SecurityTwits Recap


{ 0 comments }

Here is the recap of what went on on the SecurityTwits feed last week.


{ 0 comments }


{ 0 comments }

Here's what went on around here for the last few days.

Tweets are in ascending date order except for answers to questions which are still in ascending date order, but immediately following the original question.


{ 0 comments }


{ 0 comments }


{ 0 comments }

This is the weekly recap of things that happened on the SecurityTwits feed for August 31st - September 6th, 2011.

What's in the recap?

It contains most of the tweets/retweets made by SecurityTwits and many of the responses that carbon SecurityTwits. That of course means that if you respond to a SecurityTwits tweet make sure to include both the original poster and SecurityTwits so everybody can learn from the conversation.

The format will be original tweet/retweet left justified and then any responses indented just under that tweet.

I hope you find this helpful and I welcome suggestions on how to make these recaps even better.

InfoSec Questions

RT @rogue_analyst Hey @securitytwits, how many hrs/wk do you devote to infosec podcasts? #infosecq

From: FeMaven Amit R.
@securitytwits @rogue_analyst I've been really bad at keeping up with podcasts.

From: steve_tornio Steve Tornio
@rogue_analyst Hey @securitytwits, how many hrs/wk do you devote to infosec podcasts? #infosecq <- Lemme see....probably roughly.....zero

From: sec_doc Lester Nichols
@securitytwits @rogue_analyst @securitytwits at least 2-3

From: AtlasCompSvc AtlasComputers
@securitytwits #infosecq listen to about 20 hours a week.

From: @ITSecurity Steven Maske
@rogue_analyst I just added it up and I'm actually surprised. I'm listening to ≈35 hrs/month (varies quite a bit from wk-2-wk) #infosecq

RT @ochsff: Folks, who would one contact at kernel.org to help them analyze the incident instead of playing it down?

InfoSec Call for Presentations

RT @lactichaze: It's here, the #BSidesCapeTown CFP! http://bit.ly/npEjWH Looking forward to the locals submitting!

RT @wikidsystems: RT @Hacksec: RT @infosecmafia #BSidesATL page is now up and CFP is open. Details here:http://bit.ly/riCIQF Please RT!

InfoSec Meet-ups/Tweet-ups

N/A

InfoSec Jobs

For addtional job listings, makes sure to visit LiquidMatrix's job board.

RT @RandomStorm: RandomStorm are looking to hire another PCI QSA. Get in touch if you are interested or know anybody.

RT @thierryzoller: Urgent: OPEN POSITION: Looking for a consultant in the Area of Vulnerability Management. (Full Time, based in Luxembourg)

RT @dansneddon SLAC National Accelerator Lab at Stanford is looking for a good Sr. #NetSec Engineer. @securitytwits 

RT @hushedfeet: We're seeking candidates interested in doing cutting edge research in networking and security. http://bit.ly/rj2ipV

RT @J4vv4d: Permie sec consultant needed by old colleague. London based good package. Would suit a sr-ish consultant. Shout if interested.

RT @J4vv4d: Also perm roles for ciso Cto & secops head at financial client. Get in touch if interested.

RT @User_Story: Any experienced security consultant/network engineers out there looking for a job? DM @bgormley for info #jobfairy

RT @alexhutton: The formal job posting for my team:http://bit.ly/pkasfR 006965 for the Info Sec Risk Analyst position & 006966 for OpRisk.

RT @codyhatch@securitytwits I too am looking for a security engineer in the Boise, Idaho area.

RT @mfeferman: Looking for Sr level App Security Consultants. If you've got the experience, I promise challenging and rewarding work.

As usual, questions and comments can be left below or you can email me at kriggins@infosecramblings.com

-Kevin

{ 0 comments }

This is the weekly recap, actually two weeks this time, of things that happened on the SecurityTwits feed for August 17th - August 30th, 2011.

What's in the recap?

It contains most of the tweets/retweets made by SecurityTwits and many of the responses that carbon SecurityTwits. That of course means that if you respond to a SecurityTwits tweet make sure to include both the original poster and SecurityTwits so everybody can learn from the conversation.

The format will be original tweet/retweet left justified and then any responses indented just under that tweet.

I hope you find this helpful and I welcome suggestions on how to make these recaps even better.

InfoSec Questions

RT @kriggins: Q: Does your company provide infosec support for its own executive's personal computers, e.g. the CEO's home pc?#infosecq

RT @aim4r: Looking for #tools to help pentesting a #Joomlawebsite.. ideas? #infosecq

RT @DarkSecurity: Who are some good, active security professionals to follow? #infosecq < See http://bit.ly/kl5tlI andhttp://bit.ly/nY7CWI

RT @JimmyVo: How long were you in operational IT (network admin, developer, etc) before you went into Information Security? #infosecq

RT @snipeyhead: Scholarships for female security students:http://bit.ly/qjWRpz #infosec

RT @jonpasski: .Know of a vuln & inventory mgmt platform that doesn't suck for SMB-sized company? #infosecq #!Archer

RT @TimelessP @SecurityTwits : @tqbf is hiring, please RT? http://bit.ly/eTRxTI

InfoSec Meet-ups/Tweet-ups

RT @ITSecurity: Interested in attending a monthly InfoSec meetup in NH? Follow @GraniteSec and let's try to make it happen. Please RT

RT @bug_bear: Just got off the phone about possible #DFIRgroup/meetup here in BOS who's interested? more to come

RT @novainfosec NOVAINFOSEC TWITS: Haven't mentioned in while. Localized vs of @securitytwits. We'd love 2 have u. bit.ly/nisptwit

InfoSec Jobs

For addtional job listings, makes sure to visit LiquidMatrix's job board

RT @geekevolved: If anyone is looking for a job in NetSec, AppSec, Pentesting or PCI, send me a DM with your contact information.

RT @7safe: Looking for a job in IT Security? 7Safe has a range of new openings http://bit.ly/pHi8pB

RT @andywillingham: Looking for a top notch app sec architect. If you know one send them my way.

RT @derekcslater#security #job posting: IT and Security Project Manager http://bit.ly/r95XPV

RT @CiscoJobsEMEA@securitytwits Cisco are looking for Embedded Security experts http://goo.gl/JOi2n

RT @StrongwaterSec: A challenging InfoSec position in one of the most interesting security environments, higher ed, is open! bit.ly/qyFWRv

RT @Aaron_Shilts: We're hiring AppSec consultants in Minneapolis metro focused on SDLC and SW Assurance http://bit.ly/qErjiz #infosecjobs

RT @Mandiant: From DC & NY to LA & SF, M has amazing job opportunities available http://bit.ly/csVBoR #JPT #DFIR #jobs

RT @dklinedinst Job opening for a cybersecurity engineer @ Berkeley Lab, apply here http:/go.lbl.gov/cyber-position or ping me if interested.

RT @fishnetsecurity: Don't forget to visit our career page to find how you can join the fun and exciting FISHNET team! http://ow.ly/6bRL8

RT @SpiderLabs We're hiring a Security Consultant (CHECK/CREST), SpiderLabs EMEA jobvite.com/m?3WOv8fw7 #job

RT @lbhuston: Anyone have leads on jobs for a technical manager with an information #security focus in Dallas, TX? Please, get in touch.

RT @catalyst: just got an email seeking a mid-level security pro for position in NYC; interested? hit me up for details.

RT @wimremes: anybody interested in a CISO role in Brussels, Belgium? (not through me, but I can make introductions)

InfoSec Call for Presentations

RT @quine OWASP Boston Application Security Conference (BASC) 2011 CFP is open! http://bit.ly/oyudPM #infoseccfp

RT @Patories: Decided to look at organizing #infosec #dfir info sharing sessions in central Iowa, anyone interested? @SecurityBSides

RT @bsideskc: bsidesKC will have a track 2!. It will be for quick lightning talks (15 -20 min). Submit abstract/idea to bsideskc@gmail.com

RT @bsideskc: BsidesKC CFP page up. Two tracks etc. etc. Check it out! http://bit.ly/mXLRhe Contact @jfug or @kcgeek for more info.

RT @wimremes Blackhat Abu Dhabi CFP is out : http://bit.ly/oDgOfQ!!”

 

As usual, questions and comments can be left below or you can email me at kriggins@infosecramblings.com

-Kevin

{ 0 comments }

This is the weekly recap of things that happened on SecurityTwits feed for August 10th - August 16th, 2011.

What's in the recap?

It contains most of the tweets/retweets made by SecurityTwits and the responses that carbon SecurityTwits. That of course means that if you respond to a SecurityTwits tweet make sure to include both the original poster and SecurityTwits so everybody can learn from the conversation.

The format will be original tweet/retweet left justified and then any responses indented just under that tweet.

I hope you find this helpful and I welcome suggestions on how to make these recaps even better.

InfoSec Questions

RT @robdew@securitytwits How do you stay sharp on red team skillz when it's not part of your daily job?

From: sempf Bill Sempf
@securitytwits @robdew Breaking into RIMs blog, apparently.

From:  lythander Rob Maxwell
RT @robdew@securitytwits How do you stay sharp on red team skillz when it's not part of your daily job? <-isn't that what Anonymous is?

From:  thrashor C Hammond-Thrasher
@securitytwits @robdew I have been making attack tool presentations with demos - forces you to play with the tools even if u don't use them.

From:  bonsaiviking Daniel Miller
@securitytwits @robdew Read twitter, blogs. Practice on Jarlsberg, DVL, WebGoat, Metasploitable, etc. Freelance SMBs on the cheap.

RT @jpettorino: Looking for ex. of an eye catching InfoSec CV/resume format. I know, it's like asking for investing advice from your bookie.

RT @iiamit Anyone with connections to Japanese CERTs of any sort? Looking for data on recent banking fraud. (cc: @securitytwits)

RT @3141592f: Have any of you trained Blackberry Enterprise Server services to use EMET? re: RCE via image parsing vuln on BES MDS.

RT @Nevins_B: Has anyone used SafeSquid (http://www.safesquid.com/html/portal.php)? any advantages other then saving configuration time?

RT @n0b0d4 @securitytwits do we know anyone in the abuse dept at rackspace - friend getting stonewalled via email

From: Rackspace Rackspace Hosting
@securitytwits We can help. Please email details to twitter@rackspace.com.

RT @lactichaze: I have 48hrs to come up with a Security Risk Management Strategy, and a Information Security Roadmap.. Help?? #infosecq

From: snel_m Mark Snel
Check #ISF #ISACA #ISC2 good resource! good luck. :-) @securitytwits @lactichaze

From: budzeg Olabode Olaoke
@securitytwits @lactichaze take a look at ISO27001 and NIST. You can't go wrong with a combo of both...

From: vic_kerlin Vic Kerlin
@securitytwits @lactichaze Check out www.asisonline.org/. They have guides and templates that may help or look at "Linked In" ASIS group

RT @infosecramblins: Q: What are your SecureID pin complexity rules, i.e. 8 alpha w/, # and symbol or your daughter's first name? #infosecq

RT @tccroninv: Ask NetSec People: How many still use PPTP? Is it to support legacy systems?

From: coolacid Jason Kendall
@securitytwits @tccroninv IPSec is hard(ish), OpenVPN isn't Supported in iOS and L2TP isn't really secure.

InfoSec Meet-ups/Tweet-ups

RT @ITSecurity: Any of you guys know of any @MassHackers @BeanSec type meetings in NH?

RT @innismir@scuritytwits or a @beansec alternative in RI? Or am I going to have to set one up myself?

From: jack_daniel Jack Daniel
@securitytwits @innismir DC401? There's another tech meetup thing, but there isn't a CitySec-like gathering.

InfoSec Jobs

RT @MyAnis007: Anyone in the boston area looking for a security analyst? #infosecjobs

RT @innismir: My old job posted - Sr. Security Engineer at @massgov -- http://t.co/fpY5Wh8 -- Great group of people. #infosecjobs

RT @DigitalHeMan: Looking for a Solutions Architect (presales) to work for HP TippingPoint in Riyadh, Saudi Arabia. DM details #infosecjobs

RT @SpiderLabs: We have 29 jobs at @Trustwave. Austin, Chicago, Denver, London, New Delhi, NYC, Singapore, & Sydney.http://t.co/9AxEs6H

RT @tribalsoul: If in the Central Ohio Area and interested in a min 1 yr contract at a large downtown company, please DM me. #infosecjobs

 

InfoSec Call for Presentations

RT @jfug #BSidesKC CFP is OPEN! bsideskc at gmail dot comhttp://bit.ly/BSidesKC

RT @diami03: RT @InfoWarrior0: Get those CFP's in. BSidesDFW 2011 CFP deadline August 21st!! LASCON 2011 CFP deadline August 19th 12 pm CST!

RT @gattaca: due to overwhelming pleading we are EXTENDING THE SECTOR.CA CFP DEADLINE. Oops capslock. For long you ask? Just submit it.

 

As usual, questions and comments can be left below or you can email me at kriggins@infosecramblings.com

-Kevin

{ 1 comment }

This is the weekly recap of things that happened on SecurityTwits feed for August 4th - August 9th, 2011.

What's in the recap?

It contains most of the tweets/retweets made by SecurityTwits and the responses that carbon SecurityTwits. That of course means that if you respond to a SecurityTwits tweet make sure to include both the original poster and SecurityTwits so everybody can learn from the conversation.

The format will be original tweet/retweet left justified and then any responses indented just under that tweet.

I hope you find this helpful and I welcome suggestions on how to make these recaps even better.

InfoSec Questions

RT @DMartinez7500 anyone know if there's an agency i can contact on orgs who refuse to patch vulns even if customer data is vulnerable?

From: e_cowperthwaite Eric Cowperthwaite
@securitytwits @DMartinez7500 it all depends on who the organization is and what they are not securing. eg Healthcare, you could go with HHSM

From: Gheistbane Dave Jacobs
@securitytwits US-Cert?

RT @AndSchwa @securitytwits Where's a guide for implementing a simple VPN on Server 2008? #infosecq

RT @AndSchwa If my router (D-Link DIR-615) already has DD-WRT with enough NVRAM, where do I find the DD-WRT OpenVPN firmware? #infosecq

From: sec_doc Lester Nichols
Hopefully you were able to find it on the website yourself, but here is the link http://bit.ly/otJ4aW @securitytwits @AndSchwa

From: AndSchwa Andrew Schwartzmeyer
@sec_doc @securitytwits Does there specifically have to be an OpenVPN build for my router?

From: sec_doc Lester Nichols
@AndSchwa @sec_doc @securitytwits Not necessarily...it alteady has dd-wrt only based only your post...did you install original

From: AndSchwa Andrew Schwartzmeyer
@sec_doc @securitytwits It's the original standard version. I can do a PPTP server, but I'm wanting more security, say L2TP

From: sec_doc Lester Nichols
@AndSchwa @sec_doc @securitytwits you should be able to update to the vpn version assuming you were not usint they minimal build...

From: AndSchwa Andrew Schwartzmeyer
@sec_doc @securitytwits That's what I thought too. Yet I'm having the oddest trouble locating the OpenVPN build.

From: sec_doc Lester Nichols
@AndSchwa @sec_doc @securitytwits are you looking specifically for open vpneumonia or just vpn....

From: AndSchwa Andrew Schwartzmeyer
@sec_doc @securitytwits Looking for more secure VPN than PPTP. OpenVPN seems to be the solution.

From:  sec_doc Lester Nichols
@AndSchwa @sec_doc @securitytwits based only the site you would have to try a generic image...that model does not have the vpn build for it

From:  AndSchwa Andrew Schwartzmeyer
@sec_doc @securitytwits Ay's that's what I was afraid of. Thanks for the confirmation :) I may try the generic.

RT @techflavor: Can anyone recommend a good bluetooth dongle for my desktop computer.. I use BT5 often so compatibility it a plus

From: mark747eagle Mark Denton
@securitytwits @techflavor Something like Belkin Bluetooth USB plus EDR Adapter, 100m range, v2.1. The micro ones dont have a good range

From: c64er Chris 'xc8'
@techflavor @securitytwits had problems with 'generic' dongles,. I am using the "Belkin Mini" is cheap (around 6£) not bulky and works fine

From: c64er Chris 'xc8'
@techflavor @securitytwits ..pls note: BT dongles on Desktops are best installed on the direct m/board USB ports (not 'header')

From: FrancisDp Douglas Francis
@securitytwits @techflavor ubertooth. I know @hak5 is selling them in there shop.

InfoSec Meet-ups/Tweet-ups

None

InfoSec Jobs

RT @GrrCON: 100+ openings in IT & InfoSec, multiple companies actively recruiting. 20+ talks! http://t.co/xfjYPNY #infosecjob

RT @dewser#infosecjobs anyone interested in a sec engineer job at Morgan Stanley? DM me.

InfoSec Call for Presentations

RT @hevnsnt: BsidesKC Call for Papers!! http://is.gd/qlcAca (CFP ends on 10/1/2011)

Also BSidesMO call for papers is open: http://bit.ly/nAhHC1 Contact @JGamblin if you have questions.

 

As usual, questions and comments can be left below or you can email me at kriggins@infosecramblings.com

-Kevin

{ 1 comment }