The Liquidmatrix Security Digest Podcast - Information Security News and Commentary from Professionals.
Episode 0x7E The one after the outage... We keep talking about how it's amazing that this is still happening and it really is. But I think we're done with that talk now. I was having a conversation with a CTO at another cloud service provider and he had a poster on his home office wall... "Consistency is what transforms average into excellent." Thanks for being a consistent listener / viewer! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary North Korean Spy Hired by KnowBe4 Mandiant Shines Spotlight on APT45 Behind North Korea's Digital Military Machine Walkin... walking away. Wiz doesn't need Googley Money. Breaches Over 3,000 GitHub accounts used by malware distribution service Meta nukes massive Instagram sextortion network of 63,000 accounts SCADA / Cyber, cyber... etc CrowdStrike CSO Apology. This is how you do this. Much Respect. Mailbag Dear Liquidmatrix I'm fighting with DNS records and SSL certificates and I'm losing my mind. Why is this stuff still so difficult in 2024? Is there anything you can do to help? Love, a frustrated guy Briefly -- NO ARGUING OR DISCUSSION ALLOWED First round of the Sector.ca briefings were released this week. Yes, The Canadian edition of the Fail Panel is back for the 12th time! Anyone can Access Deleted and Private Repository Data on GitHub Upcoming Appearances: -- more gratuitous self-promotion Dave: - Obviously not here. We don't know where he is. Assume something about the Militant Wing of the Girl Guides. Jamie: - PTO Countdown is real. I'm not obsessing about it... but... I am. Matt: - My calendar is screwed. Wheeeeeee Advertising - pay the bills... Vulnerable U - The other place you can learn from Matt Closing Thoughts Seacrest Says: You're not the boss of me. I can say whatever I want. It makes me happy to be a butterfly. Creative Commons license: BY-NC-SA
Episode 0x7D It's just a dream... There's a lot going on as we head into summer here in the northern hemisphere. I think it's pretty cool but also worry a little bit that we're staying too focused on the wrong things. You ever have the feeling that you've bought into the wrong game? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary AT&T Breach and Continuing Snowflake Saga Nearly all AT&T cell customers call and text records breached The Dark Web - See your The Dark Web footprint for free! US sanctions alleged Russian hackers who claimed attacks on US water facilities Breaches Hollywood Fears of a Major Hack Are Growing Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages DERP Chromium browser? Google knows more about you than you want. Briefly -- NO ARGUING OR DISCUSSION ALLOWED How to tell if you've been hacked - Great techcrunch article Meshtastic - distributed comms for when the centralized system goes down CloudFlare State of AppSec - 22 min from PoC to exploit. 7% of all traffic is DDoS. 1/3 of all Internet traffic is bots. North Korean Hackers Update BeaverTail Malware to Target MacOS Users Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer camp, this fall: Singpore, Ireland, Portugal Jamie: - (insert Griswoldian music here) Matt: - Thanks for everyone who came to SnooSec. Summer Camp! Advertising - pay the bills... Vulnerable U - The other place you can learn from Matt Closing Thoughts Seacrest Says: These kids - they keep growing up damn them. Also, get off my lawn!! Creative Commons license: BY-NC-SA
Episode 0x7C Yup, this is a habit now. It's all fun and games until somehow you find yourself actually planning and not doing that whole "maybe we will, maybe we won't" thing. It's happening. We're back and making a habit of this! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Russia forces Apple to remove dozens of VPN apps from App Store Dark Money tied to war on Apple's encryption OpenAI had an oopsie and forgot to mention it... But they're also just plain making mistakes at the basics too Hackers reverse-engineer Ticketmaster's barcode system to unlock resales on other platforms Breaches The human cost of breaches at Hospitals - this one is awful Sightline Security for non-profits SCADA / Cyber, cyber... etc A really good assessment of the great Rogers outage of 2022 DERP DON'T LIE ABOUT YOUR BREACHES DAMMIT Mailbag Dear Liquidmatrixes, What's the deal with The Cloud? I really like hugging my servers and I give them special names, how do you hug a cloud? Even better, how do I secure it? Thanks all y'all. Legacy Folk. Just sign up for CloudSLAW Briefly -- NO ARGUING OR DISCUSSION ALLOWED Ollama - run some great LLMs on your laptop Microsoft Midnight Blizzard Saga Continues Eight Nations Issue Warning About Speed Of Chinese Hackers' Operations Upcoming Appearances: -- more gratuitous self-promotion Dave: - Global News talking about Ticketmaster yesterday Matt: - SnooSec NYC Jamie: - Starlink terminal connection end point... SOMEWHERE. Advertising - pay the bills... Vulnerable U - Mattjay's other news. Sign up or else. Closing Thoughts Seacrest Says: I'm Europe now, very fine. Not worry about my doing well. Creative Commons license: BY-NC-SA
Episode 0x7B Penta-pod! Five down, we should probably do some more. It seems like people enjoy these things. Or at least our subscribers say so. Why don't you tell your friends! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary No flaws like the old flaws. It's time to MOVEit, MOVEit... AGAIN RockYou2024: 10 billion passwords leaked in the largest compilation of all time Breaches Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers Neiman Marcus confirms data breach, claims Snowflake account was hacked SCADA / Cyber, cyber... etc A group of Rabbit R1 jailbreakers found a massive security flaw DERP regreSSHion - you're supposed to hold on to this until August. Also, cute name and logo is so 10 years ago (Heartbleed was TEN YEARS AGO) Mailbag Hei Liquidmatrix, Are you going to be keeping it up? Especially as it is now summer time. ~Your friends from the blue and yellow furniture store Briefly -- NO ARGUING OR DISCUSSION ALLOWED I did a podcast for work with another CISO who isn't a curmudgeon. You might enjoy. TeamViewer: Hackers copied employee directory and encrypted passwords Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer Camp, Singapore in October, IRISCON and Websummit in November James: - The other end of a Starlink connection... in a forest. :) Advertising - pay the bills... MattJay's Vulnerable U - he's got more subscribers than we do. And he's got sponsors and shit. Closing Thoughts Seacrest Says: I'm on a vacation. Leave me alone. Creative Commons license: BY-NC-SA
Episode 0x7A 4-peat 4-peat! Turns out this is actually habit forming. The weekly venting/ranting is excellent for the spirit! Hope you're able to vent as well. Feel free to scream while listening - it's not weird at all. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Biden bans Kaspersky - effective July 20. FINALLY. Stolen test data and NHS numbers published by hospital hackers Information is beautiful - World's Biggest Data Breaches & Hacks Breaches The City of Hamilton breach continues. It's a farce. My property tax dollars going to no good purpose at all. Ongoing since Feb 25, no sign that they're any closer to getting the majority of systems up and running - and $5 million out of the door. Sigh. The number of systems remaining offline is incredible. I'm pretty sure I could put together a crack team of 5 who could spend evenings and weekends for less than a month to knock out all of this list without extending our recruiting pool past Hamilton and Burlington. Sheesh. Car Dealerships Nationwide Hit by Massive Cyberattack—What It Means for You SCADA / Cyber, cyber... etc / DERP COMBO!!! An Open Letter to Security Vendors - John Masserini (2015) Vendor Rebuf - Andy Ellis (2017) 10 Rules for Cybersecurity Salespeople - Mark Weatherford (2018) Advice to cybersecurity companies selling to CISOs - Patricia Titus (2020) Mailbag Dearest Liquidmatrix, It was so good to hear Jamie lose his ever-lovin' mind last episode. Dave alluded to being cranky during the brieflies. Can you please un-mute him and let us all hear him lose his mind for this episode? THANKS! ~The Entire Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Amazing how far software defined radio has come lately - go do some learnin' on your RTL-SDR things Hackers claim to have carried off an enormous data heist on AMD, selling info on employee and customer information, future products and specs Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer camp. (also, we will be adding GUESTS in the near future) James: - I'm trapped between Google Workspace, Slack, Jira, Salesforce, and Github. I can't find my way out. Help Advertising - pay the bills... MattJay's Vulnerable U - he's got more subscribers than we do. And he's got sponsors and shit. Brawndo, the Thirst Mutilator. It's what plants crave. Closing Thoughts Seacrest Says: Inserting an old recording of Matt from early episode. Creative Commons license: BY-NC-SA
Episode 0x79 We have no idea what's going on either... But we're going to keep doing this as long as we can manage to schedule the appointment in our calendars and also show up... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Apple's AI Announcements - Private Cloud Compute But is it ok that there's no money going back and forth... so we are the product? Snowflake to Close Hacking Probe Into Attack Targeting Clients Breaches Chinese hackers breached 20,000 FortiGate systems worldwide DERP Major Data Breach New Section: Jamie Yells at Clouds PLG motion with Enterprise Customers and pushing your AI Feature Set - I'm tired of getting the requests to turn it on and it comes with vague pricing issues. Seriously... so tired. If you want to sell to your Enterprise Customers, how about you have a conversation with the person who signs the OF instead of the people who can't. ARGH. Briefly -- NO ARGUING OR DISCUSSION ALLOWED Bambu Lab Second Anniversary Sale - join us in the melty plastic revolution! Medical-Targeted Ransomware Is Breaking Records After Change Healthcare's $22M Payout China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says Upcoming Appearances: -- more gratuitous self-promotion Dave: - In will be speaking at the CIO Summit in Toronto James: - Still the forest. I need a break so bad, July can't get here soon enough. Matt: - Europe - I'M ON A BREAK -- then Vegas... Closing Thoughts Seacrest Says: Have you made your plans for the Solstice? Go long or go short - depends on your latitude. Creative Commons license: BY-NC-SA
Episode 0x78 Surprise AGAIN So... y'all thought it was a flash in the pan... well... we're happy to disappoint you with a brand new episode of the Liquidmatrix Security Digest Podcast. Hold on, it's going to be a wild ride. Upcoming this week... Lots of News Breaches Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Snowflake (not)breach Surprise, the Canadian Government agency that is supposed to watch for mis- and dis- information says it's happening. And the Members of Parliament are arguing about the validity of the statements. :| PandaBuy pays ransom to hacker only to get extorted again Cyber, cyber... etc So Matt. You hate Chrome. It's all spyware. What's the point? Mailbag Ahoy there, First time mailer, long time listener - I see that you've got the skull thing going on, can I ask you about where the cross bones went? Inquiring minds would like to know. ~ Pirate Steve Briefly -- NO ARGUING OR DISCUSSION ALLOWED Go back and watch some of the old stuff... it's all still so valid it hurts. Microsoft Total Recall Vengeful Club Penguin Hackers Reportedly Steal 2.5 GB of Disney's Data Upcoming Appearances: -- more gratuitous self-promotion Dave: - Toronto CIO Conference James: - I'm looking forward to an appearance in the forest camping because I'm pretty much completely peopled out. Matt: - Some podcasts and maybe a summer camp appearance. Advertising - pay the bills... Vulnerable U Seacrest Says: It's not the AI. It's not the AI. It's the AI. Sorry. Creative Commons license: BY-NC-SA
Episode 0x77 I'm not cool and neither are you. Ok, so it's been a long time - but we're good :) August 1st 2022 was our last show. The next one is scheduled now for sometime in 2026. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary ICQ will Shut Down SOOOOON Hackers are using AI to find software bugs - but there is a downside Breaches Your Mom. DERP Salesforce / Slack AI situation and how it's been handled Mailbag So... Y'all going to actually keep this up? For real this time? ~a concerned patron Briefly -- NO ARGUING OR DISCUSSION ALLOWED Dave: I haz a new job! (a word about hiring market) Jamie: Hey, me too but at the same company. Working my way through the collision of responsibilities. Upcoming Appearances: -- more gratuitous self-promotion Dave: - Gartner DC James: - You just missed me at Open Source Data Infrastructure Toronto Meetup. I'm trying to avoid doing anything like actual work for the next little while. Closing Thoughts Seacrest Says: Be Vulnerable - it's good for U Creative Commons license: BY-NC-SA
Episode 0x76 Ready for a surprise thing? Yup. We found spare time and did a thing. Here's the thing. You get to spend a whole lot of time listen to security old farts. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Rogers Outage - the CRTC letter and An analysis on the BGP route withdrawal Why Bug Bounty Programs are Failing CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks Breaches Yeah. You've been Shanghai'd - maybe? SCADA / Cyber, cyber... etc SCADA market to reach 13+ Billion in 4 years - will any of it be secure? Uber won't get prosecuted for their 2016 breach, but... DERP Oldie but goodie - Elon's plane being tracked is a security issue... and Drake tries to make it better and fails so miserably... derp. Mailbag You guys are not good at segways... or segues https://www.merriam-webster.com/dictionary/segue Briefly -- NO ARGUING OR DISCUSSION ALLOWED Awesome Security (tools and stuff) Samsung has a thing that sounds like a backdoor but actually isn't As Microsoft blocks Office macros, hackers find new attack vectors Closing Thoughts Seacrest Says: Seacrest says see you at band camp Creative Commons license: BY-NC-SA
Episode 0x75 10th Anniversary Special We should have something snappy here, but we're old and out of belt-onions Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whats changed in infosec since we last talked? Coinbase highlighting the risk of centralizing a decentralized system Great podcast from Odd Lots - the ponzinomics of cryptocurrency New Vulnerability Database Catalogs Cloud Security Issues Data breach at US ambulance billing service Comstar exposed patients' healthcare information Breaches In Canada... largest breach settlement SCADA / Cyber, cyber... etc Wired knows shit. Deep fake remote IT job applicants DERP Mailbag It's been a rough couple of years. We missed a lot. Some friends departed. How are y'all handling things? ~a long time listener Briefly -- NO ARGUING OR DISCUSSION ALLOWED I'm hiring Me too Risk Disconnect in the Cloud Supply chain Levels for Software Artifacts https://jobs.cisco.com/We're hiring at Cisco Closing Thoughts Seacrest Says: Dave qualifies for senior AARPdiscounts now Creative Commons license: BY-NC-SA
Episode 0x74 Quarantine 2020 Edition All the late shows are doing the "I phoned in from home" why shouldn't we? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary coronavirus insider trading fixing vulns at scale US authorities battle surge in coronavirus scams, from phishing to fake treatments Coronavirus Sets the Stage for Hacking Mayhem Breaches Princess Cruises Confirms Data Breach Rogers had a woopsie SCADA / Cyber, cyber... etc Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis DERP Stupid shit that vendors say due to Coronavirus (THIS) Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet What do you mean our RSS feed didn't update? What do you mean RSS is dead? Briefly -- NO ARGUING OR DISCUSSION ALLOWED cyentia 2020 information risk insights study On Making Work Less Remote: How the Heroku Team Works Together HBR has some thoughts on newly remote teams too automated reasoning about AWS security s3 thinger https://twitter.com/JSTOR/status/1240306471168028674?s=20Get bent JSTOR Closing Thoughts Seacrest Says: There's finally a word for what we do... On-nomi Creative Commons license: BY-NC-SA
Episode 0x73 Surprise! Happy Holidays Are you having a happy holiday? Listen to us and you'll have a happy holiday. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Comparison of DNS resolvers Stylish Norton Core Router Russian wessels messing with underwater internets Submarine Cable Map Keeper Security learns about The Striesand Effect Russian hackers targeted more than 200 journalists globally Breaches Internet Hijacking Free Credit Monitoring from Nissan Finance Canada! SCADA / Cyber, cyber... etc VMWare has bugs. Who knew? DERP The person that thought we our recent fail panel was unprofessional Screenshot kernel patch Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Enpass Pineapple Fund Die Hard at the Theatre Magic Leap is real... ish Has no link. Closing Thoughts Seacrest Says: Where the fuck is Matt? Has anyone seen Matt? Creative Commons license: BY-NC-SA
Episode 0x72 SPECIAL ELECTION EDITION Vote Dave... please? Upcoming this week... We yammer about stuff with no real direction or point. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: SCADA / Cyber, cyber... etc ETERNALBLUE was being used before wannacry DERP Hacking Mar-A-Largo... Kinda? Is this legal? Briefly -- NO ARGUING OR DISCUSSION ALLOWED https://securityheaders.io/ https://www.gofundme.com/crunch-medical-fund Liquidmatrix Products and Services - We do some stuff. Seriously. Advertising - pay the bills... Thinking about SecTor this November? Be sure to use the code "liquidmatrix2017" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2017expo" will get you in for $0 Seacrest Says: I can't even remember... something about Kelly. Closing Thoughts Creative Commons license: BY-NC-SA
Episode 0x71 Um... We're back? I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon? Upcoming this week... /dev/random And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: We totally forgot show-notes Creative Commons license: BY-NC-SA
Samy Kamkar - PoisonTap - https://samy.pl/poisontap/ RCMP want an iphone unlocker - http://www.cbc.ca/news/investigates/police-power-privacy-encryption-1.3856375 Discussion paper - https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-scrt-grn-ppr-2016-bckgrndr/index-en.aspx
Reporting on the infosec implications of Walt Disney World... https://disneyworld.disney.go.com/ https://www.wired.com/2015/03/disney-magicband/ http://www.nytimes.com/1998/08/20/technology/roller-coasters-take-a-ride-from-wild-to-wired.html http://www.rockwellautomation.com/global/industries/entertainment/overview.page http://dsicontrols.com/amusement.html
Dave is actually alive. We have video proof.
Russian Hacker group responsible for DNC Hack is at it again - https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/ Russian banks getting hit back by DDoS Attack - https://themoscowtimes.com/news/ddos-attack-hits-russian-banks-56077
MS16-137 - https://g-laurent.blogspot.ca/2016/11/ms16-137-lsass-remote-memory-corruption.html?m=1
Tesco was breached - https://www.google.ca/amp/www.bbc.co.uk/news/amp/37907441 The grugq on Security, Cyber, and Elections - https://medium.com/@thegrugq/security-cyber-and-elections-part-1-cd04de8ed125#.9dtgkxkut
http://www.mprnews.org/story/2016/11/07/npr-how-hostile-nation-could-disrupt-election
Nobody knew what CSIS was up to - http://www.cbc.ca/beta/news/politics/what-you-need-to-know-about-csis-metadata-1.3837104
Matthew Keys is in jail for not giving up a source - http://arstechnica.com/tech-policy/2016/11/speaking-from-prison-incarcerated-reporter-maintains-innocence/ Go Secure botnet analysis - https://gosecure.net/2016/11/02/exposing-the-ego-market-the-cybercrime-performed-by-the-linux-moose-botnet/ Blackhat EU talks - https://www.blackhat.com/eu-16/ getting root on wemos - https://www.invincealabs.com/blog/tag/wemo/
Quebec police spied on multiple journalists - https://www.engadget.com/2016/11/03/quebec-canada-cops-monitor-journalists/ Canadian intelligence agency gets hands slapped - http://www.cbc.ca/news/politics/csis-metadata-ruling-1.3835472 EMET EOL announced - https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Episode 0x70 Dave Doesn't Exist We've been unable to capture Dave on video yet despite turning out a absolutely epic amount of video material. We think it's because he doesn't actually exist. Do not even get me started on the hipster beard and hipster actor. Those two. Sigh. In any case... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Surveillance of reporters has chilling effects Great series of articles from Rich Mogull on Cloud Security Your Cloud Consultant Probably Sucks How to Start Moving to Cloud Seven Steps to Secure Your AWS Root Account Breaches Github responsible disclosure haveibeenpwned - NSA edition (a written message from the Shadow Brokers) SCADA / Cyber, cyber... etc White hat Marai UK gov investing mucho Brexit dollars in cyber security DERP Don't do illegal searches of CPIC (especially if you're a police officer) Mailbag What's with google disclosing vulns without patches? (thanks to Ed) Briefly -- NO ARGUING OR DISCUSSION ALLOWED Macbook Pro review Ten Securosis Years Let's Encrypt Crowdfunding campaign Upcoming Appearances: -- more gratuitous self-promotion Dave: - invading Sweden James: - VACATION! Ben: - still work Matt: - beard Wil: - hipster Other LSD Writers: - whaaaaaaa? Closing Thoughts Seacrest Says: Dave loves swedish meatballs Creative Commons license: BY-NC-SA
Typed JSON - https://tonyarcieri.com/introducing-tjson-a-stricter-typed-form-of-json
http://www.cbc.ca/beta/news/canada/toronto/woman-toronto-police-database-unauthorized-searches-1.3830541 http://www.cbc.ca/beta/news/canada/calgary/gerard-brand-calgary-police-trial-breach-trust-1.3829644
Google talks about disclosing 0days - https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html Finically regulator loses some records - https://www.engadget.com/2016/10/31/us-comptroller-data-breach/
I need a new computer. Or maybe I just want one. Owen Williams writes on Medium Apple just told the world it has no idea who the mac is for and I'm not entirely sure I disagree. Rui Carmo
Good morning! Coming to you live from O'Reilly Security in NYC. Well, the breakfast buffet anyways. Great 101 article from Ars Technica How security flaws work: SQL Injection The always eloquent friend of the show / my friend Violet Blue cuts to the bone with the awesome phrase "Infosec smarty-pantses" in her article on That Time Your Smart Toaster Broke The Internet Note that @gattaca's toaster doesn't obey him either Twitter does dumb shit again and pisses off long term users Hiding Usernames In @Replys DMCA exemption list finally updated and has a great list covered exemptions from The Register Tune in tomorrow for a SPOOOKY story from me still in NYC.
Australia's Blood Service's exposed lots of personal data - https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
Machine Learning Appsec testing - http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps Mozilla doesn't trust Ernst & Young audits of CAs - https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Episode 0x6F THE CENTENNIAL! We are happy to announce that we've got a full show... with only two hosts. But hey - it's number 100(decimal) Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Apple Introduces What It Calls an Easier to Use Portable Music Player MEDSEC gets independent confirmation of their findings... St Jude is still suing New ISO Standard Is an Anti-Bribery Game-Changer Breaches Vera Bradley POS Breach SCADA / Cyber, cyber... etc Modbus eavesdropper from B+B SmartWorx Senators get involved in IoT Dan Kaminsky on DNS and rate limiting DERP HAMAS complains about video cameras California DMV thinks "INFOS3C" is a dirty word Apple Doxes Self -- MBP w/TouchID Mailbag TALK ABOUT BSIDESTO AND SECTOR Briefly -- NO ARGUING OR DISCUSSION ALLOWED Liquidmatrix TV learn stuff for free from experts Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances: -- more gratuitous self-promotion Dave: - Claims to have 5 more conferences this year. Wife still doesn't expect him home for dinner anytime soon James: - O'Reilly Security NYC and then WDW! Ben: - work Matt: - Unknown. Hiding behind his beard. Wil: - Unknown. Check CBC Calgary Other LSD Writers: - There are others? Advertising - pay the bills... Thinking about SecTor this November 2017?Check back with us for codes. Closing Thoughts Terry Bradshaw Says: 100 (decimal) BABY WOOO!!! 100 Creative Commons license: BY-NC-SA
UNENCRYPTED SCADA PAGERS!!! http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/ (watch Jamie and Dave's head explode when they read that) MS threat modelling tool - https://www.microsoft.com/en-us/download/details.aspx?id=49168
Yet another - this is LSD TV mini0x07. Talking about the Defense again. Oh, and Ben's got a link for you - http://mooc.fi/courses/2016/cybersecurity/
Hangzhou Xiongmai recalls IoT devices - http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS Comodo CA relies on broken OCR and issues certs incorrectly - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713 Using Rowhammer on Android - http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
Hyper scale defenses (https://youtu.be/90kxsEOSZQ8), scaring the Russians (http://www.cbc.ca/beta/news/technolog...) and rigged elections in the Philippines (http://thestandard.com.ph/mobile/arti...) -- turns out its very old news which popped up in my news feed and I can't read dates
Mini episode #4: crazy TLDs and DDoS on Dyn. https://twitter.com/kpyke/status/789156391726387200 https://www.dynstatus.com/incidents/5r9mppc1kb77 https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/amp/ https://youtu.be/90kxsEOSZQ8
Friday's episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks Yahoo! and Boards of Directors and Linux privilege escalation and Wikileaks and HE JUST KEEPS TALKING.
The SECOND episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks data exfiltration.
In this first episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro walks you through SecTor 2016.
Episode 0x6E IT LIVES (Live from SecTor 2016) All five LSDP's in one room at the same time. It actually happened. Upcoming this week... Catching Up! And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: LIVE FROM SECTOR!!! Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Closing Thoughts Seacrest Says: Eventually we will return. Maybe. Creative Commons license: BY-NC-SA
Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA) DHS seeks to ask foreign visitors their social media accounts Breaches All your gotomypc are belong to us DERP Comodo are the good guys, seriously (not seriously) Briefly -- NO ARGUING OR DISCUSSION ALLOWED The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated) Mooltipass Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances: -- more gratuitous self-promotion Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress... James: - Vegas. Sigh. Ben: - Coding my ass for SECTOR building G.Tool Matt: - Keeping banker's hours. Wil: - BSidesLV, DEF CON, Burning Man... Other LSD Writers: - Who? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys Creative Commons license: BY-NC-SA
Episode 0x6C I'm bringing Six Cee Back... Oh yeah, bad joke from the start. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary VirusTotal pitches a fit^Wethical stance Another attack against the SWIFT network but the attack was stopped althought SWIFT is now warning its members DERP/Cybers Honey... it may look like I'm looking at Pornhub but this midget porn is an essential part of my bug hunting SYMANTEC... this is not how you do malware analysis safely Nice guy tells Indian bank about their app that could have let him steal all the monies Unintended Consequences of DMCA on Medical Implants Michigan ok with wrenches, not ok with computers Briefly -- NO ARGUING OR DISCUSSION ALLOWED Personal Warrant Canary Poor man Windows Security Metrics Upcoming Appearances: -- more gratuitous self-promotion Dave: - Everywhere James: - Vegas Baby! Ben: - Toronto Matt: - Fleeing Trump... Welcome to Canada Matt Wil: - Bermuda Triangle Other LSD Writers: - Dunno. Bill and Chris? Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... Wil posted two) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: insert crickets.wav Creative Commons license: BY-NC-SA
Episode 0x6B SIX BEEEEEEEEEEEEE Ben, Wil, and Dave provide entertainment value that is also questionable. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook bug bounty hacker finds that he wasn't the first there (Tech details) (Trey's talk on sharing incident details) Jericho et. al run some numbers on the VZDBIR (Michael Roytman's response) There was irony, and then there was getting the message out I love Gooooold DERP/Cybers Brazilian judge is scared of the internet ruining Brazilian telco's Idiot grounds his own flight and runins everyone's day Kernreaktor Malware Scheiße!!!! Canadian infrastructure keeps getting hacked Mailbag Briefly -- NO ARGUING OR DISCUSSION ALLOWED How to hack 2FA Required reading OpenSSL Upcoming Appearances: -- more gratuitous self-promotion Dave: - Interop, RMISC, HackMiami, NolaCon, Securityfest, Infosecurity EU, James: - On a plane Ben: - work then off to Vancouver for work Matt: - I think he's on the phone. Wil: - Locking himself away this weekend to work on his OSCP training. Other LSD Writers: - Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... Wil posted two) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: worst. segue. ever Creative Commons license: BY-NC-SA
Episode 0x6A All about the VZ-DBIR Ok. Not completely weekly. And sorry Mom that we missed last week. We'll get it together. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Verizon's 2016 Data Breach Investigations Report How Hacking Team got hacked (with a detailed writeup from Phisher himself) U.K. official confirms surveillance bill would let cops force companies to decrypt data Katie Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147 Vulnerability Disclosure How iMessage distributes security to block “phantom devices” Breaches Philipines got hacked... yes, a whole country ... by a 23 year old student ... and Mexico A Bangladeshi bank got popped for (almost) a billion (more analysis) (technical analysis) SCADA / Cyber, cyber... etc UBER META DATA US or something like that (Uber says gave U.S. agencies data on more than 12 million users) US Special Forces Are 'Dropping Cyberbombs' on ISIS DERP Four hundred MILLION vulnerable Androids are out there Microsoft sues US government over 'unconstitutional' cloud data searches The FBI paid more than $1 million to crack the San Bernardino iPhone Jeff Moss talks about grooming presidents Mailbag Making security a big "P" Profession Briefly -- NO ARGUING OR DISCUSSION ALLOWED Sadlock Bug Listen to Paul @dcept905 when he says interesting things on Twitter DevOps Days Austin Setting up a home malware lab Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption by 7 Years Upcoming Appearances: -- more gratuitous self-promotion Dave: - Interop, RMISC, HackMiami, NolaCon, SecurityFest, InfosecurityEU, CircleCityCon James: - Not much until Vegas... As far as I know. Ben: - A Cyber Insurance conference. Listening. yes... really Matt: - DevOps Days Austin, DFIR Summit, Vegas Wil: - CBC Calgary Other LSD Writers: - Shrug, Dunno. Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: Hey Ergodan - watch this you despotic little arsehole this Creative Commons license: BY-NC-SA
© 2020-2025 Ivy Podcast Discovery LLC
