POPULARITY
Welcome back to the Karma Stories Podcast! In today's episode, Rob shares four engaging stories from the Malicious Compliance subreddit. The first story involves a teacher balancing urgent personal matters and work obligations, leading to a bold confrontation. The second story highlights the challenges of working under an acronym-happy manager and an ensuing miscommunication at a conference. Next, we explore the dynamics of working at a LGBTQ-themed coffeehouse in Hollywood and an unjust firing. Lastly, a story showcases how adhering to bureaucratic rules eventually brings about compliance in a large organization. Tune in for these intriguing narratives and don't forget to add us to your favorites!Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.
Nate and Bob debate whether the Cardinals will be fine with Tommy Edman as their starting shortstop in 2023. Bob thnks the Cardinals will be just fine with Edman at a position that saw the likes of Mark Belanger, and Rafael Belliard starting for contenders.
Jennifer finishes the cliffhanger from last week’s episode! In today’s episode, what are the OK, good and great trips as a CFA? And what 3 caveats should you absolutely know about these trips? Thank you for the download! Check out my new website to purchase my CFA Book & other digital products & services, such as my famous Lists Bundle and Resume Editing and CFA Consult services, at: https://www.freespiritpodcasts.com If you like this podcast, give me 5 stars & tell a friend!
OK Good people this is GT, this is my segment entitled Who The Hell Do You Think I Am Weekly Breakdown where I talk about the latest news on anime and manga, and talk about the latest episodes from some of the anime I am following every week expect and episode every Monday afternoon no specific time --- Send in a voice message: https://anchor.fm/gavin-d-tillman/message Support this podcast: https://anchor.fm/gavin-d-tillman/support
I said Yo! Kanye is um....wilding. Ye are you okay? Are you okay? Are you okay Kanye? My man wants a divorce from Kim Kardashian accusing Meek Mill of clapping them cheeks. Gillie vs Joe Budden in some Podcast beef. TI proud to be a "Crime Stopper". Also a in depth review of DMX vs Snoop Dogg. That was a DOPE VERSUS BATTLE. Listen, review, like and subscribe to the show on Itunes, Spotify, Stitcher Radio, Iheartradio and more. Thank you all for stopping by. Follow on Instagram: @Isaidyo757Follow on Facebook: I Said Yo 757
Episode 0x74 Quarantine 2020 Edition All the late shows are doing the "I phoned in from home" why shouldn't we? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary coronavirus insider trading fixing vulns at scale US authorities battle surge in coronavirus scams, from phishing to fake treatments Coronavirus Sets the Stage for Hacking Mayhem Breaches Princess Cruises Confirms Data Breach Rogers had a woopsie SCADA / Cyber, cyber... etc Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis DERP Stupid shit that vendors say due to Coronavirus (THIS) Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet What do you mean our RSS feed didn't update? What do you mean RSS is dead? Briefly -- NO ARGUING OR DISCUSSION ALLOWED cyentia 2020 information risk insights study On Making Work Less Remote: How the Heroku Team Works Together HBR has some thoughts on newly remote teams too automated reasoning about AWS security s3 thinger https://twitter.com/JSTOR/status/1240306471168028674?s=20Get bent JSTOR Closing Thoughts Seacrest Says: There's finally a word for what we do... On-nomi Creative Commons license: BY-NC-SA
Kevin Negandhi and David Pollack kick off the podcast with reactions to the first batch of College Football Playoff rankings and debate whether the Pac-12 teams are properly ranked (7:42). Then, the guys get into Georgia bouncing back against Florida (13:48), Wake Forest's beautiful offense (17:54) and Terrell Lewis as David's Dude of the Week. Next up, Heather Dinich joins the pod from Texas to share her biggest takeaways from the first rankings (31:58), how LSU-Alabama factors into the equation and what Clemson coming in at No. 5 means for the Tigers going forward. Later, Ivan Maisel hops on to discuss why the first ranking resets how we view the college football landscape (41:39), why he doesn't think Florida State is a blue blood, college football turning 150 years old and why the bye week came at a good time for Nick Saban.
Kevin Negandhi and David Pollack kick off the podcast with reactions to the first batch of College Football Playoff rankings and debate whether the Pac-12 teams are properly ranked (7:42). Then, the guys get into Georgia bouncing back against Florida (13:48), Wake Forest's beautiful offense (17:54) and Terrell Lewis as David's Dude of the Week. Next up, Heather Dinich joins the pod from Texas to share her biggest takeaways from the first rankings (31:58), how LSU-Alabama factors into the equation and what Clemson coming in at No. 5 means for the Tigers going forward. Later, Ivan Maisel hops on to discuss why the first ranking resets how we view the college football landscape (41:39), why he doesn't think Florida State is a blue blood, college football turning 150 years old and why the bye week came at a good time for Nick Saban.
Our own anger, if left un-analysed, can bring us to faulty conclusions and irrational responses. Made in the image of God, who is “slow to anger”, means we should all feel anger as He does, and yet control its pace and place in our hearts.
This isn't just for women, but mostly it is. TAKE UP SPACE! Stop trying to be little. Stop apologizing for existing! Stop using words that soften what you mean to say. Just f-ing say it! If you mean it, say it. Lauren and Burg talk about how women need to take up space and not apologize for it in all senses. Physically, verbally, intellectually, etc. Be your authentic self. Be big. Be who you want to me. And don't apologize for it. Men, you too. Ok? Good. Glad we talked. Keep the rebellion alive.
Welcome to our new arc: TIME TRAVEL! I mean, you get it, right? I don't have to explain it. Ok? Good. Anyway, the Enterprise is thrown back in time by a black hole or something and then they abduct a guy and it's all very silly, but then they send him home. Or actually they probably scatter his atoms on the sun but it doesn't matter because it will all have never happened.
In this episode Dan and Caz discuss Reg The Exterminator, Dan gets worryingly overexcited about Batman's wang and our heroes spend a loooong time discussing that. No pun intended. There is also talk of Iron Fist-ing. Basically it's by far the dirtiest show we've done so don't listen to this one with the kids OK? Good. We've sent them to sit in a cold shower and think about what they've done, we're sorry... but not really ;)
This week we get down to brass tacks. We're talking about the awkwardness of talking about money.. In this weeks' Is This For Real? The girls have to decode some weird names. Then we hear an awkward story involving gas. Hosted by Jen and Janine, produced and edited by Tim Garry. Original music from www.brbrck.com. Go to www.patreon.com/majesticallyawkward . Tell all your friends (if you have friends) to listen as well. If you've got ideas for awkward shit for us to discuss, ideas for is this for real, or awkward stories you'd like us to share on the show (or if you'd like to share them on the show yourself) email majesticallyawkwardgals@gmail.com Ok? Good times see you later ok byebye.
Episode 0x73 Surprise! Happy Holidays Are you having a happy holiday? Listen to us and you'll have a happy holiday. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Comparison of DNS resolvers Stylish Norton Core Router Russian wessels messing with underwater internets Submarine Cable Map Keeper Security learns about The Striesand Effect Russian hackers targeted more than 200 journalists globally Breaches Internet Hijacking Free Credit Monitoring from Nissan Finance Canada! SCADA / Cyber, cyber... etc VMWare has bugs. Who knew? DERP The person that thought we our recent fail panel was unprofessional Screenshot kernel patch Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Enpass Pineapple Fund Die Hard at the Theatre Magic Leap is real... ish Has no link. Closing Thoughts Seacrest Says: Where the fuck is Matt? Has anyone seen Matt? Creative Commons license: BY-NC-SA
SPECIAL GUEST: KATE UMBERS (WSU) Stop murdering invertebrates. OK? Good. Dr Kate Umbers is an animal behaviour expert from Western Sydney University who is fighting to make sure that invertebrates are recognised as the wonderful creatures they are. In an interview with In Situ Science she says that perhaps the arts are the best way of teaching people about the majesty of the other 99% of the animal kingdom. By forming meaningful relationships between people and invertebrates, we can start appreciating them as things other than the creepy, crawly stereotypes they have been given. Kate along with 29 other women across Australia is a ‘Superstar of STEM’, recognised by Science and Technology Australia for their contribution to science. These superstars are acting as role models to increase the representation of women in science. We talk about her experiences with the Superstars of STEM initiative as well as her breakthrough role on Romper Room as a child. Follow Kate on Twitter @kateumbers and find out more about her research at www.kateumbers.com Find out more about the Superstars of STEM scienceandtechnologyaustralia.org.au at or check out #SUPERSTARSOFSTEM Find out more at www.insituscience.com Follow us on twitter @insituscience Follow us on Instagram http://instagram.com/insituscience Like us on Facebook Music: ‘Strange Stuff’ by Sonic Wallpaper - www.sonicwallpaper.bandcamp.com
Episode 0x72 SPECIAL ELECTION EDITION Vote Dave... please? Upcoming this week... We yammer about stuff with no real direction or point. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: SCADA / Cyber, cyber... etc ETERNALBLUE was being used before wannacry DERP Hacking Mar-A-Largo... Kinda? Is this legal? Briefly -- NO ARGUING OR DISCUSSION ALLOWED https://securityheaders.io/ https://www.gofundme.com/crunch-medical-fund Liquidmatrix Products and Services - We do some stuff. Seriously. Advertising - pay the bills... Thinking about SecTor this November? Be sure to use the code "liquidmatrix2017" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2017expo" will get you in for $0 Seacrest Says: I can't even remember... something about Kelly. Closing Thoughts Creative Commons license: BY-NC-SA
Episode 0x71 Um... We're back? I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon? Upcoming this week... /dev/random And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: We totally forgot show-notes Creative Commons license: BY-NC-SA
Episode 0x70 Dave Doesn't Exist We've been unable to capture Dave on video yet despite turning out a absolutely epic amount of video material. We think it's because he doesn't actually exist. Do not even get me started on the hipster beard and hipster actor. Those two. Sigh. In any case... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Surveillance of reporters has chilling effects Great series of articles from Rich Mogull on Cloud Security Your Cloud Consultant Probably Sucks How to Start Moving to Cloud Seven Steps to Secure Your AWS Root Account Breaches Github responsible disclosure haveibeenpwned - NSA edition (a written message from the Shadow Brokers) SCADA / Cyber, cyber... etc White hat Marai UK gov investing mucho Brexit dollars in cyber security DERP Don't do illegal searches of CPIC (especially if you're a police officer) Mailbag What's with google disclosing vulns without patches? (thanks to Ed) Briefly -- NO ARGUING OR DISCUSSION ALLOWED Macbook Pro review Ten Securosis Years Let's Encrypt Crowdfunding campaign Upcoming Appearances: -- more gratuitous self-promotion Dave: - invading Sweden James: - VACATION! Ben: - still work Matt: - beard Wil: - hipster Other LSD Writers: - whaaaaaaa? Closing Thoughts Seacrest Says: Dave loves swedish meatballs Creative Commons license: BY-NC-SA
Episode 0x6F THE CENTENNIAL! We are happy to announce that we've got a full show... with only two hosts. But hey - it's number 100(decimal) Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Apple Introduces What It Calls an Easier to Use Portable Music Player MEDSEC gets independent confirmation of their findings... St Jude is still suing New ISO Standard Is an Anti-Bribery Game-Changer Breaches Vera Bradley POS Breach SCADA / Cyber, cyber... etc Modbus eavesdropper from B+B SmartWorx Senators get involved in IoT Dan Kaminsky on DNS and rate limiting DERP HAMAS complains about video cameras California DMV thinks "INFOS3C" is a dirty word Apple Doxes Self -- MBP w/TouchID Mailbag TALK ABOUT BSIDESTO AND SECTOR Briefly -- NO ARGUING OR DISCUSSION ALLOWED Liquidmatrix TV learn stuff for free from experts Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances: -- more gratuitous self-promotion Dave: - Claims to have 5 more conferences this year. Wife still doesn't expect him home for dinner anytime soon James: - O'Reilly Security NYC and then WDW! Ben: - work Matt: - Unknown. Hiding behind his beard. Wil: - Unknown. Check CBC Calgary Other LSD Writers: - There are others? Advertising - pay the bills... Thinking about SecTor this November 2017?Check back with us for codes. Closing Thoughts Terry Bradshaw Says: 100 (decimal) BABY WOOO!!! 100 Creative Commons license: BY-NC-SA
Episode 0x6E IT LIVES (Live from SecTor 2016) All five LSDP's in one room at the same time. It actually happened. Upcoming this week... Catching Up! And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: LIVE FROM SECTOR!!! Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Closing Thoughts Seacrest Says: Eventually we will return. Maybe. Creative Commons license: BY-NC-SA
Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA) DHS seeks to ask foreign visitors their social media accounts Breaches All your gotomypc are belong to us DERP Comodo are the good guys, seriously (not seriously) Briefly -- NO ARGUING OR DISCUSSION ALLOWED The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated) Mooltipass Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances: -- more gratuitous self-promotion Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress... James: - Vegas. Sigh. Ben: - Coding my ass for SECTOR building G.Tool Matt: - Keeping banker's hours. Wil: - BSidesLV, DEF CON, Burning Man... Other LSD Writers: - Who? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys Creative Commons license: BY-NC-SA
Episode 0x6C I'm bringing Six Cee Back... Oh yeah, bad joke from the start. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary VirusTotal pitches a fit^Wethical stance Another attack against the SWIFT network but the attack was stopped althought SWIFT is now warning its members DERP/Cybers Honey... it may look like I'm looking at Pornhub but this midget porn is an essential part of my bug hunting SYMANTEC... this is not how you do malware analysis safely Nice guy tells Indian bank about their app that could have let him steal all the monies Unintended Consequences of DMCA on Medical Implants Michigan ok with wrenches, not ok with computers Briefly -- NO ARGUING OR DISCUSSION ALLOWED Personal Warrant Canary Poor man Windows Security Metrics Upcoming Appearances: -- more gratuitous self-promotion Dave: - Everywhere James: - Vegas Baby! Ben: - Toronto Matt: - Fleeing Trump... Welcome to Canada Matt Wil: - Bermuda Triangle Other LSD Writers: - Dunno. Bill and Chris? Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... Wil posted two) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: insert crickets.wav Creative Commons license: BY-NC-SA
Episode 0x6B SIX BEEEEEEEEEEEEE Ben, Wil, and Dave provide entertainment value that is also questionable. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook bug bounty hacker finds that he wasn't the first there (Tech details) (Trey's talk on sharing incident details) Jericho et. al run some numbers on the VZDBIR (Michael Roytman's response) There was irony, and then there was getting the message out I love Gooooold DERP/Cybers Brazilian judge is scared of the internet ruining Brazilian telco's Idiot grounds his own flight and runins everyone's day Kernreaktor Malware Scheiße!!!! Canadian infrastructure keeps getting hacked Mailbag Briefly -- NO ARGUING OR DISCUSSION ALLOWED How to hack 2FA Required reading OpenSSL Upcoming Appearances: -- more gratuitous self-promotion Dave: - Interop, RMISC, HackMiami, NolaCon, Securityfest, Infosecurity EU, James: - On a plane Ben: - work then off to Vancouver for work Matt: - I think he's on the phone. Wil: - Locking himself away this weekend to work on his OSCP training. Other LSD Writers: - Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... Wil posted two) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: worst. segue. ever Creative Commons license: BY-NC-SA
Episode 0x6A All about the VZ-DBIR Ok. Not completely weekly. And sorry Mom that we missed last week. We'll get it together. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Verizon's 2016 Data Breach Investigations Report How Hacking Team got hacked (with a detailed writeup from Phisher himself) U.K. official confirms surveillance bill would let cops force companies to decrypt data Katie Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147 Vulnerability Disclosure How iMessage distributes security to block “phantom devices” Breaches Philipines got hacked... yes, a whole country ... by a 23 year old student ... and Mexico A Bangladeshi bank got popped for (almost) a billion (more analysis) (technical analysis) SCADA / Cyber, cyber... etc UBER META DATA US or something like that (Uber says gave U.S. agencies data on more than 12 million users) US Special Forces Are 'Dropping Cyberbombs' on ISIS DERP Four hundred MILLION vulnerable Androids are out there Microsoft sues US government over 'unconstitutional' cloud data searches The FBI paid more than $1 million to crack the San Bernardino iPhone Jeff Moss talks about grooming presidents Mailbag Making security a big "P" Profession Briefly -- NO ARGUING OR DISCUSSION ALLOWED Sadlock Bug Listen to Paul @dcept905 when he says interesting things on Twitter DevOps Days Austin Setting up a home malware lab Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption by 7 Years Upcoming Appearances: -- more gratuitous self-promotion Dave: - Interop, RMISC, HackMiami, NolaCon, SecurityFest, InfosecurityEU, CircleCityCon James: - Not much until Vegas... As far as I know. Ben: - A Cyber Insurance conference. Listening. yes... really Matt: - DevOps Days Austin, DFIR Summit, Vegas Wil: - CBC Calgary Other LSD Writers: - Shrug, Dunno. Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: Hey Ergodan - watch this you despotic little arsehole this Creative Commons license: BY-NC-SA
Episode 0x69 Still Weekly! Still difficult to get everyone together for a recording but damn, we're trying. Keep sending in your questions to mailbag@liquidmatrix.org and if you see one of us at a conference, ask nicely and we'll give you a sticker! PS: The Security Intern joins us tonight - sorry you all can't see her commentary on the rest of the Liquidmatrix crew. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Badlock Bug Site Get out your Sad Trombones everyone. Steve Ragan Fulfils Curmudgeon Role - Badlock Hype Tero Hänninen calls bullshit in a simple way Network World notes that Microsoft doesn't think it's Logo-worthy Eset et al. Take down Mumblehard Linux/BSD botnet Breaking Google Captcha Investigating the Potential for Miscommunication Using Emoji California lawmakers take step toward outlawing 'ransomware' Breaches Security Flaws found in 3 state health insurance websites (THANKS OBAMA) Petya Ransomware Encryption Defeated SCADA / Cyber, cyber... etc Lockheed Martin - Integrated Infrastructure: Cyber Resiliency in Society OMGee - Canada is vulnerable, eh? FBI Claims that businesses have lost $2.3 Billion to Email Scams from October 2013 to February 2016 DERP Maynor Fixes All The Maps - MaxMind and Default Locations in GeoIP Misconfigure your way to Panama Success Mailbag Compliance is the Naturopathy of Information Security - DISCUSS. Briefly -- NO ARGUING OR DISCUSSION ALLOWED Random MAC addresses not enough... Integrating Bro IDS with the Elastic Stack Dealing with Digital Death Automating thought leadership Scan Onion Services for Security Issues Submit to the SecTor CFP!Early acceptance deadline is Sunday April 17 - final deadline is August 14th Upcoming Appearances: -- more gratuitous self-promotion Dave: - NAB Show, Interop, RMISC, HackMiami, NolaCon James: - Desperately working on new material for Blackhat Cloud Security Training Ben: - Vogon poetry reading Wil: - Remedial HTML for beginners (Cue Jamie's rant here) Other LSD Writers: - Really? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Next Week - because we'll be here next week! We'll be discussing the idea of making cyber a regulated profession. Send us your thoughts. Also, California, what's up with that? Closing Thoughts Seacrest Says: Cause, baby, now we got badlock Creative Commons license: BY-NC-SA
Episode 0x68 Weekly Monthly Somethignly At least a few of the boys are back to whine, bitch and moan. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whatsapp integrates whisper systems AXOLOTL here's a whitepaper (but they still collects the metadata) so stick with Signal if you don't like NSA Who Has Access - to unscrew your Google Drive mess. Medium article by CEO Panama papers: China censors online discussion DERP I ate the evidence Nest to permanently brick Revolv smart home devices 1,400 Vulnerabilities to Remain Unpatched In Medical Supply System Mailbag What's your opinion about the Tor and Cloudflare mud slinging? - Not Matthew Prince links: Cloudflare slings mud and Tor calls shenanigans Briefly -- NO ARGUING OR DISCUSSION ALLOWED Random TED Talk - because I haven't been paying attention Canadian government has opened consultation on Data Breach Notification and Reporting Regulations GPG signed git commits China's 'Great Firewall' blocks its creator Upcoming Appearances: -- more gratuitous self-promotion Dave: - ATLSECCON, NAB, Interop, RMISC, HackMiami, NolaCon James: - Probably nothing until Vegas Ben: - No One Knows (locked in a SOC2 closet at work) Matt: - at a hipster beard salon NEAR YOU Wil: - CBC Calgary Bitches Other LSD Writers: - Closing Thoughts Seacrest Says: I've run amok Creative Commons license: BY-NC-SA
Episode 0x67 The One With The Stunt Double Hey, James here. The boys recorded this one without me and managed to really munge up the audio. My apologies. For what it's worth, this is what happens when Dave and Wil are in charge. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary FBI say "You don't need to know how we hacked you, because you're a dirty dirty pedo." December DNS Root attack get's curiouser and curiouser... Slick Heatmap of the traffic source analysis. Security and small thermal exhaust ports Derps Anonymous Hacks Weeve... I get it but you're being an ass... CNBC shares your password with it's ad networks and a google spreadsheet. VNC Roulette (why is this still news?) Briefly -- NO ARGUING OR DISCUSSION ALLOWED "OpenBSD 5.9 is out. Now with more W^X and Xen. "Securityfest CFP open Upcoming Appearances: -- more gratuitous self-promotion Dave: - ATLSECCON, NAB Show, Interop, RMISC, HackMiami, NolaCon James: - Nowhere - except for going to Seattle again. Oh, and Vegas. Ben: - Nowhere Matt: - Where souls go for destruction Wil: - Well... CBC Calgary is Go (And other assorted projects... MakeFashion, c0wsec) Other LSD Writers: - There is no Other Writers Closing Thoughts Seacrest Says: "VNC, VNC Everywhere!" Creative Commons license: BY-NC-SA
Episode 0x66 The One Where Ben and Jamie Aren't At RSAC So the rest of the gang are out playing in either San Fran or Calgary. You get what's left over - actual security professionals doing actual security work. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Pentagon Admits, Only a Bug Bounty Will Work US Companies Prefer China over Pentagon, Generals try Cybering Harder John McAfee doesn't computer Breaches Internet of Crap - now with Patriot Missiles in Turkey SCADA / Cyber, cyber... etc 1Password loopback vuln ... but wait, a rationale response from the vendor DROWNing!!! A little late but congress says no to Flowers By Irene DERP UK Minister Compares Adblocking to Piracy. Fails at Internet Ad networks have a vulnerability again Mailbag Dear Liquidmatrix, How come you're not at RSAC with the cool kids? Signed, Cool Kids Briefly -- NO ARGUING OR DISCUSSION ALLOWED I was in Engadget. Read about it. Incident response methodologies Closing Thoughts Seacrest Says: good luck with the post RSAC conflu Creative Commons license: BY-NC-SA
Episode 0x65 Ben and Matt Screw Up HTML Thanks Matt-Dave, this is Ben-Jamie for episode 0x65 (82 for those of you not good with the hexa-ma-decimal) and we're down a bunch of peope tonight but that's okay because we're super committed (except Wil, he's doing who knows what somewhere). Tonight we've got a lot of news about vulns and then a brief stroll through the cybers, derps and mailbags before calling it a night. Hey Matt, what's in the news? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary glibc - Set fire to the rain Google's advisory on glibc vuln Cisco's firewall doesn't... you know... firewall and it's a pretty nasty vuln affecting millions of ASA deployments making it ripe for worm fodder. The vuln was discovered by Exodus Intel. Predictably the mass scanning started , and Qualys made some pretty good points about this vuln. Notably, Cisco has released an IDS signature back in November; but how does that help an admin who gets the alert. This mitigation probably didn't work. SCADA / Cyber, cyber... etc Fireeye vuln let's you whitelist malware Apple Encryption Bomb Dropped Trail of Bits Technical Deep Dive on Apple Encryption DERP Fake Download Buttons Be Gone! 3rd Party JavaScript in Major Banks Login Forms Mailbag Hi-Di-Ho Have you thought about doing a livestream? Mr. Hanky Briefly -- NO ARGUING OR DISCUSSION ALLOWED Docker's Security Upgrades AWS Lambda WAF awesomeness Mimikatz defense Upcoming Appearances: -- more gratuitous self-promotion Dave: - RSA! James: - Nowhere - except for going to Seattle next week Ben: - Nowhere Matt: - RSA! Wil: - in his trailer between takes Other LSD Writers: - There is no Other Writers Closing Thoughts Seacrest Says: Eggplant 2 - Mother approved Creative Commons license: BY-NC-SA
Episode 0x64 FIVE Golden Digests... Yup, back again. Actually a thing. There's even some people here to talk to you about security things. And whining. Also, fuck you Skype. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Dridex Malware Platform installing Avira Let's encrypt has crossed 500K SANS Securing the Human Newsletters And use Gophish to test them out... Job hunting? White House seeking a CISO SCADA / Cyber, cyber... etc Obama gonna make it rain $19 billion cybers ENISA Cyber Europe 2016 Hacker doxxes 20k FBI agents DERP VTech: "Not our bad..." ¯_(ツ)_/¯ Microsoft doesn't understand what "no" means Avast decides to pull a Comodo Your backups should be in a separate cloud thingie Alibaba security team fails to notice 99 million brute force attempts - TAO says "you're welcome" Mailbag Dear Digestives What's the deal with auditors and the woodie they've got for full disk encryption on servers in secured data centers? Love you all, but I NEED AN ANSWER NOW Briefly -- NO ARGUING OR DISCUSSION ALLOWED Archive.org's Malware archive Make all those asshole auditors shut up about O365 Specialists Vs. Generalists by some guy named Nick Pamela Anderson is in a movie about the singularity RSA Parties List 2016 Upcoming Appearances: -- more gratuitous self-promotion Dave: - RSA, CSA Summit 2016 (Slovenia), FIRST ...25th? James: - I work. A lot. Ben: - Also works. A lot. Matt: - There is no Matt. Wil: - Doesn't work so much... Rehearsing for Radioheaded (again...), more CBC news coming... Other LSD Writers: - There is no Other Writers Closing Thoughts Seacrest Says: Eggplant Creative Commons license: BY-NC-SA
Episode 0x63 May The Forth Be With You! Dave's here. Wil's here. Matt's here. Ben's here. I'm here. There's a guest (or two) HOLY CRAP IT'S A REGULARLY SCHEDULED LIQUIDMATRIX PODCAST. Also, Dave claims he's fixed the website - we'll see how that goes. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Lessons Learned from the Java Deserialization Bug ( Apache Nose Job that Ben mentioned - everything old is new again) Let's talk a bit about privacy on Tor Baby Monitors live in New York! 2016 Social Security Blogger Award Voting is Open Now Security Firm Norse Corp. Imploding Threat Butt Breaches Let's just assume that there have been some. SCADA / Cyber, cyber... etc The Muricans are invading Canada's all bran fibre (h/t @ultramegaman) Israel got hacked by the NSA and James Bond Go get your prescriptions from these guys Curmudgeon's Corner The latest from Internet Curmudgeons -- tonight Spacerogue - YES THAT SPACEROGUE! DERP Developers Accidentially Ship Dropbox and Gmail Logins - Motorola HSBC succesfully defends against DDoS but is offline Security researcher finds 'backdoor' to MediaTek processors Tavis wrecks Comodo Mailbag Gentlemen, First let me say how happy I am that the Liquidmatrix podcast is pushing out new episodes in 2016. I look forward to listening more. That said I find I must take exception to the "Mailbag" commentary in Episode 61. What definition of "enterprise" are you using? I will heartily endorse that Matt is an "awesome" hacker and that the toolkit he is building at the startup he's at is likely totally awesome. But in what world is a startup also an enterprise? Startups use homebrew and open source systems because they are cash-short and it makes more business sense (meaning a combination of financial, risk, compliance, and resource sense) to build versus buy. But any true enterprise CISO that used a SIEM built by one of their team members is (using the language of the kids today) “smoking crack”. Why? Allow me to expand the thought.. Assume Matt works for me at an $8B company and I adopted the SIEM platform he developed versus using MSSP or SIEM… 1. As the company grows the amount of time Matt will need to spend building connectors and enhancing the system will continue to grow. Matt will need to take time away from actual security (which is what I hired him for in the first place) and act more like a developer than a security staff member. Is that the best use of his limited time? I doubt it.2. Some compliance regimes (yeah, I know, I can hear the complaints now but at the enterprise level this stuff matters) require systems you rely on for security to “have support”. I’m not a development shop! I do security for a company that makes widgets! Crap – now I have a finding in my external audit and my PCI assessor is twitching.3. What happens when Matt gets bored (and he will – all good hackers do after a period of time) and leaves the company? Who’s going to support this thing? Now I have to go find an equally awesome hacker (not an easy prospect these days) and hope they can support this now critical piece of security infrastructure. There is a very real possibility that the system will degrade into a useless piece of crap before I can find someone to take over… That’s potentially devastating as I have *nothing* to fall back on. Are you seriously asking me to sign up for this amount of risk? REALLY? Homebrew and open source security tools have their place and properly used are likely viable solutions in the startup/SMB space. Use in a true enterprise, IMO, is likely going to add so much risk that the cash expense of $VENDORPRODUCT is very much worth it. Keep up the good podcast work, y’all. I look forward to more episodes. Martin Fisher Briefly -- NO ARGUING OR DISCUSSION ALLOWED Michael Geist on the TPP Internet Link Tester / Validator w/ Raspberry Pi (or any Linux) Maximum Absorbency Garment Bill Clinton has used email once or twice. Nope just twice. Safe Harbour 2 is here Google's Vulnerability Reward Program paid out more than $2 million in 2015 Liquidmatrix Staff Projects -- gratuitous self-promotion Messages from our Sponsors We really need to have more projects Upcoming Appearances: -- more gratuitous self-promotion Dave: - RSA, ATLSECCON, NAB, Interop, Bill's thong shop James: - Currently nothing till Vegas. Ben: - At home Matt: - RSA? Maybe? Come buy me beer during SXSW Wil: - Waiting to take OSCP... Other LSD Writers: - Apparently bloggering... Closing Thoughts Seacrest Says: Out. Creative Commons license: BY-NC-SA
Episode 0x62 The Return of Dave? Well, we weren't kidding folks. This is number 3 inside of a month. If you include the special "Blast From The Past" Episode 0x40 Live from SecTor 2014, that's FOUR episodes in a month. Wooooooooo. Now, time to talk security. But first, a moment for Abe. Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Amazon Customer Service Backdoor Bug in Linux Kernel... Patch now The gory details from Perception Point ISO 27017: A New Standard to Learn Update from last week: Actual PDF of Trustwave lawsuit Canada Discovers It's Under Attack by Dozens of State-Sponsored Hackers SCADA / Cyber, cyber... etc Pentagon to save the power grid DERP Reporter thinks SHODAN is creepy. FBI Runs Child Porn Sites Apple can read (Backed Up) iMessages NY and California Politicians DON'T MATH Mailbag @mattjay I'd like to hear you talk for an hour on browser stuff, really. — Icon0clast (@Icon0clast) January 21, 2016 Briefly -- NO ARGUING OR DISCUSSION ALLOWED POCIIGTFO x10 is out. @beaker (Chris Hoff) dispenses wise words If you use OS X - lots of defaults write commands SSH Logins to Slack WhatsApp will add encryption indicators so you know your chats are safe Upcoming Appearances: -- more gratuitous self-promotion Dave: - Will be at RSA, probably in the lobby of the W James: - Wednesday January 27th - TASK. Unknown thereafter Ben: - Hiding. Matt: - Will be at RSA, probably in the lobby of the W (near Dave) Wil: - On CBC Calgary (26:50 or so) Other LSD Writers: - Can't login to post a story either Closing Thoughts Seacrest Says: Jolly Ranchers Make Me Squee Creative Commons license: BY-NC-SA
Episode 0x61 THERE IS NO DAVE, ONLY ZUUL Twice in two weeks. It's almost like we're making this thing a thing. Of course it'd be nice if Dave would fix the website so I could post there. At least libsyn and iTunes still work. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Adblock Plus just got uninvited from the ininternet-advertising industry's big conference Yahoo 10k bug bounty Affinity Gaming sues Trustwave AWS Enterprise Accelerator - Compliance -- Standardized Architecture for NIST 800-53 on the AWS Cloud SCADA / Cyber, cyber... etc Firm Sues Cyber Insurer Over $480K Loss Ukraine power hacked by someone? But too soon for attribution. DERP Griefer hacks baby monitor, terrifies toddler with spooky voices RSA Conference Keynote Speakers RBC doesn't respond to security vuln LastPass LostPass ShmostPass Mailbag Hi LSD Why do we keep buying shitty enterprise security products? Can't we be awesome hackers and build our own cool shit? Enterprise Guy Mentioned: Elastalert, OS Query, Talk Slides Briefly -- NO ARGUING OR DISCUSSION ALLOWED Topic of Interest: Key Management OpenSSH 0-Day Fast Incident Response I'm still hiring Upcoming Appearances: -- more gratuitous self-promotion Dave: - Hiding. James: - TASK January: Docker and Home Automation Security 2016-01-27 at Metro Hall in Toronto Ben: - Hiding from plumbers Matt: - South by Infosec Wil: - Slumming in Calgary, being a socialist. Other LSD Writers: - Hiding. Scared of the wilderness. Closing Thoughts Seacrest Says: Elon Musk, please land my rocket Creative Commons license: BY-NC-SA
Episode 0x60 Mid-Season Cliffhanger Short paragraph containing introductory material and a thanks to listeners (if reasonable) Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary TrendMicro security fails TrendMicro also asks: What About Canada, Eh? Juniper ScreenOS VPN traffic possibly snoopable... and admin access backdoored. But... They are patching it. And Fortinet as well? We can read encrypted emails on BlackBerry devices, Dutch team says Microsoft Drops Support for IE Older Than 11 Cyber Insurers Dictating Cybersecurity Standards? SCADA / Cyber, cyber... etc Steal your keys from your doorbell... Forget the Doorbell - APT the Surveillance Camera Project GRIDSTRIKE Reid Wightman Explains Why VFD Mfg Companies Are Stupid SCADAPASS ALL THE PASSWORDS DERP T-Mobile. Dude. You suck. Canadian company helps with oppression... again And again... And again... So here's The State of The Onion... So run a Node or donate. (Unsure DERP delivery...) Let's Encrypt certs used to hide malware transmission. Mailbag Dear Liquid-whatever-your-name-is, Seriously, what the shit. Is this a thing again? Signed The People Also, how come large enterprises don't get small startup security? Briefly -- NO ARGUING OR DISCUSSION ALLOWED Using Massscan to push poetry Urban Dictionary Goes Infosec Intro to DFIR I'm hiring again (I swear the last guy survived that incident) Closing Thoughts Seacrest Says: Are you really back? REALLY!?!! Creative Commons license: BY-NC-SA
Music Biz 101 & More is the only radio show in America that focuses on the business side of the music & entertainment worlds. Hosted by William Paterson University's Dr. Stephen Marcone & Professor David Philp, the show airs live each Wednesday at 8pm on WPSC-FM, Brave New Radio. In this episode, we hear X Factor UK 2001 artist Janet Devlin talk about her international record deal, how she got U.S. distribution with OK! Good Record, how hard she works each day in order to make a living in music, what her social media plan is, and everything there is to know about her 2015 holiday EP, "December Daze." Enjoy the talk, listener tweets, and see what you can get out of this. Like what you hear? Tweet us anytime: @MusicBiz101wp Engage and Adore us on The Facebook, The Twitter & Instagram: www.facebook.com/MusicBiz101wp twitter.com/MusicBiz101WP instagram.com/musicbiz101wp/
Episode 0x51 Not Dead Yup, we're still a thing. Scheduling is hard. Look forward to more of these with less than a full cast of characters. It happens. Upcoming this week... Just some general ranting. It's what we've got. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Closing Thoughts Seacrest Says: Do this again sometime, eh? Creative Commons license: BY-NC-SA
Episode 0x50 Revenge of the Fourth We've been around, just not... you know... around. It's best that you do not think about what happened to episodes that were not published. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Home routers take down Sony, Microsoft, Kerbs... you're next Google won't fix old vulns (but it's not their fault) JJX talks about Year 1 -- And it's my first year too! 3 Problems With UK PM Cameron's Crypto Proposal SCADA / Cyber, cyber... etc There's vulns in the hermit kingdom's glorious OS And a crazy web browser South Korea smokes a doobie and says North Korea has computers DERP Don't enjoy respawning cookies? Don't use our service Adsense didn't watch Matt Jay's talk on malvertising Marriott Agrees to Stop Blocking Guest WiFi Devices Mailbag Hi guysWhere the fuck have you been sincerely the internet of thingersWe told you already! Briefly -- NO ARGUING OR DISCUSSION ALLOWED Keystroke Sniffer inside a USB Wallwart What Happens When You Install the Top 10 Download Dot Com Apps I'm hiring! I'm hiring! Liquidmatrix Staff Projects -- gratuitous self-promotion We'll get back to you when we have projects again. In the mean time, find us here: Dave: - #jeSuisCharlie James: - Ben: - Bed Wil: - Anywhere that is nowhere. Other LSD Writers: - Anyone else notice that Bill Brenner posts to LSD ALL THE TIME? Wrapping up... NyQuil - you giant fucking Q Closing Thoughts Seacrest Says: Who the fuck is Seacrest. Creative Commons license: BY-NC-SA
Episode 0x3F Last one before Summer Security Camp Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we'd be back and this time we're pretending we care. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Police Dog Sniffs Out Child Porn Hard Drives News about the news - the WaPo launches it's own wiki-leaks-esque platform Rogers Releases New Policy on Disclosing Subscriber Information UN human rights report blows apart governments’ pro-surveillance arguments Breaches HotelHippo.com Closes after Data Leak Lastpass doesn't think it got breached SCADA / Cyber, cyber... etc Senate "Intelligence Committee" approves cybersecurity bill. If you read Boing Boing, the NSA considers you a target for deep surveillance The NSA Revelations All in One Chart DERP Congress in middle of Hollywood copyright clash with Silicon Valley from listener Marco Tietz Mailbag / Deep Dive We're coming up to Summer Security Camp in Vegas. Some thoughts on how to survive - and even prosper - while retaining your mind. Briefly -- NO ARGUING OR DISCUSSION ALLOWED Plain Text Offenders - one of many Tumblrs to follow Putting the TOR back in Torrent Telehash Australian bill will put journos in prison for 10 years for reporting leaks Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Speaking at RSA Asia next week, Attending Black Hat/Defcon (goon) and BSidesLV, BSides Cape Breton as keynote and will be speaking at 44CON, Sector and BSides Toronto is coming. James: - Blackhat, DEF CON, Derbycon, BSides Toronto, Sector - dunno where else... somewhere I suppose Ben: - Staying at home - cause baby Matt: - If you see me, call me. I'm lost. Perhaps I'll be in Las Vegas. Wil: - Other LSD Writers: - We added another one. Trying to clean up our image. Say hi to Bill - yes, that Bill. Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: Viva Las Vegas!!!! Creative Commons license: BY-NC-SA
Episode 0x3E HAPPY $COUNTRY JULY PAID DAY OFF We're back. Reasons shall be enumerated. And so forth. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary cryptolocker extortionists use bitcoin for less traceable blackmail payments, extortion payments visible in the blockchain till it goes through a mixer. crime pays Harper - Canada needs NSA lite because protesters More details on the Hacking Team spying software. Los Angeles Police Department Kept User ID and Password to “Big Data Policing” Software on Office Whiteboard, Incidentally Broadcast to CNN Viewers During Interview (UK gov/World Cup) Breaches Benjamin F. Edwards Co. Discloses Data Breach Affecting Customers DDoS Attack Puts Code Spaces Out of Business Feedly Suffers Extortion Related DDoS Attack SCADA / Cyber, cyber... etc The Akamai State of the Internet Report Deloitte Global Defense Outlook 2014 OpenSSL roadmap - we're going faster now DERP Austria prosecutes a TOR node operate - forgets about other common carriers CASL means no more security notifications Microsoft steals no-ip's domain Mailbag Hi guys, Where the fuck have you been? Sincerely, The Internet PS Can we have your domain name if you're not using it anymore? Briefly -- NO ARGUING OR DISCUSSION ALLOWED Awesome Sysadmin: A curated list of sysadmin resources Goals are for losers iOS 8 is Randomizing MAC Addresses Passwords Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Speaking at RSA Asia, Defcon, Black Hat, BSidesLV, Speaking at BSides Cape Breton, Speaking at 44CON, BSides Toronto, Speaking at Sector James: - Lots of work travel, Black Hat, DEF CON, BSidesLV, BSides Toronto, Speaking at Sector Ben: - Diaper changing Matt: - Seacrest OUT Wil: - Maybe painting the bathroom before DefCon and Burning Man. Other LSD Writers: - At least someone is blogging Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: "Look at that subtle off-white coloring. The tasteful thickness of it. Oh, my God. It even has a watermark." Creative Commons license: BY-NC-SA
Episode 0x3D My Heart Bleeds for Windows XP Well this is certainly an exciting week around these here parts. I reckon we've not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I'm not a huge fan of this crap. Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Classified NSA Work Mucked Up Security For Early TCP/IP EU court acts like a government of the people Trey Ford talks sense around XP EOL/EOSupport Breaches Heart Bleed!!! and some demo and a PoC!!!! With an awesome quote by Mr. Fancy Pants And donate some money to the cause you lazy bitches Also, update your Tor nodes and relays... and while you're updating your OpenSSL Bad CRA How I hacked your router SCADA / Cyber, cyber... etc GoGo helps the feds DERP US Pushes Canada to Weaken Privacy Legislation The Brits love them some XP good bank drops out of Trustwave lawsuit Mailbag Hi Are we now cool with Cyber? Not Jamie Briefly -- NO ARGUING OR DISCUSSION ALLOWED Plug and play in/with your Tesla... Yeah. So, not really interested in Dropbox anymore. Evilgrade Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Star Alliance Hostage James: - Wait what? Ben: - Suit. Matt: - Beard. Wil: - Actor. and cleaning up his laundry Other LSD Writers: - Blogging? (WTF IS BLOGGING????) Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: Aviator is already configured to check for revoked certificates. Nyahhhhhhhh. Creative Commons license: BY-NC-SA
Episode 0x3C You Got Breached. And in other news... April 8 is coming up FAST. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary ErrataSec may have witnessed SHOTGIANT in action... more likely the CIA though... Trustwave gets sued Are You An Expert? Breaches Hackers compromise EA website, use it to steal Apple IDs (report) Security certification group EC-Council’s website defaced with Snowden passport SCADA / Cyber, cyber... etc Full Disclosure is dead, long live full disclosure XP eternal p0wnage DERP Wil hasn't seen 80's movies How not to write an API (ANTI-DERP) who to handle a vuln (ANTI-DERP) who to handle a vuln #2 Mailbag Dear Liquidmatrix People Did you forget that you have a podcast? What's up with that shit? Love, The Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Aviator is awesome and it should be part of your Mom's day to day. All the places you can MFA Control System Port List MozDef Mylar Frida Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Massively distributed diaper changing operations. James: - Interop next week, BSides of Various Cities and then Summer Security Camp Ben: - Work Matt: - Aviating Wil: - Not drinking coffee... It's beer in the mug... Other LSD Writers: - That Sistrunk Guy won't write about Aegis. Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: If you ever want to see these liquidmatrix bastards again, follow my instructions carefully Creative Commons license: BY-NC-SA
Episode 0x3B We Have Quorum! Getting tired of hearing about the latest $problem. Can we do something different with our cognitive surplus? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook Awards Largest Bug Bounty To Date for Remote Code Execution Vulnerability - $33,500 Gang Rigged Gas Pumps with Bluetooth Enabled Card Skimmers US Courts uphold that you need an actual reason to search people's stuff F-35 Fighter Plans Intercepted In Shipping Container Destination: Iran Breaches 20 million Korean learn about a trusted insider the hard way (and then the executives own it completely) It wasn't just Target (and the obligatory Krebs) Is Your Twitter Password Secure? SCADA / Cyber, cyber... etc VSAT terminals are on the internetz ready for the p0wn CSEC Current Issues: Questions and Answers DERP Network solutions ripping customers off to make them more secure Snapchat, still not fixing the problem ... but they do implement a bot stopping captcha system... ... that gets broken the same day The first rule of a totalitarian government is you don't talk about hacking (just like an oppresive wannabe theocracy) Mailbag We're reaching a tipping point around the concept of Privacy. Here's a few examples to discuss: Rating Obama’s NSA Reform Plan: EFF Scorecard Explained MPAA & ICE Confirm They Interrogated A Guy For Wearing Google Glass During A Movie 79-year-old census resister has no regrets after conditional discharge Google outed me Here We Go Again: Canadian Recording Industry Calls on Government To Regulate the Internet TrueCrypt's Plausible Deniability is Theoretically Useless Another Six Weeks: Muting vs. Blocking and the Wolf Whistles of the Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Switch to HTTPS Now, For Free RSA Conference Parties WhiteHat Aviator for Windows Alpha NF Tables (die die die IPTables) Predicting attacks (cyber!) ISO 30111 - vulnerability handling process Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Never To Be Seen Again James: - BSidesSF, RSA, etc. Sigh. Ben: - Putting his office tchochkes in a box Matt: - Hiding behind his lustrous facial hair, speaking at AppSec California and BSidesSF/RSA/Metricon/etc. Wil: - Too Pretty (♫ I'm too sexy for this show, too sexy for this show, so sexy it hurts... I'm an actor, you know what I mean and I do my little turn on the catwalk... ♫) Other LSD Writers: - Promised to write up S4 and hasn't Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: The NSA is in bed with EVERYONE - including me. Creative Commons license: BY-NC-SA
Episode 0x3A We Can Do Better Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets. Mandiant gets bought by FireEye Infographic: New ISO 27001:2013 - What Has Changed? Find security flaw, go to jail? Breaches Former TIAA-CREF Worker Gets 6 Years for Selling IDs OpenSSL Defacement - Not a Hypervisor Thing Riverside Health System 4-year-long HIPAA Breach Thank Goodness for the NSA! - a fable Yahoo infects people with Malware and makes the bitcoin SCADA / Cyber, cyber... etc Several European manufacturers spawn NSA-proof Android “cryptophones” NSA denials DERP UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services Mailbag We receive some of the most batcrap crazy emails here at LSD. What's the right response to people who don't just have a tinfoil hat, but are opting for the full ensemble? Dear Mailbag I'm thinking about not speaking at RSA because of the NSAs, what do you think? Hugs Mikko H. (not the other Mikko guy) Briefly -- NO ARGUING OR DISCUSSION ALLOWED Crypto Hardening guide for Sysadmins Penetration Testing Lab Contents Mindmap sigcheck now with Virus total Wordpress plugin exploit data Skipfish Scanner Used In Financial Sector Attacks Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Shmoocon, SOURCE, Infosec EU, BSides London, HITB EU, Secure360, FIRST... James: - At Shmoocon (with a cool surprise), then RSA (sad trombone) Ben: - N/A Matt: - behind the beard Wil: - Gave up, is a car dealer now Other LSD Writers: - huh? Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: My Voice Is My Passport, Verify Me Creative Commons license: BY-NC-SA
Episode 0x39 Auld Lang Syne The Syrian Liberation Army would like to thank Liquidmatrix for their use of Skype. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Unencrypted Windows Error Crash Reports a Treasure for NSA RSA gave it (Dual EC DRBG) up to the NSA (also turns out Dual EC DRBG was always key escrow) Cash machines robbed with infected USB sticks Breaches Target get's p0wnied ...and so do their customers The Doctor Who website (also known as the BeeBeeCee) was allegedly hacked Snapchat infoleak WaPo gets hacked... again (and the last was again) Skype social media presence get's hacked OpenSSL defaced DERP The Danes aren't nice to hackers RSA's lame denial of their NSA involvement Mailbag Happy new year LM crew! Did you watch the 30c3 keynote by Jacob Applebaum or read the piece in Der Spiegel? I'm honestly not sure how to reconcile this with my view of how I thought the infosec world worked. Should I start drinking? Turns out I'm not paranoid guy Briefly -- NO ARGUING OR DISCUSSION ALLOWED Seiki 39" 3840x2160 (@30Hz) JUST DO IT. GitHub implements Forward Secrecy How to block Java payloads properly Flash Proxies for TOR Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Hiding from the Ice Storm James: - Shmoocon, RSA, not sure past that... Ben: - Hiding from Dave Matt: - Texas. 'Nuff said. AppSec California, RSA Wil: - Texas North. (aka Calgary) Other LSD Writers: - New Orleans. Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Happy birthday Alex Hutton, we hope your unicorn birthday wishes come true Creative Commons license: BY-NC-SA
Episode 0x38 Dreidel Turkey Dreidel Peter Mackay!!! Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team. Upcoming this week... Lots of News Breaches, anti-derps!! It's Chanukah!!! and many turkeys are now dead And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Someone's been MiTMing the internets... Bruce Schnier thinks Ars Technica had an okay write up about it... And more reporting on Renesys's original research on it. (and a little more) Japan is awesome, told NSA no thanks because it believed the request was illegal Canada's Bill C-13 is a Trojan Horse (and Michael Geist weighs in too) (and the Ontario privacy commissioner does comment on it) Breaches Health Canada doesn't understand privacy (and the bad things start happen) Clearport Mercantile exchange (and the 450,000 daily contracts they process) got p0wned EU is not good with the Wifi Anti-derps Anti-DERP - Diffie is awesome! so is newegg (but sadly the lost - which sucks) Anti-DERP - konami button press sequence is not a hack (it's a metaphor) Anti-DERP - Mom takes on revenge porn site, a creepy hacker and Anonymous to the rescue Mailbag Hi Guys: 0x37 was good -- thanks! During recording the podcast one of youse (Ben?) wanted to determine the version of Silverlight installed on a browser. I make Rapid7's browserscan the home page for all of my browsers. It displays a nice list of the plugins currently installed & enabled in your browser. The list includes the plugin's installed version, the currently available version and -- when appropriate -- a Red Download Button in case you want to download the latest version. cheers, Mark Rapid 7's Browserscan Qualys Briefly -- NO ARGUING OR DISCUSSION ALLOWED Amber Baldet's DefCon 21 talk on Suicide Risk Assesment and Intervention Tactics. Dan Geer speaks more wisdom... go read it now Awesome hack - private LCD BIPS suffers Bitcoin heist Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Bluehat and Hushcon to close out the year. James: - Chicago, we think Ben: - nowhere in particular Matt: - Turkey coma Wil: - On location. He's looking for representation so get him while he's still cute... Other LSD Writers: - MIA Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Tell Peter Mackay everything Creative Commons license: BY-NC-SA
Episode 0x37 Two Guys !HTML It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary GitHub undergoing a massive automated brute force attack GitHub blog post announcement Police set poor example by paying $750 CryptoLocker ransom China get's more with the censorship Silverlight users beware (That means you Netflix watchers) Breaches Cupid Media dating website exposes 42 million plaintext passwords Krebs reporting on it. Dave Maclure's email gets breached SCADA / Cyber, cyber... etc FBI says the .gov has been breached lots Stuxnet's twin DERP Jeremy Hammond gets nailed with a 10 year sentence LG Smart TVs logging USB filenames and viewing info to LG servers Idiot steals NATO data to prove a point - goes to jail Mailbag / Deep Dive Dear Liquidmatrix Why won't they PATCH THE VULNS!!!!???? So many vulns!!!! unpatched vulns survivor Briefly -- NO ARGUING OR DISCUSSION ALLOWED Hacker Opsec Go Dave Kennedy Go! Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - At a Chiropracter near you! James: - In the United States Ben: - Cyloning Matt: - Possibly Seattle soon and AppSec California Wil: - Acting! Other LSD Writers: - What's that again? Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Rob Ford is my homeboy Creative Commons license: BY-NC-SA
Episode 0x36 Which part of WEEKLY is this? There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Homeland Security Has to Explain Why and When It Can Kill Cell Networks GitHub DERPS Are Why We Can't Have Nice Things Cyber-arms dealer APT APT APT (fun stuff about cve-2013-3906) Toyota's killer firmware: Bad design and its consequences Obligatory Rob Ford Story... Hacker Destructo Needed. SCADA / Cyber, cyber... etc More Stuxnet CyberDerping. FBI Posts Bad Craigslist Casual Encounters Ad DERP Enabling the Snowdens? Users like you and me (or, at least, people who work at the NSA) Humblebraging is still not cool... MacRumors attacker says "Relax guys" Mailbag Friend of the show @JimmyVo asks: @myrcurial Definitely beyond 140 chr answer but how would you train up SIEM/SOC analysts? The Liquidmatrix Crew respondeth thusly:DO THESE THINGS. Briefly -- NO ARGUING OR DISCUSSION ALLOWED ErrataRob's isowall Google Inactive Account Manager WhiteHat Hiring A Ruby Dev Why Korea uses internet exploder Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - In the YYZ Air Canada lounge. James: - Probably no where until Shmoocon. Ben: - Dancing on the ceiling. Matt: - Hiding behind a beard. AppSec trip canceled :( Wil: - On stage, probably acting, or probably in one of his drunken stupors. Other LSD Writers: - Someone forgot to feed them. Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Skype is teh suck. Scotch saveth thee. Creative Commons license: BY-NC-SA
Episode 0x35 Halloween! We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy. Upcoming this week... Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Breaches - the BIG one Snowden says "You're all owned"... basically. NSA is inside Google and Yahoo datacenters worldwide. How to Get Ahead at the NSA - What the NSA can and can not spy on. Google in 2010 on China and surveillance Canadians sue their own government over domestic spying SCADA / Cyber, cyber... etc DRAFT Guidelines for Smart Grid Cybersecurity DERP LinkedIn Intro: Data, Meet Security Issues Mailbag The Cybersecurity Industry is Hiring, But Young People Aren't Interested Briefly -- NO ARGUING OR DISCUSSION ALLOWED Halloween idea: biometric breaking face makeup using CV Dazzle. University student asks Nicholas Percoco to perform a "Personal Pen-test" and is blown away by what is found out. Ben to @JimmyVo you are dead to me Lavabit and Silent Circle try to fix email Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Where ISN'T Dave? James: - Hackfest! Ben: - Will come out in the spring - infosec bear! Matt: - AppSecUSA in November Wil: - Going as his defeated sense of "self worth" for halloween. It's a pretty lame costume. Other LSD Writers: - We're not sure - with new found fame, Chris Sistrunk isn't talking to us anymore Advertising - pay the bills... Hackfest registration is open BSides Jackson (Mississippi) Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I'm not available anymore, because Texas. Please leave your message at the tone. Creative Commons license: BY-NC-SA
Episode 0x34 Just the two of us Another week, another attempt at a full house for the show. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary CryptoSeal VPN shuts down rather than give up crypto keys to NSA Court order is an inside attacker Breaches Hacker stole $100,000 from Users of California based ISP using SQL Injection Premptive Breach: Complete Persistent Compromise of NETGEAR, D-Link and Tenda (But not Dick Cheney) SCADA / Cyber, cyber... etc Bug Hunters find 25 ICS SCADA vulnerabilities DERP Bluetooth sniffing Verizon Experian sold consumer data to id theft service Mailbag I really loved your live session at SecTor! You guys are all so dreamy! - Alex Hutton Briefly -- NO ARGUING OR DISCUSSION ALLOWED A graphical explanation of Rijndael (warning Shockwave) "Call yourself a hacker and lose your 4th amendment rights" - Not entirely true but definitely worth the read Liquidmatrix Staff Projects -- The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - will be playing another round of where's Waldo / Carmen Sandiego Matt: - LASCON This Friday 10/25, OWASP AppSecUSA in November James: - Hackfest in November Advertising - pay the bills... Hackfest registration is open BsidesJackson (Mississippi) Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Random Kids in the Hall Clip Creative Commons license: BY-NC-SA
Episode 0x33 Liquidmatrix Live at SecTor 2013 In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time! Upcoming this week... We didn't even bother with show notes. Seriously. Just listen, it's good stuff. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending HITB Malaysia, Deepsec in Austria. And finally speaking at Hackfest in Quebec City. James: - Speaking at Hackfest. Ben: - Hanging out with his other toaster friends Matt: - Glossy eyed boy in love Wil: - Hacking banks across state lines Other LSD Writers: - wait? There are other writers? Advertising - pay the bills... Hackfest registration is open Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode 0x32 Getting the Band Together? Another week, another attempt at a full house for the show. Upcoming this week... Lots of News non-infosec stuff Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary SilkRoad seized. Dread Pirate Roberts arrested. Tor hidden service de-anonymised? Silent Circle moves away from NIST approved ciphers Sometimes, 7 milliseconds is REALLY important Breaches ALL THE BREACHES!!!! SCADA / Cyber, cyber... etc UK gets the cybers DERP John McAfee copies Occupy.here and TOR Cyber warrior crush! Mailbag Hi I'm a middle aged infosec dude who's hit a slump in his career and thinking about going to the USA to pursue infosec awesomeness. I'm torn between good beer, healthcare and no republicans vs the possibility of all the cyber I could ever want. Help me please, I need advice!!! PJ McGuff, Ontario Briefly -- NO ARGUING OR DISCUSSION ALLOWED Whistleblowers and the Crypto-Anarchist Underground: An Interview with Andy Greenberg ESXi 5.5 drops limits on RAM and Physical CPU 101 Free Tools for VMWare Administrators An awkward hug for our own Mr Arlen Old people make riskier and more inconsistent decisions Bittorrent chat! Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City. James: - Speaking at SecTor and Hackfest, Panelist at SecTor (twice), and speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Trying to cut weight before new headshots, but will be at SecTor. Other LSD Writers: - wait? There are other writers? Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Random Kids in the Hall Clip - French Canadian Trappers Creative Commons license: BY-NC-SA
Episode -- SB005 CON FLU! CON FLU! It's awesome. Dave has it. Teehee. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs -- NO NEWS THIS WEEK HOST Has An Opinion Go to DerbyCon Parting Notes -- a few one-liners... Also go to SecTor next week. And bSidesTO this weekend. Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other. James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice) Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... And will be speaking at SecTor Wil: - Getting playa out of his areas... But will be at SecTor Other LSD Writers: - Wait... there are "writers"? What deviousness is this? Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! SecTor 2013 Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode -- SB004 With Dave Away Minions Play Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner Charlatan hijacks iPhone 5S fingerprint hack contest, fools press CCC uses traditional biometric smackdown techniques - and wins. From the annals of Schneier: Google knows passwords RSA to customers: Trust not the encryptions HOST Has An Opinion Focusing on the wrong thing. Parting Notes -- a few one-liners... Turing machine in Excel Did you know that there's a new Microsoft Surface? Do you care? Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice) Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... And will be speaking at SecTor Wil: - Getting playa out of his areas... But will be at SecTor Other LSD Writers: - Wait... there are "writers"? What deviousness is this? Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! SecTor 2013 Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode 0x31 Tinfoil Hats for EVERYONE Short paragraph containing introductory material and a thanks to listeners (if reasonable) Upcoming this week... Lots of News Paranoia / NSA SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Fingerprints as passwords: New iPhone Touch ID Skipping Ben's turn because he's really impressed about upcoming stories. Certification WTF: Payment Card Industry Professional (PCIP) WordPress < 3.6.1 PHP Object Injection Paranoia / NSA -- AKA "The BIG Breech of 2013" The NSA is a customer of VUPEN NIST says maybe don't use the ECC random bit thingie Wireless firms agree to give Ottawa ability to monitor calls, phone data No telco ever challenged NSA data collection New NSA Leak Shows MITM Attacks Against Major Internet Services EZpass is tracking you NSA Hacks Belgium NSA slurped bank records and credit card data Canada handed over control of crypto standard setting to the NSA NSA phone program is all legit FISA courts joining the FOIA party late SCADA / Cyber, cyber... etc Today Cyber means War but back in the 1990s... Hacker Group in China linked to big cyber-attacks Brazil and Argentina make a cyber pinkie pact DERP Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety' Twitter does link scraping PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust. Mailbag and/or Deep Dive Hey LSD-P I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them. Nervously,Your Friend Briefly -- NO ARGUING OR DISCUSSION ALLOWED Crypthook ShmooCon CFP - Pay attention to the Proceedings Binary Risk Assessment FreedomBox The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti MOV is turing complete Meredith Patterson at 28c3 - The language of insecurity SimpleRisk: Enterprise Risk Management Simplified Browser fuzzing: introducing bamboo.js Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice) Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... And will be speaking at SecTor Wil: - Getting playa out of his areas... But will be at SecTor Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! SecTor 2013 Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: oh jeremiah!!! Creative Commons license: BY-NC-SA
Episode -- SB003 Thrice is NICE Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Argentina arrests teen hacker who netted $50,000 a month NSA gets data from Germany’s domestic security agency - reports HOST Has An Opinion Exam Protection. Really. CISSP issues. :) because Dave can't talk about it Parting Notes -- a few one-liners... Firewall Management Essentials: Change Management The end of kindness: Weev and the cult of the angry young man The Road Warrior's Lament: In Search Of The Perfect Carry-On Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Speaking at Deepsec in Austria and maybe bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode -- SB002 Twice is Nice Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Vulnerability bureaucracy: Unchanged after 12 years Crypto prof asked to remove NSA-related blog post ZMap: Fast Internet-wide Scanning and Its Security Applications (22nd USENIX Security Symposium) Downloading ZMap Dave Has An Opinion It's time to plan to fail. Parting Notes -- a few one-liners... Republic of India has published all of their standards, including Infosec... and ISO 27000 series - for FREE Safe and Secure Online - Internet Safety for Kids from (ISC)^2 Installing Dropbox? Prepare to lose ASLR. "Here Be Dragons", Keeping Kids Safe Online Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Derbycon, HITB Malaysia and bsidesTOspeaking at Security Congress in Chicago, Deepsec in Austria. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode 0x30 Getting the band back together... Because you know, it *IS* a weekly podcast afterall. Upcoming this week... Lots of News Kittens SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary TOR crypto might not be all that CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities Canadian Universities Navigate Learning Curve for New Copyright Rules SCADA / Cyber, cyber... etc Speculation on Bullrun (more NSA funtime) Zee germans say the NSAs can hack our berries and iThingies DERP Parallels pulls head into ass and just keeps pulling HP laptops comes with built in audio eavesdropping feature Mailbag Hi LSD People I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"? Thanks, Naked Computer Nerd Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas? Briefly -- NO ARGUING OR DISCUSSION ALLOWED Watch this video of a "drone's eye view" of Burning Man and look for Wintr MDM for free yaknow. Don't succumb to security nihlism Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... he's appearing in the materimonial chamber Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding Creative Commons license: BY-NC-SA
Episode SB001 Something New Is Tried Be gentle, this "security briefing" is a new format. Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week. Starting off this week... News news news... And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Microsoft and Google to sue over US surveillance requests An IT Flaw Has Let Unauthorized Users Exploit Army PCs for Years UK asked N.Y. Times to destroy Snowden material Unpatched Mac bug gives attackers “super user” status by going back in time Parting Notes -- NIST releases draft of security framework Akamai gets FedRAMP approval Innovation And The Law Of Unintended Consequences Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: Dave will be attending Security Congress, in Chicago then on a plane to Derbycon, HITB in Malaysia, Deepsec in Austria and Hackfest in Quebec City. James will be speaking at Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor. Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 In Closing Word of the Week -- cyberrrrific everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode 0x2F things happen Anyone else think that it would be nice if life had a bit of regularity? Upcoming this week... Lots of News Kittens Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe... Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit Hitting The Panic Button Breaches wifi baby monitors a bit hackable (surprise!!!!) Visa's alert of possible data breach impacts Rivermark Credit Union members SCADA / Cyber, cyber... etc US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again) DERP Source: New York Times Website Hit by Cyber Attack IAB urges people to stop “Mozilla from hijacking the Internet” Mailbag Noob Advice? I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available. Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government. If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience? Or would remaining a civilian throughout school present me with more opportunities? -Shane Non-Noob Response The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector. Dave Kennedy - SET, TrustedSec, Derbycon, Awesome Briefly -- NO ARGUING OR DISCUSSION ALLOWED Stay tuned for "The Myrcurial Fund" PoC||GTFO Hacking mifare cards Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor. Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 In Closing Word of the Week -- cyber-spatula Movie Review -- The Nutty Professor 2 everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it... Creative Commons license: BY-NC-SA
Episode 0x2D Nobody loves us. It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train. Upcoming this week... Lots of News Kittens Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will NOT be a DEEP DIVE And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary The web is a bad bad place SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact) The Future of Civil Disobedience Online OECD complaint against finfisher The personal side of taking on the NSA: emerging smears Breaches Facebook exposes itself Opera's breach lady sings 47k student teachers in Florida exposed SCADA / Cyber, cyber... etc So you want to be a CIP consultant. Australia decides not to be American DERP South Korea misidentifies China as cyberattack origin Mailbag Hi, Greetings! Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns? Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address. If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details. Best Regards, Linda Lead Generation Briefly -- NO ARGUING OR DISCUSSION ALLOWED Burp trips and tricks PDF Cyanogen mod gets secure messaging Running a Hackerspace Raspberry Pi bot tracks hacker posts to vacuum up passwords and more MITM via PPTP Hacking monopoly Pentagon's failed flash drive ban policy: A lesson for every CIO Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here. Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute. everyday is CTF! go set up a team Hackfest registration is open Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Seacrest Says: Good night Kitten Creative Commons license: BY-NC-SA
Episode 0x2C This is the 49th time! All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be a DEEP DIVE And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary OWASP Top 10 for 2013 is out What the NSA doesn’t have: iMessages and FaceTime chats Woz: This is not my America This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes) NSA leaks hint Microsoft may have lied about Skype security Breaches Head of U.S. Nuclear Security Agency hacked by "Guccifer" SCADA / Cyber, cyber... etc @c7five tweets on Cyberwar US FDA calls on medical device makers to focus on cybersecurity Trove of medical devices found to have password problems DERP Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread) TSA agent tells teen to 'cover herself' Sys-admin selfies courtesy of The Grugq Mailbag I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay. Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now? Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful. Anonymous By Request The Deep Dive -- SETEC ASTRONOMY We Should All Have Something To Hide Briefly -- NO ARGUING OR DISCUSSION ALLOWED Disconnect raises 3.5mil Pimp My Own Matt - Doing a webinar 6/20 CycleOverRide - Security Nerds on Wheels Sixth Annual Movie-Plot Threat Contest Semifinalists Hardvard Business Review talks infosec I'm hiring Loon How to make The Internet (from The IT Crowd) Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Double ROT13 is NSA proof Creative Commons license: BY-NC-SA
Episode 0x2B -- Or !2b Nothin that we can't fix Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be a DEEP DIVE And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Microsoft seizes malware search domains Jude says child porn suspect does not need to decrypt his files... Or maybe yes he does. The Chinese hack Israel Hetzner web hosting service hacked Breaches / Cyber / DERP Wired says NSA is on all Verizon calls Meet PRISM and 9 big internet companies EFF's handy timeline Tech Companies Concede to Surveillance Program Boundless Informant: the NSA's secret tool to track global surveillance data Director of National Intelligence declassifies PRISM info to clear up 'inaccuracies' Why Canadians Should Be Demanding Answers About Secret Surveillance Programs It's in Canada too - Data-collection program got green light from MacKay in 2011 Whistleblower / future rendition candidate Why Prism kills Cloud (wow, wtf is wrong w/ people) More Links Briefly - NO ARGUING OR DISCUSSION ALLOWED Google Upping their XSS Bounty on a few key domains. $7,500 Let's all weigh in on how these thugs are steeling cars... Modern IE - browsers + HTML = weirdness Bradley Manning trial transcripts Using lotsa data to make web apps secure No security without maturity O Hai - I haz new job Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave will be speaking at SC Congress Toronto and attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Movie Review Enemy of the State everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Hi NSA, I didn't mean all those things I said about you in private Creative Commons license: BY-NC-SA
Episode 0x2A -- Happy One Year Later And we still suck at scheduling Despite efforts to the contrary... we're still not good at this. We should be getting better. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be a DEEP DIVE And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary IE 10 Most Secure Browser according to NSS Labs ....Really? Privacy commissioner baffled about gas plant emails Google says 7 days! The Canadian Government's Embarrassing Opposition to Security Breach Disclosure Legislation (actual details on the opposition) Breaches Drupal France learns e-voting is Haaarrdddd SCADA / Cyber, cyber... etc BBC: Smart meters need to be harder to hack, experts say China blamed after ASIO blueprints stolen in major cyber attack on Canberra HQ Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies DERP Woman Brags About Hitting Cyclist, Discovers Police Also Use Twitter (a hurr durr) Twitter is evil!!! Paypal bounty program FAIL Mailbag So I was listening to 0x29 and a thought came to me during the part about Moxie and the line that the Saudi recruiter used on him which was the standard refrain of: "You either stand with us, or you stand with the terrorists!" Or "You either stand for surveillance or you stand with the child pornographers." Can we not just turn that on its head using their own logic and say: "You either stand for privacy and security or you stand with the human rights abusers." Since the people pushing the big brother agenda only chose to use black and white in their pictures of the world, what happens when the colours are reversed? Bob The Deep Dive The Case For A Government Bug Bounty Program Briefly - NO ARGUING OR DISCUSSION ALLOWED Facebook Bug Bounty 4500.. Blackhats say worth $800k Google forbids facial recognition in Google Glass for privacy reasons Wintersmith - another static site generator The global cyber game Lahana!!! Getting started with login verification (Twitter 2FA) Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave will be speaking at SC Congress Toronto and attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Movie Review -- GoldenEye: The answer is always send a SPIKE everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I can't say Z properly Creative Commons license: BY-NC-SA
Episode 0x29 -- Not just CrO2, but now with Dolby Does anyone read show notes? So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. But there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Microsoft YouTube app DERP Bang with Friends Facebook glitch APPLE MULTIFACTOR FOR TEH CANADAZ!!!!! PayPal Exec vows to go thermonuclear on passwords. Data breach leads to lots of many Privacy Breach on Bloomberg’s Data Terminals Breaches In Hours, Thieves Took $45 Million in A.T.M. Scheme (also covered by Ars) (and the krebs) Name.com got p0wned SCADA / Cyber, cyber... etc The police need an app for that DERP Saudi's tried to hire Moxie to spy on their citizens mobile app traffic Briefly - NO ARGUING OR DISCUSSION ALLOWED Troy Hunt on Clickjacking Interesting note from David Seah on Procrastination. Mainframes can be hacked and backdoored Why certificate revocation doesn't work Cory Doctrow talking about freedom, society, computers and the internet Cmdr. Hadfield bids adieu to ISS with “Space Oddity” cover. Government subpoenas, obtains wide set of AP phone records in investigation Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON, Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Movie Review Big: All about authentication and authorization when biometrics won't work anymore. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: This is ground control to Major Seacrest... Creative Commons license: BY-NC-SA
Episode 0x28 -- For Reals... it's here. I SAID it's a weekly podcast Life gets in the way of art. There's five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We're trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be a DEEP DIVE But there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Stonesoft bought by McAfee/Intel How I got here: Hoff Thotcon / BSidesChicago - Jericho says I did a good job Is the U.S. Government Recording and Saving All Domestic Telephone Calls? Systems manager arrested for hacking former employer's network Breaches Study: Utah Health Breach Could Approach $406M The Onion Hacked by Syrians and the Onion responds 1 million dollars (Kreb's said "cyberheist" drink!) SCADA / Cyber, cyber... etc Many MANY sources: Your inability to understand Google Earth is entertaining DERP This time, the DERP is on us. With five schedules spread across 3 time zones and about 12 different jobs (not including parenting)... the Liquidmatrix Crew takes the DERP of the week. We promise we will attempt to get back on ye olde horse. Although it may be in the form of us no longer trying to have all hands on deck. What say you dear listener? Hide a bitcoin miner in your code vendor just called me, offered "a great solution for cyber defense by securing end points using DoD standards" #salesFail Mailbag / Bizarro Land Hey, I'm stupid busy at work. Can't keep up. People know where I sit. The email. The phone calls. I'm trying to use the damn bathroom now. Please help? SRSLYBizzay Secpro DEEP DIVING - Productivity In The Security Hotseat Interupt driven lifestyle for the win? Rage Quit Plan to be interupted - get in earlier or stay later than most of your co-workers Use a trick to determine how much productive time you have (Carmack and his CD player) Arrange a "cover" for the day Emergent Time Planner & Task Order Up kanban Trello (free) Lean Kit (not Free) Atlassian (jira) Greenhopper ($) Time Management for System Administrators Trusted Systems "Heroes are Zeroes" - Identify and Manage Failure to document makes you a team liability Briefly - NO ARGUING OR DISCUSSION ALLOWED Notch says practice your typing skills Cyber Observable Expression from MITRE OpenBSD 5.3 Released. Teacher 'powerless' to stop ex-girlfriend's cyberstalking Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON (AMFYOYO), Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. In Closing Movie Review Terminator 2: All your PINs belong in my Atari handheld HSM everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: She sells sea shells on the sea shore. Creative Commons license: BY-NC-SA
Episode 0x27 -- Wednesday is the new Monday It's the podcast that never ends We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be no DEEP DIVE -- our SCUBA gear is in the shop But there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Kim Jong Un needs a snickers!!! Linksys Routers Screwed Bitcoin dDoS destroy world economy... nah (also bitcoin social engineering) (and skype bitcoin mining malware bot) Security BSides - Rochester Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight. DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages Breaches Vudu resets user passwords after hard drives lost in office burglary SCADA / Cyber, cyber... etc NIST CyberSecurity Framework Recordings Anonymous hacks DPRNK Twitter and Flickr Anonymous launches massive cyber assault on Israel Israel says: "Anonymous doesn't have the skills to damage the country's vital infrastructure" And fixes things up so that Anonymous' C&C plays "Hatikvah" USAF designates some of their software as CYBERWEAPONS Apparently there are CYBER-WEAPONS in the Korean Conflict Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus DERP Papa, m'entends tu? French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation. IRS Doesn’t Deny Snooping Emails Without A Warrant Dongle-gate - this makes it so much clearer Mailbag / Bizarro Land Subject:OMG, Arlen was right... I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it... IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997! I take it back. Anything coded in 1997 would be faster than Blackboard is today. Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less... suck? Thanks,-Jim Briefly - NO ARGUING OR DISCUSSION ALLOWED Deutsche Telecom SOC big board Ingress - check it out Non-SSL active content on SSL pages is blocked by default in FireFox 18 Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel. In Closing Movie Review Die Hard 4 - It's a blast. Seriously. Quick, there's a fire sale. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I have no mouth with which to scream Creative Commons license: BY-NC-SA
Episode 0x26 -- The First Rule... Ministry of Information Bulletin: Liquidmatrix is a weekly podcast. While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results. Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary To hack back or to not hack back The Grugg on Opsec for Hackers (how not get p0wned while p0wning) The dDoS to end all dDosssses that almost broke the ENTIRE internet, then again maybe not, but maybe sorta it did Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN'T HAVE IT. FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013 SCADA / Cyber, cyber... etc DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks FERC U MAD BRO ???? (PDF) Cyber Divers take Egypt offline (except it might have been a ship's anchor) First time that it looks like actual details were stolen The Reality of Attribution about Cyber Attacks Cyber Security: The Digital Arms Trade Cyber RFI for the Space Race Fukushima Cooling Knocked Offline By... a Rat... that ended badly DERP Security hole allows anyone to reset an Apple ID with email and DOB Mailbag / Bizarro Land My official statement of begging for getting onto the Vegas party list. Thank you for your consideration. Kris Hello! Any chance I can get a couple of tickets to the party? I'm an infosec "professional" from Vancouver BC. I've met some of you guys at various cons, Hope, Defcon, Derbycon. thanks! Kevin The Deep Dive - Security Awareness Training Is Bruce ALWAYS right? Briefly - NO ARGUING OR DISCUSSION ALLOWED Is OwnCloud Good Enough? Monitoring for humans Pimp myself - Top 10 Web Hacks Attempted child abduction thwarted when girl asks stranger for code word Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review: Wargames everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: "I kinda really wanted to jump in and slam him!" Creative Commons license: BY-NC-SA
Episode 0x25 -- The one with ALL the cybers We're not sure why this keeps happening. As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Krebs gets whacked And does some digging Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 - so another reason to stop using it) Hacked retailers up in arms over $13 million 'fine', Visa lands up in court It's Kali Time MCMC probes The Malaysian Insider over spyware story The Breach Report Second Factor FTW Philippines National Telecom Commission Defaced by Anon CCTV hack wins gamblers $33*10^6 (cue Ocean's 11/12/13) SCADA / Cyber, cyber... etc You Say: Cyber. I Say: Unsubscribe North Korea restores Internet access, blames US hackers Queensland police to use surveillance drones to combat crime ahead of G20 conference Federal Judge Finds National Security Letters Unconstitutional, Bans Them NERC 2012 Annual Report (pdf) Medical device hacking: The 6 lines of code that could bring down a hospital US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine U.S. Demands China Crack Down on Cyberattacks Who’s Really Attacking Your ICS Devices? DERP EC-Council goes off the deep end Mailbag / Bizarro Land Question: Anyway, anyway, guys guys guys, come on. I'm in this computer, right. So I'm looking around, looking around, you know, throwing commands at it, I don't know where it is or what it does or anything. It's like, it's like choice, it's just beautiful, okay. Like four hours I'm just messing around in there. Finally I figure out, that it's a bank. Right, okay wait, okay, so it's a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street. That was me. That was me. I did that. Answer: What are you, stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything? The Deep Dive - Security Research and the Law Internet troll “weev” sentenced to 41 months for AT&T/iPad hack. Briefly - NO ARGUING OR DISCUSSION ALLOWED The Matrix in less than 600 bytes of JavaScript Branching breach impact model Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman) Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads. Microsoft to push Windows 7 Service Pack 1 to users starting March 19 Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review Hackers everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Dave says "screw you Cogeco" Creative Commons license: BY-NC-SA
Episode 0x24 -- The Robot Uprising You'd think those worthless meatbag humans would be more respectful. It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Pwn2Own: IE, Firefox, Chrome and Java go down ...and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben! Indian .gov puts bounty on botnet takedown China's internet backbone will have security features (also censorship) (SAVA) How Facebook Prepared to Be Hacked Having the MD5 hash of "123456" is probably not the best way to store passwords in your publicly searchable code on github... /via Thierry Zoller. (also don't put your twitter oauth keys in github) International Womens' Day - Don't forget Admiral Grace Freeze All The Robots: Put Android ICS in the freezer to break crypto Harvard sneaks through 16 Deans' email Deja vote: Iran blocks VPN use ahead of elections The Breach Report Another bitcoin exchange gets p0wned Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out) Pakistan .gov gets hacked SCADA / Cyber, cyber... etc Metasploit releases exploit module for Honeywell ICS that has a patch available Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be "Managed" Away US Military Advisory Panel Says Nuke a Cyber Attacker Reasons to depend on Kaspersky for ICS/SCADA operating systems -- EXCELLENT IPv6 STACKS BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO Cyberwar: you lack imagination DERP TELUS releases qualitive security survey (pdf link) - completely ignores science, math and proper research Survival of the fittest: Some data-breach victims can't be helped - but they enjoy reacharounds China points at USA and cries "you're stinky and mean" Mailbag / Bizarro Land Dear Dudes of the Liquid I found a vuln when I was browsing a company's website with w3af? Should I report it? Yimmy, Warsaw Briefly - NO ARGUING OR DISCUSSION ALLOWED From Space Rogue - The Infinite Daft Loop - productivity in a can Play Donkey Kong as the Princess Browser sec Tripwire aquires nCircle Click to play!!!! Microsoft preps UPDATE EVERYTHING patch batch Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review Moon (it's all about clones - BTW spoiler alert) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: "Here's to a hoopy frood who really knew where his towel was." RIP Douglas Adams Creative Commons license: BY-NC-SA
Episode 0x23 -- Post RSA Actual News Recovery takes time. There has not been enough time. There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep. You might want to stay until the end of the show to hear about a CONTEST and something even cooler... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Miniduke is older than we thought (Miniduke tells time in China) Cloudflare dDoS post mortem Google services should not require real names: Vint Cerf Oracle Issues Emergency Java Update Wireless brain sensor pack. Future - here we come! The Lightning Digital AV Adapter Surprise When will we trust robots? The Breach Report Evernote Security Notice: Service-wide Password Reset Evernote hacked: Emails, encrypted passwords stolen But it's ok, there will be 2 factor auth someday Critics say Evernote breach was avoidable. Envelopes mailed to 26k retired government employees in N.C. exposes SSNs Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary City of Owen Sound websites offline due to porn hack SCADA / Cyber, cyber... etc Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA) NEWS TO NO ONE: SANS SCADA and Process Control Security Survey - the state of the industry is discouraging Recent 10-Ks mentioning "cyber" incidents Canadian Anti-hacking agency slow to learn about Chinese cyberattack Symantec: work on Stuxnet worm started two years earlier than first thought SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure DERP Jailed hacker allowed into IT class, hacks prison computers Nearly Every NYC Crime Involves Cyber, Says Manhattan DA Mailbag / Bizarro Land Dearest Son, Why do you people always talk about "the echo chamber"? What is the echo chamber for? Love, Mom Deep Dive - Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc Briefly - NO ARGUING OR DISCUSSION ALLOWED Recon 2013 CFP opened APT 1 goes back years There's a vuln in sudo (yes, that sudo) Quick and dirty pcap slicing with tshark and friends Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- More news to follow The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing RIP Stompin' Tom We'll leave a light on. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: I'm drinking beer at HouSec bitches! Creative Commons license: BY-NC-SA
Episode 0x22 -- RSA is almost over... Yes, we all survived, but RSAConflu hurts So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over. For this week's special episode... Stupid Vendor tricks BSidesSF + harrassment Buzzword Bingo Speed Dating We Lost I've got 99 problems and Rich ain't one Brian "CyberPotato" Honan And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: No Notes due to SPECIAL REASONS Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review: No Review everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: I came for the booth babes and stayed for the bacon licking. Creative Commons license: BY-NC-SA
Episode 0x21 -- In which we prepare for RSA Are you ready for RSA? Packed 500 business cards and a spare liver? There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook unlikes being hacked (Ars Technica) (The Atlantic Wire) (NYT) (BH Consulting) (IBI Times) (Apple too) (watering hole located) Dutch MP fined for hacking medical system NASA makes an oopsy with its software update Kaspersky says "Trust us, we're good with software" McAfee responds to criticism of AV industry with OpsFail Telecom NZ cancels 60k Yahoo Xtra passwords amid attack Exclusive: The Burger King and Jeep Hacker Is Probably This DJ From New England Obama says share!!! The Breach Report Mandiant. That is all. Burger King twitter gets hacked SCADA / Cyber, cyber... etc Electricity Market 101 - SCADA isn't just about the electricity Turns out all that airgapping was just theoretical Cyber Medals for Cyber Warriors DERP MTV fakes their twotter account being haxored Mailbag / Bizarro Land Hi, I just wondered if the Liquid Matrix team would be interested in commenting on the subject of Digital Forensics with Infrastruture-as-a-Service Cloud environments? .... Adam Robson Answer from the team: No Ben Rants Ben Loses His Mind. Also, would you like a cheap certificate? Briefly - NO ARGUING OR DISCUSSION ALLOWED Securosis RSA Guide - 2013 Edition HDCP is dead, really Ronin Punk Spider - a searchable reference for web app vulns Magazine article on Chinese online takedown services gets taken down RoboPlow RoboSurgeon (warning - super gross - avoid) Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: Ben, Matt James and Dave attending RSA. James and Dave speaking at RSA-e10+. James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Come find us at RSA! Movie Review: Live Free or Die Hard (and you thought it was just a cyberwarfare training video) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: Am I the only one that crapped my pants when I heard a meteor hit russia? Creative Commons license: BY-NC-SA
Episode 0x20 -- Can Dave count to 20? Special Bonus Episode! Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Password Dump stats for January 2013 and December for those curious LA Post serving Black Holes WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage) NIST 800-53 Rev4 is in Draft read it, comment on it. DHS declares 100 mile "4th Amendment Free" zone adjacent to US border Kaspersky update hoses Internet access for Windows XP users. Canadian Business Groups Lobby For Right To Install Spyware on Your Computer. The Everyday Agony of the Password Audacious Hack Exposes Bush Family Pix, E-Mail The Breach Report Bit9h got hacked!!!! SCADA / Cyber, cyber... etc Cyber Lobbists SCADA for the home players - turn the Belkin Wemo into a deathtrap Mailbag / Bizarro Land Hi LSD crew...just finished 0x1E again and again, well done! Many thanks. I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated. Cheers guysThomas Discussion - Keeping up with new technical developments Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...) Briefly - NO ARGUING OR DISCUSSION ALLOWED If you permit USB keyboards or mice, you're permitting exfiltration Log stash book!!! Payment Card Industry clears up confusion over cloud use. Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert) Not done yet: Oracle to ship revised Java fix on February 19 Jeremiah Grossman's Self Pwnage Another RoR SQLi vuln Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty) Creative Commons license: BY-NC-SA
Episode 0x1F -- The Confusing Part Starts NOW Can't wait till next week when Dave can start reading the episode numbers again! I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy! The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working? These are all questions that you dear listener can answer. Let us know at mailbag@liquidmatrix.org. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE RETURN OF THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary HTTPS everywhere for IE NYT hacked for 4 months (and WSJ and WaPo and Ha'aretz and and and) Symantec didn't help (gasp!) As Per Symantec, You need more than AV. (DERP) Tuesday is the 10th annual safer internet day Twitter got p0wned ("not the work of amateurs") Was the Superbowl Hacked? Entergy doesn't think so... And there's something to be said for resilient system design (Probably not) SCADA / Cyber, cyber... etc SANS gets some things very right and some very wrong - this is CIP 002 done WRONG Eric Byres weighs in on the "broken by design" issues in ICS/SCADA Hackers breach U.S. Energy Department networks Briefly - NO ARGUING OR DISCUSSION ALLOWED Postel's Principle needs modification. Good stuff. Go see Shotgun Parsers at Shmoocon Vuln Hub (not like github) - it's metasploitable and friends Security engineering book - free! Recon-ng (thanks /r/netsec) Kim Dotcom puts up 13,500 bounty for Mega John Melton's Year of security for Java (PDF) Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review SOMETHING everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: TOUCHDOWN. Something about Football. Creative Commons license: BY-NC-SA
Episode 0x1E -- Absenteeism Insert Subtitle Here With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end. Upcoming this week... Lots of News Breaches No Scadas, no Matt, No Jamie finishing it off with DERPs/Mailbag and Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary The RCMP says they have no intention of using their Drones for surveilance purposes. Rapid7 white-paper says 81 million descrete publicly routable addresses responded to UPnP poll, as recently as last year. Sony fined many many quid India bars ZTE, Huawei and others from sensitive government projects Govt Sites Hacked Following Arrest of Alleged Jember Hacker FBI going after potential leakers of Stuxnet info Breaches - The never ending never ending story... USSC.gov Hacked : pwned Hackers in China Attacked The New York Times for Last 4 Months Errata / DERP of the week award Barracuda!!!! More Fishy Mailbag / Bizarro Land Hi all, Just came across this crazy story.GitHub's new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it's not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user's account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub's search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile. Reddit Thread Keep up the good work! -- Graham Sutherland Briefly - NO ARGUING OR DISCUSSION ALLOWED Red teaming at a CCDC Honey Spider Whisper Systems' Spring Break of Code FTC Reaches Settlement Over Cord Blood Bank's Data Breach Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review Under The Tuscan Scan everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: vote SEACREST!!!!!... I mean LiquidMatrix Creative Commons license: BY-NC-SA
Episode 0x1D -- Oops, We Did It Again Sometimes, breaches happen to the nicest folks A PSA on TFA! TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn't tell my wife about it for a while because I thought that it would bring up the whole 'if you love me you'll share you password' argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well. Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I'll even use it on the train when I go to work, I don't care who sees me key in my OTP because I know TFA will keep me safe; it's a good feeling. Upcoming this week... Lots of News Breaches The SCADAs/ICS and Cyber finishing it off with DERPs/Mailbag and Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Bug Bounties! Pwn2own 2013 looking good Kimdotcom is back - Mega and encryption is haardddddd Another Java vuln confirmed the brits do some identity outsourcing Red October (Be very careful not to shoot the nuclear missiles) Student expelled for finding flaws in edu-software Blue Coat Caught Up In Global Surveillance Storm Again Canadian report on ethical hacking sidestepped Breaches - The never ending never ending story... Liquidmatrix branches out into Viagra...apparently The SCADAs/ICS and Cyber DHS to regulate medical device security More releases from the SCADA Strangelove folks Canada has a bad case of the Cybers Singapore Cybers You Back Endgame Systems is going to Bonesaw you US succumbs to sneakernet. Time to glue up your USB ports Errata / DERP of the week award ESPN wall of app shame Mailbag / Bizarro Land Gentlemen, Where did you guys get the term "Narcasistic vulnerability pimps"? Jonesy, GTA Link Briefly - NO ARGUING OR DISCUSSION ALLOWED Like garfield without garfield, it's Risk Unicorns without Alex Hutton!!! Webappsec Quiz! Whoops!! Bobby Tables! httpOnly cookie flag Stats Mikko gives you video tips on banking online Condoms and Castles Google Authenticator for Wordpress. Just sayin. HackDesign - good for your eyeballs Record number of British schoolkids participate in National Cypher Challenge (h/t to my Mom, seriously) TSA ends contract with Rapiscan, maker of full-body scanner Your Mac Keeps A Log Of All Your Downloads iGotYa leads to arrest Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review Mikko was on stage with Eugene at DLD 2013... did it get weird? Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "Al Roker pooped his pants. Seacrest Out!" http://www.vulture.com/2013/01/al-roker-pooped-his-pants-the-remix.html Creative Commons license: BY-NC-SA
Episode 0x1C -- The New Guy That's audio episode 29 out of us - and so it's time to go gracefully into our middle age with a new guy. We are pleased to announce that we're adding a new regular contributor to the Podcast - Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He's also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome - so make sure you tell him how awesome he really is -- @wintr on Twitter. Normally there is an opportunity for witty goofing about here. This week, I'm taking the time to soapbox for a moment. If you're not aware of Aaron Swartz, you should be. Unless you're listening to this podcast by going directly to the website and downloading, it's his spec that's running the RSS you're using. Also, everything else. Here's a few links to get you thinking. Boing Boing / Cory Doctorow The Nation / Rick Perlstein Quinn Norton Lawrence Lessig Summary posting on The Laughing Squid Upcoming this week... THE NEW GUY Lots of News Breaches The SCADAs/ICS and Cyber and then our discussion topic - Planning for staff turnover? finishing it off with DERPs/Mailbag and Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Under the Hood of DDoS attacks against banks Texas School Pupil who refused to wear RFID, loses appeal Disney Too! The Australians want to spy on us all Zeus Botmaster arrested Opsec for hackers by The Gruq Errors Mount at High-Speed Exchanges in New Year Thales DMCA takedown of manual Zero Day in Oracle Java 7 Petition on "We The People" US government site seeks to legitimise DDoS as a form of civil protest Akamai CSO Andy Ellis tweets... TSA Once Again Considering Using Commercial Data To Profile Passengers Hack turns the Cisco phone on your desk into a remote bugging device Breaches - The never ending never ending story... "Oops we did it again" Canadian .gov looses 538,000 records Vicurex didn't listen to the Ruby on Rails warning Indonesian President's Web Site Hacked by Jember Hacker Team Hacker group exposes corruption in universities The SCADAs/ICS and Cyber PDF LINK: Update on 3S Codesys Multiple Vulns PDF LINK: SpecView Directory Traversal PDF LINK: Roxwell Automation Controllogix Errata / DERP of the week award Nokia is MITM'ing users Oracle + Java vuln slow repair = WTF Mailbag / Bizarro Land Hi Guys: A good friend and CTO of a small oil & gas service firm has learned enough about infosec to be terrified. I blush to suggest I may have helped him along his journey. ;-) How about discussing how one locates & selects a pure fee-for-service consultancy to set a smallish firm on the straight & narrow? My friend's firm is well funded -- but myself, I have a prejudice against "big name" firms, so I will not be passing on any such recommendations to him. Thanks for the great podcast, Mark Sirs, I listen regularly and really enjoy your podcast and the insightful, intelligent, sober analysis you provide. I must disagree with your assessment, in episode 1B, of the New York Times article Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt." It seems your analysis fell victim to the standard industry response to the piece, which, summed up, amounted to "duh, so what?" I would like to respectfully submit that the value of the article isn't so much its content, but the fact that it appeared in the Business Section of the New York Times that landed on my doorstep. It has long been well known in the information security community that antivirus was less than effective, but the fact that the Times ran an article indicting the industry, and served it up to lay people across the globe is a fairly significant event. The article begins: "the antivirus industry has a dirty little secret: its products are often not very good at stopping viruses," but the moment the Times went to press that fact was no longer secret. This type of mainstream media analysis could spell real trouble for an industry that has been struggling to find relevance in the modern threat environment, and the fact that popular media is beginning to get on the AV-bashing bandwagon does not bode well for the future of your favorite yellow swirly products. The PHB's of the world may not listen to their security officers, but they probably read the New York Times, which can change financial decisions for a company in significant ways.Cheers, Justin C. K. K. Briefly - NO ARGUING OR DISCUSSION ALLOWED If you go back and listen carefully to the entire podcast, there's a SECOND podcast hidden in the silence. Automating Security for developers from Mozilla effective approaches on app sec from etsy twitter on automating app sec 5 more tough security questions (and tips on answering them) Windows 8 RT Jailbreak Remember Aaron Swartz Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review Silver Linings Playbook Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "goodbye Aaron, we're saddened by your passing, the world is a less brilliant place without you" International list of Suicide Hotlines For the rest of you - "depression is a flaw in chemistry not character" Creative Commons license: BY-NC-SA
Episode 0x1B -- Happy New Year, Start Yer Complaining NOW! That's audio episode 28 out of us - not too bad to start off the new year. PITHY COMMENTARY Upcoming this week... Lots of News Breaches The SCADAs/ICS and Cyber DERPs!!! and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it) And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Privacy czar tries to find web surveillance bill solution Los Alamos nuclear weapons lab removes Chinese tech over spying concerns Facebook bug: Reset anybody's password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your "friends" Rails Fail Whale (Sail, Mail, Hail) ..and boom Software maker faces jail for other people using his software malware author on sploit buying spree Another "WE HACKED YOUR FULL DISC ENCRYPTION" by having physical access to the device. No shit. Really? Same as in 2005 people - never sleep a FDE machine, always hibernate or poweroff. From NYTimes - "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt" Really? No shit. Hmmm. I hadn't thought of that. (h/t Securosis) Breaches - The never ending never ending story... Raj Musicals - 12000 SCMagazine (@SCMagazine) 2012-12-23 9:25 Here's a list of the top 8 breaches that took place in 2012. wiki.debian.org security breach Hacker at public works goes unnoticed Army says hacker got Fort Monmouth personal info The SCADAs/ICS and Cyber Industrial Control Systems Faced Nearly 200 Attacks: DHS Building a 21st Century Cyber Workforce Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs Secret Plan Aims to Defend Power Grid (Perfect Citizen) PDF LINK - Canada's National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond) CMaaS - Continuous Monitoring as a Service. WTF. ProfiNet fuzzer developed 29C3: SCADA Strangelove - an ICS talk with the wrong name on it. Good nonetheless Mailbag / Bizarro Land Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? - Mike, SC Briefly - NO ARGUING OR DISCUSSION ALLOWED 20+ best FREE security tools Yahoo DOM XSS Top 10 web hacking technique vote - 2012 Honeydrive! An off premise browser NTLM Challenge Response is completely broken A couple of University of Washington courses on Coursera - If I was carrying fewer courses this semester, I'd be on these two.If you're a grandfathered CRISC, you might want to take these to fulfill your CPE's for 2013! Information Security and Risk Management in Context and Building an Information Risk Management Toolkit From BSI - PAS555: Cyber Security Risk - Governance and Management Specification OSINT Tools - Recommendations from Subliminal Hacking Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don't know how I missed this on kickstarter. MIght just order one anyways. The Slow Data Movement The Process Myth And lastly... WTF. Eugene is #8 on Wired's list of the most dangerous people in the world? Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing Movie Review not a movie, but go read Wool and it's prequels Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And big news for next week, but it's still a secret. Seacrest Says: "INSERT SEACREST COMMENT HERE" Creative Commons license: BY-NC-SA
Episode 0x1A -- Happy Holidays Everyone Upcoming this week... SCREW THE NEWS!!!!!!! and then our discussion topic-- Predictions and Prognostication And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Discussion topic - Dave's Point of view(cough cough sputter germs) Ben Says...looking back... weaponized stuff, and the lack of it looking forward... good enough security leads us to more awesome projects like security onion The Intern opines on conferences, human resources and infosec Matt is in denial about... Jamie and I quoted in an article together! Hack all the toasters! Breaches!! 2012 Web Vuln Stats super crazy chicken pants. SQLi What?! Passwords suck! (Password Reset sucks harder!) Bug Bounty! (Yandex) James gets the last word... THE FUCKING SCADAS no he doesn't... Ben wants to say something In Closing Seacrest Says: You'll see my ball dropping in a week! Creative Commons license: BY-NC-SA
Episode 0x19 -- It's EARLY - and we like it! No Matt. But Ben does a great Matt impression. In mashed potatoes. It's another week in the wide wonderful world of Infosec. And every day feels like drinking from the firehose of Infosec Reactions. Seriously. Upcoming this week... Lots of News Breaches SCADAs DERPs!!! and then our discussion topic-- You Got Half A Budget Now What? And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News sh# sudo su Matt: "Appsec USA videos are out!" & makeMeASandwich Shylock know's when you RDP (also knows when you forgot to water the plants) Cyber-forensic-douches are getting ready to support the frivolous lawsuits that movie studios so love.Fortunately Michael Geist to the rescue. Real-World Cyber City Used To Train Cyber Warriors Do NOT Order -6 Futures On Swedish Stock Market (with less translation) Hardcoded Administrator Account Opens Backdoor Access To Samsung Printers The Secret to Iranian Drone Technology? Just Add Photoshop Syria: Internet and mobile communication 'cut off' Breaches - The never ending never ending story... Hackers break into IAEA servers, post data online HP says its products sold unknowingly to Syria by partner China Mafia-Style Hack Attack Drives California Firm to Brink Google Romania get's it's domain hijacked (the algerians are coming) - Paypal too The SCADAs Security Flaw Disclosure Debate Boils Over to SCADA Industry General Electric Pitches an Industrial Internet Errata / DERP of the week award BT gets authentication completely and utterly wrong Microsoft Security Essentials loses it's aV card Mailbag / Bizarro Land No one sent us any email. We're sad. Discussion topic - You Got Half A Budget Now What? Is it possible to eat Infosec ramen and generic cola and still survive? Is open source enough? What about restricted items which you must purchase - contractual or regulatory (AV+PCI anyone?) In Closing Movie Review MOVIE WATCHING NEWS We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at SecurityZone in Cali, Colombia Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says:I'm not here right now, leave a Matt at the beep Creative Commons license: BY-NC-SA
Episode 0x18-- How Do You Spell Aguardiente? Beginning the end of 2012 - Because it's time to start making up lists of resolutions that we're not going to follow. Dave developed a new giggity move, it's called "the kasperskian" - y'all should consider it a way to buy votes that this is an audio only podcast. Lots of News Breaches SCADAs DERPs!!! and then our discussion topic-- And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Why you should never hack without consent ErrataRob sez YOU ARE COMMITTING A CRIME RIGHT NOW Porn is safe YAY! "ROM-port-hard functions" by Solar Designer South Carolina gov releases post breach report routed anonymity networks aren't judge proof iOS Dictionary App Maker Enfour Attempts to Shame Pirates... and fails. Finnish Police Seize 9-Year Old’s Winnie The Pooh Laptop For Using The Pirate Bay New Facebook policy conflicts with European law, concerns privacy advocates Hacker arrested for allegedly stealing ID info of most of Greece Breaches - The never ending never ending story... 300 pakistani web sites get their domain names redirected (Hi Google and Microsoft) RAF forced to reset passwords following Prince William’s photo-op-turned-security-breach 1000 students at Scripps college get there info stolen (the old fashioned way) because they don't have good DR/BCP Hacker claims he p0wns Northside Independent School District website Computer breach hits 12,500 SC insurance policies The SCADAs Exploit broker releases EXPLICIT VIDS of holes in industrial control kit Cyber-threat is real, former CSIS spy warns Errata / DERP of the week award Confidential Police Docs Found in Macy's Parade Confetti Spark Investigation SONICWall thinks Tumblr and XKCD are porn Mailbag / Bizarro Land Hi Comrades why do you make fun of Kaspersky's secure SCADA software Boris the squirrel Discussion topic - Privacy/anonymity "Realistically, he's been ass-raping you for years, and apparently he's not sufficiently endowed for you to have noticed" Little Brother In Closing Movie Review Ben saw half of "This means war" then decided to read a paper on infosec instead We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at SecurityZone in Cali, Colombia Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "mmmm... turkey left overs for the next two weeks" Creative Commons license: BY-NC-SA
Episode 0x17-- Turkey Time We're going to try to keep this one relatively short. Seriously. Of course, it's a day late because I did a boo boo on the recording. Don't ask. Upcoming over the next hour... Lots of News Breaches SCADAs DERPs!!! and then our discussion topic-- And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Hack any skype account in 6 easy steps FACEBOOK SSL FOR EVERYONE Linux rootkit doing iFrame injections [Full Disclosure] [CrowdStrike] Dissecting a Facebook Scam Telstra - still can't get security right Killing 4G networks with a suitcase radio thingy Wikid Publishes free eGuide on adding 2factor Web Engineer's Online Toolbox Breaches - The never ending never ending story... FreeBSD intruded upon Skype Adobe NASA - good at going to Mars, not so much at keeping laptops safe Health facilities in Mass and RI lose tapes The SCADAs (WARNING: PDF) From Luigi Auriemma - ABB has problems that look like CoDeSys Obama signs secret directive to help thwart cyberattacks Errata / DERP of the week award United States on Brink of Major Cyber Attack, Industry Executive Predicts Deloitte Center for Cyber Innovation Mailbag / Bizarro Land RE: Canadian Satellites Hey guys. Thanks for the shout-out in Episode 14 regarding the Diginotar report. Unfortunately I'm going to have to award you guys a mini-derp award for your comments that same episode on the story about the Canadian Navy buying satellite services from Inmarsat as satellites just happen to be my area of expertise. Yes, Canada does have its own communications satellites. They are managed by a company called Telesat. However, they are not of use to the Canadian Navy because they are located in the wrong place, operate on the wrong frequencies, and provide the wrong types of services for what the Navy needs. Communications satellites of this type operate in the geostationary belt (GEO), an orbit around the Equator 36,000 km above the Earth. The radio spectrum in this orbit is pretty congested, so early on international regulation of the satellites in this orbit and the spectrum they use was given to an organization called the ITU. Countries apply to the ITU for specific orbital slots and frequencies in the GEO belt and then license those to their companies. Canada has slots over North America and associated frequencies that are used by Telesat for what's called Fixed Satellite Services (FSS) - mainly broadcast TV and a host of communications services to remote communities in northern Canada. But these frequencies and antenna patterns are not what's used for mobile communications, nor does Canada have any satellite slots in other locations to provide global coverage which is kinda important for ships. Inmarsat on the other hand has the slots and frequency allocations to specialize in Mobile Satellite Services (MSS). They have a fleet of satellites located at various points around the Equator to give global coverage and the types of frequencies and coverage to provide mobile services to ships. Pretty much if you're operating a ship you're going to buy services from Inmarsat. More: Telesat and Inmarsat Brian W. Skyrim Jokes Hey guys, I don't have any Skyrim jokes but do have an odd anecdote for you. While playing Skyrim and listening to the LSD, I've found that I _have_ to turn off the xbox kinect controls or else bad things happen. Apparently Matt's voice is finely tuned as a Weirding Word. I'll be merrily bopping around a character in a dungeon of some type when, all of a sudden, a dragon shout get kicked off and kills all attempts at stealth that I've been trying to muster. It's only Matt's voice that kicks off the shouts. Take that for what you will. John D. Fus Roh Dah! Wrong questions being asked about security involvement in PMO/SDLC work Hey guys, I'm listening to 0x15 and a question made in there really got in between my teeth. "Does making security part of the SDLC make the software more secure?" is the wrong question to be asking. Whether or not having risk evaluations or threat modeling part of the SDLC should be a concern but not the approach I've found work when I've introduced it into the SDLCs of which I've been involved. Let's break out of our security cliques for a moment and realize that ultimately many of use tell ourselves that what we do matters in order to justify the dissonance we have in our brains for putting up with the crap we do because we actually enjoy what we do, for the most part. By and large, we're not altruists. Having the guts to come out and say "Yeah, I know what I do for an organization rarely makes the world a better place, but gosh darn it I like/love what I do." can go a long way to asking the right questions to keep ourselves employed and pertinent to the business that pays us to do cool things. Once you get out of the "what I do is important, dammit" mindset, asking the following question better serves us as a whole. Does making security part of the SDLC/project/product make the business more money or save the business more money had it not been part of the SDLC/project/product as much as we're pushing? If you can justify the change, you can be relatively assured that someone in charge of playing with the moneys with listen. Phrasing the question that way also lends to promoting the idea to the money people that what they do is ultimately important and feeds their own dissonance hating mechanisms. John D. P.S. This approach has also saved me from the dreaded infosec burnout. In Closing Movie Review Matt saw Twilight - point and laugh! We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at SecurityZone in Cali, Colombia Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: "go do bad bad things to a turkey" Creative Commons license: BY-NC-SA