Liquidmatrix Security Digest Podcast

Episode F -- Aboot that

it's not a boot, it's just a really big shoe

Matt won’t be joining us tonight, it’s Ben’s fault. A quick shout out to Jimmy Vo, you will need approximately 15 or F shot glasses for this episode.

Aboot, Aboot, Aboot, Aboot!

And tonight, let us regale you with tales of:

1. More Malware
2. Less Malware
3. The SSL monsters
4. Ry-Hi
5. Twitter
6. GoDaddy
7. Breaches
8. SCADAs
9. …and then our discussion topic - what happens after the bad thing happens

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Blackhole 2.0 is out (aboot!)
2. Microsoft takes on Nitol (aboot!)
3. A story Aboot more SSL weaknesses, let’s introduce you to the CRIME attack
4. Aboot getting more skilled at Ryerson - there’s a Rainbow in Toronto for a Certificate in Computer Security and Digital Forensics
5. Twitter bows to subpoena, releases Occupy protester's tweets
6. GoDaddy, everyones favourite SOPA supporters goes down
• Breaches
1. Miami hospital hit by second patient breach this year
2. Ankit Fadia gets hacked
• The SCADAs
1. If Congress and the Senate can’t do it - by gosh, the PRESIDENT will -- Executive Order on Cyber Security in the works?
2. Interesting little bit on the side of Digital Bond’s website... “Schneider Has Not Removed Modicon FTP Backdoor Account In 2101 days”
• Errata
1. Every vendor that has been sitting on a known vuln for more than 1000 days. Jerks.
• Commentary
1. Foot In The Door - Aboot Investigations
• corporate policy
• lawyers are your friends
• purpose of the investigation (knowledge or action)
• http://it.toolbox.com/blogs/securitymonkey/
• http://www.sleuthkit.org/
• http://www.guidancesoftware.com/
2. Hardcore
• Defensible Methods
• Chain of Custody
• Judgement Day
• Mailbag / Bizarro Land

1. There is this website where I noticed that they display your login details after offering a quote in plaintext, ie. they display your username and a password on a http:// connection. So I called their call center and spoke with the manager, yeah, she will relay that information (but I kinda got the impression that she didn't understand what the problem is). Nothing happens for weeks. After maybe 2 months I go back to check and here you go, my username with password are still shown in plaintext on the site. So I sent them an email, clearly marked "to IT or IT security something" explaining it a little bit more technical. Nothing happens again. Since I raised the original issue, about 4 months have passed.

   The question is now - is it worth pursuing this further?

   Cheers

   T

   PS: Should anyone of you guys be once in London, pls ping me and I buy you a beer! Or two?

2. Ben says: http://www.ico.gov.uk/
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you're thinking of attending SecTor 2012, grab 10% off with discount code "liquidmatrix-2012" or if you can only make it to the expo floor, grab a free expo pass with code "liquidmatrix-Expo2012"
5. Vote Dave for ISC2 Board Ballot!
6. The Seacrest says “'Aboot' to Jimmy Vo, 'Shana Tova' or to our non-Jewish friends, that means 'have a good new year' and it’s time to party like it’s 5772 and then get yourself up and off to work because 5773 is going to be WILD."

Creative Commons license: BY-NC-SA

Episode E -- Just a bunch of hosers

Teh Podcast Warz Haz Begun!

It's another week in infosec. I can't get excited about it either. Too many news stories of note, breaches and a new section - the SCADAs. In the same way that we had too many breach stories so we broke them out, we're doing the same with SCADA. Expect a lot of derision from Dave and I -- there's a lot of bullshit and we're calling it.

We'd also like to wave hello to the team at Riskhose. We're sorry that you misinterpreted young Matt's question - we'll straighten you out when we do our Risk-tacular episode this fall. Also, we're starting to suspect that the Riskhose Utahian may be a closet Canadian - he knows too much about Canadian musicians and he does know all of the words to Romantic Traffic (and yes Alex, when you come to Toronto, we'll go visit all of the subway stations so that you can produce your fan version of the video.)

Interestingly, between the Riskhose podcast and some threats from the Southern Fried Security bunch, it's on - the Podcast Wars are here - expect that the next few months are going to be epic in the world of infosec podcasting. We may even take a swipe at NetSec!

1. Syria
2. SSL Certificate Hijinks
3. Cyber
4. Hackers
5. OSX
6. Canadianisms
7. The WIFIs
8. Google-ized
9. …and then our discussion topic - Dumb Stories

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Java.com SSL cert expired
2. Al-Jazeera websites hacked by Assad loyalist group
3. Cyber attacks grow increasingly "reckless", official says
4. 3 years later, hackers who hit Google continue string of potent attacks …and no one is looking out for the stuff that really matters.
5. New utility nabs OS X keychain passwords
6. Global virus downs N.S. computer system for a month
7. Sniffing open WiFi networks is not wiretapping, judge says:
8. VirusTotal acquired by Google
9. No shooting at protest? Police may block mobile devices via Apple
• Breaches
1. Guild Wars 2 officials say ongoing password attack affects 11,000 accounts
2. Antisec Leaks 1,000,001 UDIDs From A Trove Of 12 Million Allegedly Stolen From An FBI Laptop Or was it 12 million? ...or not? and some apps use IMEI as password!
3. NullCrew pillages Sony servers?
• The SCADAs
1. Secret account in mission-critical router opens power plants to tampering
2. Anonymous Hack Lukoil Bulgaria Site
• Errata
1. Vendor Cybercrime Stats
• Commentary
1. Foot In The Door - Your Dumbest Story EVAH!!!!
• Dave - VIEW SOURCE HACKERZ
• Jamie - our developer broke SSL -- that’s why we use proprietary encryption. But we’re not telling anyone what/how he did.
• Matt - SQL injected a DB to /dev/null
• Ben - I didn’t feel 3DES was secure because the source is available online, so I invented my own variant
2. Hardcore
• Skipping the hardcore because we've got a great Mailbag question.
• Mailbag / Bizarro Land

1. Love your podcast, even if you try to count in Hex :-) It would be great if you were able to dive deep into what modern defenders need to do to get ahead of attackers. Right now, attackers need to only make simple changes to their attacks and defenders are left on their kiesters. How do we change that pattern?

   Besides deploying antivirus :-)

   thanks,

   Paul of Seattle

2. Matt suggests a cool slide deck from Zane over at Etsy
3. Ben suggests you read Liquidmatrix ;)
4. … and thanks to Thomas Preissler for his comments about the show!
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you're thinking of attending SecTor 2012, grab 10% off with discount code "liquidmatrix-2012" or if you can only make it to the expo floor, grab a free expo pass with code "liquidmatrix-Expo2012"
5. Vote Dave for ISC2 Board Ballot!
6. The Seacrest says “I miss Gilmore Girls" and "Skerple"

Episode D -- The Boys of Summer

Good News Everybody!

This is the longest one we've recorded yet -- by 0:59 -- and we will try to get these back down under an hour. Pinky swear. We've also gone over 10000 downloads from 63 countries. That's kinda cool - and thank you all very much. Lots of good stuff in this episode, it's totally worth the 74 minutes.

1. Hackers
2. The SCADAs
3. Java
4. Lawyers
5. MOAR SCADAS!!!!
6. Apple, Microsoft
7. Stupid Employee Tricks
8. …and then our discussion topic - Employee Tricks

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Microsoft NZ exposes TechEd delegates' passwords
2. Hackers vent ire, deface Youth Congress site
3. Antisec Hackers Breach Globalcerts, Post Data Online
4. Oilsands a hacker target: RCMP
5. Particularly good article on impact of Java vulns on Mac users and
6. American Bar Association Ethics rules now require IT knowledge
7. Apple Genius Training Manual
8. Toyota hacked by ex-IT worker, sensitive info stolen
9. ZOMG ANOTHER SCADAS! RasGas computers are “aramco’d” and Who's responsible
• Breaches
1. 1 MILLION accounts leaked in megahack on banks, websites
2. Indianapolis based Cancer Care Group -- 55k medical records
3. Canada's Maple Syrup Strategic Reserve Stolen (no, not a joke)
• Errata
1. Something hinky going on with Aaron Portnoy (former TippingPoint ZDI manager)
• Commentary
1. Foot In The Door - Employee Tricks
• How to find the really great employees
2. Hardcore
• And how to get rid of the really bad ones
• Mailbag / Bizarro Land

1. Hi LSD crew

   REDACTED REDACTED REDACTED. What about REDACTED?

   ((We're taking this as "how to manage the need to communicate without being able to communicate" -- aka, the frieNDA.))

   thanks,

   Jimmy, Nova Scotia

• In Closing
1. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: that link will send you to http://myrcurial.com/conferences but you can totally trust that guy)
2. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
3. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor
4. Vote Dave for ISC2 Board Ballot!
5. The Seacrest says “Everybody's working for the weekend"

Creative Commons license: BY-NC-SA