We've been threatening to do something interesting and cool...

We're happy to announce that we will be producing a bi-weekly video podcast edition - tightly edited to a broadcast friendly 22 minutes in length. Perfect to watch while having lunch or between an episode of M*A*S*H and Barney Miller. 

Thanks for all of your support so far and we look forward to invading your space regularly to make some friends and maybe even learn a thing or two.

((PS: Based on comments from listeners, we're going to make some changes and give you a more granular set of RSS feeds so that you can select to receive exactly the version of our show that makes you the happiest. If you're subscribed to the general feed, this is the last full video episode you'll see.))

Direct download: LSD-TVepisode-1960x540.m4v
Category:LSD_Television -- posted at: 1:45pm EST

Episode 5 -- Everybody's Working For The Weekend (Canada Day Edition) The fun with the Liquidmatrix gang continues in this episode. Pay close attention and you'll notice that there aren't any edits in this one. That's right - one take and we've got it in the can. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

  • News
    1. Operation Card Shop - UGNazi and 23 others get silver bracelets for free from the feds
    2. Hotels misrepresent credit card data security measures, FTC is not happy
    3. Typo squatter gets spanked by law firm
    4. Bank settles with wire fraud victim
    5. DHS gives federal agencies threat detection packages and DHS demos cyber attack to help sway lawmakers to pass a cyber bill
    6. RSA securid key not so secure - it’s broken - no it isn’t - yes it is - Damn you people - it's the smartcard portion of a dual-use device that's 'broken', quit slamming multi-factor authN.
    7. Portswigger get’s new tricks
    8. -
    9. Errata Charlatan of the Week
  • Commentary
    1. Foot In The Door
      • LM Team,

        First off I want to say that I'm really enjoying the podcast. I'm still very early into my career and trying to transition into InfoSec. I would love to hear about all of your views on Information Security in colleges. I was thinking about it following some twitter chatter between some people and Chris Eng about this. I thought that there were some good conversations. I'm a little bit disappointed since I just finished my M.S in Computer Info Sys with a security concentration. In the classes I took we learned some basic network security concepts. Only touched a bit on web application security. I was hoping we would of done some offensive stuff, but we never did.

        I compared my classes to pen testing classes out there and it seems to me they’re on a better track but what do I know.

        Just some thoughts,
        Jimmy

    2. Hardcore
  • Mailbag
    1. mailbag@liquidmatrix.org
    2. Hi there LiquidM,

      Long-time listener, first time emailer!

      I was wondering if you could help me with a small dilemma I'm facing. I've been working as one of those penetration tester types in the financial sector for a while now, and my company treats me right... but more and more I hear the calling of the darkside... no, not THAT darkside, the calls of those working for security companies and $vendor that get to do exciting things with exciting people! The ones that get to actually TALK about their research...

      So, what's a guy to do? Please LiquidM help me, you're my only hope!
      Chris

      P.S: Love the show... but you guys are very Canadian O.o' ;) See you guys in Vegas I hope.... eh!

    3. Hey there fellow Canucks…

      Over the years I've had many IT jobs, from network admin to system admin for small consulting firms in my area (nothing big). A common theme was the unwillingness to implement the most basic of security mechanisms, or acknowledge the possibility that the systems/networks we would implement for our clients were perhaps done in a un-secure fashion. As a security enthusiast this was very frustrating.

      On a few occasions, I would prove this using a few simple demonstrations on how easy malware, or human, could compromise the network (malicious emails, word/pdf docs, ms08_067 for example). Every time my demonstrations were brushed off as "unlikely" or "impossible", requiring a level of technical knowledge that no employee possesses inside "client X". One such place was an ISP, where we would setup and host websites, providing clients with FTP access to upload and download content. I was actually instructed not to make the passwords too complicated, to ensure our clients were able to use it. Even after I had showed my boss a public exploit (from exploit-db) was available for the FTP software used. Again brushed off as "unlikely" seeing the exploit needed to be authenticated to properly function. This, of course, started the debate of weak passwords that lasted all of 2 seconds… At another spot, I actually showed the senior administrator (my supervisor), hosting a SSH server on port 80 was possible… funny. By now I think you get the picture on how security was handled, so I won't go any further.

      My question is what would you say to the lonely sys-admin, in a small to mid sized firm, on how to handle an employer that doesn't seem concerned at all with security? How should the lonely admin tackle these types of issues without annoying "the boss" with this silly thing called "security", when it's obvious he or she is not willing to listen?

      I'm fortunate enough to no longer be in this situation, but I'm sure there are many out there still living with these types of conditions.
      Steven

      ps.: hope all of this made sense, and good job on the podcast very much enjoying it so far

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-5.mp3
Category:LSD_Podcasts -- posted at: 11:20am EST

Episode 4 -- The Gang's all here. Matt has returned from the distant shores of the western USA... but he didn't listen to the podcast from last week - sucker. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Listen: Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-4.mp3
Category:LSD_Podcasts -- posted at: 11:26am EST

It's Episode 3 -- We Should Be So Committed. Your heroes find themselves completely Canadian this week as @mattjay is visiting the extreme west coast of America. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-3.mp3
Category:LSD_Podcasts -- posted at: 12:12pm EST

It's Episode 2 -- and I'm sure you all know what that means... ... no more talk of midichlorians. And the continuing saga of 4 infosec nerds who will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2.mp3
Category:LSD_Podcasts -- posted at: 11:30am EST

Previously on the Liquidmatrix Security Digest Podcast... There was some talk, it was kinda nice. People said "do it again!" and now you're caught up. Welcome back to the Liquidmatrix Security Digest Podcast. The continuing saga of 4 infosec nerds who will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Creative Commons license: BY-NC-SA Oh, and just because it's awesome... thanks to Bill Pennington!

Direct download: LSDPodcast-1.mp3
Category:LSD_Podcasts -- posted at: 12:55pm EST

1



-->

Syndication

Categories

Archives

June 2012
S M T W T F S
     
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30