POPULARITY
Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community. Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH Chapters 00:00 Welcome to THOTCON: Meeting Amazing People 00:26 Introducing Ryan Gooler: A Journey into Cybersecurity 04:09 The Value of Mentorship in Cybersecurity 06:22 Career Management and Setting Goals 09:33 Financial Planning for Cybersecurity Professionals 16:40 Automating Finances and Smart Spending 21:25 Financial Sophistication and Mutual Funds 22:07 Automating Life Tasks 22:41 The Concept of a Finishing Stamp 24:17 Leadership and Delegation in the Navy 26:06 Building and Maintaining Culture 27:21 Surviving Toxic Environments 29:55 Taking Risks and Finding Joy 34:34 Advice for Cybersecurity Careers 39:01 The Importance of Teaching and Learning 40:29 Conclusion and Farewell
Staying ahead of hackers as they look to infiltrate every new connection point.The balancing act continues when it comes to industrial cybersecurity, with the focus of many organizations split between focusing on known internal weaknesses or harnessing a better understanding of the external black hat organizations wanting to shut them down, steal data or extort payments.One stat that helps demonstrate this dynamic comes from the IBM Security X Force Threat Intelligence Index, which shows a 94 percent reduction in the average time for the deployment of ransomware attacks. What took attackers over two months in 2019, now takes less than four days. Another example comes from Open Text's 2023 Cybersecurity Threat Report that took a closer look at the notorious LockBit group. Not only have they dropped more malware than any other in the last year, but they've begun to implement triple-extortion tactics.Joining us to discuss these and other topics related to threat intelligence and how to prioritize it, is Jonathan Tomek, VP of Research and Development at Digital Element, and co-founder of THOTCON, a hacking and security conference hosted in Chicago each spring.We're excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino Produção: Halfmouth Podcasts Some Music from: https://www.bensound.com Eventos: DEF CON: Como foi? BSidesLV: Como foi? BlackHat: Como foi? THOTCON agora a cada 2 anos Ekoparty: 1, 2, 3 de Novembro CFP ainda aberto H2HC: 9 e 10 de Dezembro https://www.rnp.br/noticias/hackers-do-bem-abre-processo-seletivo-para-docentes Notícias: Bypass Two-Factor Authentication of Facebook Accounts ($25,300) Relatório da HP detalha técnicas de evasão de detecção, incluindo abuso do campo TXT do DNS. https://www.forbes.com/sites/thomasbrewster/2023/08/30/malicious-signal-app-planted-on-google-play-by-china-linked-cyber-spies/?sh=6549aea048e9 Música: Mais Notícias: https://www.tse.jus.br/comunicacao/noticias/2023/Agosto/tse-publica-edital-de-convocacao-do-teste-publico-de-seguranca-2023 Microsoft, o que aconteceu? https://samcurry.net/Points-com/ https://g1.globo.com/politica/noticia/2023/08/17/hacker-afirma-a-cpi-que-uma-das-senhas-do-sistema-do-cnj-era-12345-deputada-diz-que-era-senha-simples.ghtml https://headtopics.com/us/why-the-chainsmokers-invest-in-and-party-with-niche-cybersecurity-companies-42769817 https://www.404media.co/i-tracked-nyc-subway-rider-home-omny-mta/ Dica da Semana: 303party.org
Robert Leale is the president of CanBusHack, President of Pivvit and is also Founder of Car Hacking Village which can be seen at Def Con, DerbyCON, GrrCON, CypherCon, THOTCON, and many more hacking conferences across the globe. He stops by BarCode and we discuss vulnerable technology in automobiles, manufacturer responsibilities, car hacking tools, how to secure your vehicle and Car Hacking Village.Tony floors a “VTEC Punch”.Support the showContact BarCode Support us on Patreon Follow us on LinkedIn Tweet us at @BarCodeSecurity Email us at info@thebarcodepodcast.com Thanks for listening, and we will see you next round!
Rob and Rudy join us in this session to discuss the development of conference badges for the hacker conference Thotcon. We also cover the global parts shortage and the near-term future of badge making.
Jonathan Tomek is the CEO of the cybersecurity firm MadX, LLC, and the co-founder of Thotcon, Chicago's biggest hacking event. In this episode, we have a wide-ranging discussion about tinkering, hacking, and how to remain curious about the world around us. Jonathan's company, MadX, LLC can be found at https://madx.co/ And the hacking conference Jonathan co-founded is Thotcon (which stands for Three-One-Two) NFP can be found at https://thotcon.org/
Emmanuel and Kyle are in Seattle, Emmanuel gave a keynote at THOTCON last week, the dark side of Amazon, Facebook is planning to change their name, Missouri governor accuses reporter who found flaw in state website of hacking.
Emmanuel and Kyle are in Seattle, Emmanuel gave a keynote at THOTCON last week, the dark side of Amazon, Facebook is planning to change their name, Missouri governor accuses reporter who found flaw in state website of hacking.
Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting. Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some detail on how to crack a hash and EvilMog comments on custom wordlists and tools used. Join us for this exciting conversation. Enjoy!
THOTCON is not your ordinary, run-of-the-mill security conference - and it's even obvious from the moment you browse their website. How did a local, small-scale event in Chicago, grow to become a major cybersecurity conference, and what is its connection to The Matrix movie? Producer Eliad Kimhy talks to Nick Percoco and Jonathan Tomek, two of THOTCON's founders.
THOTCON Hacking Conference [ML BSide]Advertising Inquiries: https://redcircle.com/brands
THOTCON is not your ordinary, run-of-the-mill security conference - and it's even obvious from the moment you browse their website. How did a local, small-scale event in Chicago, grow to become a major cybersecurity conference, and what is its connection to The Matrix movie? Producer Eliad Kimhy talks to Nick Percoco and Jonathan Tomek, two of THOTCON's founders. The post THOTCON Hacking Conference [B-Side] appeared first on Malicious Life.
Nationites! Our interview with Worldbuilder Chris Wallace, who created one of the coolest worlds in all the metaverse, is now live.We join him in his Thotcon world as we talk about how he first got involved with VR, his creative process, his involvement with Epcot Center's Horizons Resurrected, and where he thinks the industry is headed. If you want to follow along with the visuals, please go to our Instagram at https://www.instagram.com/thesimulationnation, and for the tour portion of the episode, you can see the video on YouTube at https://youtu.be/Is4RvcMLBEQ. Come check it out and hear about how he created his cyberpunk lucid dream. If you’d like to contact Chris, please go to his website at chriswallace.online, or his email at chriswallaceinc@gmail.com.
How do you turn a small security conference with friends into a phenomenon? Just ask Nick Percoco! In our latest episode of Security Nation, we sit down with the founder of THOTCON to chat about how he came up with the idea for the Chicago-based conference, the challenges he has faced over the years, and how the conference has evolved over time to become what it is today.
Jonathan Tomek, co-founder of Chicago’s THOTCON, joins me on this podcast to discuss threat intelligence, ham radio, and what it’s like to run a hacker conference and the genesis of THOTCON. We talk about how he’s gathered threat intelligence data through Iranian hacker groups. We discuss QRP records sending messages thousands of miles with very...
Rudy Ristich, Vice President of Workshop 88 and the technical mind behind the Thotcon hacker conference badges joins the podcast to talk about scaling your own custom hardware projects up, his background in electrical engineering, and how that informs his making process.
From Acid Burn to Trinity to Lisbeth Salander, the hacker has emerged in popular culture as the hero as often as the villain. As much as we’d like to believe that hackers have great hair and wear cool latex body suits, that isn’t always the case. Hacking, hackers and hacker culture have had a massive influence on the world, whether it is in popular culture like Wargames or The Matrix, or criminal events that directly effect peoples’ lives like the Equifax or Office of Personnel Management breach. An important statement from Hacker history declared, “This is our world now... the world of the electron and the switch [...] We exist without skin color, without nationality, without religious bias... and you call us criminals. [...] Yes, I am a criminal. My crime is that of curiosity…” In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guest Nic Percoco, Chief Security Officer at Uptake and founder of the THOTCON conference who discusses the evolving role of the hacker in work, society, and culture.
Upcoming Conferences ShmooCon 2018 - January 19-21, 2018 at the Washington Hilton in Washington, DC http://shmoocon.org/ BSidesNYC January 20, 2018 https://bsidesnyc.org http://www.securitybsides.com/ THOTCON 0x8 - May 4-5, 2018 https://thotcon.org/ SOLD OUT DerbyCon Sponsorships will open up the first week in March. Call for Trainers (CFT), Call for Papers (CFP), and Call for Workshops (CFW) opens on April 1st, 2018 Call for Trainers opens on March 1st and close on April 14th, 2018 Call for Papers (CFP) and Call for Workshops (CFW) opens April 1st, 2018 and end on July 1st, 2018 Ticket Sales: May 5th (Derby Day), 2018 at 1:00PM ET DerbyCon training dates: October 3rd and 4th, 2018 DerbyCon conference dates: October 5th – 7th, 2018 https://derbycon.com The podcast RSS and iTunes Feed RSS: https://audioboom.com/channels/4914568.rss iTunes: pcast://audioboom.com/channels/4914568.rss Patreon https://www.patreon.com/rebootitpodcast Stories Security bod uncovers 15-year-old macOS zero-day flaw https://www.theinquirer.net/inquirer/news/3023615/security-bod-uncovers-15-year-old-macos-zero-day-flaw North Korean Hackers Hijack Computers to Mine Cryptocurrencies https://www.bloomberg.com/news/articles/2018-01-02/north-korean-hackers-hijack-computers-to-mine-cryptocurrencies Mirai botnet co-authors plead guilty in US court https://www.theinquirer.net/inquirer/news/3023120/mirai-botnet-co-authors-plead-guilty-in-us-court Mirai: Student behind IoT malware used it in Minecraft server protection racket, claims Krebs https://www.theinquirer.net/inquirer/news/3002896/mirai-student-behind-iot-malware-used-in-minecraft-server-protection-racket-claims-krebs Former Rutgers student admits to creating code that crashed internet http://www.nj.com/education/2017/12/rutgers_student_charged_in_series_of_cyber_attacks.html Plea Agreement Full Text: https://www.documentcloud.org/documents/4327738-Paras-Jha-Plea.html We Need a New FUD http://daveshackleford.com/?p=1081 Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hit-100-schools-10-homes/ Shame: Richard 'Rick' Fisher Hayes http://attrition.org/errata/shame/richard_hayes/ Massive child porn site is hiding in plain sight, and the owners behind it https://sijmen.ruwhof.net/weblog/1782-massive-child-porn-site-is-hiding-in-plain-sight-and-the-owners-behind-it ';--have i been pwned? - Check if you have an account that has been compromised in a data breach https://haveibeenpwned.com/
Upcoming Conferences ShmooCon 2018 - January 19-21, 2018 at the Washington Hilton in Washington, DC http://shmoocon.org/ THOTCON 0x8 - May 4-5, 2018 https://thotcon.org/ SOLD OUT BSidesNYC January 20, 2018 https://bsidesnyc.org http://www.securitybsides.com/ The podcast RSS and iTunes Feed RSS: https://audioboom.com/channels/4914568.rss iTunes: pcast://audioboom.com/channels/4914568.rss Patreon https://www.patreon.com/rebootitpodcast Stories Bitcoin Price Now Down 15% from All-Time High https://www.coindesk.com/17k-breached-bitcoin-price-now-down-15-from-all-time-high/ Coinbase halts Bitcoin Cash transactions amidst accusations of insider trading https://www.theverge.com/2017/12/20/16800940/coinbase-bitcoin-cash-fork-insider-trading-probe U.S. blames North Korea for 'WannaCry' cyber attack https://www.reuters.com/article/us-usa-cyber-northkorea/u-s-blames-north-korea-for-wannacry-cyber-attack-idUSKBN1ED00Q Facebook’s Latest Facial Recognition Tools Introduce New Privacy Concerns http://www.slate.com/blogs/future_tense/2017/12/19/facebook_announces_new_facial_recognition_features.html But this is OK: https://www.citylab.com/equity/2017/12/why-privacy-activists-are-wary-of-those-new-airport-face-scans/548975/?utm_source=SFFB iPhone slowdown blamed on controversial fix for aging batteries https://www.slashgear.com/iphone-slowdown-blamed-on-controversial-fix-for-aging-batteries-19512365/ Apple under fire as it admits it DOES deliberately 'smooth out' the performance of older iPhones to keep them running as their batteries age http://www.dailymail.co.uk/sciencetech/article-5199917/Apple-admits-DOES-deliberately-slow-older-iPhones.html?ito=social-twitter_mailonline Alteryx - Amazon S3 breach https://www.upguard.com/breaches/cloud-leak-alteryx
Paul Vann is the 14-year-old CEO of VannTechCyber LLC, a new cybersecurity company based out of his bedroom in Fredericksburg, Virginia. A rising star in the field, Paul has presented his research on cyberthreats conferences such as BSides Charm in Baltimore and Thotcon in Chicago. He joins Cybersecurity Podcast cohosts Peter W. Singer from New America and Sara Sorcher from The Christian Science Monitor's Passcode to discuss what it's like to be a kid hacker, learn about ethics, build a company and get taken seriously by other cybersecurity pros at such a young age. His father, the technical director of international programs at Raytheon Foreground Security also named Paul Vann, chats about how to encourage kids' interest in cybersecurity and still make sure they're being safe online. Related reading: 15 under 15 hacker kids, which can be found at projects.csmonitor.com/hackerkids This episode is sponsored by HackerOne
Uptake (https://uptake.com/) . Prior to Uptake, Nicholas was the Vice President of Global Services at Trustwave (https://www.trustwave.com/home/) where he led more than 2000 incident response and forensic investigations globally, ran thousands of ethical hacking & application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products. Before Trustwave, Nick ran the security consulting practices at VeriSign, & Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS). As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public ( OWASP (https://www.owasp.org/) ) & private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world. Nick's research has been featured by media including: The Washington Post, eWeek, PC World, CNET, Wired, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times & The Wall Street Journal. Nick is also the creator of The Cavalry (https://www.iamthecavalry.org/about/overview/) movement. In this interview we discuss his early start with computers, what is a hacker, developing a methodology for penetration testing, how he developed the SpiderLabs name, analytics and automation, when you should evaluate opportunities, moving past the fear of public speaking, his personal "drink-a-different-beer-a-day" contest, research and public disclosure of vulnerabilities, how to secure Internet connected devices, where he recruits talent, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Nick: LinkedIn (https://www.linkedin.com/in/c7five) Twitter (https://twitter.com/c7five) THOTCON (http://thotcon.org/) I am the Cavalry (https://www.iamthecavalry.org/about/overview/)
blackmath, Mr.Chin, R41nM4kr, WhiskeyNeon, and wirefall cover the latest infosec news and cover THOTCON 0x7 as well as unveil plans for ShadowCon. Mr.Chin confirmed the release of his mixtape "iChin" for July 2016. Theme created with ♥ by @marrow-machines
Thotcon, National CCDC, Source Boston, Mexico City, War Stories, Tons of other stuff!, Intro - "Fuck you" by Lily Allen, Outro - "Fuck song" from Disaster Movie
Thotcon, National CCDC, Source Boston, Mexico City, War Stories, Tons of other stuff!, Intro - "Fuck you" by Lily Allen, Outro - "Fuck song" from Disaster Movie
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right Mark Stanislav Security Evangelist, Duo Security Zach Lanier Sr. Security Researcher, Duo Security This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff. Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms. If you're a researcher who wants to know more about attacking this space, an IoT vendor trying to refine your security processes, or just a consumer who cares about their own safety and privacy, this talk will provide some great insights to all of those ends. Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security, and web application development. He has presented at over 70 events internationally including RSA, ShmooCon, SOURCE Boston, and THOTCON. His security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Mark holds a B.S. in Networking & IT Administration and an M.S. in Information Assurance, both from Eastern Michigan University. Mark is currently writing a book titled, "Two-Factor Authentication" (published by IT Governance). Twitter: @markstanislav Web: https://www.duosecurity.com ; http://www.uncompiled.com; http://builditsecure.ly Zach Lanier is a Senior Security Researcher at Duo Security. Though an old net/web/app pen tester type, he has been researching mobile and embedded device security since 2009, ranging from app security, to platform security (especially Android); to device, network, and carrier security. He has presented at various public and private industry conferences, such as BlackHat, DEFCON, INFILTRATE, ShmooCon, RSA, Amazon ZonCon, and more. He is also a co-author of the "Android Hacker's Handbook" (published by Wiley). Twitter: @quine Web: https://www.duosecurity.com ; https://n0where.org ; http://builditsecure.ly
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Corman-Percoco/DEFCON-22-Josh-Corman-Nicholas-Percoco-Cavalry-Year-0-UPDATED.pdf The Cavalry Year[0] & a Path Forward for Public Safety Joshua Corman CTO, SONATYPE Nicholas J Percoco VP STRATEGIC SERVICES, RAPID7 At DEF CON 21, The Cavalry was born. In the face of clear & present threats to "Body, Mind & Soul" it was clear: The Cavalry Isn't Coming... it falls to us... the willing & able... and we have to try to have impact. Over the past year, the initiative reduced its focus and increased its momentum. With a focus on public safety & human life we did our best "Collecting, Connecting, Collaborating" to ensure the safer technology dependence in: Medical, Automotive, Home Electronics & Public Infrastructure. We will update the DEF CON hearts & minds with lessons learned from our workshops & experiments, successes & failures, and momentum in industry and with public policy makers. Year[0] was encouraging. Year[1] will require more structure and transparency if we are to rise to these challenges... As a year of experimentation comes to an end, we will share where we've been, take our licks, and more importantly outline a path forward... Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute. Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire. Twitter: @joshcorman Nicholas J. Percoco is vice president of strategic services at Rapid7. In his role he leads a team that advises customers on how to mitigate and respond to threats using data driven analysis to empower more relevant, timely, and impactful decisions. Over the past decade, Nicholas has presented security research with a focus on custom malware, mobile devices, and data breach trends to audience all over the world including a Keynote at RSA Conference 2013, TEDx Naperville, and eights previous talks at DEF CON. When he is not on an airplane or working with customers, he enjoys running the THOTCON hacking conference in Chicago, trying new and interesting craft beers, and being a founding member of the Cavarly movement. Prior to Rapid7, he ran SpiderLabs at Trustwave before taking a few months off to explore the Great Pit of Carkoon on Tatooine. Now that he is back on planet Earth, you can find him on Twitter as "c7five". Follow @iamthecavalry on Twitter.
Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport. Walkthrough the Episode 350 Crypto Challenge puzzle with Mike Connor, a senior member of the Analysis team at Dell SecureWorks. He is a big supporter of all things Chicago, specifically THOTCON , BsidesChicago, and all of the different Burbsec groups.
Episode 0x27 -- Wednesday is the new Monday It's the podcast that never ends We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and There will be no DEEP DIVE -- our SCUBA gear is in the shop But there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Kim Jong Un needs a snickers!!! Linksys Routers Screwed Bitcoin dDoS destroy world economy... nah (also bitcoin social engineering) (and skype bitcoin mining malware bot) Security BSides - Rochester Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight. DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages Breaches Vudu resets user passwords after hard drives lost in office burglary SCADA / Cyber, cyber... etc NIST CyberSecurity Framework Recordings Anonymous hacks DPRNK Twitter and Flickr Anonymous launches massive cyber assault on Israel Israel says: "Anonymous doesn't have the skills to damage the country's vital infrastructure" And fixes things up so that Anonymous' C&C plays "Hatikvah" USAF designates some of their software as CYBERWEAPONS Apparently there are CYBER-WEAPONS in the Korean Conflict Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus DERP Papa, m'entends tu? French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation. IRS Doesn’t Deny Snooping Emails Without A Warrant Dongle-gate - this makes it so much clearer Mailbag / Bizarro Land Subject:OMG, Arlen was right... I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it... IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997! I take it back. Anything coded in 1997 would be faster than Blackboard is today. Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less... suck? Thanks,-Jim Briefly - NO ARGUING OR DISCUSSION ALLOWED Deutsche Telecom SOC big board Ingress - check it out Non-SSL active content on SSL pages is blocked by default in FireFox 18 Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel. In Closing Movie Review Die Hard 4 - It's a blast. Seriously. Quick, there's a fire sale. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I have no mouth with which to scream Creative Commons license: BY-NC-SA
Episode 0x26 -- The First Rule... Ministry of Information Bulletin: Liquidmatrix is a weekly podcast. While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results. Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary To hack back or to not hack back The Grugg on Opsec for Hackers (how not get p0wned while p0wning) The dDoS to end all dDosssses that almost broke the ENTIRE internet, then again maybe not, but maybe sorta it did Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN'T HAVE IT. FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013 SCADA / Cyber, cyber... etc DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks FERC U MAD BRO ???? (PDF) Cyber Divers take Egypt offline (except it might have been a ship's anchor) First time that it looks like actual details were stolen The Reality of Attribution about Cyber Attacks Cyber Security: The Digital Arms Trade Cyber RFI for the Space Race Fukushima Cooling Knocked Offline By... a Rat... that ended badly DERP Security hole allows anyone to reset an Apple ID with email and DOB Mailbag / Bizarro Land My official statement of begging for getting onto the Vegas party list. Thank you for your consideration. Kris Hello! Any chance I can get a couple of tickets to the party? I'm an infosec "professional" from Vancouver BC. I've met some of you guys at various cons, Hope, Defcon, Derbycon. thanks! Kevin The Deep Dive - Security Awareness Training Is Bruce ALWAYS right? Briefly - NO ARGUING OR DISCUSSION ALLOWED Is OwnCloud Good Enough? Monitoring for humans Pimp myself - Top 10 Web Hacks Attempted child abduction thwarted when girl asks stranger for code word Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review: Wargames everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: "I kinda really wanted to jump in and slam him!" Creative Commons license: BY-NC-SA
Episode 0x25 -- The one with ALL the cybers We're not sure why this keeps happening. As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Krebs gets whacked And does some digging Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 - so another reason to stop using it) Hacked retailers up in arms over $13 million 'fine', Visa lands up in court It's Kali Time MCMC probes The Malaysian Insider over spyware story The Breach Report Second Factor FTW Philippines National Telecom Commission Defaced by Anon CCTV hack wins gamblers $33*10^6 (cue Ocean's 11/12/13) SCADA / Cyber, cyber... etc You Say: Cyber. I Say: Unsubscribe North Korea restores Internet access, blames US hackers Queensland police to use surveillance drones to combat crime ahead of G20 conference Federal Judge Finds National Security Letters Unconstitutional, Bans Them NERC 2012 Annual Report (pdf) Medical device hacking: The 6 lines of code that could bring down a hospital US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine U.S. Demands China Crack Down on Cyberattacks Who’s Really Attacking Your ICS Devices? DERP EC-Council goes off the deep end Mailbag / Bizarro Land Question: Anyway, anyway, guys guys guys, come on. I'm in this computer, right. So I'm looking around, looking around, you know, throwing commands at it, I don't know where it is or what it does or anything. It's like, it's like choice, it's just beautiful, okay. Like four hours I'm just messing around in there. Finally I figure out, that it's a bank. Right, okay wait, okay, so it's a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street. That was me. That was me. I did that. Answer: What are you, stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything? The Deep Dive - Security Research and the Law Internet troll “weev” sentenced to 41 months for AT&T/iPad hack. Briefly - NO ARGUING OR DISCUSSION ALLOWED The Matrix in less than 600 bytes of JavaScript Branching breach impact model Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman) Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads. Microsoft to push Windows 7 Service Pack 1 to users starting March 19 Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review Hackers everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Dave says "screw you Cogeco" Creative Commons license: BY-NC-SA
Episode 0x24 -- The Robot Uprising You'd think those worthless meatbag humans would be more respectful. It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Pwn2Own: IE, Firefox, Chrome and Java go down ...and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben! Indian .gov puts bounty on botnet takedown China's internet backbone will have security features (also censorship) (SAVA) How Facebook Prepared to Be Hacked Having the MD5 hash of "123456" is probably not the best way to store passwords in your publicly searchable code on github... /via Thierry Zoller. (also don't put your twitter oauth keys in github) International Womens' Day - Don't forget Admiral Grace Freeze All The Robots: Put Android ICS in the freezer to break crypto Harvard sneaks through 16 Deans' email Deja vote: Iran blocks VPN use ahead of elections The Breach Report Another bitcoin exchange gets p0wned Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out) Pakistan .gov gets hacked SCADA / Cyber, cyber... etc Metasploit releases exploit module for Honeywell ICS that has a patch available Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be "Managed" Away US Military Advisory Panel Says Nuke a Cyber Attacker Reasons to depend on Kaspersky for ICS/SCADA operating systems -- EXCELLENT IPv6 STACKS BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO Cyberwar: you lack imagination DERP TELUS releases qualitive security survey (pdf link) - completely ignores science, math and proper research Survival of the fittest: Some data-breach victims can't be helped - but they enjoy reacharounds China points at USA and cries "you're stinky and mean" Mailbag / Bizarro Land Dear Dudes of the Liquid I found a vuln when I was browsing a company's website with w3af? Should I report it? Yimmy, Warsaw Briefly - NO ARGUING OR DISCUSSION ALLOWED From Space Rogue - The Infinite Daft Loop - productivity in a can Play Donkey Kong as the Princess Browser sec Tripwire aquires nCircle Click to play!!!! Microsoft preps UPDATE EVERYTHING patch batch Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org. The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review Moon (it's all about clones - BTW spoiler alert) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: "Here's to a hoopy frood who really knew where his towel was." RIP Douglas Adams Creative Commons license: BY-NC-SA
Episode 0x23 -- Post RSA Actual News Recovery takes time. There has not been enough time. There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep. You might want to stay until the end of the show to hear about a CONTEST and something even cooler... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Miniduke is older than we thought (Miniduke tells time in China) Cloudflare dDoS post mortem Google services should not require real names: Vint Cerf Oracle Issues Emergency Java Update Wireless brain sensor pack. Future - here we come! The Lightning Digital AV Adapter Surprise When will we trust robots? The Breach Report Evernote Security Notice: Service-wide Password Reset Evernote hacked: Emails, encrypted passwords stolen But it's ok, there will be 2 factor auth someday Critics say Evernote breach was avoidable. Envelopes mailed to 26k retired government employees in N.C. exposes SSNs Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary City of Owen Sound websites offline due to porn hack SCADA / Cyber, cyber... etc Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA) NEWS TO NO ONE: SANS SCADA and Process Control Security Survey - the state of the industry is discouraging Recent 10-Ks mentioning "cyber" incidents Canadian Anti-hacking agency slow to learn about Chinese cyberattack Symantec: work on Stuxnet worm started two years earlier than first thought SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure DERP Jailed hacker allowed into IT class, hacks prison computers Nearly Every NYC Crime Involves Cyber, Says Manhattan DA Mailbag / Bizarro Land Dearest Son, Why do you people always talk about "the echo chamber"? What is the echo chamber for? Love, Mom Deep Dive - Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc Briefly - NO ARGUING OR DISCUSSION ALLOWED Recon 2013 CFP opened APT 1 goes back years There's a vuln in sudo (yes, that sudo) Quick and dirty pcap slicing with tshark and friends Liquidmatrix Staff Projects The Liquidmatrix Vegas Party- More news to follow The BSidesLV Ticket Give-away- Three tickets up for grabs: best original piece of artwork incorporating a security rock star; bonus points for using a unicorn best rap song about a major breach best poem describing a vendor DERP Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing RIP Stompin' Tom We'll leave a light on. everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: I'm drinking beer at HouSec bitches! Creative Commons license: BY-NC-SA
Episode 0x22 -- RSA is almost over... Yes, we all survived, but RSAConflu hurts So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over. For this week's special episode... Stupid Vendor tricks BSidesSF + harrassment Buzzword Bingo Speed Dating We Lost I've got 99 problems and Rich ain't one Brian "CyberPotato" Honan And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: No Notes due to SPECIAL REASONS Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Movie Review: No Review everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: I came for the booth babes and stayed for the bacon licking. Creative Commons license: BY-NC-SA
Episode 0x21 -- In which we prepare for RSA Are you ready for RSA? Packed 500 business cards and a spare liver? There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook unlikes being hacked (Ars Technica) (The Atlantic Wire) (NYT) (BH Consulting) (IBI Times) (Apple too) (watering hole located) Dutch MP fined for hacking medical system NASA makes an oopsy with its software update Kaspersky says "Trust us, we're good with software" McAfee responds to criticism of AV industry with OpsFail Telecom NZ cancels 60k Yahoo Xtra passwords amid attack Exclusive: The Burger King and Jeep Hacker Is Probably This DJ From New England Obama says share!!! The Breach Report Mandiant. That is all. Burger King twitter gets hacked SCADA / Cyber, cyber... etc Electricity Market 101 - SCADA isn't just about the electricity Turns out all that airgapping was just theoretical Cyber Medals for Cyber Warriors DERP MTV fakes their twotter account being haxored Mailbag / Bizarro Land Hi, I just wondered if the Liquid Matrix team would be interested in commenting on the subject of Digital Forensics with Infrastruture-as-a-Service Cloud environments? .... Adam Robson Answer from the team: No Ben Rants Ben Loses His Mind. Also, would you like a cheap certificate? Briefly - NO ARGUING OR DISCUSSION ALLOWED Securosis RSA Guide - 2013 Edition HDCP is dead, really Ronin Punk Spider - a searchable reference for web app vulns Magazine article on Chinese online takedown services gets taken down RoboPlow RoboSurgeon (warning - super gross - avoid) Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: Ben, Matt James and Dave attending RSA. James and Dave speaking at RSA-e10+. James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia In Closing Come find us at RSA! Movie Review: Live Free or Die Hard (and you thought it was just a cyberwarfare training video) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: Am I the only one that crapped my pants when I heard a meteor hit russia? Creative Commons license: BY-NC-SA
Episode 0x20 -- Can Dave count to 20? Special Bonus Episode! Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon! Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and THE DEEP DIVE Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Password Dump stats for January 2013 and December for those curious LA Post serving Black Holes WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage) NIST 800-53 Rev4 is in Draft read it, comment on it. DHS declares 100 mile "4th Amendment Free" zone adjacent to US border Kaspersky update hoses Internet access for Windows XP users. Canadian Business Groups Lobby For Right To Install Spyware on Your Computer. The Everyday Agony of the Password Audacious Hack Exposes Bush Family Pix, E-Mail The Breach Report Bit9h got hacked!!!! SCADA / Cyber, cyber... etc Cyber Lobbists SCADA for the home players - turn the Belkin Wemo into a deathtrap Mailbag / Bizarro Land Hi LSD crew...just finished 0x1E again and again, well done! Many thanks. I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated. Cheers guysThomas Discussion - Keeping up with new technical developments Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...) Briefly - NO ARGUING OR DISCUSSION ALLOWED If you permit USB keyboards or mice, you're permitting exfiltration Log stash book!!! Payment Card Industry clears up confusion over cloud use. Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert) Not done yet: Oracle to ship revised Java fix on February 19 Jeremiah Grossman's Self Pwnage Another RoR SQLi vuln Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty) Creative Commons license: BY-NC-SA
Synopsis It's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at Chicago's very own THOTCON 0x3, and decided it would be valueable to you to get some of the conversation movers on the microphone. We started talking about the applicability of information security conferences to your "day job", got into a discussion on "hallway con" and then went down the rabbithole on some interesting tangential topics ... and of course the fresh rap from DualCore was awesome. I hope you enjoy the episode ... Guests Georgia Weidman - Georgia is a independent consultant, penetration tester and mobile device hacker. Ken Swick - Ken is a security manager from the Financial Services vertical with many years experience in defending corporate networks, and bringing business value to information security programs. DualCore - DualCore ... what can I say - dropping raps like packets straight to your ears ... DualCore music is what you should hear.
Synopsis In this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in Chicago, so attractive to people from around the world. Yes, there is comedy involved... Guests Todd - Audio genius, InfoSec luminary, pen tester ...better known to his Twitter fans as @Phoobar Ben - Ben is a Chicago suburban staple, first time on the microphone, otherwise known on Twitter as @Ben0xA
SecuraBit Episode 79: Back to the basics with Marcus Carey!April 6, 2011 Hosts:Christopher Mills – @thechrisamJason Mueller – @securabit_jayTony Huffman – @myne_us Guests:Marcus J Carey- @iFailhttp://hackersforcharity.org/ General topics: NEWS:Epsilon:http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.htmlhttp://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3 "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said. LizaMoon:http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports. https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code” Pandora.com data leak:http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “ RSA attack:http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”http://www.nsslabs.com/research/analytical-brief-rsa-breach.html ¾ Energy Firms Had Data Breach over last year:http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said. Comodo what really happened:https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311http://pastebin.com/uSdKNDN5“ I found out that TrustDll.dll takes care of signing. It was coded in C#.Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “ FBI asks for help on cracking code:http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html Other Stories:http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtmlhttp://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events:ThotCon (15 Apr 2011)#BSidesChicago (16 - 17 Apr 2011)#BSides London, (20 Apr 2011)CEIC Orlando (15 – 18 May 2011)#BSidesROC Rochester, NY (21 May 2011)#BSidesDetroit (3 - 4 Jun 2011)#BSidesStJohns St. John's, NL (10 Jun 2011)#BSidesCT Meriden, CT (11 Jun 2011)FIRST Austria (12 - 17 June 2011)#BSidesVienna(18 June 2011)Toorcon (18 - 19 June 2011)#BSidesLasVegas (3-4 August 2011)BlackHat Vegas (3 - 4 August 2011)DEFCON 19 (4 - 7 August 2011)#BSidesLA Los Angeles, CA (18 - 19 August 2011)#BSidesMO(21 Oct 2011)#BSidesNewDelhi (22 - 23 October 2011)VB Barcelona October 2011 Links:http://www.securabit.comChat with us on IRC at irc.freenode.net #securabitiTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 53: Thotcon If you think it you will go to Chicago thotcon - http://www.thotcon.org/ Trustwave's Spider Labs - https://www.trustwave.com/spiderLabs.php Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guests: Nick Percoc - Thotcon & Trustwave's Spider Labs Zach Fasel - Thotcon & Trustwave's Spider Labs Links: http://www.thotcon.org/ https://www.trustwave.com/spiderLabs.php SpiderLabs Radio - http://itunes.apple.com/podcast/spiderlabs-radio/id300567984 https://www.trustwave.com/spiderLabs-tools.php lacking Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay
Duração: 1 hora e pouquinho Eventos AUSCERT Chamadas para Apresentações e Tutoriais GTS - Grupo de Trabalho em Segurança de Redes - 14ª Reunião GTER - Grupo de Trabalho de Engenharia e Operação de Redes - 28ª Reunião CFP da THOTCON 0x1 aberto CFP da CanSecWest 2010 aberto Cobertura da BlueHat 09 Noticias Apple terá iPhone à prova de desbloqueio (será?) Nova especificação do Wi-Fi Alliance descarta Access-Points Fugitivo é preso após deixar pistas no Facebook Mulher quer divórcio ao descobrir o apelido que tinha no celular do marido Monkif/DlKhora Botnet - escondendo comandos dentro de imagens JPEG Quem é o culpado/ quem é responsável por um endereço IP?
THOTCON Hacking Conference [ML BSide]Advertising Inquiries: https://redcircle.com/brands