7MS #146: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week!

• If you missed last week's BURN IT ALL! Webcast, it's now online as a Youtube video.
• There is still time to register for the Real World Web Penetration Testing Webinar. It's(Thursday, January 28 @ 1 p.m. CST) and $25 (cheap!)
• Trustwave is in big trouble after failing to find hackers under their noses. Their noses mustreally hurt because Mandiant was quick to point out the work done by Trustwave was "woefully inadequate."
• I'm scared of IoT stuff. Why? Oh, I don't know, because what happens when your Nest fails and leaves your buttcheeks freezing cold?!?!?
• Or what if hackers steal your doorbell, and thus your wifi password and pwn your network?
• Thankfully, OWASP now now has a top 10 for IoT stuff too.
• A researcher found some clever ways to abuse Lastpass with an exploit called Lostpass. Lastpassresponded with a security change wherein a Lastpass authentication from a new device requires approval via email.
• A new Sysinternals tool helps figure out if you have shady, unsigned files in c:\windows\system32.
• Oh, and for sure upgrade all your iThings ASAP. Apple patched some ugly security holes.