Episode 0x3A
We Can Do Better
Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along...
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets.
- Mandiant gets bought by FireEye
- Infographic: New ISO 27001:2013 - What Has Changed?
- Find security flaw, go to jail?
- Breaches
- Former TIAA-CREF Worker Gets 6 Years for Selling IDs
- OpenSSL Defacement - Not a Hypervisor Thing
- Riverside Health System 4-year-long HIPAA Breach
- Thank Goodness for the NSA! - a fable
- Yahoo infects people with Malware and makes the bitcoin
- SCADA / Cyber, cyber... etc
- Several European manufacturers spawn NSA-proof Android “cryptophones”
- NSA denials
- DERP
- UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services
- Mailbag
- We receive some of the most batcrap crazy emails here at LSD. What's the right response to people who don't just have a tinfoil hat, but are opting for the full ensemble?
- Dear Mailbag
I'm thinking about not speaking at RSA because of the NSAs, what do you think?
Hugs
Mikko H. (not the other Mikko guy)
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Crypto Hardening guide for Sysadmins
- Penetration Testing Lab Contents Mindmap
- sigcheck now with Virus total
- Wordpress plugin exploit data
- Skipfish Scanner Used In Financial Sector Attacks
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Shmoocon, SOURCE, Infosec EU, BSides London, HITB EU, Secure360, FIRST...
- James: - At Shmoocon (with a cool surprise), then RSA (sad trombone)
- Ben: - N/A
- Matt: - behind the beard
- Wil: - Gave up, is a car dealer now
- Other LSD Writers: - huh?
- Advertising - pay the bills...
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5"
- Closing Thoughts
- Seacrest Says: My Voice Is My Passport, Verify Me
Creative Commons license: BY-NC-SA