assist with evaluating the overall IT C A process for the client and its customers Program assessment report that meets FISMA reporting requirements It is intended that this report will be provided to the CIO for use in preparing FISMA reports Recommendations for improvements to the IT security program and its customers, including specific actions that will result in successful implementation of the recommendations Implementation of those recommendations actions from deliverable 3 specified by the client for initial implementation Assessment and assistance with improving with the client s C A process http://www.secuobs.com/revue/news/353680.shtmlhttp://www.secuobs.com/revue/news/353680.shtml Secuobs.com : 2012-01-20 17:00:28 - NovaInfosecPortal.com - Just a short post to announce the second round speakers for this year s ShmooCon Firetalks With several more submissions between our last post and the CFP due date, the selection committee has been hard at work trying to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers But before we get on to the talks I just wanted to thank the selection committee for all the hard work they put in over the last few weeks Since some may not want their full names out there, I ll just list them all by their Twitter handles dystonic, jack_daniel, jasonmoliver and nathiet And I would again like to thank our generous sponsors for not only providing some awesome prizes but also other contributions that are going to make this year s Firetalks the best so far Thanks Milton Security Group Dirty Security Lares Consulting Leverage Consulting Associates Liquidmatrix Security Digest Bulb Security And finally if you want to keep up with all the Firetalks going-ons, be sure to check back to the master Firetalks post periodically It is the home for any and all information relating to the ShmooCon 2012 FireTalks http://www.secuobs.com/revue/news/353202.shtmlhttp://www.secuobs.com/revue/news/353202.shtml Secuobs.com : 2012-01-20 00:12:21 - NovaInfosecPortal.com - Ever find yourself needing to do a quick security scan but are on a computer that doesn t have the right tools This happens to me periodically when we need a quick scan done from outside Out of curiosity I searched around and found a few good options that I thought you may find useful Nmap-Onlinecom Administered by MatouSeccom, a project started in 2006 run by a group of security experts concerned about user desktop security, this service offers almost the full capability of Nmap through a website The earliest reference I could find was in November of 2006 so they ve been around for awhile To use the service just pick between Quick Scan and Full Scan that scans your own detected IP address or a Custom Scan that gives you almost full access to Nmap s set of options including scanning a range of IPs Finally, agree to their ToS and hit Scan You have the option of waiting for the results in the browser or entering an email and password to have them emailed to you Keep the email and password handy as you can use these credentials to retrieve all your recent scans Note that no registration is required http://www.secuobs.com/revue/news/353078.shtmlhttp://www.secuobs.com/revue/news/353078.shtml Secuobs.com : 2012-01-19 16:53:53 - NovaInfosecPortal.com - A recent article over CSO Online by Taylor Armerding debates if password use might be outdated According to Armerding, some experts believe that passwords are becoming obsolete and alternative forms of authentication such as biometrics should be used Others argue that passwords are a solid form of authentication as long as they are used properly Even though Armerding enlightens us of arguments against passwords, I tend to agree with the pro-passwords camp and think this form of authentication is a long way from obsolete via CSOOnlinecom Despite all those death to passwords chants, some say it s still a solid form of authentication when users aren t being stupid about theirs It s 2012 The password is dead Long live the password Perhaps the division in the IT world is not quite that stark, but there is indeed division Some think it is past time to retire passwords, for what they say is the obvious reason They don t protect users, since they are so easily hacked All the talk about making passwords more secure is ignoring the elephant in the room they simply cannot be made secure Besides, there are other, better, authentication options, like biometrics, since nobody has your fingerprints, eyes http://www.secuobs.com/revue/news/352985.shtmlhttp://www.secuobs.com/revue/news/352985.shtml Secuobs.com : 2012-01-17 17:28:39 - NovaInfosecPortal.com - There s been some talk about cyber insurance lately How it s a great business strategy how it s a rip-off how you should approach it cautiously The first thing that comes to my mind when I think of cyber insurance are companies purchasing it as a replacement for actually implementing any security at all Instead of being pessimistic about it, the other day I was contemplating of ways cyber insurance could actually motivate companies to take infosec more seriously The first thought that came to mind was car insurance You know how you get a discount on insurance for having a car with best practices like anti-theft devices, anti-lock brakes, air bags, a good driving record, etc Insurance agencies could also offer lower premium rates based on similar infosec best practices Although agencies already offer such discounts, I haven t heard of many professionals using cyber insurance as a motivator to raise infosec s profile within their organizations As an example say a company is in the market for some cyber insurance because of increasing attacks against competitors If this is their first foray into the infosec realm, insurance agencies would offer relatively high rates They could also offer their set of http://www.secuobs.com/revue/news/352486.shtmlhttp://www.secuobs.com/revue/news/352486.shtml Secuobs.com : 2012-01-16 21:37:15 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week This Week Tuesday 1 17 ISSA DC Meetup - Attribution and Response by Paul de Souza at Government Printing Office Room A138 from 6 30 to 8 00 PM more info Thursday 1 19 ISSA NoVA Meetup - Privacy vs Security Achieving Balance In The Face Of Social Networks, Geolocation, and Cyberattacks by Randy Sabett at Oracle Reston from 5 30 to 8 30 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday ISSA Baltimore Meetup and CharmSec Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities http://www.secuobs.com/revue/news/352348.shtmlhttp://www.secuobs.com/revue/news/352348.shtml Secuobs.com : 2012-01-13 07:43:54 - NovaInfosecPortal.com - The good folks over at Akamai are looking to hire two security architect positions based out of Reston Below is the first one It looks a little more on the salesy side than I d normally go for but you might get to work with rybolov And don t forget if your organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post About the Job Enterprise Security Architects ESA s are technical professionals supporting both presales and post sales security activities They employ industry vertical and technical expertise to diagnose customer business challenges and technical needs and prescribe solutions that address customer security needs ESA s help scale Akamai s global security expertise by establishing good tactics, techniques and procedures TTP s for mitigating security challenges with Akamai solutions ESA s train Akamai security subject matter experts around the globe on these good practices in order to drive consistency, scale capability, and grow security acumen in order to better serve customer needs As a Senior ESA in Akamai s Global Security Center of Excellence, you will partner closely with Sales and field service and support personnel in an http://www.secuobs.com/revue/news/351882.shtmlhttp://www.secuobs.com/revue/news/351882.shtml Secuobs.com : 2012-01-11 17:58:54 - NovaInfosecPortal.com - After pushing the team to do some reviews over the last few days we have finally come up with the first round of speaker announcements for the ShmooCon 2012 Firetalks It s been a painful process trying to rate all of the awesome submissions but I think the team did a great job at finding a nice mix of talks up to this point Before continuing on I would like to let everyone know that there are still five additional slots available and the CFP is open through this Friday at 5 00 PM EST So if you have a topic and are contemplating whether or not to submit don t hesitate much longer To get started head on over to the EasyChair SC2012FT portal We are still looking for a few volunteers, specifically someone to create and hang some poster-sized signs so people can easily find where the sessions will be usually in Track 3, which is typically held a bit off the beaten track Also since the sessions are being recorded and streamed, we need someone to coordinate with the ShmooCon and hotel AV teams audio video not anti-virus so we can hopefully get direct audio feeds for better http://www.secuobs.com/revue/news/351513.shtmlhttp://www.secuobs.com/revue/news/351513.shtml Secuobs.com : 2012-01-09 16:22:57 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter This Week Monday 01 09 NoVA Hackers Association Meetup - No formal presentation but instead will be several approximately 20 minute talks by a few of the attendees at ICF International from 5 30 to 8 30 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Tuesday ISSA DC Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events or to receive updates on the meetups listed above Finally, check out our Calendar for http://www.secuobs.com/revue/news/350980.shtmlhttp://www.secuobs.com/revue/news/350980.shtml Secuobs.com : 2012-01-06 21:48:01 - NovaInfosecPortal.com - Well it s been a few weeks since our last update We hope everyone had a nice holiday break and at least a few people lucked out with the final round of ShmooCon tickets sales Over the past several weeks jack_daniel has been hard at work gathering sponsors to support the prizes and other fun stuff we have planned So at this point we would like to announce the prizes and sponsors for this year s Firetalks But before we get into the prizes and sponsors I did want to make a few announcements regarding some of our upcoming activities We ve received a record number of submissions this year and will be announcing the first set of talks on Monday or Tuesday next week If you have been thinking of submitting and haven t yet, please do the more topics we get, the better we can provide a balanced program As before just head on over to the EasyChair SC2012FT portal The RFP will be closing at 5 00 PM on Friday the 13th I am also happy to announce is that the NoVA Hackers Association will be running a ShmooCon Epilogue conference meetup following ShmooCon on Monday the 30th If you haven t http://www.secuobs.com/revue/news/350725.shtmlhttp://www.secuobs.com/revue/news/350725.shtml Secuobs.com : 2012-01-03 21:17:29 - NovaInfosecPortal.com - Over the holidays I came across an announcement that Pentagon officials have approved the use of Android in addition to BlackBerry to meet their mobile computing needs In summary the reasons why they chose Android included Open Source Platform Google likes to call Android open source however they only legally meet what true open source is Besides the ability to fork the entire code base, their open source model doesn t differ that much from IOS It s take it or leave it with no community or transparency during development In terms of what the DoD is looking for just being able to fork it , this would meet their requirements Lock Down after Login Failures True but most other smartphones offer the feature of locking down the platform after so many failed login attempts so this isn t too much of a security discriminator They also poopooed iOS for various reasons including Closed Source Code True but you think the US government could work out a NDA with Apple so they could at least review the code Still, it s a long way from Android s open source model GPS Regularly Reporting to Apple Why Apple do you do this At least http://www.secuobs.com/revue/news/350110.shtmlhttp://www.secuobs.com/revue/news/350110.shtml Secuobs.com : 2012-01-03 16:24:56 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A slow week to start the year with nothing formal and all you have to do is show up and be ready to talk shop This Week Thursday 01 05 OWASP NoVA Meetup- Normal meetup at Oakton Public Library from 6 00 to 9 00 PM more info Friday 01 06 2600 Arlington Meetup- Normal meetup atChampps Pentagon Row from 7 00 to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA Hackers Association Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter http://www.secuobs.com/revue/news/350049.shtmlhttp://www.secuobs.com/revue/news/350049.shtml Secuobs.com : 2011-12-29 23:11:04 - NovaInfosecPortal.com - Ira Winkler posted an interesting article a month or so ago yes, I ve had this post in the hopper for a while over at Computer World entitled Let s scuttle cybersecurity bachelor s degree programs What really caught my attention were some of the tweets surrounding it, especially how they seemed to imply this statement was for ALL infosec degrees weldpond Ira Winkler Let s scuttle cybersec bachelors degree programs Shld incorporate sec into regular CS prog https wwwcomputerworldcom s article 9221668 Let_s_scuttle_cybersecurity_bachelor_s_degree_programs 0xcharlie WeldPond I think infosec should be in a trade school with apprenticeships and such, not in a degree program weldpond 0xcharlie Your idea is not mutually exclusive with teaching CS majors secure coding concepts We probably need both The suggestion that we should not have infosec degrees totally caught me off guard and went counter to the way I ve been thinking for a while Even our new blogger judykavuo, who is currently getting her masters in infosec, felt the need to write about it and counter a few points In the past I ve given presentations and we have blogged here about how getting an infosec degree is an excellent starting point for those entering our field We ve found that most infosec degrees or certificates http://www.secuobs.com/revue/news/349500.shtmlhttp://www.secuobs.com/revue/news/349500.shtml Secuobs.com : 2011-12-28 16:39:27 - NovaInfosecPortal.com - Here s another quick post on an article I ve been meaning to mention for the last month or so It falls under the 2012 prediction category so referencing it now still seems relevant Plus it follows nicely with yesterday s post on the hottest security jobs but is more focused on salary I ve added some commentary to the main points I pulled out just for the fun of it In summary Infosec salaries should rise by an average by 45pourcents grecs Yet those CEOs are getting 20pourcents pay increases Also my insurance premiums are still increasing by that same 20pourcents so I guess I'll be 155pourcents in the hole for 2012 But on the other hand at least we should be getting raises There are lots of positions but not enough skilled people grecs Good for us I guess but it may also pollute our profession with people that don't really care as much about infosec and are just doing it for the money Data security analysts is THE hot security job for the next year grecs Nice general title to mention there It could mean almost anything CISSP and Security certificates continue to be the most in demand http://www.secuobs.com/revue/news/349257.shtmlhttp://www.secuobs.com/revue/news/349257.shtml Secuobs.com : 2011-12-27 16:49:58 - NovaInfosecPortal.com - As we start the new year out with all our resolutions maybe one of your goals is to get a better job Well earlier this month I came across an article that may provide some insight into some of the hot jobs for 2012 and beyond As originally posted by GovInfoSecuritycom based on a study by Dicecom, they found the following jobs to be the ones to focus on Security Analyst Security Architect Application Security Security Engineer Network Security In our general demographic ie, DC in the government sector the biggest opportunities seem to be as Security Analysts, Security Engineers, and Network Security pros If you re looking for the biggest paycheck, although not as much fun, and are a bit more seasoned go for Security Architect positions Also I found it strange that forensics wasn t mentioned anywhere GovInfoSecuritycom previously discussed how forensics was THE field to get into We pointed out some of these posts here and here It s nice to have a study like this one that points out where the biggest opportunities may be however my overall advice is still to find a job you love At least maybe this list will give you some starting points http://www.secuobs.com/revue/news/349141.shtmlhttp://www.secuobs.com/revue/news/349141.shtml Secuobs.com : 2011-12-27 04:54:16 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Well as expected it s a pretty slow week with Christmas being over and New Year s around the corner We only have one event listed below but hopefully CapSecDC will pop up with something on Wednesday Anyway, here are your meetups for this week as well as a preview for next week This Week Thursday 12 29 CharmSec Meetup Normal meetup at Slainte Irish Pub Restaurant from 7 00 to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday OWASP NoVA Meetup Friday 2600 Arlington Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And http://www.secuobs.com/revue/news/349083.shtmlhttp://www.secuobs.com/revue/news/349083.shtml Secuobs.com : 2011-12-26 18:41:38 - NovaInfosecPortal.com - Today s post was contributed by Sarah Clarke on her thoughts of NIST s recent update to SP 800-64 Electronic Authentication Guideline Another milestone has been reached in the race to get rid of now-suspect RSA token technology On December 12, 2011, NIST published the Electronic Authentication Guideline SP-800-63-1, which updates guidance previously provided in SP-800-63 The updated document provides guidance on how federal agencies should implement the four levels of assurance defined in OMB M-04-04 as they apply to users authenticating to government systems over untrusted, public networks NIST s summary of the updates PDF includes Recognition of more types of tokens, including pre-registered knowledge token, lookup secret token, out-of-band token, as well as some terminology changes for more conventional token types Detailed requirements for assertion protocols and Kerberos A new section on token and credential management Simplification of guidelines for password entropy and throttling Emphasis that the document is aimed at Federal IT systems Recognition of different models, including a broader e-authentication mode Clarification of differences between Levels 3 and 4 in Table 12 and New guidelines that permit leveraging existing credentials to issue derived credentials The press release adds Government agencies have the option of using the services of companies http://www.secuobs.com/revue/news/349050.shtmlhttp://www.secuobs.com/revue/news/349050.shtml Secuobs.com : 2011-12-20 05:18:20 - NovaInfosecPortal.com - Although many of the details are still being worked out we wanted to put out a quick post to announce the ShmooCon 2012 FireTalks CFP and solicit sponsors CFP This year we are planning on having up to five 15-minute speaking slots each night depending on the final discussions the ShmooCon team is having with the conference hotel We are hoping to accommodate many of the awesome submissions that ShmooCon was not able to accept due to the finite number of speaking slots If you are already speaking at ShmooCon, please be considerate and leave submissions open to others Other than that the only thing we are looking for is a nice mix of established and new speakers To ease our submission load, we will be using the free EasyChair Conferencing System We used it to handle submissions in the past and it worked nicely It just requires that you create an account, login, and select New Submission from the top menu From there just fill out as much information as you can and hit the Submit button To get started head on over to the EasyChair SC2012FT portal Call for Sponsors Similar to last year we will have http://www.secuobs.com/revue/news/348130.shtmlhttp://www.secuobs.com/revue/news/348130.shtml Secuobs.com : 2011-12-19 16:13:56 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Before we get things started, we novainfosec would to wish you a Merry Xmas Now with that out of the way, here are a couple of meet-ups to get you through the work Nothing formal, all you have to is drop in and talk shop Anyway, here are your meetups for this week with a preview for next week Tuesday 12 20 ISSA DC Meetup- Advanced Threat Modeling by John Steven at Government Printing Office Room A138 from 6 30 to 8 00 PM more info Wednesday 12 21 OWASP DC Meetup- New Features in the Web Exploitation Framework wXf by Ken Johnson tentatively Chris Gates at Living Social from 6 30 to 8 30 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday CharmSec Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local http://www.secuobs.com/revue/news/347994.shtmlhttp://www.secuobs.com/revue/news/347994.shtml Secuobs.com : 2011-12-13 23:49:30 - NovaInfosecPortal.com - For the past two years we ve had the privilege of hosting the Firetalks at ShmooCon and are excited to formally announce the ShmooCon 2012 FireTalks If you followed the FireTalks in the past, this year s will essentially run the same however with one minor difference Instead of having six 15-minute sessions each night, we will be decreasing that to five That should give us 15 minutes of time to play with for intros, computer switches, etc The goal is not to take up too much of your time and last year we found that having six sessions pushed closer to 2 hours rather than 15 hours Similar to last year we will be using the same CFP system and selections will be made based on having a nice mix of established and new speakers We ll also continue our tradition of having a three person panel to judge the talks based on various factors with the top talks getting some awesome prizes For all the latest happenings, check back to this post periodically It is the home for any and all information relating to the ShmooCon 2012 FireTalks We will also be putting out short update posts with just the new http://www.secuobs.com/revue/news/346976.shtmlhttp://www.secuobs.com/revue/news/346976.shtml Secuobs.com : 2011-12-12 16:55:29 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter The week has turned out to be our busiest week yet, with meet-ups on everyday of the week We are sure you will find something to do and keep you busy There are 2 new meet-ups on our calendar, don t be afraid to drop in and talk shop Anyway, here are your meetups for this week with a preview for next week Monday 12 12 NoVA Hackers Association Meetup- No formal presentation but instead will be several approximately 20 minute talks by a few of the attendees at ICF International from 5 30 to 8 30 PM more info Tuesday 12 13 Digital Forensics Incident Response Lightning Talk Meetup- 10 Speakers - 10 Presentations - 360 Seconds Each at Hilton Hotel Washington from 6 30 to 8 30 PM more info Wednesday 12 14 ISSA Baltimore Meetup- CyberSecurity The Enemy Within, How to Detect, Block and Kill IT by Jason Brvenik, VP of http://www.secuobs.com/revue/news/346648.shtmlhttp://www.secuobs.com/revue/news/346648.shtml Secuobs.com : 2011-12-12 04:56:12 - NovaInfosecPortal.com - This one time at ShmooCamp I had an urge to start a blog Well long story short I came home after a late night at ShmooCon, setup a blog and posted the following article Welcome to the NovaInfosecPortal Security News, Events, and Resources for Infosec Professionals in NoVA We ve been planning to start a site dedicated to information security for a long time but just never got around to doing it Tonight, however, after the excitement of Saturday at ShmooCon in Washington, DC, we finally decided on a good niche centralizing security news, events, and resources for infosec professionals in Northern Virginia NoVA and took the first step into making this idea a reality Enjoy Ok maybe the title was a little too long but with those 66 words I started this site I actually did end up returning to ShmooCon the following morning but since I had been up until 5 00 AM or so, I obviously missed the first few talks Thanks to the WayBack Machine I can even get a snap-shot of what this post actually looked like as you can see above The first actual snap-shot didn t show up in the http://www.secuobs.com/revue/news/346570.shtmlhttp://www.secuobs.com/revue/news/346570.shtml Secuobs.com : 2011-12-09 20:48:45 - NovaInfosecPortal.com - A recent article over at Computer World suggested that the best way to create new infosec talent for the burgeoning security field may not necessarily be to push students through budding cyber security degree programs Depending on the situation I feel this assertion may or may not be valid Two potential options managers often contemplate include either investing in current employees or hiring new cyber security degree holders I think cross-training existing employees who have traditional degrees, a few years of experience and expertise in specific IT skills sets can improve security more due to their familiarity with the technology they are securing On the other hand, hiring green graduates who are curious and think outside the box can stimulate new innovative security approaches for the organization So unfortunately in the end it s still a toss up in my opinion and once again it depends on the type of positions you are trying to fill via ComputerWorldcom We re hearing that the best way to deal with the shortage of cybersecurity professionals is to funnel students into cybersecurity degree programs And while we re at it, let s address the problem of all those hackers who are thinking outside of the box http://www.secuobs.com/revue/news/346377.shtmlhttp://www.secuobs.com/revue/news/346377.shtml Secuobs.com : 2011-12-09 16:19:32 - NovaInfosecPortal.com - The long wait for a key Federal cloud computing program is over with the launch today of FedRAMP FedRAMP will help Federal Agency managers to adopt cost-saving and service improving cloud computing solutions For over two years the Federal government s cloud first policy has floundered Government executives and managers moved cautiously on adoption concerned about possible insecurity of the platform and the costs for FISMA authorization of complex cloud computing solutions Cloud Service Providers CSP have likewise been concerned with how different agencies had conflicting requirements and interpreted security control requirements differently With multi-tenant solutions CSPs were beset by each tenant Agency wanting their own authorization, making business with the government a frustrating affair While there have been notable wins for cloud vendors over the past year many Federal systems that would benefit from a move to the cloud had the moves delayed until better policy and guidance was available to address those concerns FedRAMP Arrives FedRAMP supplies the policy and guidance starting with the release by Federal CIO Steven VanRoekel of the FedRAMP memo, Security Authorization of Information Systems in Cloud Computing Environments PDF As FedRAMP develops additional documentation it will be posted at the GSA hosted FedRAMPgov site http://www.secuobs.com/revue/news/346328.shtmlhttp://www.secuobs.com/revue/news/346328.shtml Secuobs.com : 2011-12-08 17:47:31 - NovaInfosecPortal.com - As one of the components of an information system, does the user component need more security emphasis than attackers As many suggest, the human aspect is the weakest link in an organization s information security because users interact with an information system both inside and outside the organization An article posted recently on TechJournal South seem to imply that we should put more emphasis on the human aspect instead of attackers Even though TechJournal s approach is valid, I think that a balance should be struck between the two Rather than applying an across the board rule to stress either the user or attacker more, organizations should instead apply focus based on the risks they face via TechJournalSouthcom Computer security experts have long pointed out that human beings are often the weak link allowing cyber attacks to succeed Now, researchers at the Maryland Cybersecurity Center have reaffirmed that security measures must aim at users, not just attackers Users expose the network to attacks, one said In a unique collaboration, an engineer and a criminologist at the University of Maryland, College Park, are applying criminological concepts and research methods in the study of cybercrime, leading to recommendations for IT managers to use in http://www.secuobs.com/revue/news/346128.shtmlhttp://www.secuobs.com/revue/news/346128.shtml Secuobs.com : 2011-12-06 23:48:16 - NovaInfosecPortal.com - Wanna be responsible for IT security for an entire organization Well here s your chance It looks like a great opportunity for a very experienced infosec professional interested in a managerial or business leadership position The opportunity requires 15-20 years of experience in a security role and someone who knows network security architecture and infrastructure And don t forget if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details Well anyway on to the job post Overview A client of CSO Security Risk is seeking a Chief Security Officer CSO who will be responsible for directing activities of the corporate security function and operational risk management to enhance the value of the company and brand The successful candidate will work closely with the VP of Infrastructure and Operations to manage security functions related to corporate information systems and data centers The CSO will oversee a network of employees and vendors who safeguard the company s assets, intellectual property and computer systems Physical protection responsibilities will include physical safety of employees and visitors, asset protection, workplace violence prevention, access control systems, video surveillance, and more Information protection responsibilities will http://www.secuobs.com/revue/news/345725.shtmlhttp://www.secuobs.com/revue/news/345725.shtml Secuobs.com : 2011-12-06 07:32:31 - NovaInfosecPortal.com - I came across a tweet that mentioned the Lifehacker Workout and thought it was an excellent effort for giving geeks the motivation to get a little more exercise They used a service called Fleetlycom to build out several individual workouts and then incorporated these workouts into a challenge They set a target of 15 workouts over a period of one month with 3 to 4 workouts per week Although the Lifehacker workouts and challenge looked great, I was looking more for something that could provide a little motivation each day just to get off my butt and walk around a bit and maybe do a few strength exercises I try to workout a few times each week already so I just wanted this to be something that would motivate me during the day to get out and away from computer for a bit Using the Fleetlycom service I created an simple 20 minute per day exercise plan baby steps here and thought others in the local community might be interested in participating as well Here is a quick description of the workout I created on Fleetlycom Just a quick 20 minute break with some walking and a few strength http://www.secuobs.com/revue/news/345521.shtmlhttp://www.secuobs.com/revue/news/345521.shtml Secuobs.com : 2011-12-05 17:39:59 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Only a couple of meet-ups this week with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week with a preview for next week Wednesday 12 07 ISACA CM Meetup- IT Governance by Scott Higgens at Snyders Willow Grove Restaurant from 10 45 AM to4 00 PM more info NoVA Forensics Association Meetup- Normal Meetup at Reverse Space from 7 00 to 8 30 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA Hackers Association Meetup Wednesday ISSA Baltimore Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do http://www.secuobs.com/revue/news/345388.shtmlhttp://www.secuobs.com/revue/news/345388.shtml Secuobs.com : 2011-12-03 22:53:21 - NovaInfosecPortal.com - I skipped last week but am back for more with another Weekly Rewind post The industry news is from this past week however our blog posts go back about two weeks to the last Weekly Rewind Also I didn t include some of our standard articles due to their time relevancy For some of those readers that may not have noticed, I actually tack on commentary to the industry articles so check out my italicized bolded opinions and let me know if you agree in the comments Lastly, take a zoomed up gander at the job application image to the right that mubix posted earlier this week North Carolina is probably one state I won t be applying to Industry Articles Cracking MD5 Passwords with BozoCrack A couple of weeks ago I saw someone mention a little script called BozoCrack on Twitter and I decided to check it out What caught my attention is that BozoCrack simply cracks md5 hashes by doing a search on Google for that hash Once it finds the hash and the text that goes with it, it spits it back out on the screen Not really cracking of course, but its pretty dang effective continued here grecs http://www.secuobs.com/revue/news/345208.shtmlhttp://www.secuobs.com/revue/news/345208.shtml Secuobs.com : 2011-12-01 16:42:50 - NovaInfosecPortal.com - Today s the day or at least one of three days throughout the year where we drop everything around 11 55 AM EST, head over over to the ShmooCon registration page, and starting F5ing the hell out of our computers with the hope of getting a barcode Being someone that s attended ShmooCon for four or so years now, I thought I d pull together some of my tips for getting ShmooCon tickets I ve written about this previously however the ticket process has significantly changed since 2009 Tip 1 Read Become Familiar with the ShmooCon Purchase Instructions This is a repeat from my 2009 tips but is still very relevant today It comes from the organizers themselves and one we should all take seriously They explained the whole process in the So the actual process will go like this section on the registration page Tip 2 Keep Refreshing to Buy Tickets Even if You Get a Sold Out Message Here s another repeat from 2009 and I ve anecdotally found it continues to be helpful After you get the dreaded sold out message fear not In previous years there s been reports that the ticket system would let some slip through even after http://www.secuobs.com/revue/news/344813.shtmlhttp://www.secuobs.com/revue/news/344813.shtml Secuobs.com : 2011-12-01 02:14:13 - NovaInfosecPortal.com - This position over at Technica looks like a great opportunity for any of the more seasoned among us It requires a masters, 5 years experience, and someone that really knows how to reverse engineer malware And I can tell this manager knows how to hire the right kind of people Required Technical Certifications None Required Department Direct Services Category Information Assurance Security Clearance Level DoD Secret Years of Experience 5 YRS Education Masters Degree Company Description Technica is an innovative provider of high quality information technology solutions, process engineering and information assurance expertise Our award winning teams focus on building strong customer relationships to ensure the absolute best solutions to difficult challenges We have a well established track record of success and are experiencing double digit growth, primarily in the federal sector Consider joining our team if you have true commitment to excellence, along with the desire to perform and compete at a world class level Welcome Description Serves as subject matter expert with in-depth experience in intrusion analysis, threat detection, hacking tools and techniques, forensic analysis, mobile security, reverse engineering of malware, honeypots, and Unix Windows operating systems Programming experience a definitely plus Experience with IDA Pro,OllyDbg, Ruby, http://www.secuobs.com/revue/news/344706.shtmlhttp://www.secuobs.com/revue/news/344706.shtml Secuobs.com : 2011-11-29 03:28:43 - NovaInfosecPortal.com - I read an interesting article this morning over on InfosecIslandcom that discussed the security of using Skype in the enterprise As expected it didn t give us the magic yes or no but instead the typical it depends Overall, I thought the author made a very good point in that we trust a lot of our data to third parties, as I ve mentioned in my teleconference security post, and Skype is just another third-party The decision to use Skype should just follow the same considerations you d normally take when acquiring any new third-party service But I know you want the magic yes or no The article described the initial premise of within a business environment for very specific cases And let s assume that those specific cases don t include discussing your top-secret plans to take over the world I d say go for it Furthermore, I d say probably 95pourcents of the content in our daily conversations is already publicly known shoulders, giants, dwarfs and all , mindless dribble, gossip or basically stuff that just isn t sensitive at all and as such it s fine to use Skype practically all the time No sense throwing the baby out with the bathwater via InfosecIslandcom SecureState was http://www.secuobs.com/revue/news/344238.shtmlhttp://www.secuobs.com/revue/news/344238.shtml Secuobs.com : 2011-11-28 19:10:41 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter We hope you had a wonderful Thanksgiving weekend and to get you back to the work week, here is light schedule for this week There is nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Wednesday 11 30 CapSecDC Meetup- A New Home at Fado Irish Pub Restaurant from 6 00 to 9 00 PM more info Thursday 12 01 OWASP NoVA Meetup- Cloud Control Assurance in a Massively Scalable World by Ben Tomhave at QinetiQ Reston from 6 00 to 9 00 PM more info CharmSec Meetup- Normal Meetup at Slainte Irish Pub Restaurant from 7 00 to 10 00 PM more info Friday 12 02 2600 Arlington Meetup- Normal Meetup at Champps Pentagon Row from 7 00 to 10 00 PM more info And for those who would like http://www.secuobs.com/revue/news/344133.shtmlhttp://www.secuobs.com/revue/news/344133.shtml Secuobs.com : 2011-11-25 19:48:04 - NovaInfosecPortal.com - Looks like a great job opportunity has turned up over at the NoVA Hackers Association s facility host I know several of the folks that work in their security department over there and it seems like a challenging and rewarding place to work The Company ICF International NASDAQ ICFI partners with government and commercial clients to deliver professional services and technology solutions in the energy and climate change environment and infrastructure health, human services, and social programs and homeland security and defense markets The firm combines passion for its work with industry expertise and innovative analytics to produce compelling results throughout the entire program life cycle, from research and analysis through implementation and improvement Since 1969, ICF has been serving government at all levels, major corporations, and multilateral institutions More than 3,500 employees serve these clients worldwide ICF s Web site is wwwicficom Job Description ICF International is currently looking for a Security Engineer II with enterprise security architecture and engineering experience This position will report directly to the Information Security Officer in the Corporate Information Technology group The Security Engineer II will implement, utilize and maintain security solutions related to host and network based intrusion detection and prevention, access control, system hardening, http://www.secuobs.com/revue/news/343854.shtmlhttp://www.secuobs.com/revue/news/343854.shtml Secuobs.com : 2011-11-20 04:33:26 - NovaInfosecPortal.com - Well it s been a few weeks since I got one of these Weekly Rewind posts out The industry news is from this past week however our blog posts go back to the last Weekly Rewind post I didn t include some of our standard articles due to their time relevancy And for some of those readers that may not have noticed, I actually tack on commentary to the industry posts so please check out my italicized and bolded opinions and let me know if you agree in the comments Industry Articles Twitter Ordered to Yield Data in WikiLeaks Case A federal judge on Thursday ruled that Twitter, the popular microblogging platform, must reveal information about three of its account holders who are under investigation for their possible links to the WikiLeaks whistle-blower site The case has become a flash point for online privacy and speech, in part because the Justice Department sought the information without a search warrant last year Instead, on the basis of a 1994 law called the Stored Communications Act, the government demanded that Twitter provide the Internet protocol addresses of three of its users, among other things An Internet protocol address identifies and gives the location http://www.secuobs.com/revue/news/341616.shtmlhttp://www.secuobs.com/revue/news/341616.shtml Secuobs.com : 2011-11-18 14:19:43 - NovaInfosecPortal.com - After taking a few months off the folks over at NoVA CTF just released a new challenge to the NoVA Hackers list They gave me permission to republish the challenge here for the rest of the community to enjoy A terrible cyber attack has taken place but fortunately network sensors captured a pcap of all network activity during this time Your job, should you choose to accept it, is to examine the pcap and answer the following questions Who was the attacker and victim What went on before during after the attack How was the machine exploited Here is the pcap file to examine No prizes or anything but feel free to post your answers in the comments below Today s post image is from KidzWorldcom http://www.secuobs.com/revue/news/341401.shtmlhttp://www.secuobs.com/revue/news/341401.shtml Secuobs.com : 2011-11-15 18:57:46 - NovaInfosecPortal.com - I didn t mention it in my previous post Usable Browser Privacy Security but another Firefox plug-in I normally use is the popular online LastPass password manger Well, the other day I noticed a new feature but hadn t seen much discussion of it within the security community Yes, I use LastPass and find it very useful in managing many of my passwords for low to medium value websites I use roughly three different computers on most days and having to regularly sync a password archive across them is cumbersome so the online aspect of LastPass is a welcome solution Although I probably wouldn t store high value passwords using an online service like this, LastPass provides an simple way to use different strong passwords for every site you need to authenticate to It allows good password practices while keeping the web easy to use For this reason I recommend it to many of my non-technical family and friends as a more transparent way for them to follow good password practices without too much of a usability hit The key to LastPass s security is the master password a user creates for their archive Of course it goes without saying that they need http://www.secuobs.com/revue/news/340806.shtmlhttp://www.secuobs.com/revue/news/340806.shtml Secuobs.com : 2011-11-14 21:46:50 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Monday 11 14 NoVA Hackers Association Meetup- No formal presentation but instead will be several approximately 20 minute talks by a few of the attendees at ICF International from 5 30 to 8 30 PM more info Tuesday 11 15 ISACA NCA Meetup- Web ERP Security Controls at Holiday Inn Rosslyn at Key Bridge 7 30 AM to 4 30 PM more info ISSA DC Meetup- An Enterprise Vulnerability Management Program by Chris Kostick at Government Printing Office Room A138 6 30 to 8 00 PM more info Thursday 11 17 ISSA NoVA Meetup- Panel Discussion of Congressional Staffers Assigned to Create the Cyber Security Bill moderated by Elizabeth Hyman at Noblis 5 30 to 8 30 PM more info And for those who would like to plan ahead, here http://www.secuobs.com/revue/news/340587.shtmlhttp://www.secuobs.com/revue/news/340587.shtml Secuobs.com : 2011-11-10 07:15:28 - NovaInfosecPortal.com - The significant increase in the threats to our computer systems has created a huge demand for professionals with cybersecurity degrees over the last decade Even though the expertise in information security has been around for a long time, there are estimated 30, 000 cybersecurity related jobs coming to the Baltimore-Washington, DC area as DC is specially in need of government IT security specialists according to the University of Maryland University College This demand has urged many to begin careers in cybersecurity and infosec Hence the question, what is the best way to prepare for a career in this field The other day we put out a quick post on the new 22 NSA Centers for Academic Education CAE in Information Assurance We whittled down all of those schools to just the four in our area and also considered local schools that were already on the list Many of the schools on the CAE list may offer classes or research in information assurance but lack full cybersecurity programs Here we attempt to identify those that include formal programs you could apply for There are also many programs that offer general degrees with a concentration in infosec but we didn t include those http://www.secuobs.com/revue/news/339873.shtmlhttp://www.secuobs.com/revue/news/339873.shtml Secuobs.com : 2011-11-07 17:21:19 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Happy Halloween to every one out there Be ready to talk shop as nothing is formal this week with only one meetup Anyway, here are your meetups for this week Wednesday 11 09 ISACA CM Meetup- An Enterprise Vulnerability Management Program by Chris Kostick at Snyders Willow Grove Restaurantfrom 10 45 AM to 4 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA HAckers Association Meetup Tuesday ISACA NCA Meetup ISSA DC Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on http://www.secuobs.com/revue/news/339280.shtmlhttp://www.secuobs.com/revue/news/339280.shtml Secuobs.com : 2011-11-03 04:53:24 - NovaInfosecPortal.com - One thing we like to do here is provide summaries of events that happen around the area Recaps of multi-day conferences are pretty time-consuming to write and thus I don t notice too many of them getting published Fortunately, Ben falconsview Tomhave wrote up his reflections on the ISSA Intentional Conference held last month and he gave us permission to repost his article If you happen to attend one of the local meetups or conferences and want to write up your thoughts, we d be glad to host it for you Also even if you don t have time to write a full recap, feel free to leave your take-aways and opinions by commenting on any of the events in our calendar And without further ado here s Ben s post Reflections on 2011 ISSA Int l Conference I had the opportunity to attend the 2011 ISSA International Conference held Oct 20-21 in Baltimore, MD Overall, it was a decent, albeit fairly small, event Beyond getting a chance to catch-up with some industry friends, it also provided a chance to hear a few interesting talks, as well as to discuss a couple topics that have been of interest lately Rather than recap things in too http://www.secuobs.com/revue/news/338551.shtmlhttp://www.secuobs.com/revue/news/338551.shtml Secuobs.com : 2011-10-31 15:55:23 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Happy Halloween to every one out there Be ready to talk shop as nothing is formal this week with only one meetup Anyway, here are your meetups for this week Thursday 11 03 OWASP NoVA Meetup- Lessons Learned from the SQL Injection Challenge by Ryan Barnett a senior security researcher on Trustwave s SpiderLabs Team at QinetiQ from6 00 to 9 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Wednesday ISACA CM Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events or to receive updates on http://www.secuobs.com/revue/news/337821.shtmlhttp://www.secuobs.com/revue/news/337821.shtml Secuobs.com : 2011-10-24 16:33:09 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Wednesday 10 26 CapSecDC Meetup- Normal Meeting at Stetson from6 00 to 9 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday OWASP NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute events or to receive updates on the meetups listed above Finally, http://www.secuobs.com/revue/news/336544.shtmlhttp://www.secuobs.com/revue/news/336544.shtml Secuobs.com : 2011-10-19 05:46:15 - NovaInfosecPortal.com - I noticed an odd thing the other day I hadn t seen any recent posts from one of my preferred Twitter security news feeds over at the regsecurity account I skimmed through the people I follow and noticed that I was no longer following them Now I could have sworn I was following this account Then I headed over to their Twitter page and noticed that they only had around 40 tweets and 60 followers Was this a fake account The real one wouldn t be this sparse Maybe I mistyped the account or something After a few searches on SnapBirdorg I found that it was indeed the correct Twitter account and the last time I tweeted a story by them was on September 28th Although a lot of people have a love-hate relationship with The Register s reporting style, I ve always liked them because their stories are usually concise and to the point without a lot of fluff that other publishers tend to include That fluff may be necessary for the lay audience but if you re somewhat like me and just want the facts quickly then The Register is great Yeah, they do tend to sometimes inflate headlines but I guess their often funny sub-titles make http://www.secuobs.com/revue/news/335628.shtmlhttp://www.secuobs.com/revue/news/335628.shtml Secuobs.com : 2011-10-17 19:31:41 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Tuesday 10 18 ISACA NCA Meetup- Emerging IT Issues at Holiday Inn Rosslyn at Key Bridge from 7 30 AM to 4 30 PM more info ISSA DC Meetup- Mobile Devices Gathering Information and Protecting Organizations by Amber Schroader CEO of Paraben Corporation at Government Printing Office from 6 30 to 8 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Wednesday CapSecDC Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to http://www.secuobs.com/revue/news/335212.shtmlhttp://www.secuobs.com/revue/news/335212.shtml Secuobs.com : 2011-10-17 00:27:06 - NovaInfosecPortal.com - Here s another edition of the Weekly Rewind, where we post out a quick summary of industry articles you seemed to like as well as our stories from the past week If you missed anything or happened to be offline, we hope you find this post useful as a reference Industry Articles Possible Governmental Backdoor Found Case R2D2 The announcement was made public on cccde with a detailed 20-page analysis of the functionality of the malware Download the report in PDF in German The malware in question is a Windows backdoor consisting of a DLL and a kernel driver The backdoor includes a keylogger that targets certain applications These applications include Firefox, Skype, MSN Messenger, ICQ and others The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls In addition, the backdoor can be remotely updated Servers that it connects to include 8323614090 and 20715822134 continued here grecs Is it right Is it wrong I guess the courts will decide or they'll just pass a law saying that it's legal The Business Case for Certifications In the wake of widely published corporate frauds, scandals and information security incidents, organizations recognize that proper governance of http://www.secuobs.com/revue/news/335087.shtmlhttp://www.secuobs.com/revue/news/335087.shtml Secuobs.com : 2011-10-13 23:46:00 - NovaInfosecPortal.com - Right now sensitive propriety information is leaving your organization and falling into the hands of your competitors But your executive management team has strongly supported your efforts to secure the enterprise over the past few years You ve used this support to build a world-class security program Protection starts with the data and works its way out through all applications, hosts, and networks Baseline security technologies, like antivirus, intrustion detection prevention systems IDS IPS , and firewalls exist at each of these layers You keep all you systems patched yes, even the third party applications The latest advanced protection tools, like data loss prevention DLP , whitelisting, data activity monitoring DAM , and two-factor authentication, add to your extensive repertoire of controls all tuned to stop and or detect those trying to infiltrate you organization A strict configuration management program manages all of these controls and dedicated and well trained security staff monitor all application, host, network, and security control events through a highly tuned security information and event management SIEM system on a 24 7 basis Lastly, you meet all necessary compliance standards for your industry and your security awareness program is second to none Nevertheless data critical to the success of your organization is slowly leaking out http://www.secuobs.com/revue/news/334671.shtmlhttp://www.secuobs.com/revue/news/334671.shtml Secuobs.com : 2011-10-10 18:08:01 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Monday 10 10 NoVA Hackers Association Meetup- No formal presentation but instead will be several approximately 20 minute talks by a few of the attendees at ICF International from 5 30 to 8 30 PM more info Wednesday 12 ISACA CM Meetup - Data Protection, Securing Unstructured Data at Rest by Matt Mancuso at Snyders Willow Grove Restaurant from 8 30 AM to 2 00 PM more info Thursday 10 13 ISSA NoVA Meetup- Privacy vs Security Achieving Balance In The Face Of Social Networks, Geolocation, and Cyberattacks by Randy Sabett at Avaya Government Solutions from 5 30 to 8 30 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Tuesday http://www.secuobs.com/revue/news/333850.shtmlhttp://www.secuobs.com/revue/news/333850.shtml Secuobs.com : 2011-10-09 00:00:04 - NovaInfosecPortal.com - Here s another edition of the Weekly Rewind, where we post out a quick summary of industry articles you seemed to like as well as our stories from the past week If you missed anything or happened to be offline, we hope you find this post useful as a reference Industry Articles Steve Jobs How to Live before You Die grecs Nuff said watch here Computer Virus Hits US Drone Fleet A computer virus has infected the cockpits of America s Predator and Reaper drones, logging pilots every keystroke as they remotely fly missions over Afghanistan and other warzones The virus, first detected nearly two weeks ago by the military s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas Nor have there been any confirmed incidents of classified information being lost or sent to an outside source But the virus has resisted multiple efforts to remove it from Creech s computers, network security specialists say And the infection underscores the ongoing security risks in what has become the US military s most important weapons system continued here Monster Spam Campaigns Lead to Cyberheists Phishers and cyber thieves have been casting an unusually wide net lately, http://www.secuobs.com/revue/news/333647.shtmlhttp://www.secuobs.com/revue/news/333647.shtml Secuobs.com : 2011-10-07 22:15:48 - NovaInfosecPortal.com - How do you get started in an information security career This is a question we get asked a lot There are several ways but if you re looking to take a more formal approach, attending a school accredited as a National Center of Academic Excellence CAE is a great place to start Run by the NSA and DHS this program evaluates educational institutions and designates them as either Information Assurance Education IAE or Research R schools The goal, as stated on the program s page, is promoting higher education and research in IA and producing a growing number of professionals with IA expertise in various disciplines As of last year there were 123 schools with one or both of the CAE designations This year the program just announced an additional 22 schools Of those four of them are in the metro DC area Bowie State University MD College of Southern Maryland MD Community College of Baltimore County MD Wilmington University DE And in case you missed our local schools from their previous list, here they are for your convenience Anne Arundel Community College MD Capitol College MD Johns Hopkins University MD Prince George s Community College MD Towson University MD United States Naval Academy MD University of Maryland, Baltimore County MD University of http://www.secuobs.com/revue/news/333444.shtmlhttp://www.secuobs.com/revue/news/333444.shtml Secuobs.com : 2011-10-06 00:51:28 - NovaInfosecPortal.com - Wow, can t believe it s been a year already It just seemed like yesterday we were basking in the improved cybersecurity awareness of those around us Unfortunately, people seemed to fall back into their old routines rather quickly and we had one of the worst years on record There was the almost daily barrage of breach announcements with umpteen billions of pieces of personal and or financial information lost According to the SecurityNewsDailycom 2011 was set to be the worst year ever for security breaches Just to name a few from their article there was that whole RSA thing, that little problem Sony had, and the Epsilon email leak Some of the other ones included NASA s Goddard Space Flight Center, InfraGard, PBS, Nintendo, and Fox Want more We can also throw the European Commission, WordPresscom, the Institute of Electrical and Electronics Engineers IEEE , TripAdvisor, Gawker Media, Trapster, and the Pentagon s official credit union in there as well And that was only for the first 6 months of 2011 it doesn t even include November and December from last year as well as July through September of this year So what do we need to change this month to improve the dire situation we are in Nothing That s right http://www.secuobs.com/revue/news/332982.shtmlhttp://www.secuobs.com/revue/news/332982.shtml Secuobs.com : 2011-10-05 00:50:09 - NovaInfosecPortal.com - Ben falconsview Tomhave put out a nice post yesterday regarding the SANS 20 Critical Security Controls CSC In it he stressed how the they are 1 not actually controls, 2 not scalable, and 3 only designed to sell a product I don t know enough to comment on point 1 Point 2 seems right on target And I somewhat agree with point 3 Regardless, having such a starting list is good in that it provides a pick list of the basics we should be doing as mentioned by Ben in point 2 Unfortunately, strictly adhering to the 20 CSCs might end up prescribing costly unnecessary controls while missing critical ones Pictorially, I am reminded of the security vs compliance graphic I put out a while ago What you apply and don t apply should be based on a risk assessment of your organization rather than a standard list of controls My advice it s a real balancing act consider these controls as a starting point but filter out the ones you don t need based on your risk profile Next, consider adding in other security solutions to protect against your threats not covered by the 20 CSCs Anyway, so much for my thoughts on http://www.secuobs.com/revue/news/332714.shtmlhttp://www.secuobs.com/revue/news/332714.shtml Secuobs.com : 2011-10-03 18:56:18 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, with nothing formal and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Thursday 10 06 OWASP NoVA Meetup- A Boot Camp on Code Understanding How Modern Framework Dynamism Affects Assessments Remediation by John Steven at Cigital from 6 00 to 9 00 PM more info Friday 10 07 2600 Arlington Meetup - Normal Meetup at Champps Pentagon Row from 7 00 to 10 00 PM more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA Hackers Association Meetup Wednesday ISACA CM Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them http://www.secuobs.com/revue/news/332359.shtmlhttp://www.secuobs.com/revue/news/332359.shtml Secuobs.com : 2011-09-29 18:33:31 - NovaInfosecPortal.com - I don t see many articles discuss the topics of Mandatory Access Control MAC and Discretionary Access Control DAC that often but InfosecIslandcom published two nice example-based posts earlier this week Similar to a post last year from ElectricFork on the origins of the CIA triad, these concepts are fairly fundamental and so I thought we should shed some additional light on them Heading back to my of my favorite documents NIST IR 7298 Revision 1 Glossary of Key Information Security Terms PDF defines them as follows Mandatory Access Control MAC A means of restricting access to system resources based on the sensitivity as represented by a label of the information contained in the system resource and the formal authorization ie, clearance of users to access information of such sensitivity Discretionary Access Control DAC The basis of this kind of security is that an individual user, or program operating on the user s behalf, is allowed to specify explicitly the types of access other users or programs executing on their behalf may have to information under the user s control Got it Clear as mud, right The primary MAC concept that usually sticks with me is the labeling idea mentioned in http://www.secuobs.com/revue/news/331788.shtmlhttp://www.secuobs.com/revue/news/331788.shtml Secuobs.com : 2011-09-28 05:16:53 - NovaInfosecPortal.com - For the past few years forensics has been a very strong field in which to develop an infosec career The new curve though comes with the proliferation of cloud As more and more organizations migrate services into the cloud, forensics in these challenging environments has created another hot specialization in which to ponder a potential career move For those that are interested in getting a foothold into this high-demand niche, I read a good interview with Rob Lee yesterday that stressed five skills you need to posses in order to help you become one of the chosen few Upstream Intelligence Understanding data from upstream providers eg, ISPs Legal Skills Knowing when data can and connot be requested Technical Background Changing your perspective from static to dynamic data analysis Soft Skills Knowing how to convince others that they need to help you Collaborative Skills Working well with other groups in order to understand the big picture The article concludes with a section on salary and career scope Although the average forensic examiner brings in a measly 81K a year, those that focus in on specialties like cloud can command over six figures Not interested in forensics regardless if it s in http://www.secuobs.com/revue/news/331429.shtmlhttp://www.secuobs.com/revue/news/331429.shtml Secuobs.com : 2011-09-26 23:53:44 - NovaInfosecPortal.com - Last week I noticed NIST put out another draft infosec document that they need comments on This time the publication that needs updated is SP 800-30, Guide for Conducting Risk Assessment, Revision 1 And updated it is in need of NIST released the original version almost 10 years ago Then it was known as the Risk Management Guide for Information Technology Systems This revision narrows the focus of the document to just risk assessment rather than the entire risk management process As you may know SP 800-39, Managing Information Security Risk, has taken over those duties Over the years we ve had several posts discussing this key document rybolov talked about it way back in 2008 where he discussed how NIST should not change it SP 800-30 also made several appearances at many of the local meetups, including this ISSA DC meeting two years ago A few months later rybolov hit on it again in an overview post about NIST s core publications NIST puts these recommendations out and many of us working around DC have to deal with them due to customer requirements And we spend a lot of time complaining about what they should and shouldn t be Instead of complaining, http://www.secuobs.com/revue/news/331169.shtmlhttp://www.secuobs.com/revue/news/331169.shtml Secuobs.com : 2011-09-26 16:36:42 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Wednesday 9 28 CapSec DC Meetup Fall Is Here at Stetsons Famous Bar Grill from 6 00 to 9 00 PM more info Thursday 9 29 OWASP DC Meetup - Assessing your Assessment Practice John Steven, DHS Software Assurance Pocket Guides Krystal Moon Quang Pham, and Update on Current Upcoming Events Doug Wilson Mark Bristow at 2445 M Street NW Washington, District of Columbia 20037 from 6 30 to 9 00 PM more info CharmSec Meetup - Normal Meetup at Slainte Irish Pub Restaurant from 7 00 to 10 00 Pm more info And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday OWASP NoVA Meetup http://www.secuobs.com/revue/news/331075.shtmlhttp://www.secuobs.com/revue/news/331075.shtml Secuobs.com : 2011-09-25 05:23:23 - NovaInfosecPortal.com - Here s another addition of the Weekly Rewind, where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week If you missed anything or happened to be offline, we hope you find this post useful as a quick reference Our Blog Posts Where You Want to Be This Week for 2011-09-19 Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week continued here The Value of a CISSP Local blogger Laura Raderman put out a great post last week titled ISC 2 and the CISSP I think she s right on point in expressing how a lot of us feel regarding the ISC 2, the CISSP, http://www.secuobs.com/revue/news/330923.shtmlhttp://www.secuobs.com/revue/news/330923.shtml Secuobs.com : 2011-09-24 06:26:19 - NovaInfosecPortal.com - There were several stories this past few weeks that just sort of well I ll just say it pissed me off I know that s not too professional of me but it just gets my blood boiling Companies just seem to be doing the wrong thing lately Whether it be changing their terms of service ToS or downplaying potential serious vulnerabilities, everyone is taking the sleazeball way out instead of standing up and fixing their security problems Sony s New ToS As a fallout of all their recent breaches the good lawyers over at Sony decided to update their ToS forcing users to waive their right to take part in class action lawsuits Really Instead of spending the millions of dollars on their lawyer brigade, they should have spent it on rehiring the security monitoring staff they laid off and invested in strengthening their security posture On the other hand they do provide the option to opt-out You just have to write them a letter that includes 1 YOUR NAME, 2 YOUR ADDRESS, 3 YOUR PSN ACCOUNT NUMBER, IF YOU HAVE ONE, AND 4 A CLEAR STATEMENT THAT YOU DO NOT WISH TO RESOLVE DISPUTES WITH ANY SONY ENTITY THROUGH ARBITRATION http://www.secuobs.com/revue/news/330848.shtmlhttp://www.secuobs.com/revue/news/330848.shtml Secuobs.com : 2011-09-22 06:54:31 - NovaInfosecPortal.com - There have been a few articles over the past week describing some general suggestions on protecting mobile devices Coincidentally, I ve been doing some research on advice we could provide average everyday iPhone users on this topic and these articles confirmed much of what I ve found Yeah, we could consider using one of the newfangled commercial MDM solutions but for Mom and her personal iPhone this probably isn t an option Below you ll find my favorite suggestions in priority order with some commentary Note as with the original articles I ve kept these suggestions high level as to not focus on any specific platform That will be coming in a later post Configure to Lock Automatically Require a Password to Unlock I m fairly paranoid so I configure it to lock after 5 minutes And of course I use the password option versus a PIN Some devices might not support passwords so you may unfortunately be stuck using a PIN Pair this capability with a password PIN-based failure auto-wipe feature and you should be good to go Another great nugget of info encompassed in this suggestion is to set a PIN on your connected voicemail account to avoid being murdoched Regularly Back Up Your http://www.secuobs.com/revue/news/330327.shtmlhttp://www.secuobs.com/revue/news/330327.shtml Secuobs.com : 2011-09-21 16:07:13 - NovaInfosecPortal.com - According to GovInfoSecurity as well as several other publications, starting next month federal agencies will be required to implement continuous monitoring as part of their obligations under FISMA At a minimum continuous is defined as monthly All of their reported data needs to be fed into the CyberScope system Oh and for training and consulting on how to meet this new requirement, agencies are must attend CyberStat sessions Just a things to ponder here Given a minimum of monthly reporting being continuous, guess how often agencies will report Daily No Weekly Nope Biweekly Getting closer but still not there Continuous monitoring is suppose to start next month or like 10 days from now Another reason for just monthly reporting versus more frequent or even real continuous Agencies can wait until the end of October to report and at least they ll get 31 more days to prepare So we are implementing a major shift going from yearly reporting to continuous monitoring Is the government going to provide agencies additional budget to make this transition If continuous monitoring ends up costing more than yearly reporting, do agencies get more funding Finally, can we please stop overloading the term cyber Cybersecurity, http://www.secuobs.com/revue/news/330155.shtmlhttp://www.secuobs.com/revue/news/330155.shtml Secuobs.com : 2011-09-20 18:48:08 - NovaInfosecPortal.com - I had the pleasure of presenting at the inaugural Reverse Space Conference RSCon this past Saturday I hope everyone learned a few things I also picked up a some additional tips from several of the attendees and am continuing to investigate other ways we can use Twitter more effectively to manage our careers Thanks For those that missed it, here is the title and abstract if you want to get a quick synopsis of what the talk was about How to Win Followers and Influence Friends Hacking Twitter to Boost Your Security Twitter has become the de facto standard that infosec pros use to communicate with peers and many outside the security community We share interesting articles, proclaim our opinions, strengthen friendships, build new relationships, and overall become more of a community as a whole For many Twitter is a chaotic stream of conscience that we both pull and contribute to This presentation tries to help practicing security professionals reign in the chaos with 5 key strategies that will help you effectively use Twitter to improve your career prospects And finally you can download the slides here PDF Post photo by Tweepicom http://www.secuobs.com/revue/news/329966.shtmlhttp://www.secuobs.com/revue/news/329966.shtml Secuobs.com : 2011-09-20 05:57:20 - NovaInfosecPortal.com - Local blogger Laura Raderman put out a great post last week titled ISC 2 and the CISSP I think she s right on point in expressing how a lot of us feel regarding the ISC 2, the CISSP, and the value they add to the security profession Basically meh but need it to keep the job via SecurityMusingscom Let me first start off with the disclaimer that I am a CISSP and nominally a member of ISC 2 I ve been part of very few professional organizations throughout my career and college days I even shied away from the women in engineering groups on campus, although I knew a lot of women in them I tended towards the ad hoc, social groups instead Blame it on the Cotillion club I was forced to be a part of when I was in high school, I just don t like paying to be part of a club I pay ISC 2 only because I have to to keep my CISSP and to other organizations for the same reason , I m not a member because I believe in their mission or their goals I think they re overpriced and useless to me other than maintaining my credential which is another http://www.secuobs.com/revue/news/329809.shtmlhttp://www.secuobs.com/revue/news/329809.shtml Secuobs.com : 2011-09-20 04:03:35 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter A very light schedule for this week, and all you need to do is just show up and be ready to talk shop Anyway, here are your meetups for this week Tuesday 9 20 ISSA DC Meetup Acccess Control and the Semantic We by Ronald P Reck Government Printing Office Room A138 from 6 30 AM to 8 30 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week No Meetup scheduled at the moment Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and http://www.secuobs.com/revue/news/329703.shtmlhttp://www.secuobs.com/revue/news/329703.shtml Secuobs.com : 2011-09-19 04:25:47 - NovaInfosecPortal.com - Here s another addition of the Weekly Rewind, where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week If you missed anything or happened to be offline, we hope you find this post useful as a quick reference Out Blog Posts Where You Want to Be This Week for 2011-09-12 Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter continued here Is It Really Worth Testing Patches Anymore Last week I read a great article over on the ISC Diary by Rob VandenBrink that asked the question Should We Still Test Patches Rob makes some excellent points Given that Microsoft and Adobe coming out with patches tomorrow and me being on the road missing NovaHackers tonight, I thought I d throw in my thoughts continued here The 4 Not So Easy Steps to http://www.secuobs.com/revue/news/329597.shtmlhttp://www.secuobs.com/revue/news/329597.shtml Secuobs.com : 2011-09-17 02:31:39 - NovaInfosecPortal.com - The good folks over at Reverse Space have been planning a mini-con happening tomorrow Saturday starting around noon It ll mostly consist of NoVA peeps giving the presentations they gave in Las Vegas last month This includes me presenting my How to Win Followers and Influence Friends Hacking Twitter to Boost Your Security Career from BSidesLV Anyway, here is their official press release with all the info RSCon this Saturday, September 17, 2011, starts at 12PM RSCon is the first mini-convention organized by RevereseSpace members This isn t a normal con in the sense of DefCon, Blackhat, etc This is more a chance for those that gave talks over the summer to give them again to those people that are here locally and couldn t make it The idea started when a few people who where speaking said they wouldn t mind giving the talks again here in the fall With that we consolidated those people together and arranged one day for them to all give their talks Grecs How to Win Followers and Influence Friends Hacking Twitter to Boost Your Security Career Tiffany Rad SCADA PLCs in Correctional Facilities The Nightmare Before Christmas Joe Klient Your first IPv6 Pen Test http://www.secuobs.com/revue/news/329445.shtmlhttp://www.secuobs.com/revue/news/329445.shtml Secuobs.com : 2011-09-16 04:41:00 - NovaInfosecPortal.com - Yesterday VMware finally launched the next version of Fusion for the Mac Being a user of this software primarily for security research, rather than for its ability to run Windows applications, I thought I would investigate whether it s worth upgrading First, here is a portion of their press release I ve bolded the features I think security pros might be interested in via VMwarecom PALO ALTO, Calif, Sept 14, 2011 VMware, Inc NYSE VMW , the global leader in virtualization and cloud infrastructure, today announced VMware Fusion 4 the best way to run Windows on a Mac Available now at VMwarecom for a promotional price of 4999, VMware Fusion 4 makes it easier than ever for users to run Windows applications with Mac simplicity Enhancements to VMware Fusion 4 make it a breeze to run Windows and Mac applications side by side on a Mac, said Pat Lee, director, client product management, VMware Offering full integration into Apple OS X Lion, VMware Fusion 4 builds on our proven, award winning platform to provide an easy, fast and reliable way to run Windows applications on a Mac With more than 90 new features and now optimized for today s multi-core Macs and OS http://www.secuobs.com/revue/news/329244.shtmlhttp://www.secuobs.com/revue/news/329244.shtml Secuobs.com : 2011-09-15 07:15:42 - NovaInfosecPortal.com - In a previous post I talked about one aspect of making sure URLs you visit are safe While writing that post, I started thinking about what I do and would recommend to browse securely while still keeping the experience usable Of course the usable requirement here means excluding efforts such using a separate computer or browser for sensitive activity or only browsing in a VM or LiveCD environment First off, my recommended browser of choice is Firefox not because it s necessarily the best browser out there but more based on the number of available add-ons especially the security ones I suggest below One thing to consider though is to try to keep the number of add-ons to a minimum This not only helps Firefox start and run faster but it also minimizes the risk of getting p0wned by a vulnerable add-on Anyway, the security add-ons I use in almost all of my Firefox installs include NoScript This add-on is always the first plugin I install Most malicious websites require JavaScript in some form to infect their victims and taking NoScripts disabled-by-default approach goes a long way HTTPS-Everywhere Ever since FireSheep was released last year this add-on is a http://www.secuobs.com/revue/news/328983.shtmlhttp://www.secuobs.com/revue/news/328983.shtml Secuobs.com : 2011-09-14 06:41:37 - NovaInfosecPortal.com - Yeah, you read the title right It s based on an article I read the other day titled Scrub Your PC Clean Remove Malware in 4 Easy Steps on Gizmodo The article mostly focused on Windows-based malware caught through web browsing I d also say it was probably more than four steps yeah maybe four major steps but then each of the major steps have like eight minor steps And even if you follow everything they recommended, it won t guarantee a clean machine But I understood what they re trying to say based on their target audience, who probably aren t as paranoid as most of us The Internet contains plenty of other articles, mailing lists, and forums dedicated to this very topic but I think trying to carve malware out from a system is often too time consuming and in most cases impossible The only sure fire way to guarantee you have a clean machine is to reinstall the OS or reimage to a known good baseline For those of us that are paranoid, here are the four steps I recommend YOU need to know when restarting from scratch Copy Needed Data to Secure Device By secure device I usually recommend http://www.secuobs.com/revue/news/328738.shtmlhttp://www.secuobs.com/revue/news/328738.shtml Secuobs.com : 2011-09-13 05:53:26 - NovaInfosecPortal.com - Last week I read a great article over on the ISC Diary by Rob VandenBrink that asked the question Should We Still Test Patches Rob makes some excellent points Given that Microsoft and Adobe coming out with patches tomorrow and me being on the road missing NovaHackers tonight, I thought I d throw in my thoughts My personal approach is to mostly follow his auto-pilot advice however I do try to configure things to delay a day or so This way if some bad patches slip out, I have time to manually remove them from the auto-install queue In an enterprise environment, I would recommend a similar approach however holding off a little longer eg, maybe 2 days and intermediately deploying the patches out to a representative set of low risk guinea pig machines eg, 1 day as before This way an enterprise at least gets to wait a little for others to find problems as well as get some live testing to make sure the patches don t break any of their applications And here are a few points from Rob s article that I would like to highlight via ISC Diary In short, dozens or more critical patches per week are http://www.secuobs.com/revue/news/328468.shtmlhttp://www.secuobs.com/revue/news/328468.shtml Secuobs.com : 2011-09-12 17:18:55 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter Another light schedule for this week and you just need to show up and be ready to talk shop Anyway, here are your meetups for this week Monday 9 12 NoVA Hackers Association Meetup- No formal presentation but instead will be several approximately 20 minute talks by a few of the attendees at ICF International from 5 30 to 8 30 PM more info Wednesday 9 14 ISACA CM Meetup- The JOURNEY for Implementing Identity Management A Path for Success by Frank Aiello at Chiapparelli s Restaurant from 3 00 to 8 00 PM more info Thursday 9 15 ISSA NoVA Meetup- Public Private Information Sharing, Analysis, Collaboration to Enhance Cybersecurity Detection, Prevention, Mitigation Response by Robert Dix at Noblis from 5 30 to 8 30 PM more info Next Week And for those who would like to plan ahead, here is a preview of events http://www.secuobs.com/revue/news/328363.shtmlhttp://www.secuobs.com/revue/news/328363.shtml Secuobs.com : 2011-09-11 22:41:06 - NovaInfosecPortal.com - Thought we would try a new type of blog where we post out a quick summary of all our stories as well as the industry articles you seemed to like the most from the past week If you missed anything or happened to be offline, we thought this post might be a good quick reference Let us know what you think with a smiley or sad face in the comments Our Blog Posts Where You Want to Be This Week for 2011-09-06 Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter continued here Is Word 2007 Encryption Secure There was an interesting discussion that took place on one of the mailing lists I follow the other day with people trying to figure out if the password encryption used in Word 2007 is secure As most of us know, older versions are easily cracked however the more recent versions http://www.secuobs.com/revue/news/328262.shtmlhttp://www.secuobs.com/revue/news/328262.shtml Secuobs.com : 2011-09-09 18:50:41 - NovaInfosecPortal.com - I ve talked about compliance before however carnal0wnage recently tweeted a great link to a video explaining the difference between compliance and security I think this video makes it much more clear than any write-up could possibly do And no it isn t for those of us in the echo chamber but rather something you might want to bring up when explaining it to a layman eg, that CIO that just cut your budget to only meet the relevant compliance standard But first here is my Venn diagram where I try to depict the intricate relationship between compliance and security Any questions Oh, and here s that video Mmmm I think that CIO would probably go for the Venn diagram more than the video but I still like the video better See ya http://www.secuobs.com/revue/news/328035.shtmlhttp://www.secuobs.com/revue/news/328035.shtml Secuobs.com : 2011-09-08 07:33:44 - NovaInfosecPortal.com - I marked this article over at GovInfoSecurity titled Why IT Security Careers Remain Hot a few weeks back and finally got a chance to read it a little closer and listen to the related podcast I found it very interesting, especially for those mid-career pros like myself that are looking for the next step Traditional advice usually included either digging deeper into a specific niche or leaving technology altogether and start working your way up the management chain Based on research of over 40,000 of their partner organizations the study s author came up with some surprising recommendations at least for those in my shoes They advise stressing less on getting deeper into a specific infosec niche or working towards additional certifications and more on becoming multi-dimensionally skilled so you can solve those very complex problems that organizations are currently addressing Basically, instead of a narrow and deep focus in a specific infosec area, they recommend a broader and more shallow set of skills and experiences In terms of being multidimensional they propose Developing Hands-On Tech Skills Learning the Non-Technical Aspects of Infosec eg, policies and procedures Improving Your Communication Skills eg, knowing how to write, present, and market yourself http://www.secuobs.com/revue/news/327656.shtmlhttp://www.secuobs.com/revue/news/327656.shtml Secuobs.com : 2011-09-07 05:19:05 - NovaInfosecPortal.com - There was an interesting discussion that took place on one of the mailing lists I follow the other day with people trying to figure out if the password encryption used in Word 2007 is secure As most of us know, older versions are easily cracked however the more recent versions are suppose to be more secure In the discussion there were lots of guesses however no concrete answers Finally Bob Weiss, who does stuff like this for a living over at Password Crackers, Inc up in MD, chimed in with a very informative response Since I thought a wider audience might be interested in his answer, I contacted Bob and after a few edits he gave me permission to post it here Enjoy Word 2007 uses AES 128-bit encryption however the key is transmitted along with the document otherwise you couldn t open it The key is itself encrypted and this is where the questions about the implementation come in Generally attacks against Word are not an attack against AES but rather an attack on the protection of the key A key is created from the 50,000 SHA-1 hashed rounds of the password combined with the document_id Then both the http://www.secuobs.com/revue/news/327414.shtmlhttp://www.secuobs.com/revue/news/327414.shtml Secuobs.com : 2011-09-06 17:38:22 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter It looks like a pretty light schedule for this week Nothing formal just need to show up and be ready to talk shop Anyway, here are your meetups for this week Thursday 9 08 OWASP NoVA Meetup- Normal Meetup at Akamai from 6 00 to 9 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Monday NoVA Hackers Association Wednesday ISACA CM Meetup Thursday ISSA NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe to our RSS feed or follow us on Twitter at novainfosec and grecs to be alerted about any last-minute http://www.secuobs.com/revue/news/327274.shtmlhttp://www.secuobs.com/revue/news/327274.shtml Secuobs.com : 2011-09-03 03:20:54 - NovaInfosecPortal.com - Ok, it s another Friday night and I was just scanning around web and came across an interesting series of videos over on FedScoopcom They run a feature called FedMentors and it included a set of six videos featuring Ron Ross answering several questions One of the quick-hitting videos highlighted him pondering the question What s the best career advice you ever received Since I m sort of big on the whole career thing, I thought it was post-worthy Here are some of the highlights Realizing the Job Isn t about You, It s about the Organization Coming in Early Leaving Late Grecs What about coming in late and working really late from home Understanding the Organization s Mission Taking a Few Carefully Calculated Risks Having a Passion for What You Do If you have a passion for your work, you ll never work a day in your life Well you get the point Here it is in full technicolor for you viewing pleasure http://www.secuobs.com/revue/news/326872.shtmlhttp://www.secuobs.com/revue/news/326872.shtml Secuobs.com : 2011-09-01 23:55:33 - NovaInfosecPortal.com - I m a big fan of the Dailydave email list always great discussions going on over there Well, this afternoon I received my monthly mailing list memberships reminder from their Mailman service and I had my usual reaction Why the f are they emailing my password For being a security-focused group it would seem that they are not practicing what they preach I ve noticed this reminder many times in the past but for once I had some time to investigate getting this turned off Mailman has been THE application that most security groups use to communicate Although now a lot of organizations seem to be migrating to Google Groups, giving up data privacy for convenience Regardless, it is still the most dominate player for the groups I participate in For those who aren t familiar with Mailman, their website states that it is free software for managing electronic mail discussion and e-newsletter lists Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists Mailman supports built-in archiving, automatic bounce processing, content filtering, digest delivery, spam filters, and more After doing a little research and searching around I http://www.secuobs.com/revue/news/326607.shtmlhttp://www.secuobs.com/revue/news/326607.shtml Secuobs.com : 2011-09-01 00:09:11 - NovaInfosecPortal.com - You know periodically you get an email or tweet with a link in it Doesn t happen that often, right Should you click on the link or not Of course we all know to copy the URL from the source, paste it into the address bar directly, and look for a seal like the one to the right But is that enough Or is it too late at this point Today, even many legitimate sites are being compromised and distributing malware and they don t even know it We need something that potentially detects malware BEFORE visiting the site Then last Friday I came across an article on CNET titled How to check if a Web site is safe that seemed to address this problem In it the author mentions several great services eg, Unmasked Parasites as well as accompanying browser add-ons both independent and those that come in security suites and application installs eg, AVG LinkScanner He additionally mentions that most modern browsers have web site checking built in as well as a few tools for Android Mobilation Android Lookout Mobile Security I ve been meaning to write something up like this for a while now and so this http://www.secuobs.com/revue/news/326375.shtmlhttp://www.secuobs.com/revue/news/326375.shtml Secuobs.com : 2011-08-30 19:49:08 - NovaInfosecPortal.com - Every once in a while in my corporate gig some snarky guy with some book smarts and no actual infosec experience poses this question to show off While I passed my CISSP years ago, which is where I would have probably memorized this, I often have a hard time recollecting the exact difference Mr Snark and I will talk about it and I ll be reminded and it s like Oh, duh should have known that So I thought looking it up yet again and putting it out as a blog post would help it stick better for me as well as maybe assist others that want to find a quick understanding of the differences I could copy paste modify from several sources I found but thought conglomerating them all into a picture would be better in this case And here it is for you viewing pleasure And of course you have the official definitions as of February 2011 from NIST IR 7298 Revision 1 Glossary of Key Information Security Terms PDF These write-ups are great if you need something official to use in a C A package or a design document however, I find that they really don t explain them well to anyone http://www.secuobs.com/revue/news/326090.shtmlhttp://www.secuobs.com/revue/news/326090.shtml Secuobs.com : 2011-08-30 04:19:01 - NovaInfosecPortal.com - Where do you want to be this week Now you ll always know with our Where You Want to Be This Week feature, which will tell you about infosec meetups happening in your local area as of Sunday night If you would like your event listed in our Calendar and in this post, contact us or mention it to grecs on Twitter It looks like a pretty light schedule for this week Nothing formal just need to show up and be ready to talk shop Anyway, here are your meetups for this week Wednesday 8 31 CapSecDC Meetup Post Quake Edition at Stetsons Famous Bar Grill from 6 00 to 9 00 PM more info Friday 9 2 2600 Arlington Meetup Normal meeting at Champps Pentagon Row from 7 00 to 10 00 PM more info Next Week And for those who would like to plan ahead, here is a preview of events on our calendar for next week Thursday OWASP NoVA Meetup Remember that Baltimore Node, HacDC, Reverse Space, and Unallocated Space are four local hacker spaces that also hold several standard activities each week so check them out for more fun stuff to do And be sure to subscribe http://www.secuobs.com/revue/news/325940.shtmlhttp://www.secuobs.com/revue/news/325940.shtml Secuobs.com : 2011-08-29 17:16:54 - NovaInfosecPortal.com - Ok, I had to go with the Words Starting with N theme Oh and by Notes, I really mean Comments And by NICE I really mean the National Initiative for Cybersecurity Education I had been meaning to write about this a little sooner as you can tell by the dates of the articles referenced below And now there are less than 2 weeks left until the due date of September 12, 2011 You can grab a copy of the draft here PDF Any comments you have should be entered into their provided spreadsheet and returned to NIST by email to nicestratplan nistgov On a related note, NIST will be holding a three day workshop starting on September 20th I imagine they will be bringing up much of the public feedback they receive there For more information on NICE, visit their official website via InfosecIslandcom The National Institute of Standards and Technology NIST issued for public comment a draft strategic plan for the National Initiative for Cybersecurity Education NICE program The plan, Building a Digital Nation, outlines NICE s mission, vision, goals and objectives NIST and its interagency NICE partners seek comments from all interested citizens and organizations concerned with cybersecurity awareness, training http://www.secuobs.com/revue/news/325799.shtmlhttp://www.secuobs.com/revue/news/325799.shtml Secuobs.com : 2011-08-25 17:14:58 - NovaInfosecPortal.com - If you haven t heard by now, Amazon recently announced a new self-contained cloud region specifically customized for US government customers Think of it as their normal set of services eg, EC2, S3, etc but set up in their own special area only accessible to US persons They aren t the first cloud provider to claim they meet the government s strict standards Both Microsoft and Google beat them to the punch with announcements earlier this year One word of caution though at first glance their press release makes it sound like if you set up your service in GovCloud, it will automatically meet a bunch of compliance standards As an example, their first paragraph is littered with terms that would make any compliance buzzword bingo PDF player happy The new Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, FIPS 140-2 compliant end points, SAS-70, ISO 27001, and PCI DSS Level 1 AWS also provides an environment that enables agencies to comply with HIPAA regulations I think the only relevant buzzwords they left out were SOX and GLB Of course there are also all the other usual http://www.secuobs.com/revue/news/325186.shtmlhttp://www.secuobs.com/revue/news/325186.shtml Secuobs.com : 2011-08-23 18:06:32 - NovaInfosecPortal.com - We ve written about a Skype 0-day earlier this year as well as another post regarding a XSS vulnerability in their client the second to be reported recently Since Skype s acquisition by Microsoft, problems appear to be popping up more Coincidence Well it s happened again another XSS bug has been found This time the effected version is Skype 550113 as reported in this disclosure From the write-up it appears to only affect Windows versions so hopefully Mac users are safe Also what about those of us who chose to remain on the Mac 28 branch for various reasons Another trend this story reminded me of are cross-over vulnerabilities between web and native clients Not that this is anything new but I am hearing more about it a la the latest Skype issues via TheRegistercouk Be sure to check out the nice screenshot of the vulnerability in action The latest version of Skype for Windows contains a security vulnerability that allows attackers to inject potentially dangerous code into a user s phone session, a German security researcher has reported The XSS, or cross-site scripting, vulnerability in Skype 550113 is the result of the voice-over-IP client failing to inspect user-supplied phone numbers http://www.secuobs.com/revue/news/324705.shtmlhttp://www.secuobs.com/revue/news/324705.shtml Secuobs.com : 2011-08-23 17:09:21 - NovaInfosecPortal.com - This past week CSO Online put out an update post on the National Strategy for Trusted Identities in Cyberspace NSTIC program that National Institute of Standards and Technology NIST set up this past spring I hadn t recently heard much about this effort until manicode mentioned that blog post on Twitter RT manicode NSTIC Director We re Trying to Get Rid of Passwords http jmp r80zZb Wondered what was going on w this According to the article they are making progress so I guess that s good Another comment that really rubbed me the wrong way was We re trying to get rid of passwords Really Why They re great as one factor We just need to add a second factor to significantly increase the level of effort attackers must take to overcome traditional authentication schemes via CSOonlinecom The federal government s National Strategy for Trusted Identities in Cyberspace NSTIC program, set up this spring, is making progress against its goal of identifying and supporting more secure alternatives to simple passwords that the government as well as anyone else might use in authenticating to online applications We re trying to get rid of passwords It s time for something better, says Jeremy Grant, senior executive adviser at http://www.secuobs.com/revue/news/324682.shtmlhttp://www.secuobs.com/revue/news/324682.shtml Secuobs.com : 2011-08-22 17:10:25 - NovaInfosecPortal.com - Here s an interesting position from Fannie Mae They re looking for someone with a few years experience to do a wide range of security testing and evaluations Sounds fun to me The Company Fannie Mae exists to expand affordable housing and bring global capital to local communities in order to serve the US housing market Today, our focus is on preventing foreclosures, making mortgages and rental housing as affordable as possible, and supporting the housing recovery We are rapidly building and realigning our company to better serve the market as we support the Administration s Homeowner Affordability and Stability Plan Join our dedicated, diverse, high-performing workforce and put your unique talents to good use as we work with our partners to advance our nation s housing recovery For more information about Fannie Mae and our career opportunities, visit FannieMaecom Job Information Design and administer procedures in the organization that sustain the security of the organization s data and access to its technology and communications systems Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization s systems and the data contained in them Track security violations and identify trends or exposures that could be addressed http://www.secuobs.com/revue/news/324448.shtmlhttp://www.secuobs.com/revue/news/324448.shtml