POPULARITY
Discovered from some reel to reel tapes made in the early 1970s was an account of a Roman ghosts in West Mersea in Essex as well as the unfortunate treatment of 'Witches' in Thorpe Le Soken, Saint Osyth and strange goings on in Great Leighs in 1944! Enjoy a Rural Essex Accent and a well told story recovered from old technology! The second recording was taken from 'Essex witches SA 6/289/1 side A part 1, Essex Records Office. Speaker was Peter Bibby 1970 Used under Creative commons BY-NC-SA 3.0
Episode 0x7E The one after the outage... We keep talking about how it's amazing that this is still happening and it really is. But I think we're done with that talk now. I was having a conversation with a CTO at another cloud service provider and he had a poster on his home office wall... "Consistency is what transforms average into excellent." Thanks for being a consistent listener / viewer! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary North Korean Spy Hired by KnowBe4 Mandiant Shines Spotlight on APT45 Behind North Korea's Digital Military Machine Walkin... walking away. Wiz doesn't need Googley Money. Breaches Over 3,000 GitHub accounts used by malware distribution service Meta nukes massive Instagram sextortion network of 63,000 accounts SCADA / Cyber, cyber... etc CrowdStrike CSO Apology. This is how you do this. Much Respect. Mailbag Dear Liquidmatrix I'm fighting with DNS records and SSL certificates and I'm losing my mind. Why is this stuff still so difficult in 2024? Is there anything you can do to help? Love, a frustrated guy Briefly -- NO ARGUING OR DISCUSSION ALLOWED First round of the Sector.ca briefings were released this week. Yes, The Canadian edition of the Fail Panel is back for the 12th time! Anyone can Access Deleted and Private Repository Data on GitHub Upcoming Appearances: -- more gratuitous self-promotion Dave: - Obviously not here. We don't know where he is. Assume something about the Militant Wing of the Girl Guides. Jamie: - PTO Countdown is real. I'm not obsessing about it... but... I am. Matt: - My calendar is screwed. Wheeeeeee Advertising - pay the bills... Vulnerable U - The other place you can learn from Matt Closing Thoughts Seacrest Says: You're not the boss of me. I can say whatever I want. It makes me happy to be a butterfly. Creative Commons license: BY-NC-SA
Episode 0x7D It's just a dream... There's a lot going on as we head into summer here in the northern hemisphere. I think it's pretty cool but also worry a little bit that we're staying too focused on the wrong things. You ever have the feeling that you've bought into the wrong game? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary AT&T Breach and Continuing Snowflake Saga Nearly all AT&T cell customers call and text records breached The Dark Web - See your The Dark Web footprint for free! US sanctions alleged Russian hackers who claimed attacks on US water facilities Breaches Hollywood Fears of a Major Hack Are Growing Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages DERP Chromium browser? Google knows more about you than you want. Briefly -- NO ARGUING OR DISCUSSION ALLOWED How to tell if you've been hacked - Great techcrunch article Meshtastic - distributed comms for when the centralized system goes down CloudFlare State of AppSec - 22 min from PoC to exploit. 7% of all traffic is DDoS. 1/3 of all Internet traffic is bots. North Korean Hackers Update BeaverTail Malware to Target MacOS Users Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer camp, this fall: Singpore, Ireland, Portugal Jamie: - (insert Griswoldian music here) Matt: - Thanks for everyone who came to SnooSec. Summer Camp! Advertising - pay the bills... Vulnerable U - The other place you can learn from Matt Closing Thoughts Seacrest Says: These kids - they keep growing up damn them. Also, get off my lawn!! Creative Commons license: BY-NC-SA
Episode 0x7C Yup, this is a habit now. It's all fun and games until somehow you find yourself actually planning and not doing that whole "maybe we will, maybe we won't" thing. It's happening. We're back and making a habit of this! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Russia forces Apple to remove dozens of VPN apps from App Store Dark Money tied to war on Apple's encryption OpenAI had an oopsie and forgot to mention it... But they're also just plain making mistakes at the basics too Hackers reverse-engineer Ticketmaster's barcode system to unlock resales on other platforms Breaches The human cost of breaches at Hospitals - this one is awful Sightline Security for non-profits SCADA / Cyber, cyber... etc A really good assessment of the great Rogers outage of 2022 DERP DON'T LIE ABOUT YOUR BREACHES DAMMIT Mailbag Dear Liquidmatrixes, What's the deal with The Cloud? I really like hugging my servers and I give them special names, how do you hug a cloud? Even better, how do I secure it? Thanks all y'all. Legacy Folk. Just sign up for CloudSLAW Briefly -- NO ARGUING OR DISCUSSION ALLOWED Ollama - run some great LLMs on your laptop Microsoft Midnight Blizzard Saga Continues Eight Nations Issue Warning About Speed Of Chinese Hackers' Operations Upcoming Appearances: -- more gratuitous self-promotion Dave: - Global News talking about Ticketmaster yesterday Matt: - SnooSec NYC Jamie: - Starlink terminal connection end point... SOMEWHERE. Advertising - pay the bills... Vulnerable U - Mattjay's other news. Sign up or else. Closing Thoughts Seacrest Says: I'm Europe now, very fine. Not worry about my doing well. Creative Commons license: BY-NC-SA
Episode 0x7B Penta-pod! Five down, we should probably do some more. It seems like people enjoy these things. Or at least our subscribers say so. Why don't you tell your friends! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary No flaws like the old flaws. It's time to MOVEit, MOVEit... AGAIN RockYou2024: 10 billion passwords leaked in the largest compilation of all time Breaches Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers Neiman Marcus confirms data breach, claims Snowflake account was hacked SCADA / Cyber, cyber... etc A group of Rabbit R1 jailbreakers found a massive security flaw DERP regreSSHion - you're supposed to hold on to this until August. Also, cute name and logo is so 10 years ago (Heartbleed was TEN YEARS AGO) Mailbag Hei Liquidmatrix, Are you going to be keeping it up? Especially as it is now summer time. ~Your friends from the blue and yellow furniture store Briefly -- NO ARGUING OR DISCUSSION ALLOWED I did a podcast for work with another CISO who isn't a curmudgeon. You might enjoy. TeamViewer: Hackers copied employee directory and encrypted passwords Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer Camp, Singapore in October, IRISCON and Websummit in November James: - The other end of a Starlink connection... in a forest. :) Advertising - pay the bills... MattJay's Vulnerable U - he's got more subscribers than we do. And he's got sponsors and shit. Closing Thoughts Seacrest Says: I'm on a vacation. Leave me alone. Creative Commons license: BY-NC-SA
Episode 0x7A 4-peat 4-peat! Turns out this is actually habit forming. The weekly venting/ranting is excellent for the spirit! Hope you're able to vent as well. Feel free to scream while listening - it's not weird at all. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of (approximately) 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Biden bans Kaspersky - effective July 20. FINALLY. Stolen test data and NHS numbers published by hospital hackers Information is beautiful - World's Biggest Data Breaches & Hacks Breaches The City of Hamilton breach continues. It's a farce. My property tax dollars going to no good purpose at all. Ongoing since Feb 25, no sign that they're any closer to getting the majority of systems up and running - and $5 million out of the door. Sigh. The number of systems remaining offline is incredible. I'm pretty sure I could put together a crack team of 5 who could spend evenings and weekends for less than a month to knock out all of this list without extending our recruiting pool past Hamilton and Burlington. Sheesh. Car Dealerships Nationwide Hit by Massive Cyberattack—What It Means for You SCADA / Cyber, cyber... etc / DERP COMBO!!! An Open Letter to Security Vendors - John Masserini (2015) Vendor Rebuf - Andy Ellis (2017) 10 Rules for Cybersecurity Salespeople - Mark Weatherford (2018) Advice to cybersecurity companies selling to CISOs - Patricia Titus (2020) Mailbag Dearest Liquidmatrix, It was so good to hear Jamie lose his ever-lovin' mind last episode. Dave alluded to being cranky during the brieflies. Can you please un-mute him and let us all hear him lose his mind for this episode? THANKS! ~The Entire Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Amazing how far software defined radio has come lately - go do some learnin' on your RTL-SDR things Hackers claim to have carried off an enormous data heist on AMD, selling info on employee and customer information, future products and specs Upcoming Appearances: -- more gratuitous self-promotion Dave: - Summer camp. (also, we will be adding GUESTS in the near future) James: - I'm trapped between Google Workspace, Slack, Jira, Salesforce, and Github. I can't find my way out. Help Advertising - pay the bills... MattJay's Vulnerable U - he's got more subscribers than we do. And he's got sponsors and shit. Brawndo, the Thirst Mutilator. It's what plants crave. Closing Thoughts Seacrest Says: Inserting an old recording of Matt from early episode. Creative Commons license: BY-NC-SA
Episode 0x79 We have no idea what's going on either... But we're going to keep doing this as long as we can manage to schedule the appointment in our calendars and also show up... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Apple's AI Announcements - Private Cloud Compute But is it ok that there's no money going back and forth... so we are the product? Snowflake to Close Hacking Probe Into Attack Targeting Clients Breaches Chinese hackers breached 20,000 FortiGate systems worldwide DERP Major Data Breach New Section: Jamie Yells at Clouds PLG motion with Enterprise Customers and pushing your AI Feature Set - I'm tired of getting the requests to turn it on and it comes with vague pricing issues. Seriously... so tired. If you want to sell to your Enterprise Customers, how about you have a conversation with the person who signs the OF instead of the people who can't. ARGH. Briefly -- NO ARGUING OR DISCUSSION ALLOWED Bambu Lab Second Anniversary Sale - join us in the melty plastic revolution! Medical-Targeted Ransomware Is Breaking Records After Change Healthcare's $22M Payout China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says Upcoming Appearances: -- more gratuitous self-promotion Dave: - In will be speaking at the CIO Summit in Toronto James: - Still the forest. I need a break so bad, July can't get here soon enough. Matt: - Europe - I'M ON A BREAK -- then Vegas... Closing Thoughts Seacrest Says: Have you made your plans for the Solstice? Go long or go short - depends on your latitude. Creative Commons license: BY-NC-SA
Episode 0x78 Surprise AGAIN So... y'all thought it was a flash in the pan... well... we're happy to disappoint you with a brand new episode of the Liquidmatrix Security Digest Podcast. Hold on, it's going to be a wild ride. Upcoming this week... Lots of News Breaches Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Snowflake (not)breach Surprise, the Canadian Government agency that is supposed to watch for mis- and dis- information says it's happening. And the Members of Parliament are arguing about the validity of the statements. :| PandaBuy pays ransom to hacker only to get extorted again Cyber, cyber... etc So Matt. You hate Chrome. It's all spyware. What's the point? Mailbag Ahoy there, First time mailer, long time listener - I see that you've got the skull thing going on, can I ask you about where the cross bones went? Inquiring minds would like to know. ~ Pirate Steve Briefly -- NO ARGUING OR DISCUSSION ALLOWED Go back and watch some of the old stuff... it's all still so valid it hurts. Microsoft Total Recall Vengeful Club Penguin Hackers Reportedly Steal 2.5 GB of Disney's Data Upcoming Appearances: -- more gratuitous self-promotion Dave: - Toronto CIO Conference James: - I'm looking forward to an appearance in the forest camping because I'm pretty much completely peopled out. Matt: - Some podcasts and maybe a summer camp appearance. Advertising - pay the bills... Vulnerable U Seacrest Says: It's not the AI. It's not the AI. It's the AI. Sorry. Creative Commons license: BY-NC-SA
Episode 0x77 I'm not cool and neither are you. Ok, so it's been a long time - but we're good :) August 1st 2022 was our last show. The next one is scheduled now for sometime in 2026. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary ICQ will Shut Down SOOOOON Hackers are using AI to find software bugs - but there is a downside Breaches Your Mom. DERP Salesforce / Slack AI situation and how it's been handled Mailbag So... Y'all going to actually keep this up? For real this time? ~a concerned patron Briefly -- NO ARGUING OR DISCUSSION ALLOWED Dave: I haz a new job! (a word about hiring market) Jamie: Hey, me too but at the same company. Working my way through the collision of responsibilities. Upcoming Appearances: -- more gratuitous self-promotion Dave: - Gartner DC James: - You just missed me at Open Source Data Infrastructure Toronto Meetup. I'm trying to avoid doing anything like actual work for the next little while. Closing Thoughts Seacrest Says: Be Vulnerable - it's good for U Creative Commons license: BY-NC-SA
Bem vindos ao 54º episódio da Forja, um podcast produzido pelo RPG Next que trás um bate-papo sobre assuntos relacionados ao Role-playing Game. Neste episódio falamos sobre as impressões da campanha de Badlands e do episódio especial de natal 2023 Noite inFeliz, também ambientado no mesmo cenário. Agora você pode ter em casa a caneca do Klank, o velho guerreiro anão em sua casa. Confira a coleção completa dos personagens da Mina Perdida de Phandelver e corra para garantir a sua com valor promocional por tempo limitado: https://www.mundofan.com.br/caneca-klank. O destino de alguns homens pode ser traçado por um saque rápido ou um tiro de sorte. O oeste estranho não é para qualquer um. JOGUE RPG CONOSCO !!! Procurando uma mesa ou um mestre para jogar PRG? Venha conferir nossos serviços de mestres de aluguel Mais informações no link: https://www.rpgnext.com.br/loja/ Antes de assinar como um JOGADOR envie um e-mail para contato@rpgnext.com.br e consulte sobre as vagas. Elas têm número limitado. ATENÇÃO: Esse podcast é recomendado para maiores de 16 anos. Com a participação de: Anderson Lira que foi o Mestre Heitor Fraga que interpretou Tony "Cabeça de Cone" Vitor que interpretou Brody Hampton Vinicius Watlz que interpretou Lucky Lou Nilson que interpretou Lone Phil Nãna que interpretou Lupita Edição de: Anderson Lira Uma produção RPG Next. Trailer e Playlist: BadLands - trailer - YouTube Uma aventura no Velho Oeste Americano. Indicações Fabulosas APP das Cartas Críticas para D&D 5e APOIE NOSSA CAUSA! Nossa Campanha do PADRIM está no AR! Acesse e veja nossas Metas e Recompensas para os Padrinhos e Madrinhas. padrim.com.br/rpgnext Se você preferir nos apoiar pelo MERCADO PAGO, acesse e veja nossas recompensas: https://linktr.ee/unicolas https://rpgnext.com.br/doadores/ COMPARTILHE! Se você gostou desse Podcast de RPG, então não se esqueça de compartilhar! Nosso site é https://rpgnext.com.br, Nossa Campanha do PADRIM: https://www.padrim.com.br/rpgnext Nossa Campanha no PICPAY: https://picpay.me/rpgnext Facebook RpgNextPage, Grupo do Facebook RPGNext Group, Instagram RPG Next Oficial, Twitter @RPG_Next, Canal do YouTube, Vote no iTunes do Tarrasque na Bota e no iTunes do RPG Next Podcast com 5 estrelas para também ajudar na divulgação! DEIXE SEU FEEDBACK! Se quiser deixar seu feedback, nos envie um e-mail em contato@rpgnext.com.br ou faça um comentário nesse post logo abaixo. Seu comentário é muito importante para a melhoria dos próximos episódios. Beleza? Muito obrigado pelo suporte, pessoal! Links para MÚSICAS e SFX sob a licença Creative Commons Freesounds.org – https://www.freesound.org/ Tabletop Audio – http://tabletopaudio.com/ Kevin MacLeod em Incompetech – http://incompetech.com/music/royalty-free Free PD - https://freepd.com/ Alexander Nakarada - https://alexandernakarada.bandcamp.com/ Free Stock Music - https://www.free-stock-music.com Music: Jack The Lumberer by Alexander Nakarada; Free download: https://filmmusic.io/song/4808-jack-the-lumberer License (CC BY 4.0): https://filmmusic.io/standard-license Music: Crossroads Free download: https://tabletopaudio.com/ Licensed under CC BY-NC-ND 4.0: https://creativecommons.org/licenses/by-nc-nd/4.0/ Music: true_west Free download: https://tabletopaudio.com/ Licensed under CC BY-NC-ND 4.0: https://creativecommons.org/licenses/by-nc-nd/4.0/ Music: Slow Western Intro by Brian Holtz Music Free download: https://filmmusic.io/song/8782-slow-western-intro License (CC BY 4.0): https://filmmusic.io/standard-license Music: Way out west - twin musicom Free download https://soundcloud.com/twinmusicom/way-out-west-wwwtwinmusicomorg License cc BY-NC-SA 3.0: https://creativecommons.
Simon Winkler arbeitet seit Jahren für den DHV daran, bessere Gleitschirm-Steuertechniken unters Fliegervolk zu bringen. +++ Der DHV pflegt auf Youtube eine beliebte Serie von Lehrvideos. Es geht darum, besser und sicherer zu fliegen – dank einer guten Flugtechnik. Man bekommt dort unter anderem gezeigt, wie man Kurven besonders effektiv einleitet, Nickbewegungen schneller stoppt, auf Seitenklapper passend reagiert, schnelle Achten fliegt, sicher toplandet oder auch bei schwachen Bedingungen gut soaren kann. Der Lehrmeister in all diesen Videos ist Simon Winkler. Er ist über die Jahre gewissermaßen zum Gesicht und Sprachrohr des DHV geworden, wenn es darum geht, moderne Steuertechniken für den Gleitschirm dem Fliegervolk näher zu bringen. Neuerdings zählt dazu auch die Idee der Trimm-Flaps. Das ist der gleichzeitige Einsatz von Bremsen und Beschleuniger. Das allein wäre schon Grund genug gewesen, Simon Winkler zu dieser 112. Episode von Podz-Glidz einzuladen und die Hintergründe erklären zu lassen. Simon hat freilich noch viel mehr zu erzählen. Zum Beispiel: Über welche Zufälle er als ambitionierter Acropilot zum eher gesetzten DHV kam und wie er dort die Safety-Class-Tests mit geprägt hat. Wir sprechen auch über den Wandel von Lehrmethoden und die Idee, Sicherheitsansätze aus der großen Verkehrsfliegerei in die Gleitschirmszene zu übertragen. Dass das sinnvoll wäre, hat Simon Winkler erst kürzlich selbst erfahren müssen. Bei einem etwas zu salopp geplanten Landeanflug hatte er knapp über Grund einen heftigen Klapper und stürzte auf ein Hallendach. Man könnte den Fall unter die Rubrik Restrisiko einordnen. Oder man versucht Lehren daraus zu ziehen. Auch darüber geht es in diesem Talk. +++ Wenn Dir Podz-Glidz gefällt und Du den Podcast sowie den zugehörigen Blog Lu-Glidz fördern möchtest, so findest Du alle zugehörigen Infos unter: https://lu-glidz.blogspot.com/p/fordern.html +++ Musik dieser Folge: Track: Recall the Past | Künstler: OSC Project Released under BY-NC-SA 3.0 +++
Episode 0x76 Ready for a surprise thing? Yup. We found spare time and did a thing. Here's the thing. You get to spend a whole lot of time listen to security old farts. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Rogers Outage - the CRTC letter and An analysis on the BGP route withdrawal Why Bug Bounty Programs are Failing CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks Breaches Yeah. You've been Shanghai'd - maybe? SCADA / Cyber, cyber... etc SCADA market to reach 13+ Billion in 4 years - will any of it be secure? Uber won't get prosecuted for their 2016 breach, but... DERP Oldie but goodie - Elon's plane being tracked is a security issue... and Drake tries to make it better and fails so miserably... derp. Mailbag You guys are not good at segways... or segues https://www.merriam-webster.com/dictionary/segue Briefly -- NO ARGUING OR DISCUSSION ALLOWED Awesome Security (tools and stuff) Samsung has a thing that sounds like a backdoor but actually isn't As Microsoft blocks Office macros, hackers find new attack vectors Closing Thoughts Seacrest Says: Seacrest says see you at band camp Creative Commons license: BY-NC-SA
Episode 0x75 10th Anniversary Special We should have something snappy here, but we're old and out of belt-onions Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whats changed in infosec since we last talked? Coinbase highlighting the risk of centralizing a decentralized system Great podcast from Odd Lots - the ponzinomics of cryptocurrency New Vulnerability Database Catalogs Cloud Security Issues Data breach at US ambulance billing service Comstar exposed patients' healthcare information Breaches In Canada... largest breach settlement SCADA / Cyber, cyber... etc Wired knows shit. Deep fake remote IT job applicants DERP Mailbag It's been a rough couple of years. We missed a lot. Some friends departed. How are y'all handling things? ~a long time listener Briefly -- NO ARGUING OR DISCUSSION ALLOWED I'm hiring Me too Risk Disconnect in the Cloud Supply chain Levels for Software Artifacts https://jobs.cisco.com/We're hiring at Cisco Closing Thoughts Seacrest Says: Dave qualifies for senior AARPdiscounts now Creative Commons license: BY-NC-SA
Niall Grimes has a website here (http://www.niallgrimes.com/), he's the host of Jam Crack podcast, which you can find on all good podcasting apps or click here: http://www.niallgrimes.com/jam-crack-climbing-podcast and you can follow him on twitter @grimerclimber (https://twitter.com/grimerclimber) or on instagram @niallgrimes (https://www.instagram.com/niallgrimes) At one point in the conversation I mention the concept of 'grip', which is used by philosophers and psychologists interested in embodied (and specifically 'enactive') cognition, and which has its origin in the work of Maurice Merleau-Ponty, specifically the following text: Merleau-Ponty, M. (2002/1945). Phenomenology of Perception (C. Smith Trans.). London: Routledge. For further reading about the ideas associated with 'embodied' cognition, here's the Stanford Encyclopedia entry – §2.4 addresses focuses on enactivism in particular: https://plato.stanford.edu/entries/embodied-cognition/ As ever, please get in touch to send any thoughts, responses, ideas, reactions, feedback or ideas about this episode or any of the others, it's always great to hear from you, particularly if you want to say encouraging things. To drop me a line you can just head over to the contact (https://www.generousquestions.co.uk/contact) page, or tweet at me on twitter (@drjoemorrison (https://twitter.com/DrJoeMorrison)) The theme music is from li_serios05 (https://store.broken20.com/album/li-series-05-jack-on-piano) by TVO on Broken20 (https://store.broken20.com/) records under Creative Commons license BY-NC-SA (https://creativecommons.org/licenses/by-nc-sa/3.0/).
Putting together an episode of Open Metalcast can sometimes be a challenge in focus for me. Sometimes I get distracted by the music that I'm looking for (woe be the rabbit holes that occur when I'm looking for the perfect tracks). Other times I can get distracted when I'm waiting for something to finish downloading or for an episode to finish encoding. It can get frustrating having all of those distractions competing for my attention. But when a show comes together and I'm previewing the tracks it can really energize me to completet he episode. And when you have bands like OVERRULED, EntröpiaH, Richard III, DANTALION, Discommand, Gods & Punks, Lojohh, and Kekal filling your ears you suddenly get laser focused on ensuring that folks like yourself can hear this episode as soon as possible. So sit back with your favorite podcast listening apparatus and give the music the focus it deserves. (00:11) Evil Minds by OVERRULED from 2013 EP (BY-NC-ND) (04:27) Hydra by EntröpiaH from Bestiarum Split w/ Test (BY-NC-SA) (06:15) Woodflesh by Richard III from RICHARD III - Early Demos & Live (1990-92) (BY-NC-ND) (10:15) Gloom and Doom by DANTALION from The Seventh Wandering Soul (BY-NC-ND) (15:26) Tomorrow's Panopticon by Discommand from World Prison EP 2018 (BY-NC-SA) (19:15) Dunes of Doom by Gods & Punks from Into the Dunes of Doom (BY-NC-ND) (24:47) Tänä iltana by Lojohh from Tosikertomuksia havumetsien maasta (BY) (29:25) Quiet Eye by Kekal from Quantum Resolution (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #190 (MP3) Open Metalcast #190 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Nothing Special Nothing Funny Just some Creative Commons Licensed metal music to blow your eardrums out. We've got an amazing show lined up with an array of no-nonsense metal from Obskkvlt, Violblast, Homicidal Raptus, Debilitator, Absolute Zero, Kill Them With A Toaster, Vitne, and Abstract Void. Enjoy! (00:10) Demons by Obskkvlt from Blackarhats (BY-NC-ND) (04:34) Painless by Violblast from Theater of Despair (BY-NC-ND) (06:55) The Pride Sanitarium by Homicidal Raptus from Erotomanic Hallucinosis (BY-ND) (10:45) Bloodsucking Freaks by Debilitator from Bloodsucking Freaks (BY-NC-SA) (15:21) Left Becomes Right by Absolute Zero from Sign Us, You Bastards (BY-ND) (20:05) Where's The Fucking Money by Kill Them With A Toaster from Brutal Family Presents: A Spanish Compilation 4 (BY-NC-SA) (23:07) Destroyer by Vitne from Destroyer (BY-NC-SA) (27:00) As I Watch the Sunset Fade by Abstract Void from Back to Reality (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #188 (MP3) Open Metalcast #188 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
If seems the Marie Kondo bug has hit the Open Metalcast studios. We took all of the tracks in the Open Metalcast Archives and saw which ones still sparked joy. Or rather, which ones could stop vibrating long enough to put into the episode. We have some great Creative Commons-Licensed Metal for you, including tracks from Grey Heaven Fall, Violblast, Kekal, Amiensus & Oak Pantheon, Black Market Serotonin, 114 Kassandra, Sound of Ground, Katu Veo, and Seajeff. These tracks are ready to vibrate into your ear drums, and if you like them be sure to pass them along to a friend. They would be most grateful if you did. (00:10) Swansong Of Your Dream by Grey Heaven Fall from ...grey heaven fall (BY-NC-SA) (05:09) Wielders of fear by Violblast from Conflict (BY-NC-ND) (08:55) Artifacts Of Modern Insanity by Kekal from 1000 Thoughts Of Violence (BY-NC-ND) (14:44) Tanequil by Amiensus & Oak Pantheon from Gathering II (BY-NC) (19:13) DeadByFiveOClock by Black Market Serotonin from Something From Nothing (BY-NC-SA) (24:29) Lexicon Lies Dormant by 114 Kassandra from Life Rains the Hardest On Those Who Shine the Brightest (BY-NC-ND) (29:42) Reboiled by Sound of Ground from Sick (BY) (36:44) When the Trees Are Falling Down by Katu Veo from None (BY-NC-ND) (41:45) Changes by Seajeff from Magenta (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #187 (MP3) Open Metalcast #187 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Here at the Open Metalcast Headquarters we're always acquiring Creative Commons metal music for the show. We carefully select the finest CC-licensed metal music and run it through a scientific process to ensure the best listening experience possible. And this show is no exception, featuring music from Cara Neir, Epiphany From The Abyss, Anvil of Doom, Altars of Grief, ctrlBrain, Force Events!, Pyrit, The Neptune Power Federation, and Fuzz Forward. And we can pretty much guarantee that a certain Redmond-based software company won't purchase us for $7 billion any time soon so we'll continue to bring you the best CC-licensed metal music available. (00:11) Imperialist Design by Cara Neir from Stagnant Perceptions (BY-NC-ND) (04:56) Generation Of the Hopeless by Epiphany From The Abyss from Generation Of The Hopeless (BY-NC-ND) (09:58) Turn Your Back by Anvil of Doom from Turn Your Back EP (BY-NC-ND) (15:35) Her Shadow is the Night by Altars of Grief from This Shameful Burden (BY-NC) (22:12) Буря by ctrlBrain from Семь (BY-NC-SA) (24:47) Отрешение / Тонуть или плыть by Force Events! from Force Events! (BY-NC-ND) (28:29) Šina by Pyrit from Jazdec bez hlavy (BY-NC-SA) (31:00) Wizard Lovin' by The Neptune Power Federation from Mano A Satano (BY-NC) (34:44) Summertime Somersaults by FUZZ FORWARD from Out of Nowhere (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #176 (MP3) Open Metalcast #176 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Here at the Open Metalcast headquarters we're celebrating Memorial Day Weekend. It's a time of remembrance for those who fought for the freedoms that we in the USA enjoy. And one of those freedoms that I enjoy is sharing Creative Commons Metal Music with you. And this show is no different, with artists like Galactic Pegasus, Fountainhead, Necro-Cannibal Machinery, Terminal Man, Nolens, Crows, AgainstYouAll, and Die Leere im Kern deiner Hoffnung to bring the freedom of CC-Licensed music to your ears. And remember to support the bands in this show so they have the freedom to bring you more amazing music. (00:11) Volenti Non Fit Injuria by Galactic Pegasus from Dysphoria (BY-NC-SA) (03:47) 1. All Hail To Decay by Fountainhead from Fountainhead plays Despotic (BY-NC-ND) (06:16) Sacrament by Necro-Cannibal Machinery from Fractures (BY-SA) (12:46) El salto by Mosh from El filo (BY-NC-SA) (17:17) Diamonds by Terminal Man from Body of Crisis (BY-NC-ND) (20:50) #2 by Nolens from REJECT . SOMETHING (BY-NC-ND) (22:09) Reach by Crows from Carry This Flesh (BY-NC-ND) (25:06) Bringing You (Into My Chaos) by AgainstYouAll from None (BY-NC-ND) (30:31) Das Leben ist komplex by Die Leere im Kern deiner Hoffnung from Das Leben ist komplex und Entropie real (BY-SA) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #175 (MP3) Open Metalcast #175 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Here at The Open Metalcast Headquarters we usually make an entire episode in one night. We'll toil over Audacity tweaking and adjusting until the perfect episode is ready for you to listen to. But sometimes we won't be able to finish the episode all at once and we'll leave it on the hard drive waiting to be unleashed. This was such an instance where we'd started the episode and then forgot that we had already uncorked the metal rocket-sauce before. But lest you think that we're somehow giving you stale metal, or twice-unblessed metal please rest assured that we ensure that all of the metal is vacuum-packed using only the finest artisinal magnetic media. And who wouldn't want to hear our fine selection of music from Tinnitia, Terrestrial Chaos, cranial incisored, Chivo, SUNNATA, No Hand Path, Kartzarot, and Ark Of Passage? It just goes to show that we will not rest until we bring you the best if Creative Commons Metal Music. Unless we do rest. Then we put it away until we can continue again. (00:11) Второе небо by Ark Of Passage from Время жить и время умирать (EP) (BY-NC-ND) (04:28) Nostradamus by Kartzarot from Kartzarot (BY-NC-ND) (10:19) Birth of Decision by No Hand Path from An Existence Regained (BY-NC-ND) (18:06) Outlands by SUNNATA from Outlands (BY-NC-ND) (25:40) Wasted Time by Chivo from Waiting for so long (BY-NC-ND) (30:45) Dreaming Illusion ~ Constructing Extinction by cranial incisored from None (BY-NC-ND) (32:24) 02 - On The Verge of Humanity by Terrestrial Chaos from Pānoptikón (BY-NC-SA) (35:57) Hydraulic Operated Machinaria by Tinnitia from Live at NomaNooirax Fest (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #173 (MP3) Open Metalcast #173 (OGG) This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Apparently there is something going around the Open Metalcast headquarters that is wreaking havoc upon your beloved host. But the engines of metal must rage on, and rage on they shall in this episode. We have music by Head Cleaner, Incinerator, Drop Out, With Teeth, GLAM, S3V3N, Marche Funèbre, Rotten Casket, We Exist Even Dead, Oblivion's Garden, and Kraanston to help sooth those sinuses with the echoes of metal music. By the end you'll be smelling in infrared from the heat generated in your ear-holes, guaranteed. (00:11) What Normality Means? by Head Cleaner from Of Worms and Men (BY-NC-ND) (02:32) Slaughter by Incinerator from The Stench of distress (BY-SA) (06:14) Cabezas Huecas by Drop Out from Drop Out (BY-NC-ND) (07:38) Waltz by With Teeth from Captives (BY-NC-ND) (10:53) Crisis Atomica by GLAM from Veneno en sus flechas (BY-NC-SA) (12:14) Termites by Most Likely Forever from S3V3N (BY-ND) (16:08) Capital of Rain by Marche Funèbre from Into the Arms of Darkness (BY-NC) (24:54) In Search Of The Perfect Skin by Rotten Casket from Emerged From Beyond (BY-NC-ND) (30:28) Self-Reflected by We Exist Even Dead from Meet No End (BY-NC-SA) (34:56) My Revolution by Oblivion's Garden from Outbreak (BY-NC-ND) (42:24) Cargo Cult by Kraanston from Dead Eyes EP (BY-NC-SA) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or walk in to their Skype conversation like you just don't care. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #171 (MP3) Open Metalcast #171 (OGG)
Here at Open Metalcast Headquarters we've prided ourselves on being punctual with the delivery of Creative Commons Metal Music to your bloodstream via our easy-to-listen podcast format. But sometimes the deliveries are a later than we would like and this episode is much later than it should have been. But fortunately good metal doesn't spoil while you're waiting and we have an amazing line-up of Creative Commons Metal ready to give you that much needed infusion. We have music from The Derision Cult, Solem, Beyond Exile, Altars of Grief, Black Autumn, Concince, Wombripper, and Bones of Minerva. And you won't have to go to the post office to pick it up. We'll be back soon another special delivery of metal music later this week. (00:11) Get Out! by The Derision Cult from No Esteemed Deeds (BY-NC-ND) (04:14) A Blessing In Disguise (Demo) by Solem from Demo 2013 (BY-NC-SA) (08:34) Unhallowed by Beyond Exile from Immortal (BY-NC-ND) (11:31) Desolation by Altars of Grief from Iris (BY-NC) (17:27) The Wait by Black Autumn from Rauhnacht MMXVII (BY-NC-SA) (24:22) Грязь больших городов / The Scum of Big Cities by Convince from Падение / Decline (EP) (BY-NC-SA) (27:01) Immolation Rites by Wombripper from From the Depths of Flesh (BY-NC-ND) (30:56) Fear is a biscuit by Bones Of Minerva from Blue Mountains (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or walk in to their Skype conversation like you just don't care. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #170 (MP3) Open Metalcast #170 (OGG)
It's been over a year since we brought out the last Instrumetalcast. Time to rectify that. (00:46) Resonance Cascade by Seversun from New World Chaos (BY-ND) (03:51) Deciduous Glory by Psychendoscope from Chronicle: 1998 (BY-NC-SA) (09:32) Minueto Disconforme by Datura Metel from Datura Metel (BY-NC-ND) (12:46) Ekerot by Poly-Math from Melencolia (BY-NC-SA) (22:22) one day you will teach me to let go of my fears by sleepmakeswaves from in today already walks tomorrow EP (BY-NC-SA) (28:36) Tabor's Head by Mount Sherpa from Tabors Head (BY-NC-ND) (34:49) Insert Coin by Phonocaptors from Danse Macabre (BY-NC-ND) (38:49) Loki - Origin of Fate_Initiation Rites by Loki from The Road To Wisdom (BY-NC-SA) (41:56) Götterspeisedämmerung by Plastic Violins Of Darkness from Plastic Violins Of Darkness (BY-NC-SA) (54:11) Hz of the Unheard by kevel from Hz of the Unheard (BY-NC-ND) (1:04:00) Wolves Beyond The Border by Terraformer from Creatures (BY-NC-ND) (1:10:47) LODO - Paliza by HELA / LODO from Split LP (BY-NC-ND) (1:17:31) ASTERIAI by The Great Cold from The Great Cold (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, or head to the shows. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast Instrumetalcast #011 (MP3) Open Metalcast Instrumetalcast #011 (OGG)
There are many algorithms that are now monitoring and making decisions in our lives. We're constantly bombarded with algorithms telling us what we should like, where we should drive, and what food would be best for us to eat. But here at Open Metalcast we hand-select all of our metal releases from internet-sourced bands from around the globe. Bands like Timetrap, Bloodgod, Oracle, Nemsis Sopor, Mursa, Tromort, Mystic Moss, and Alpha Brutal. Our carefully trained technicians select only the finest blend of Creative Commons Metal for you listening enjoyment. It may take a little longer than an algorithmic selection but we like it that way and hope you will to. Now available in your local podcatcher/ (00:11) Κούκλες πορσελάνης by Timetrap from Χρόνια σιωπής (BY-NC-SA) (05:00) Valar Morghulis by Bloodgod from Catharsis (BY-NC-SA) (08:30) Burn the Nameless by Oracle from None (BY-NC-ND) (15:15) Despot by Nemesis Sopor from MMXL (BY-NC-ND) (22:20) The Worming, Pt. II by Mursa from Ectopic (BY) (33:50) Tierra Prometida by Tromort from Camino de la Sangre (BY-NC-ND) (39:38) Unlike the minds by Mystic Moss from Unlike The Minds (BY-NC-ND) (48:07) Alien by Alpha Brutal from Upgrade (BY-NC) We have a special promo for Nemesis Sopor's "MMXL" album. Save 20% off of the price of the digital or physical release: Digital: Head to https://geisterasche.bandcamp.com, add "MMXL" to your cart, and use the promo code openmetalcast2 to save 20% off of your purchase. Physical: Head to geisterasche.de, add "MMXL" to your cart, and save 20% with the promo code openmetalcast This is a limited-time offer so hurry on over to claim your copy. Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or share these artisanal bits with your friends. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #152 (MP3) Open Metalcast #152 (OGG)
Welcome to the 150th episode of Open Metalcast, where we've been exploring the world of Creative Commons Metal Music for lo these many episodes. I'm sure there's a way to check to see how many songs and bands we've uncovered together but frankly I'd rather concentrate on bringing you the best in Creative Commons Metal Music. And this episode delivers on that promise with music from Dismalfucker, Dancerobot, Mortals Path, Cuerno, Cerderben, Vukodlak, Constrictor, and netra. There's something for everyone in this episode. Here's to many more episodes ahead! (00:09) Whistle while you get worked by DISMALFUCKER from DEMO (BY-NC-ND) (02:21) Эйнхерий by Dancerobot from Протагонист (BY-NC-SA) (05:58) My Own Hell by Mortals Path from Mortals Path (BY-NC-ND) (10:16) Caught by CUERNO from Rec Comtal (BY-NC-ND) (21:03) Words of Lies by Verderben from Spearhead of Wrath (BY) (25:11) Alea Iacta Est by Vukodlak from Lycanthropic Aspirations (BY-SA) (29:20) The Days I Dreamed Of Bliss by Constrictor from The Days I Dreamed Of Bliss (EP) (BY-NC) (38:04) Everything's Fine by netra from Ingrats (BY-NC) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or walk in to their Skype conversation like you just don't care. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #150 (MP3) Open Metalcast #150 (OGG)
First off, congratulations on making it to 2017. :) We decided for this episode to just shut up and announce the song titles at the end of the show. That way we can let the music speak for itself. So you'll hear some great music from Wasted Heroes, Digger, Muldjord, Stellarvore, Zombie Destrüktion, Nimrud, Black Autumn, and Pressor. Definitely check this out and kick off 2017 with some of the best Creative Commons metal the net has to offer. (00:25) Living For The Moment by Wasted Heroes from Living For The Moment (BY-SA) (05:16) Digger - Evidence [2009] - Bendalian by Digger from Evidence... is written in the noizz - Full Album (BY-NC-SA) (10:30) The Pebble and the Stone by Muldjord from The Reissue of My Soul (BY-SA) (15:40) L'Année terrible by Stellarvore from L'Orgueil des drapeaux et des flammes (BY-NC-SA) (19:27) Grinding the Spleen by Zombie Destrüktion from Tales of Morbid Mummification (BY-NC-ND) (22:44) Sarahu by Nimrud from Sarahu (BY-NC-SA) (29:29) Rauhnacht MMXVI - II by Black Autumn from Rauhnacht MMXVI (BY-NC-SA) (35:32) Royal Witch by Pressor from Pressor / Diazepam / Soom (BY) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or [FUNNY]. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #145 (MP3) Open Metalcast #145 (OGG)
No matter how bad things get, sometimes you just need to begin again. We have some great music ahead for you, including tracks from Cremosity, Ruins of Humanity, PhaZer, Nightosaur, Hippie Doon Squad, Nocturnal, Thesauros, and strozek. It's a show you won't want to miss! (00:11) Machines against flesh by CREMOSITY from Witness of human brutality (BY-NC-SA) (04:03) Enemy in the mirror by Ruins Of Humanity from Enemy in the mirror (BY-NC-ND) (07:56) The Last Warrior by PhaZer from Un(Locked) (BY-ND) (12:51) Bow Down to Thy Destroyer by Nightosaur from Set Fire To The Mountain (BY-NC-ND) (19:49) Hobo by Hippie Doom Squad from Live Volume (BY-SA) (24:20) Nocturnal - Desert paths by Nocturnal from Grey lands (EP) (2016) (BY-NC-ND) (28:27) Abyss by Thesauros from Index (BY-NC-ND) (36:10) color of the street by stroszek from wild years of remorse and failures (BY-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or buy them drinks. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #138 (MP3) Open Metalcast #138 (OGG)
Ugh. What the hell happened. Oh shit, has it been that long since the last episode? I hate lack. Downloading latest transmission: [caption id="attachment_1415" align="alignright" width="300"] From the game "Eclipse Phase" (c) Posthuman Studios, LLC. used under the CC-BY-NC-SA license.[/caption] (00:25) Victimized by Deconbrio from The Art of Violation: Part One (BY-NC-SA) (04:53) Army Of Arseholes by Maximum Sexy Pigeon from Unfit For Human Consumption (BY-NC-ND) (07:22) Here Is No God by Silicon War Sector from Téchne (BY-NC-ND) (11:41) Мать Героина by Invisible Devastation from ID EP (BY-NC-ND) (17:15) Winter Storm (Industrial Version) by DEgITx from Winter Storm (BY) (20:02) omnicide by Promonium Jesters from EP2010 (BY-Nc-ND) (27:52) Daily Grind by subQtaneous from Sirona Mixtape #7 (BY-NC-ND) (33:34) As Pitch As Black by Intrasonic from At The End (BY-NC-SA) (38:05) Metal Men by Electric Zoom from Horror Show (BY-ND) (40:45) Потрать Себя by HAGAT from Десять Монстров (BY-NC-ND) (44:25) Adrenalin by Antichrisis from Not Fade Away (BY-ND) (50:16) Overload by The Kolour Kult from AS220's Spring Sampler 2013 (BY-NC-SA) (53:44) Believe by Another Destiny Project from The Meaning Of Life (BY-NC-SA) I'd like to thank you for checking out this episode of Open Metalcast and remind you it's the bands that make this show possible so head to the shows, buy a T-shirt or give them an Octomorph for Christmas. Whatever it takes, let them know that you care, thank them for making their music Creative Commons licensed, and tell them you heard their music here on Open Metalcast .com. Also, if you have any music you'd like to suggest for the show, send it my way at craig@openmetalcast.com. And be sure to check out the other great podcast episodes at openmetalcast.com, where you can hear every episode back to episode number one. Thanks for listening. Download complete. Still not 100% current. God, I hate lack. Need to find my contacts. Transmission ends. Open Metalcast Special Episode: Club Metal #16 (MP3) Open Metalcast Special Episode: Club Metal #16 (OGG)
Here at the Open Metalcast headquarters we're looking at the throes of summer as it winds down for the year. This is the time where people plan out vacations and other assorted trips and really don't have much time for much else. We here at Open Metalcast understand your busy schedule and have set up nine tracks of metal for you in a small, easy to digest format. And what a selection we have for you, including tracks from Last Fear, Artificial Construct, Rather Be Alive, Napalm Strike, Chisme Animal, Traboute, and ČudNoReĐe. We even snuck in some brand new Mean Messiah for you. And while Open Metalcast sort-of-celebrates it's sixth year we also celebrate five years of Discos Macarras with a track by Memest from their 5 Years of Doom and Dark Sounds compilation. It's a show that moves at the pace of your busy lifestyle in easy-to-share MP3 and ever-so-trendy OGG. Available wherever fine podcasts are purveyed. (00:11) Experimental Supremacy by Last Fear from Incidents (BY-NC-ND) (04:20) Salvation by Artificial Construct from Dead Space (BY) (06:57) SILENCI by RATHER BE ALIVE from Reedició Demo 2012 - Rather Be Alive (BY-NC-ND) (11:58) No Lives Matter by Napalm Strike from No Lives Matter (BY-NC-ND) (14:17) B-Grade Hero (B-Grade B-Side) by Mean Messiah from Let Us Pray EP (BY-NC-ND) (17:05) Te Esperaré by Chisme Animal from Alétheia (BY-NC-SA) (22:14) Bestas sen ferrar by Traboute from Flúe (BY-NC-ND) (26:11) My Friends by MEMEST from 5 Years of Doom and Dark Sounds (BY-NC-ND) (33:23) Rančić na speedu by ČudNoReĐe from Dno je sve rjeđe (BY-NC-SA) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or head on tour with them. Whatever you can do to help these bands keep making music, please do it! If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #135 (MP3) Open Metalcast #135 (OGG)
Here at the Open Metalcast headquarters we burn the midnight oil (not the band, but the proverbial midnight oil) scouring the net to bring you the finest Creative Commons Metal Music. But we know that putting in these long hours brings in some of the best metal around. And what a haul we have for you this episode! We have tracks from Warheat, Vengeance Today, Cursed Sun, Oak Pantheon, Maestus, Venturheim, Sun Worship, and Atavismo. It's a show you wont want to miss! (00:10) Planet Terror by Warheat from Planet Terror (BY-NC-SA) (02:43) Saffron by Vengeance Today from Rest In Piss (BY-NC-ND) (03:55) The Vultures by Cursed Sun from CURSED SUN - Premonitions (2012) (BY-NC-ND) (10:00) Dawn as a New Day by Oak Pantheon from In Pieces (BY-NC) (16:43) Weeping Granite by Maestus from Voir dire (BY-NC-SA) (24:44) Fade by Veturheim from Vicious and Violent (BY-SA) (29:18) Perihelion by Sun Worship from Pale Dawn (BY-NC-SA) (37:30) Haribo by Atavismo from ATAVISMO & GRAJO split (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or start a Kickstarter with them. Whatever you can do to help these bands keep making music, please do it! Also check out the other great podcasts at Metal Injection, and be sure to listen to all of the great shows (including Open Metalcast) streaming 24/7 at Metalinjection.FM. If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #131 (MP3) Open Metalcast #131 (OGG)
One of the things that I really enjoy about putting together Open Metalcast episodes is picking up music from around the globe. There's a ton of bands putting out not only amazing music but also amazing physical musical artifacts to enjoy. One band in particular is Psygnosis with their latest album: "AAliens". The artwork on this LP is amazing, and a lot of thought and care went into putting this together. I also picked up "Exist" by Cyranoi, which comes in a beautiful digipack CD case with great music and great artwork to boot. And even though not every band puts out physical media there's still a lot of care that goes into producing artwork to catch the most jaded metal fan's eye. Do yourself a favor and click on the links below. There's a lot of work that goes into making these albums, and I'm sure Psygnosis, dOwnhill, Domestic Terror, Decaying Continuum, Cover of Night, Involución, Moron, and Cyranoi would appreciate it if you not only gave their albums a peek, but also a listen. Hopefully this show will give you a taste of what you can expect to not only hear but see as well. (00:07) Abiogenesis by Cyranoi from Exist (BY-NC-ND) (04:48) Film by Moron from RZEKA EP (BY) (08:22) Cuervos de la Tempestad by Involución from Adelanto 2016 (BY-NC-SA) (11:48) Through Pine and Aspen by Cover of Night from Cover of Night (BY) (18:40) Expending Humanity Within by Decaying Continuum from The Burden of Entropy [Demo] (BY-NC-ND) (22:42) Domination Through Systematic Invasion by Domestic Terror from War Crimes (BY-NC-ND) (26:00) The Harpy's Nest by dOwnhill from dOwnhill (BY-SA) (32:43) Man ov Steel by Psygnosis from AAliens (BY) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or gaze longingly upon their artwork. Whatever you can do to help these bands keep making music, please do it! Also check out the other great podcasts at Metal Injection, and be sure to listen to all of the great shows (including Open Metalcast) streaming 24/7 at Metalinjection.FM. If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #126 (MP3) Open Metalcast #126 (OGG)
This week I'll be seeing Rush in concert for their 40th anniversary tour. One of the reasons Rush is one of my favorite bands is they bucked the trends. On the album 2112 they released the now legendary concept track "2112" which clocked in at over 20 minutes. This was despite their label stating they didn't want any more concept songs. Despite this the album is now regarded as a cultural treaure in Canada and the band is still going strong 40 years later. So much for listening to the conventional wisdom. All of the tracks in this episode are over 15 minutes in length as a tribute to all of the bands that buck the trends, ignore conventional wisdom, and play the music they want to play. This episode features tracks from Cementerio, Doodsangst, NUTRITION, Schattenbrandung, Deep Space Destructors, and Psygnosis. So poke a finger in the eye of the collectivist mentality and treat yourself over an hour and a half of the best Creative Commons music the net has to offer. (01:02) CEMENTERIO - "Consumidos Por Las Probabilidades" + "Y Acabamos En Un Afluente" + "El Cielo os Banaba" by Boue Records from MENTAT / CEMENTERIO (BY-NC-SA) (19:07) de zekere afgrond by Doodsangst from de zekere afgrond (BY-NC-ND) (34:15) I by NUTRITION from TERMINUS OCCULTUS (BY) (50:45) VII by Schattenbrandung from I - Apophänie (BY-NC-SA) (1:06:36) An Ode To Indifferent Universe by Deep Space Destructors from III (BY-NC-ND) (1:21:42) Liquid Nebuula by Psygnosis from Anti-Sublime (BY) Please support the bands in this show! Buy a T-Shirt, buy an album, or see them in concert. What a concept! Whatever you can do to help these bands keep making music, please do it! Also check out the other great podcasts at Metal Injection, and be sure to listen to all of the great shows (including Open Metalcast) streaming 24/7 at Metalinjection.FM. If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #118 (MP3) Open Metalcast #118 (OGG)
Ah the joys of computers. Can't really do a show without one but damned if this computer wasn't being a bit of a pain in the ass by filling up the root partition (and of course not telling me until it completely shit the bed in the process). But with things mostly back to normal we can talk about the amazing episode we have lined up for your ears. We have new tracks from Shooter, Vemm, and Bolesno Grinje, Lux, Evacuate The City, Afterwind, and Alturuk, as well as brand new material from Galactic Pegasus (which was sent to me by a fan of the show through Bandcamp. Thank you so much!). So while computers can be a pain to work with they rare one of the best ways to listen to this show. So fire up your favorite podcatcher and listen to the best Creative Commons Music the net has to offer. (00:09) Shooter - RECHARGED - 03 Issues Of Faith by Shooter from Recharged (BY-NC-SA) (04:23) Everybody by Vemm from Very excited Mad musicians (BY-NC-ND) (08:30) Tragovi na duši (Traces on the soul) by Bolesno Grinje from Chronicles from the tomb (BY-NC-SA) (12:31) Full Measure (ReDux) by Galactic Pegasus from Homecoming (BY-NC-SA) (15:57) Fear Leads to Hate by Lux from HATE (BY-NC-ND) (20:16) Recollection by Evacuate The City from The Catastrophe (BY) (24:05) Games of the Tyrants by AFTERWIND from Tyrants (BY-NC) (31:25) People of the Montagnes by Alturúk from Malheurmiel (BY-NC-ND) Please support the bands in this show! Buy a T-Shirt, buy an album, head to the shows, or send their msuic to your favorite podcast. Whatever you can do to help these bands keep making music, please do it! Also check out the other great podcasts at Metal Injection, and be sure to listen to all of the great shows (including Open Metalcast) streaming 24/7 at Metalinjection.FM. If you have any suggestions for Creative Commons licensed metal, send me a link at craig@openmetalcast.com. Open Metalcast #117 (MP3) Open Metalcast #117 (OGG)
Episode 0x16-- One Time, At Security Camp... There's too much news. We need to do MORE podcasts! Also, it's time to say goodbye Mitt!!! Can't say as we're sorry to see you go, but yaknow. Upcoming over the next hour... Lots of News Breaches SCADAs DERPs!!! and then our discussion topic -- hunting dirty traitor rat bastids!!! And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Coca-Cola hacked ahead of Huiyuan acquisition attempt, but didn't tell shareholders SEC left computers vulnerable to cyber attacks, sources say Firm suing sites that use SSL / TLS Vuln in Call of Duty Modern Warefare 3 Adobe 0day! in other news water is wet russian guy demos p0wnage using new adobe 0day - voice over provided by not a russian guy $50,000 for a fresh hot 0day Nike Fuelband rats out cheating two timing basterd that broke your heart with that skanky ho Secrets, Schemes, and Lots of Guns: Inside John McAfee's Heart of Darkness Australian Telcos Declare SMS Unsafe For Bank Transactions Breaches - The never ending never ending story... Twitter All A-Flutter Over Possible Data Breach but Twitter says no to two factor auth Pizza Hut Australia Dishes Up A Data Breach As Hackers Slice In [Updated] The SCADAs Chevron was infected by stuxnet way back when but forgot to tell anyone Support Forums Reveal Soft Underbelly of Critical Infrastructure Errata / DERP of the week award ENGAGE TINFOIL HATS EVERYONE... Here's Enough Digital Espionage to Scare James Bond [INFOGRAPHIC] SQL Injection - it's a windows XP thing - REALLY - The Strange Tale of a Virus Called SQLi Foot In The Door -tracking down a mole mole mole mole Cisco VP To Memo Leaker: Finding You Now 'My Hobby' It's not trivial to sort things out after the fact unless you have the logs and auditing turned on - go do that now. Mailbag / Bizarro Land Hi, thanks for your video with Dave, I really enjoyed that. I am wondering and I think you mentioned something like that - but I would find it interesting if all of you guys could be on video like that... (hehe... enjoying it here, sitting in the first row...) What about some questions from your audience? Not that I have some ready now, but I am sure I could make up some (not embarassing ones of course - ha!). Just some thoughts - but keep up the good work! Cheers Thomas P. Hello guys, and thank you for the great show. Referring to your second episode where you flamed Iran IrCERT, I just thought I would let you know that Libya now also has a CERT, it's called LY-CERT and you can find them online here http://cert.ly Regards Ahmed S. Greetings from +52° 56' 58.92", -1° 9' 0.36" (approx), As you all adore PCI-DSS so much, I figured I'd share this article with you: Silicon Republic Some of my favourite quotes: "Fewer incidents of large-scale credit card data theft are a sign that PCI-DSS standards are finally having an effect among large retailers, the director of the group's security standards council has claimed." "Mark Gallagher, keynote speaker at the Dublin event, drew parallels between Formula One and PCI-DSS in how they approach risk." "You've got to have defence in depth and PCI gives you that best defence." I can already hear James Arlen screaming. Keep up the good work and try not to have an aneurysm! Cheers,Graham S In Closing Dave's Movie Review Life of Pi - he likes boats. We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at SecurityZone in Cali, Colombia Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "I like cake, even though it's a lie." Creative Commons license: BY-NC-SA
Television Episode 0x03 -- SecTor Interviews The Third NFC with Charlie - IT'S MILLER TIME Back again again - An interview with Charlie Miller at Sector during which you may want to hold your phone tightly in a tinfoil hat of it's own. If you don't know the name Charlie Miller - you should head over and read his Wikipedia Page first and then come back and watch the video. Charlie has been doing some cool things with NFC on phones. He's goooooood at messing them up using only a passive NFC tag! You'll learn something if you pay attention, I swear. There's more of these in the queue. Tell us what you think or what you'd like to see. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Creative Commons license: BY-NC-SA
Episode 0x15 -- So Much News... Pre-election Bets Are Off Starting off this week with a couple of Con Reports - Ben, you go first... how was HackFest? ((wait)) and Dave - what was the high point of your HackFest experience? ((crickets)) Upcoming over the next hour... Lots of News Breaches SCADAs DERPs!!! and then our discussion topic -- Security in a Project Context And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News The Kremlin's New Internet Surveillance Plan Goes Live Today Coca-Cola hacked ahead of Huiyuan acquisition attempt, but didn't tell shareholders PayPal security holes expose customer card data, personal details Skype Gives Security Firm Details of Alleged PayPal Hacker Without Warrant US gov says you don't own your stuff if you put it in the cloud (via slashdot) The Georgians p0wn their p0wner F-Secure Mobile Threat Report 2012 (pdf link) NJ residents displaced by storm can vote by email Breaches - The never ending never ending story... Lady Gaga web site hacked Team Ghostshell Allegedly Spills 2.5 M Russian Records The SCADAs Legal fears muffle warnings on cybersecurity threats Errata / DERP of the week award Sorry US gov. It's on you. For how long have you known about this? Most U.S. Drones Openly Broadcast Secret Video Feeds Inmarsat to furnish global broadband to Canadian navy Commentary Foot In The Door - Security In a Project Context why testing isn't enough how you can play in the SDLC Hardcore - How to change the system to suit your needs building standardized methodology chunks playing well with others (have the PMO do your job) functional vs. non-functional specifications Mailbag / Bizarro Land Hey guys. Love the podcast. Not sure if you saw, but the report from the investigation of DigiNotar, the Dutch CA that got violated last year, is out: PDF Given some of the things you highlight on the podcast it would probably be worth talking about on the show as an example of what not to do. Diginotar had a segmented network and good physical security but also a poorly configured firewall and IPS (managed by an external 3rd party) and no real procedures for examining logs from either. Despite these "defenses", the intruder was able to compromise an external-facing server and use it to pivot to the internal network, get access to a machine that creates certificates, and issue over 500 rogue certificates, including one that was used to execute a MITM attack on Gmail users in Iran. --------- Brian In Closing Matt's Movie Review No We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at SecurityZone in Cali, Colombia Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "vote for something" Creative Commons license: BY-NC-SA
Episode 0x14-- Happy Birthday Mr. Gattaca... we'll vote for you too. There's interesting things afoot. Y'all should pay attention. This is the 21st episode for those of you that don't have 16 fingers. Not sure we should be revealing this yet, but it's going to be a wild winter solstice celebration this year. The southern folk at Southern Fried Security and this gang of teenage malcontents are up to no good. Well, actually extra special good. Let me sum up - it's Security Charity... Gangnam Style. Stay tuned for the carnage. Upcoming over the next hour... Lots of News Breaches SCADAs DERPs!!! and then our discussion topic--Disaster Recovery And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Service Sells Access to Fortune 500 Firms U.S. looks to replace human surveillance with computers How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole CSO Online has an opinion too. Broadcom DoS on BCM4325 and BCM4329 devices Auditor General Report: Canada is sucking at the "cyber" The Kiwi .gov makes their internal network kiosk accessible China Unicom replaces Cisco devices over security concerns Huawei gives Australia peeks at its network hardware and code to regain trust Hire great infosec people (and keep them) ! Breaches - The never ending never ending story... Billabong Hacked Again (yes, again), Hackers Claim to Have Obtained 37,000 Account Details Peru Domains Registrar hacked and 207116 Domain panel credentials leaked South Carolina Suffers Massive Data Breach Attacker grabs data for 3.6 million South Carolina taxpayers; governor wants to see culprit "brutalized" Hackers crack Texan bank, Experian credit records come flooding out Vermont credit union discards unencrypted data of 85,000 Anonymous owns a police forum The SCADAs Critical flaw found in software used by many industrial control systems Cybergeddon now? Industrial control systems targeted Errata / DERP of the week award Dear Sir/Madame, My name is Jakub Walczak, and I work for Hakin9 – the magazine that reaches over 60 000 readers mainly in the USA, India, and Australia. I have seen your website and I was wondering if you would like to cooperate with us. Please let me know. I am looking forward to hearing from you. Regards, Jakub Walczak Sorry Jakub, perhaps you should listen to the show or read about our opinions of Hackin9 before you send email like this again. Just sayin. Commentary Yeah, so we ran a little long... the commentary segment has been pulled out into a separate recording. It'll show up on the RSS feed tomorrow, but if you want it right now, you can grab it here. Foot In The Door - Disaster Recovery c, i and A RTO, RPO practice, practice, practice Hardcore - Recovering from the Disaster you didn't plan for Do the post-mortem. Netflix's AWS outage post-mortem do security olde style- use the opportunties provided by the red-print report to get the thing fixed right. Make sure you've prepared yourself Including a "get home" bag at the office Don't make plans that require employees to run on infrastructure that might not be there Mailbag / Bizarro Land The quick & dirty: Stroz Friedberg evaluated the technical watchdog (MarkMonitor) for the so-called ISP "Six Strikes", and gave it a thumbs-up. However, SF was also actively lobbying for the RIAA between 2004 and 2009. I want to like this company - they're doing it less wrong than many other folks - and thus I find myself experiencing another bout of Infosec Depression. Original article, albeit from a non-impartial source here -Jim In Closing Matt's Movie Review Argo was so good - That Ben Affleck is DELICIOUS We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia BSidesDave - held immediately after Hackfest, Dave will not be sleeping before his flight home, so keep him company Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "Why are my pants wet?" Hope everyone makes it through #Sandy safely Creative Commons license: BY-NC-SA
Episode 0x13 -- the 20th episode for those of you that don't have 16 fingers The Pirate Bay is in the clouds, but we got here first, so suck it!!! Lots of News Breaches SCADAs DERPs!!! and then our discussion topic - Responsible Disclosure And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News HP asks researchers not to publish vuln data GitHub DDoS Symantec research on 0days (that's pronounced oh-dayz) Privacy on work computers (court decision) Globe and Mail on employee computer privacy Four horsemen' posse: This here security town needs a new sheriff URL shortener used for spamming from the .gov Pacemaker hack can deliver deadly 830-volt jolt Twitter blocks Nazi account in landmark move Breaches - The never ending never ending story... Blount Memorial Hospital - 27k patients The SCADAs Kaspersky... what the fuck. DERP of the week award It's kaspersky!!!! The SECOND Cyberdouchery of Kasperskian Proportions I don't even have words any more. Commentary Foot In The Door-Time to get Responsible what is responsible disclosure? how do you disclose? Hardcore - -Except when you can't RFPolicy ISO Standard (No link available for normal people) Mailbag / Bizarro Land Hi Security Nerds!! Does Canada need to spend more on cyber security?? Ontario's cyber douche warrior YES!!!!! In Closing Matt's Movie Review We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at COUNTERMEASURE 2012 in Ottawa, Matt at AppSecUSA in TEXAS, Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia BSidesDave - held immediately after Hackfest, Dave will not be sleeping before his flight home, so keep him company Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: I have binders full of security!! Creative Commons license: BY-NC-SA
Episode 12 -- These are the Daves I know I know He claims it's not his fault he missed an episode... Yes, we're still doing a podcast. Lots of you listen. It's kinda awesome. We promise to be more awesome in the future. And tonight, let us regale you with tales of: Lots of News Breaches SCADAs DERPs!!! …and then our discussion topic - IDS IS DEAD And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Capital One targeted in CYBERATTACKS HTML5 Full Screen API Attack Firefox 16 gets pulled (just like the goalie) - exploit follows in 24 hours Lone packet takes out SS7 networks FX beats up on Huawei at HITB Myrcurial Complains: These Kids Today High Court in the Philippines Suspends Contentious Internet Law Panetta Warns of Dire Threat of Cyberattack on US Breaches Northwest Florida State College - 300,000 Facebook - everyone on the internet!!!!!!! TD Bank (US - a subsidiary of TD Bank Canada) loses a tape IN MARCH!!!! - 260,000 records Nationwide Address book Android app - 760,000 via @WeldPond The SCADAs LittleBlackBox is a collection of thousands of private SSL and SSH keys extracted from various embedded devices. Thanks @lmacvittie What is Critical Infrastructure? A long twitter conversation on 2012-10-12 about the REAL rule-of-thumb criteria for what makes something critical infrastructure or not. Errata DERP of the week award: Samer Bishay said. “Network security lies ultimately with the service provider. So, if you can control your network well, then I don't see how any outside force could really override these controls.” (h/t @taosecurity) Commentary Foot In The Door - IDS IS DEAD I can't even come up with notes. Just listen. Hardcore - EXCEPT IT ISN'T See above. Mailbag / Bizarro Land In Closing Matt reviews “Trouble with the Curve” - was there any infosec in it, nope, ok then We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca A moment of silence for Amanda Todd, sadly a victim to online bullying Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at COUNTERMEASURE 2012 in Ottawa, Matt at AppSecUSA in TEXAS, Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia The Seacrest says “Oh My G-d, I'm falllllling, why won't this parachute open!?!?" Creative Commons license: BY-NC-SA
Television Episode 0x01 -- SecTor Interviews The First Video even - inorite! We gave you a warning and then didn't follow through, so we understand the confusion. This is the first of many Liquidmatrix Security Television Episodes which we naively think you might enjoy. To start off, we've got this delicious interview with Dave Mortman (@mortman), the Chief Security Architect of Enstratus. Watch as Dave regales you with tales of the way things where back when he was a boy ((It appears that he's still a boy, but that's all charm.)) There's more of these in the queue. Tell us what you think or what you'd like to see. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Creative Commons license: BY-NC-SA
Episode 11 -- Dave's Away w00000000000000000t! Hey Everyone, welcome to the Liquidmatrix Security Podcast - Episode 0x11 or the 18th recording for those who don't start with zero and are not good at Hexadecimal - or math, like us. Everyone showed up except Dave. Something about Canadian Thanksgiving causing a Turkey Coma. We manage to struggle through without him. Actually, we think the show turned out just fine. We don't need no stinkin' Dave. And tonight, let us regale you with tales of: LOTS OF NEWS Breaches SCADAs Errata …and then our discussion topic - the con report SecTor and Derbycon And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Why no Security for Obama Campaign Website? ((PCI-DSS FTW?)) Skeezy fake AV sellers get fined! Criminals seeking botmasters (apparently that's a word) for MiTM and/or trojan attacks against US banks Practising the cybers in Europe Maple Syrup Strategic Reserve returns to Quebec Cell phones just keep getting more interesting AuthN and Oracle = :( Breaches World of Warcraft Catches The Plague and Matt laughs University of Chicago - 9100 identities incl. SSN The SCADAs Telvent compromised Smart Meter Data Shared Far and Wide Errata hakin9 - “Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning” DICKS!!! Commentary Foot In The Door - SecTor Geist Miller Kellman Arlen Mortman/Bellis Trustwave - more and more and more malware Failpanel (we had the originator in the audience) thoughts on the echo chamber Hardcore - DerbyCon The D's Talk The Hallway Track The Awesome AV The Corporate CTF Mailbag / Bizarro Land Hey! I just watched Ben's talking head on CTV news, what are your thoughts on Huawei, ZTE? What does this mean to Canada? Paranoidly, Jacques L, QC Also, awesome feedback from @armorguy (master Martin Fisher of Southern Fried Security podcast) on episode F, he said we were awesome and other people should copy us (we're looking at you Riskhose) In Closing We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming appearances by the Liquidmatrix Crew at HouSecCon and HackFest.ca It's been rebooted! The Doing Infosec Right Sexy Defense team is off to a flying start with the Strategic Defense Execution Standard (#SDES) The Seacrest says “We miss you Dave, please come back soon." Creative Commons license: BY-NC-SA
Episode 10 -- It's Special recorded live at SecTor 2012 There is no Matt. Again. So we found a replacement. As it turns out, pretty much any American who's name starts with "M" will do. Huge thanks to Mike Rothman for helping out with the madness. This discussion has only the four topics: Summer of Breaches Cyber authN / authZ Compliancy And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Useful Links Slides Video of Presentation (low quality) In Closing We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca The Seacrest says “Move to Atlanta, there's no snow!" Creative Commons license: BY-NC-SA
Episode F -- Aboot that it's not a boot, it's just a really big shoe Matt won't be joining us tonight, it's Ben's fault. A quick shout out to Jimmy Vo, you will need approximately 15 or F shot glasses for this episode. Aboot, Aboot, Aboot, Aboot! And tonight, let us regale you with tales of: More Malware Less Malware The SSL monsters Ry-Hi Twitter GoDaddy Breaches SCADAs …and then our discussion topic - what happens after the bad thing happens And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Blackhole 2.0 is out (aboot!) Microsoft takes on Nitol (aboot!) A story Aboot more SSL weaknesses, let's introduce you to the CRIME attack Aboot getting more skilled at Ryerson - there's a Rainbow in Toronto for a Certificate in Computer Security and Digital Forensics Twitter bows to subpoena, releases Occupy protester's tweets GoDaddy, everyones favourite SOPA supporters goes down Breaches Miami hospital hit by second patient breach this year Ankit Fadia gets hacked The SCADAs If Congress and the Senate can't do it - by gosh, the PRESIDENT will -- Executive Order on Cyber Security in the works? Interesting little bit on the side of Digital Bond's website... “Schneider Has Not Removed Modicon FTP Backdoor Account In 2101 days” Errata Every vendor that has been sitting on a known vuln for more than 1000 days. Jerks. Commentary Foot In The Door - Aboot Investigations corporate policy lawyers are your friends purpose of the investigation (knowledge or action) http://it.toolbox.com/blogs/securitymonkey/ http://www.sleuthkit.org/ http://www.guidancesoftware.com/ Hardcore Defensible Methods Chain of Custody Judgement Day Mailbag / Bizarro Land There is this website where I noticed that they display your login details after offering a quote in plaintext, ie. they display your username and a password on a http:// connection. So I called their call center and spoke with the manager, yeah, she will relay that information (but I kinda got the impression that she didn't understand what the problem is). Nothing happens for weeks. After maybe 2 months I go back to check and here you go, my username with password are still shown in plaintext on the site. So I sent them an email, clearly marked "to IT or IT security something" explaining it a little bit more technical. Nothing happens again. Since I raised the original issue, about 4 months have passed. The question is now - is it worth pursuing this further? Cheers T PS: Should anyone of you guys be once in London, pls ping me and I buy you a beer! Or two? Ben says: http://www.ico.gov.uk/ In Closing We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you're thinking of attending SecTor 2012, grab 10% off with discount code "liquidmatrix-2012" or if you can only make it to the expo floor, grab a free expo pass with code "liquidmatrix-Expo2012" Vote Dave for ISC2 Board Ballot! The Seacrest says “'Aboot' to Jimmy Vo, 'Shana Tova' or to our non-Jewish friends, that means 'have a good new year' and it's time to party like it's 5772 and then get yourself up and off to work because 5773 is going to be WILD." Creative Commons license: BY-NC-SA
Episode D -- The Boys of Summer Good News Everybody! This is the longest one we've recorded yet -- by 0:59 -- and we will try to get these back down under an hour. Pinky swear. We've also gone over 10000 downloads from 63 countries. That's kinda cool - and thank you all very much. Lots of good stuff in this episode, it's totally worth the 74 minutes. Hackers The SCADAs Java Lawyers MOAR SCADAS!!!! Apple, Microsoft Stupid Employee Tricks …and then our discussion topic - Employee Tricks And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Microsoft NZ exposes TechEd delegates' passwords Hackers vent ire, deface Youth Congress site Antisec Hackers Breach Globalcerts, Post Data Online Oilsands a hacker target: RCMP Particularly good article on impact of Java vulns on Mac users and American Bar Association Ethics rules now require IT knowledge Apple Genius Training Manual Toyota hacked by ex-IT worker, sensitive info stolen ZOMG ANOTHER SCADAS! RasGas computers are “aramco'd” and Who's responsible Breaches 1 MILLION accounts leaked in megahack on banks, websites Indianapolis based Cancer Care Group -- 55k medical records Canada's Maple Syrup Strategic Reserve Stolen (no, not a joke) Errata Something hinky going on with Aaron Portnoy (former TippingPoint ZDI manager) Commentary Foot In The Door - Employee Tricks How to find the really great employees Hardcore And how to get rid of the really bad ones Mailbag / Bizarro Land Hi LSD crew REDACTED REDACTED REDACTED. What about REDACTED? ((We're taking this as "how to manage the need to communicate without being able to communicate" -- aka, the frieNDA.)) thanks, Jimmy, Nova Scotia In Closing The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we're adding more. If you've got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we'll take your bits and file them. (NOTE: that link will send you to http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor Vote Dave for ISC2 Board Ballot! The Seacrest says “Everybody's working for the weekend" Creative Commons license: BY-NC-SA
Episode C -- Brain Dump Semi-slow news week this week so we used the bulk of our time to talk about a topic most of us struggle with (even some of us on the show) productivity! A few stories and our opinions as usual and also a letter from a listener regarding our own Dave running for the ISC2 board. Again, if you have anything comments, questions, suggestions, hatred, bickering, cyberdouchery, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Stripe CTF DropBox implementing 2-factor Auth! More U.S. military hacking in Afghanistan Yet another Java 0-day being exploited in the wildExploit Code! ISC-CERT issues warning on RuggedCom/Siemens gearICS-Alert PDF Gauss researchers trip over Kaspersky operated sinkhole NIST releases a standard on secure BIOS Aramco threatened with more breaches Breaches University of South Carolina (34,000) of a total 81,000 since 2006) - ThreatPost Article Commentary Errata Not much in Errata this week Foot In The Door Infosec Productivity James posted about triple monitor setup and got a bunch of questions about how his work environment is set up. And productivity porn is always cool (don't deny it, you're all fetishistically interested in getting your to-do lists underway) - we're getting around to the beginning of the school year here in Canada (we know that most americans have already started) - so it's time for the annual trip to Staples for school/office supplies - How do you keep your stuff in order as you work through the life that many of us share: + multiple concurrent lives + “work” work + “volunteering” work + family / friends + professional development + - Do you trust your digital minions? - Do you commingle in a BYOD way? - What about people that you have relationships with (spouse uses paper?) - Covey? David Allen (GTD)? - “Time Management for System Administrators” (Thomas A. Limoncelli) - Getting Things Done Hardcore Stuff We Each Use To Get By: James: Devices: MBA11 / iPad2 / iPhone4s Scanner to go paperless Sync: iCloud SpiderOak Here's my referral link Dropbox Here's my referral link Box.com Rsync w/ local duplicates Local Software: Mail Calendar Reminders OmniFocus (OSX / iPad) Evernote Web Stuff: Google for years - getting away from them now Remember The Milk - moved all of that into OmniFocus If This Then That Trello (because the Securosis boys require it and it comes from Joel) When I'm working at client sites, I generally have to use the things that they use. Dave ditto, James. Ben schedule, schedule, schedule - religiosity with my Outlook calendar task lists shared knowledge - team wiki team meetings & delegation risk tracking tools - e.g. RSAM/ clear boundaries - turn your phone off - giant whiteboard Matt To-Do List App Pen & Paper!!! Keep yourself away from your screen Anti-RSI Save a few seconds a day if you are a multi-monitor user Stay App Mailbag Hi Dave What's the deal with running for the ISC2 board? JJ In Closing Matt's movie review... There shall be LSD folk at TASK in Toronto next week. University of Reddit - Open Security Training classes on malware analysis Sector CFP selections Monday night. Vote Dave! http://www.liquidmatrix.org/blog/vote-for-dave/ The Seacrest says “1st star to the left and straight ahead, Mr Armstrong” Creative Commons license: BY-NC-SA
Episode 7 -- Breach Week Special! Perfectionism is the enemy of publishing on time. It's another week and we've got a solid hour of discussion about the stuff that's important in the world of infosec this week. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Instagram patches a hole - kinda gets their response wrong Anonymous gets Syrian - 2.4 Million emails leaked ENISA (EU) tells the banks to assume PCs not secure - via Krebs iOS hacker figures out to get free stuff on the app store (at least through in App purchases) Plesk 0day for sale Obama gets emergency powers over the internet The chinese own the telcos Breaches Yahoo - 453K passwords formspring - 1 million passwords Phandroid forums - 1 million passwords Billabong - 35000 accounts Nvidia forums compromised - Nvidia also shut down its online store Commentary Errata Symantec Malfunction Foot In The Door CERT at the national level Why Canada .gov sucks CanCERT is not a CERT (get in touch with sales@ for details on pricing) Also, CCIRC is not a CERT (unless you're in critical infrastructure) CERT vs RISS Brian Honan Schools You - Source Barcelona 2010 Hardcore How to do it right inside your company and outside CIRT/CERT - industry, national, internal practice, practice, practice How to share Mailbag mailbag@liquidmatrix.org So this is the summer of breaches, the hits keep on rolling, my running total of stolen passwords is now at over 10 million accounts. I've got a small website (redacted) and I don't know if I'm doing security right. Help a lady out will ya? Also, will this ever end? Cheers Mary K, NZ In Closing Bsides/BlackHat/DEF CON -- all but Ben / The Intern shall be there. There are parties in Vegas DEF CON is still cancelled - check status here Hacker Pyramid! BsidesLV schedule is up Spiderlabs wants you to survive don't be a sexist jerk at BH/DC Tonight, the part of Seacrest will be played by 'elephant shoes'. Creative Commons license: BY-NC-SA
Episode 6 -- Anybody Know How Google Voice Works? MAGIC! Sorry for the delay in posting folks, someone (cough, @gattaca, cough) has a crappy ISP and someone (cough, SEACREST, cough) talks quietly and has a crappy mic, there's about 7 hours of editing and tweaking on this one -- and it still sounds like crap. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode: News BREAKING NEWS: Liquidmatrix Security Male Model on COVER of SCMag (also talks about Risk Management or something) Debit/credit card photos in tweets -- This Twitter account proves the infinite stupidity of humans (and other stupid shit ways to post pictures of your douchetacularness NSFW) Amazon talks about what went wrong in US East & Leap second makes availability pain (Check out the funny Twitter @AmazonStatus & CAP theorem) Phisher faces 50 years in the slammer Alaska Department of Health and Social Services fined for breach & Appeals court calls bank's security “commercially unreasonable” Pornoscanners go mobile Wireless Hacking Suspected in Air Raid Siren Miscues Comodo blacklists itself (truth in Certificate Selling) Something bad happened in the iOS App Store... twice. Which (considering the relative sizes of the install base of iOS vs. well, everything) is still pretty awesome. Commentary Errata No, seriously, you need to use the cloud to manage the thing that connects you to the cloud - Cisco jumps the shark on Cloud-washing and treating customers like crap. Foot In The Door hire the right auditors use them as a tool to raise issues up to the executive tell them the problem areas invest time in the auditors and point them to your pain feed them recommendation don't let them position compliance as security Hardcore The box kicking story For example -- finding a way to get the answer they don't want to give The prevarication story Another opportunity to learn from auditors/old people Asking questions into negative space -- to find answers you need to find the place in the middle where the facts have not coalesced. Peter Falk - Just one more thing... Matlock - How to get the jury to see it your way... Mailbag mailbag@liquidmatrix.org Long time listener, first time writing in... I find myself compelled to write inasmuch as I found myself shouting at my iPod yesterday. I, of course, am referring to "Liquid Matrix Security Digest Podcast Episode 2" where a conversation about "What Should You Do If You Are The CISO Of A Breached Company?" occurred. Forgive me as I left the Post-It note with the timestamps of the offending speech on the mirror in my bathroom so that I may focus my Daily Rage upon it as I carefully shave "I da CISO, bitch!" into my scalp each morning. In essence Ben argued that the role of the CISO in the event of a password breach is to stride confidently into the CEOs office and say "I told you this was going to happen, this is not my fault, and we need to force all users to change passwords - Damn The Consequences, Man!" (While this is not a direct quote it it was I very distinctly heard...) While this is a nice gedankenexperiment in that it is very cool to imagine ourselves in the role of "Captain Astounding: Protector Of Users" but the reality of a breached company has certain rules.. 1) If the breached company is a startup or new venture the Senior Management regards this event as an existential crisis. Not so much to the company itself - but to their exit plan (hey, who doesn't dream of being bought by Facebook or Microsoft for a billion dollars?) or to their about-to-be-so-far-underwater-they-implode stock options. Lose track of this fact and You Are Toast. 2) If the breached company is an older company the critical component is the quality of business leadership available. If they take counsel of their fears - see Rule 1. If they take a more mature view you can actually get effective response but know that you have almost no influence on that outcome. 3) If you were the CISO pre-breach you have to realize your credibility and professional competence is seriously in question by *everyone*. It matters not that you wrote 523 emails protesting storage of passwords in clear text, nor that you did not get the budget to keep your IPS under maintenance, nor that $Security_Requirement was ignored. If this offends your sensibilities I would simply refer you to the Book of Hezekiah, Chapter 9, Verse 27 where it is written "Yea, and the LORD spake unto the people, and the LORD spake "Life is not fair - never said it was, never said it will be - Get Over It!" and thus the people were greatly nonplussed". 4) If you are the successor to the CISO who ran the shop pre-breach you have to realize that nobody believes anything you say without the Incident Response Consultants agreeing with you. You have not been around long enough for anyone to trust you or to accept your influence. You will not be seen having the same "at-risk" quotient as everyone else (See Rule 1 above). 5) Almost everyone company that experiences a major breach turns a significant portion of the response and decision making to Outside Counsel and Incident Response Consultants. There are good and bad reasons for doing this - let's just accept that it happens. Fighting these folks - especially Outside Counsel - is generally a No Win situation (See Rule 3 & 4 above). So what do you do? You do what you can. You use whatever influence you have to try to do the right thing. But realize a breach response is *not* a Security Problem it is a Business Problem and that business folks are going to be in charge. If you cannot deal with that - you might want to become a Incident Response Consultant. Love, Uncle @armorguy In Closing Tweetup - has to be pushed, sorry folks Bsides/BlackHat/DEF CON -- all but Ben / The Intern shall be there. Also, DEF CON has been cancelled - check status here Hacker Pyramid! Also, have a look at the Declaration of Internet Freedom. We like it. You should like it too. Although Liking it on Facebook shows that you don't understand the fucking point of the Declaration. As of recording time, tomorrow is the day when the internet shuts down -- DNSchanger DNS servers are going down. So I guess you won't ever hear this episode. THERE IS NO SEACREST. Creative Commons license: BY-NC-SA
Episode 5 -- Everybody's Working For The Weekend (Canada Day Edition) The fun with the Liquidmatrix gang continues in this episode. Pay close attention and you'll notice that there aren't any edits in this one. That's right - one take and we've got it in the can. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode: News Operation Card Shop - UGNazi and 23 others get silver bracelets for free from the feds Hotels misrepresent credit card data security measures, FTC is not happy Typo squatter gets spanked by law firm Bank settles with wire fraud victim DHS gives federal agencies threat detection packages and DHS demos cyber attack to help sway lawmakers to pass a cyber bill RSA securid key not so secure - it's broken - no it isn't - yes it is - Damn you people - it's the smartcard portion of a dual-use device that's 'broken', quit slamming multi-factor authN. Portswigger get's new tricks - Errata Charlatan of the Week Commentary Foot In The Door LM Team, First off I want to say that I'm really enjoying the podcast. I'm still very early into my career and trying to transition into InfoSec. I would love to hear about all of your views on Information Security in colleges. I was thinking about it following some twitter chatter between some people and Chris Eng about this. I thought that there were some good conversations. I'm a little bit disappointed since I just finished my M.S in Computer Info Sys with a security concentration. In the classes I took we learned some basic network security concepts. Only touched a bit on web application security. I was hoping we would of done some offensive stuff, but we never did. I compared my classes to pen testing classes out there and it seems to me they're on a better track but what do I know. Just some thoughts, Jimmy Hardcore From a Black Hat to Black Suit - The Last Hope (2008) Black Hat to a Black Suit - The Econopocalypse NOW Edition - Notacon (2009) The Black Suit Plan Isn't Working - Now What? - The Next Hope (2010) Mailbag mailbag@liquidmatrix.org Hi there LiquidM, Long-time listener, first time emailer! I was wondering if you could help me with a small dilemma I'm facing. I've been working as one of those penetration tester types in the financial sector for a while now, and my company treats me right... but more and more I hear the calling of the darkside... no, not THAT darkside, the calls of those working for security companies and $vendor that get to do exciting things with exciting people! The ones that get to actually TALK about their research... So, what's a guy to do? Please LiquidM help me, you're my only hope! Chris P.S: Love the show... but you guys are very Canadian O.o' ;) See you guys in Vegas I hope.... eh! Hey there fellow Canucks… Over the years I've had many IT jobs, from network admin to system admin for small consulting firms in my area (nothing big). A common theme was the unwillingness to implement the most basic of security mechanisms, or acknowledge the possibility that the systems/networks we would implement for our clients were perhaps done in a un-secure fashion. As a security enthusiast this was very frustrating. On a few occasions, I would prove this using a few simple demonstrations on how easy malware, or human, could compromise the network (malicious emails, word/pdf docs, ms08_067 for example). Every time my demonstrations were brushed off as "unlikely" or "impossible", requiring a level of technical knowledge that no employee possesses inside "client X". One such place was an ISP, where we would setup and host websites, providing clients with FTP access to upload and download content. I was actually instructed not to make the passwords too complicated, to ensure our clients were able to use it. Even after I had showed my boss a public exploit (from exploit-db) was available for the FTP software used. Again brushed off as "unlikely" seeing the exploit needed to be authenticated to properly function. This, of course, started the debate of weak passwords that lasted all of 2 seconds… At another spot, I actually showed the senior administrator (my supervisor), hosting a SSH server on port 80 was possible… funny. By now I think you get the picture on how security was handled, so I won't go any further. My question is what would you say to the lonely sys-admin, in a small to mid sized firm, on how to handle an employer that doesn't seem concerned at all with security? How should the lonely admin tackle these types of issues without annoying "the boss" with this silly thing called "security", when it's obvious he or she is not willing to listen? I'm fortunate enough to no longer be in this situation, but I'm sure there are many out there still living with these types of conditions. Steven ps.: hope all of this made sense, and good job on the podcast very much enjoying it so far Creative Commons license: BY-NC-SA
Episode 4 -- The Gang's all here. Matt has returned from the distant shores of the western USA... but he didn't listen to the podcast from last week - sucker. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode: News Facebook Security Reporting Flowchart 79 banks get ponied (or maybe not) more drive by malware and phishing sites according to the goog Bromium debuts micro-virtualization New Mexico retiree data on laptop goes for a walk Data Security and Breach Notification Act of 2012 - Text FAA worried someone might p0wn fancy corporate jet Stealing autocad designs via malware is now a thing in Peru Happy Birthday Alan Turing Errata: Microsoft vs. Free Software Commentary Foot In The Door ACLs Crypto malware/network hackers vs. disk crypto Hardcore repair work and warranty replacement DBAN Self encrypting hard drives disk destruction Mailbag mailbag@liquidmatrix.org Salut les gars à liquides à matrice Ma banque a dit ma carte de crédit se sont compromis, je ne sais pas comment cela pourrait se produire, je lance anti-virus et toujours mettre à jour mon ordinateur. Qu'est-ce que je fais mal? Merci Guy Hi Guys at Liquid Matrix My bank said my credit card got compromised, I don't know how this could happen, I run anti-virus and always update my computer. What am I doing wrong? MerciGuy Download the MP3 Listen: Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA
It's Episode 3 -- We Should Be So Committed. Your heroes find themselves completely Canadian this week as @mattjay is visiting the extreme west coast of America. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode: News Vulnerability in MySQL/MariaDB Bromium discovers vuln that affect many hypervisors on intel platforms Microsoft fixes cert trust list in response to flame Hospital respirators riddled with malware Breach... again Canada wants to listen to your boring airport conversations and so do the brits (on the internet) What do you get when you mix 2 crypto heroes and 2 navy seals (other than @Shpantzer's best dream ever) - The Circle (no, not google) FLAME, LinkedIn, Last.FM etc... why we're not following up on a follow up Commentary Foot In The Door "Try a Firewall" pay for your AV always update use a current browser the work computer is not the play computer Hardcore More on Authentication - because it's not that easy. Oauth and other ways to limit the potential damage. 3 Factor Auth for Banking. Social Engineering. Liquidmatrix Guidelines (coming soon) Mailbag mailbag@liquidmatrix.org Hi LM -- We just got breached and my boss is treating the breach like it doesn't matter (passwords, credit cards and personal info were stolen for a few customers) - help me talk some sense into him! thanks, Anonymous (no, not that Anonymous) Download the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA