Mon, 2 December 2013
Episode 0x38
Dreidel Turkey Dreidel Peter Mackay!!!
Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team.
Upcoming this week...
- Lots of News
- Breaches, anti-derps!!
- It's Chanukah!!!
- and many turkeys are now dead
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-38.mp3
Category: LSD_Podcasts
-- posted at: 5:20pm EDT
|
|
Sun, 24 November 2013
Episode 0x37
Two Guys !HTML
It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-37.mp3
Category: LSD_Podcasts
-- posted at: 12:36pm EDT
|
|
Thu, 14 November 2013
Episode 0x36
Which part of WEEKLY is this?
There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-36.mp3
Category: LSD_Podcasts
-- posted at: 12:47pm EDT
|
|
Thu, 31 October 2013
Episode 0x35
Halloween!
We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy.
Upcoming this week...
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-35.mp3
Category: LSD_Podcasts
-- posted at: 4:01am EDT
|
|
Tue, 29 October 2013
Episode 0x34
Just the two of us
Another week, another attempt at a full house for the show.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-34.mp3
Category: LSD_Podcasts
-- posted at: 2:11pm EDT
|
|
Thu, 10 October 2013
Episode 0x33
Liquidmatrix Live at SecTor 2013
In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time!
- Upcoming this week...
- We didn't even bother with show notes. Seriously. Just listen, it's good stuff.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, Deepsec in Austria. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Hackfest.
- Ben: - Hanging out with his other toaster friends
- Matt: - Glossy eyed boy in love
- Wil: - Hacking banks across state lines
- Other LSD Writers: - wait? There are other writers?
- Advertising - pay the bills...
- Hackfest registration is open
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-33.mp3
Category: LSD_Podcasts
-- posted at: 8:02pm EDT
|
|
Thu, 3 October 2013
Episode 0x32
Getting the Band Together?
Another week, another attempt at a full house for the show.
- Upcoming this week...
- Lots of News
- non-infosec stuff
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- SilkRoad seized. Dread Pirate Roberts arrested. Tor hidden service de-anonymised?
- Silent Circle moves away from NIST approved ciphers
- Sometimes, 7 milliseconds is REALLY important
- Breaches
- ALL THE BREACHES!!!!
- SCADA / Cyber, cyber... etc
- UK gets the cybers
- DERP
- John McAfee copies Occupy.here and TOR
- Cyber warrior crush!
- Mailbag
- Hi
I'm a middle aged infosec dude who's hit a slump in his career and thinking about going to the USA to pursue infosec awesomeness. I'm torn between good beer, healthcare and no republicans vs the possibility of all the cyber I could ever want. Help me please, I need advice!!! PJ McGuff, Ontario
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Whistleblowers and the Crypto-Anarchist Underground: An Interview with Andy Greenberg
- ESXi 5.5 drops limits on RAM and Physical CPU
- 101 Free Tools for VMWare Administrators
- An awkward hug for our own Mr Arlen
- Old people make riskier and more inconsistent decisions
- Bittorrent chat!
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at SecTor and Hackfest, Panelist at SecTor (twice), and speaking at bSidesTO
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon...
- Wil: - Trying to cut weight before new headshots, but will be at SecTor.
- Other LSD Writers: - wait? There are other writers?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Random Kids in the Hall Clip - French Canadian Trappers
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-32.mp3
Category: LSD_Podcasts
-- posted at: 6:15pm EDT
|
|
Mon, 30 September 2013
Episode -- SB005
CON FLU!
CON FLU! It's awesome. Dave has it. Teehee.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News Briefs -- NO NEWS THIS WEEK
- HOST Has An Opinion
- Go to DerbyCon
- Parting Notes -- a few one-liners...
- Also go to SecTor next week.
- And bSidesTO this weekend.
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other.
- James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB005.mp3
Category: LSD_Podcasts
-- posted at: 7:22pm EDT
|
|
Mon, 23 September 2013
Episode -- SB004
With Dave Away Minions Play
Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News Briefs
- @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner
- Charlatan hijacks iPhone 5S fingerprint hack contest, fools press
- CCC uses traditional biometric smackdown techniques - and wins.
- From the annals of Schneier: Google knows passwords
- RSA to customers: Trust not the encryptions
- HOST Has An Opinion
- Focusing on the wrong thing.
- Parting Notes -- a few one-liners...
- Turing machine in Excel
- Did you know that there's a new Microsoft Surface? Do you care?
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB004.mp3
Category: LSD_Podcasts
-- posted at: 12:44pm EDT
|
|
Thu, 19 September 2013
Episode 0x31
Tinfoil Hats for EVERYONE
Short paragraph containing introductory material and a thanks to listeners (if reasonable)
Upcoming this week...
- Lots of News
- Paranoia / NSA
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Fingerprints as passwords: New iPhone Touch ID
- Skipping Ben's turn because he's really impressed about upcoming stories.
- Certification WTF: Payment Card Industry Professional (PCIP)
- WordPress < 3.6.1 PHP Object Injection
- Paranoia / NSA -- AKA "The BIG Breech of 2013"
- The NSA is a customer of VUPEN
- NIST says maybe don't use the ECC random bit thingie
- Wireless firms agree to give Ottawa ability to monitor calls, phone data
- No telco ever challenged NSA data collection
- New NSA Leak Shows MITM Attacks Against Major Internet Services
- EZpass is tracking you
- NSA Hacks Belgium
- NSA slurped bank records and credit card data
- Canada handed over control of crypto standard setting to the NSA
- NSA phone program is all legit
- FISA courts joining the FOIA party late
- SCADA / Cyber, cyber... etc
- Today Cyber means War but back in the 1990s...
- Hacker Group in China linked to big cyber-attacks
- Brazil and Argentina make a cyber pinkie pact
- DERP
- Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety'
- Twitter does link scraping
- PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust.
- Mailbag and/or Deep Dive
-
Hey LSD-P
I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them.
Nervously, Your Friend
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Crypthook
- ShmooCon CFP - Pay attention to the Proceedings
- Binary Risk Assessment
- FreedomBox
- The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti
- MOV is turing complete
- Meredith Patterson at 28c3 - The language of insecurity
- SimpleRisk: Enterprise Risk Management Simplified
- Browser fuzzing: introducing bamboo.js
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now.
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: oh jeremiah!!!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-31.mp3
Category: LSD_Podcasts
-- posted at: 2:04am EDT
|
|
Mon, 16 September 2013
Episode -- SB003
Thrice is NICE
Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB003.mp3
Category: LSD_Podcasts
-- posted at: 1:53pm EDT
|
|
Tue, 10 September 2013
Episode -- SB002
Twice is Nice
Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
|
|
Tue, 10 September 2013
Episode 0x30
Getting the band back together...
Because you know, it *IS* a weekly podcast afterall.
- Upcoming this week...
- Lots of News
- Kittens
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- TOR crypto might not be all that
- CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities
- Canadian Universities Navigate Learning Curve for New Copyright Rules
- SCADA / Cyber, cyber... etc
- Speculation on Bullrun (more NSA funtime)
- Zee germans say the NSAs can hack our berries and iThingies
- DERP
- Parallels pulls head into ass
- and just keeps pulling
- HP laptops comes with built in audio eavesdropping feature
- Mailbag
-
Hi LSD People
I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"?
Thanks, Naked Computer Nerd
Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas?
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Watch this video of a "drone's eye view" of Burning Man and look for Wintr
- MDM for free yaknow.
- Don't succumb to security nihlism
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... he's appearing in the materimonial chamber
- Wil: - Getting playa out of his areas...
- Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-30.mp3
Category: LSD_Podcasts
-- posted at: 12:41am EDT
|
|
Tue, 3 September 2013
Episode SB001
Something New Is Tried
Be gentle, this "security briefing" is a new format.
Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.
- Starting off this week...
- News news news...
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB001.mp3
Category: LSD_Podcasts
-- posted at: 11:56am EDT
|
|
Sun, 25 August 2013
Episode 0x2F
things happen
Anyone else think that it would be nice if life had a bit of regularity?
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe...
- Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit
- Hitting The Panic Button
- Breaches
- wifi baby monitors a bit hackable (surprise!!!!)
- Visa's alert of possible data breach impacts Rivermark Credit Union members
- SCADA / Cyber, cyber... etc
- US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again)
- DERP
- Source: New York Times Website Hit by Cyber Attack
- IAB urges people to stop “Mozilla from hijacking the Internet”
- Mailbag
-
Noob Advice?
I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available.
Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government.
If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience?
Or would remaining a civilian throughout school present me with more opportunities?
-Shane
Non-Noob Response
The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector.
Dave Kennedy - SET, TrustedSec, Derbycon, Awesome
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Stay tuned for "The Myrcurial Fund"
- PoC||GTFO
- Hacking mifare cards
- Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- In Closing
- Word of the Week -- cyber-spatula
- Movie Review -- The Nutty Professor 2
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it...
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2f.mp3
Category: LSD_Podcasts
-- posted at: 12:52pm EDT
|
|
Thu, 11 July 2013
Episode 0x2D
Nobody loves us.
It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will NOT be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- The web is a bad bad place
- SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact)
- The Future of Civil Disobedience Online
- OECD complaint against finfisher
- The personal side of taking on the NSA: emerging smears
- Breaches
- Facebook exposes itself
- Opera's breach lady sings
- 47k student teachers in Florida exposed
- SCADA / Cyber, cyber... etc
- So you want to be a CIP consultant.
- Australia decides not to be American
- DERP
- South Korea misidentifies China as cyberattack origin
- Mailbag
-
Hi,
Greetings!
Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns?
Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address.
If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details.
Best Regards,
Linda
Lead Generation
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Burp trips and tricks PDF
- Cyanogen mod gets secure messaging
- Running a Hackerspace
- Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
- MITM via PPTP
- Hacking monopoly
- Pentagon's failed flash drive ban policy: A lesson for every CIO
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here.
- Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute.
- everyday is CTF! go set up a team
- Hackfest registration is open
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Seacrest Says: Good night Kitten
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2d.mp3
Category: LSD_Podcasts
-- posted at: 12:42pm EDT
|
|
Tue, 18 June 2013
Episode 0x2C
This is the 49th time!
All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- OWASP Top 10 for 2013 is out
- What the NSA doesn’t have: iMessages and FaceTime chats
- Woz: This is not my America
- This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes)
- NSA leaks hint Microsoft may have lied about Skype security
- Breaches
- Head of U.S. Nuclear Security Agency hacked by "Guccifer"
- SCADA / Cyber, cyber... etc
- @c7five tweets on Cyberwar
- US FDA calls on medical device makers to focus on cybersecurity
- Trove of medical devices found to have password problems
- DERP
- Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread)
- TSA agent tells teen to 'cover herself'
- Sys-admin selfies courtesy of The Grugq
- Mailbag
-
I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay.
Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?
Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful.
Anonymous By Request
- The Deep Dive -- SETEC ASTRONOMY
- We Should All Have Something To Hide
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Disconnect raises 3.5mil
- Pimp My Own Matt - Doing a webinar 6/20
- CycleOverRide - Security Nerds on Wheels
- Sixth Annual Movie-Plot Threat Contest Semifinalists
- Hardvard Business Review talks infosec
- I'm hiring
- Loon
- How to make The Internet (from The IT Crowd)
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
- Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: Double ROT13 is NSA proof
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2c.mp3
Category: LSD_Podcasts
-- posted at: 2:29pm EDT
|
|
Tue, 11 June 2013
Episode 0x2B -- Or !2b
Nothin that we can't fix
Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2b.mp3
Category: LSD_Podcasts
-- posted at: 2:07pm EDT
|
|
Tue, 4 June 2013
Episode 0x2A -- Happy One Year Later
And we still suck at scheduling
Despite efforts to the contrary... we're still not good at this. We should be getting better.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2a.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Tue, 14 May 2013
Episode 0x29 -- Not just CrO2, but now with Dolby
Does anyone read show notes?
So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-29.mp3
Category: LSD_Podcasts
-- posted at: 1:21pm EDT
|
|
Thu, 9 May 2013
Episode 0x28 -- For Reals... it's here.
I SAID it's a weekly podcast
Life gets in the way of art. There's five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We're trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-28.mp3
Category: LSD_Podcasts
-- posted at: 4:34pm EDT
|
|
Thu, 11 April 2013
Episode 0x27 -- Wednesday is the new Monday
It's the podcast that never ends
We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using?
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be no DEEP DIVE -- our SCUBA gear is in the shop
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Kim Jong Un needs a snickers!!!
- Linksys Routers Screwed
- Bitcoin dDoS destroy world economy... nah (also bitcoin social engineering) (and skype bitcoin mining malware bot)
- Security BSides - Rochester
- Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share.
- Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight.
- DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages
- Breaches
- Vudu resets user passwords after hard drives lost in office burglary
- SCADA / Cyber, cyber... etc
- NIST CyberSecurity Framework Recordings
- Anonymous hacks DPRNK Twitter and Flickr
- Anonymous launches massive cyber assault on Israel Israel says: "Anonymous doesn't have the skills to damage the country's vital infrastructure" And fixes things up so that Anonymous' C&C plays "Hatikvah"
- USAF designates some of their software as CYBERWEAPONS
- Apparently there are CYBER-WEAPONS in the Korean Conflict
- Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus
- DERP
- Papa, m'entends tu?
- French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect
- Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation.
- IRS Doesn’t Deny Snooping Emails Without A Warrant
- Dongle-gate - this makes it so much clearer
- Mailbag / Bizarro Land
-
Subject:OMG, Arlen was right...
I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it... IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997!
I take it back. Anything coded in 1997 would be faster than Blackboard is today.
Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less... suck?
Thanks, -Jim
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Deutsche Telecom SOC big board
- Ingress - check it out
- Non-SSL active content on SSL pages is blocked by default in FireFox 18
- Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed
- The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel.
- In Closing
- Movie Review Die Hard 4 - It's a blast. Seriously. Quick, there's a fire sale.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: I have no mouth with which to scream
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-27.mp3
Category: LSD_Podcasts
-- posted at: 4:01pm EDT
|
|
Tue, 2 April 2013
Episode 0x26 -- The First Rule...
Ministry of Information Bulletin: Liquidmatrix is a weekly podcast.
While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results.
- Upcoming this week...
- Lots of News
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- To hack back or to not hack back The Grugg on Opsec for Hackers (how not get p0wned while p0wning)
- The dDoS to end all dDosssses that almost broke the ENTIRE internet, then again maybe not, but maybe sorta it did
- Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN'T HAVE IT.
- FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
- SCADA / Cyber, cyber... etc
- DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks
- FERC U MAD BRO ???? (PDF)
- Cyber Divers take Egypt offline (except it might have been a ship's anchor)
- First time that it looks like actual details were stolen
- The Reality of Attribution about Cyber Attacks
- Cyber Security: The Digital Arms Trade
- Cyber RFI for the Space Race
- Fukushima Cooling Knocked Offline By... a Rat... that ended badly
- DERP
- Security hole allows anyone to reset an Apple ID with email and DOB
- Mailbag / Bizarro Land
-
My official statement of begging for getting onto the Vegas party list. Thank you for your consideration.
Kris
-
Hello!
Any chance I can get a couple of tickets to the party? I'm an infosec "professional" from Vancouver BC. I've met some of you guys at various cons, Hope, Defcon, Derbycon.
thanks! Kevin
- The Deep Dive - Security Awareness Training
- Is Bruce ALWAYS right?
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Is OwnCloud Good Enough?
- Monitoring for humans
- Pimp myself - Top 10 Web Hacks
- Attempted child abduction thwarted when girl asks stranger for code word
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review: Wargames
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: "I kinda really wanted to jump in and slam him!"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-26.mp3
Category: LSD_Podcasts
-- posted at: 2:44pm EDT
|
|
Fri, 22 March 2013
Episode 0x25 -- The one with ALL the cybers
We're not sure why this keeps happening.
As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy!
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Krebs gets whacked And does some digging
- Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 - so another reason to stop using it)
- Hacked retailers up in arms over $13 million 'fine', Visa lands up in court
- It's Kali Time
- MCMC probes The Malaysian Insider over spyware story
- The Breach Report
- Second Factor FTW
- Philippines National Telecom Commission Defaced by Anon
- CCTV hack wins gamblers $33*10^6 (cue Ocean's 11/12/13)
- SCADA / Cyber, cyber... etc
- You Say: Cyber. I Say: Unsubscribe
- North Korea restores Internet access, blames US hackers
- Queensland police to use surveillance drones to combat crime ahead of G20 conference
- Federal Judge Finds National Security Letters Unconstitutional, Bans Them
- NERC 2012 Annual Report (pdf)
- Medical device hacking: The 6 lines of code that could bring down a hospital
- US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine
- U.S. Demands China Crack Down on Cyberattacks
- Who’s Really Attacking Your ICS Devices?
- DERP
- EC-Council goes off the deep end
- Mailbag / Bizarro Land
- Question:
Anyway, anyway, guys guys guys, come on. I'm in this computer, right. So I'm looking around, looking around, you know, throwing commands at it, I don't know where it is or what it does or anything. It's like, it's like choice, it's just beautiful, okay. Like four hours I'm just messing around in there. Finally I figure out, that it's a bank. Right, okay wait, okay, so it's a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street.
That was me. That was me. I did that.
- Answer:
What are you, stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything?
- The Deep Dive - Security Research and the Law
- Internet troll “weev” sentenced to 41 months for AT&T/iPad hack.
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- The Matrix in less than 600 bytes of JavaScript
- Branching breach impact model
- Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman)
- Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads.
- Microsoft to push Windows 7 Service Pack 1 to users starting March 19
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review Hackers
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: Dave says "screw you Cogeco"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-25.mp3
Category: LSD_Podcasts
-- posted at: 3:57pm EDT
|
|
Tue, 12 March 2013
Episode 0x24 -- The Robot Uprising
You'd think those worthless meatbag humans would be more respectful.
It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Pwn2Own: IE, Firefox, Chrome and Java go down ...and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben!
- Indian .gov puts bounty on botnet takedown
- China's internet backbone will have security features (also censorship) (SAVA)
- How Facebook Prepared to Be Hacked
- Having the MD5 hash of "123456" is probably not the best way to store passwords in your publicly searchable code on github... /via Thierry Zoller. (also don't put your twitter oauth keys in github)
- International Womens' Day - Don't forget Admiral Grace
- Freeze All The Robots: Put Android ICS in the freezer to break crypto
- Harvard sneaks through 16 Deans' email
- Deja vote: Iran blocks VPN use ahead of elections
- The Breach Report
- Another bitcoin exchange gets p0wned
- Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out)
- Pakistan .gov gets hacked
- SCADA / Cyber, cyber... etc
- Metasploit releases exploit module for Honeywell ICS that has a patch available
- Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be "Managed" Away
- US Military Advisory Panel Says Nuke a Cyber Attacker
- Reasons to depend on Kaspersky for ICS/SCADA operating systems -- EXCELLENT IPv6 STACKS
- BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO
- Cyberwar: you lack imagination
- DERP
- TELUS releases qualitive security survey (pdf link) - completely ignores science, math and proper research
- Survival of the fittest: Some data-breach victims can't be helped - but they enjoy reacharounds
- China points at USA and cries "you're stinky and mean"
- Mailbag / Bizarro Land
-
Dear Dudes of the Liquid
I found a vuln when I was browsing a company's website with w3af? Should I report it?
Yimmy, Warsaw
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- From Space Rogue - The Infinite Daft Loop - productivity in a can
- Play Donkey Kong as the Princess
- Browser sec
- Tripwire aquires nCircle
- Click to play!!!!
- Microsoft preps UPDATE EVERYTHING patch batch
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review Moon (it's all about clones - BTW spoiler alert)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: "Here's to a hoopy frood who really knew where his towel was." RIP Douglas Adams
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-24.mp3
Category: LSD_Podcasts
-- posted at: 3:24pm EDT
|
|
Thu, 7 March 2013
Episode 0x23 -- Post RSA Actual News
Recovery takes time. There has not been enough time.
There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep.
You might want to stay until the end of the show to hear about a CONTEST and something even cooler...
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Miniduke is older than we thought (Miniduke tells time in China)
- Cloudflare dDoS post mortem
- Google services should not require real names: Vint Cerf
- Oracle Issues Emergency Java Update
- Wireless brain sensor pack. Future - here we come!
- The Lightning Digital AV Adapter Surprise
- When will we trust robots?
- The Breach Report
- Evernote Security Notice: Service-wide Password Reset Evernote hacked: Emails, encrypted passwords stolen But it's ok, there will be 2 factor auth someday Critics say Evernote breach was avoidable.
- Envelopes mailed to 26k retired government employees in N.C. exposes SSNs
- Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary
- City of Owen Sound websites offline due to porn hack
- SCADA / Cyber, cyber... etc
- Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA)
- NEWS TO NO ONE: SANS SCADA and Process Control Security Survey - the state of the industry is discouraging
- Recent 10-Ks mentioning "cyber" incidents
- Canadian Anti-hacking agency slow to learn about Chinese cyberattack
- Symantec: work on Stuxnet worm started two years earlier than first thought
- SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
- DERP
- Jailed hacker allowed into IT class, hacks prison computers
- Nearly Every NYC Crime Involves Cyber, Says Manhattan DA
- Mailbag / Bizarro Land
-
Dearest Son,
Why do you people always talk about "the echo chamber"? What is the echo chamber for?
Love, Mom
- Deep Dive -
- Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Recon 2013 CFP opened
- APT 1 goes back years
- There's a vuln in sudo (yes, that sudo)
- Quick and dirty pcap slicing with tshark and friends
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- More news to follow
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early.
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- RIP Stompin' Tom We'll leave a light on.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: I'm drinking beer at HouSec bitches!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-23.mp3
Category: LSD_Podcasts
-- posted at: 1:43pm EDT
|
|
Sun, 3 March 2013
Episode 0x22 -- RSA is almost over...
Yes, we all survived, but RSAConflu hurts
So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over.
- For this week's special episode...
- Stupid Vendor tricks
- BSidesSF + harrassment
- Buzzword Bingo
- Speed Dating
- We Lost
- I've got 99 problems and Rich ain't one
- Brian "CyberPotato" Honan
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- No Notes due to SPECIAL REASONS
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review: No Review
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: I came for the booth babes and stayed for the bacon licking.
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-22.mp3
Category: LSD_Podcasts
-- posted at: 7:10pm EDT
|
|
Wed, 20 February 2013
Episode 0x21 -- In which we prepare for RSA
Are you ready for RSA? Packed 500 business cards and a spare liver?
There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Facebook unlikes being hacked (Ars Technica) (The Atlantic Wire) (NYT) (BH Consulting) (IBI Times) (Apple too) (watering hole located)
- Dutch MP fined for hacking medical system
- NASA makes an oopsy with its software update
- Kaspersky says "Trust us, we're good with software"
- McAfee responds to criticism of AV industry with OpsFail
- Telecom NZ cancels 60k Yahoo Xtra passwords amid attack
- Exclusive: The Burger King and Jeep Hacker Is Probably This DJ From New England
- Obama says share!!!
- The Breach Report
- Mandiant. That is all.
- Burger King twitter gets hacked
- SCADA / Cyber, cyber... etc
- Electricity Market 101 - SCADA isn't just about the electricity
- Turns out all that airgapping was just theoretical
- Cyber Medals for Cyber Warriors
- DERP
- MTV fakes their twotter account being haxored
- Mailbag / Bizarro Land
-
Hi,
I just wondered if the Liquid Matrix team would be interested in commenting on the subject of Digital Forensics with Infrastruture-as-a-Service Cloud environments?
....
Adam Robson
Answer from the team:
No
- Ben Rants
- Ben Loses His Mind. Also, would you like a cheap certificate?
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Securosis RSA Guide - 2013 Edition
- HDCP is dead, really
- Ronin
- Punk Spider - a searchable reference for web app vulns
- Magazine article on Chinese online takedown services gets taken down
- RoboPlow
- RoboSurgeon (warning - super gross - avoid)
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: Ben, Matt James and Dave attending RSA. James and Dave speaking at RSA-e10+. James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Come find us at RSA!
- Movie Review: Live Free or Die Hard (and you thought it was just a cyberwarfare training video)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: Am I the only one that crapped my pants when I heard a meteor hit russia?
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-21.mp3
Category: LSD_Podcasts
-- posted at: 10:08pm EDT
|
|
Wed, 13 February 2013
Episode 0x20 -- Can Dave count to 20?
Special Bonus Episode!
Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon!
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Password Dump stats for January 2013 and December for those curious
- LA Post serving Black Holes
- WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage)
- NIST 800-53 Rev4 is in Draft read it, comment on it.
- DHS declares 100 mile "4th Amendment Free" zone adjacent to US border
- Kaspersky update hoses Internet access for Windows XP users.
- Canadian Business Groups Lobby For Right To Install Spyware on Your Computer.
- The Everyday Agony of the Password
- Audacious Hack Exposes Bush Family Pix, E-Mail
- The Breach Report
- Bit9h got hacked!!!!
- SCADA / Cyber, cyber... etc
- Cyber Lobbists
- SCADA for the home players - turn the Belkin Wemo into a deathtrap
- Mailbag / Bizarro Land
-
Hi LSD crew... just finished 0x1E again and again, well done! Many thanks.
I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated.
Cheers guys Thomas
- Discussion - Keeping up with new technical developments
-
Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...)
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- If you permit USB keyboards or mice, you're permitting exfiltration
- Log stash book!!!
- Payment Card Industry clears up confusion over cloud use.
- Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert)
- Not done yet: Oracle to ship revised Java fix on February 19
- Jeremiah Grossman's Self Pwnage
- Another RoR SQLi vuln
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty)
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-20.mp3
Category: LSD_Podcasts
-- posted at: 2:23pm EDT
|
|
Tue, 12 February 2013
Episode 0x1F -- The Confusing Part Starts NOW
Can't wait till next week when Dave can start reading the episode numbers again!
I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy!
The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working?
These are all questions that you dear listener can answer. Let us know at mailbag@liquidmatrix.org. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE RETURN OF THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1F.mp3
Category: LSD_Podcasts
-- posted at: 4:54pm EDT
|
|
Thu, 31 January 2013
Episode 0x1E -- Absenteeism
Insert Subtitle Here
With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end.
- Upcoming this week...
- Lots of News
- Breaches
- No Scadas, no Matt, No Jamie
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- The RCMP says they have no intention of using their Drones for surveilance purposes.
- Rapid7 white-paper says 81 million descrete publicly routable addresses responded to UPnP poll, as recently as last year.
- Sony fined many many quid
- India bars ZTE, Huawei and others from sensitive government projects
- Govt Sites Hacked Following Arrest of Alleged Jember Hacker
- FBI going after potential leakers of Stuxnet info
- Breaches - The never ending never ending story...
- USSC.gov Hacked : pwned
- Hackers in China Attacked The New York Times for Last 4 Months
- Errata / DERP of the week award
- Barracuda!!!!
- More Fishy
- Mailbag / Bizarro Land
-
Hi all,
Just came across this crazy story.GitHub's new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it's not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user's account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub's search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile.
Reddit Thread
Keep up the good work!
-- Graham Sutherland
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Red teaming at a CCDC
- Honey Spider
- Whisper Systems' Spring Break of Code
- FTC Reaches Settlement Over Cord Blood Bank's Data Breach
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review Under The Tuscan Scan
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: vote SEACREST!!!!!... I mean LiquidMatrix
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1E.mp3
Category: LSD_Podcasts
-- posted at: 3:50pm EDT
|
|
Tue, 22 January 2013
Episode 0x1D -- Oops, We Did It Again
Sometimes, breaches happen to the nicest folks
A PSA on TFA!
TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn't tell my wife about it for a while because I thought that it would bring up the whole 'if you love me you'll share you password' argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well. Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I'll even use it on the train when I go to work, I don't care who sees me key in my OTP because I know TFA will keep me safe; it's a good feeling.
- Upcoming this week...
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1D.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Mon, 14 January 2013
Episode 0x1C -- The New Guy
That's audio episode 29 out of us - and so it's time to go gracefully into our middle age with a new guy.
We are pleased to announce that we're adding a new regular contributor to the Podcast - Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He's also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome - so make sure you tell him how awesome he really is -- @wintr on Twitter.
Normally there is an opportunity for witty goofing about here. This week, I'm taking the time to soapbox for a moment. If you're not aware of Aaron Swartz, you should be. Unless you're listening to this podcast by going directly to the website and downloading, it's his spec that's running the RSS you're using. Also, everything else. Here's a few links to get you thinking.
- Boing Boing / Cory Doctorow
- The Nation / Rick Perlstein
- Quinn Norton
- Lawrence Lessig
- Summary posting on The Laughing Squid
Upcoming this week...
- THE NEW GUY
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- and then our discussion topic - Planning for staff turnover?
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Under the Hood of DDoS attacks against banks
- Texas School Pupil who refused to wear RFID, loses appeal Disney Too!
- The Australians want to spy on us all
- Zeus Botmaster arrested
- Opsec for hackers by The Gruq
- Errors Mount at High-Speed Exchanges in New Year
- Thales DMCA takedown of manual
- Zero Day in Oracle Java 7
- Petition on "We The People" US government site seeks to legitimise DDoS as a form of civil protest Akamai CSO Andy Ellis tweets...
- TSA Once Again Considering Using Commercial Data To Profile Passengers
- Hack turns the Cisco phone on your desk into a remote bugging device
- Breaches - The never ending never ending story...
- "Oops we did it again" Canadian .gov looses 538,000 records
- Vicurex didn't listen to the Ruby on Rails warning
- Indonesian President's Web Site Hacked by Jember Hacker Team
- Hacker group exposes corruption in universities
- The SCADAs/ICS and Cyber
- PDF LINK: Update on 3S Codesys Multiple Vulns
- PDF LINK: SpecView Directory Traversal
- PDF LINK: Roxwell Automation Controllogix
- Errata / DERP of the week award
- Nokia is MITM'ing users
- Oracle + Java vuln slow repair = WTF
- Mailbag / Bizarro Land
- Hi Guys:
A good friend and CTO of a small oil & gas service firm has learned enough about infosec to be terrified. I blush to suggest I may have helped him along his journey. ;-) How about discussing how one locates & selects a pure fee-for-service consultancy to set a smallish firm on the straight & narrow? My friend's firm is well funded -- but myself, I have a prejudice against "big name" firms, so I will not be passing on any such recommendations to him. Thanks for the great podcast, Mark
- Sirs,
I listen regularly and really enjoy your podcast and the insightful, intelligent, sober analysis you provide. I must disagree with your assessment, in episode 1B, of the New York Times article Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt." It seems your analysis fell victim to the standard industry response to the piece, which, summed up, amounted to "duh, so what?" I would like to respectfully submit that the value of the article isn't so much its content, but the fact that it appeared in the Business Section of the New York Times that landed on my doorstep. It has long been well known in the information security community that antivirus was less than effective, but the fact that the Times ran an article indicting the industry, and served it up to lay people across the globe is a fairly significant event. The article begins: "the antivirus industry has a dirty little secret: its products are often not very good at stopping viruses," but the moment the Times went to press that fact was no longer secret. This type of mainstream media analysis could spell real trouble for an industry that has been struggling to find relevance in the modern threat environment, and the fact that popular media is beginning to get on the AV-bashing bandwagon does not bode well for the future of your favorite yellow swirly products. The PHB's of the world may not listen to their security officers, but they probably read the New York Times, which can change financial decisions for a company in significant ways. Cheers, Justin C. K. K.
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- If you go back and listen carefully to the entire podcast, there's a SECOND podcast hidden in the silence.
- Automating Security for developers from Mozilla
- effective approaches on app sec from etsy
- twitter on automating app sec
- 5 more tough security questions (and tips on answering them)
- Windows 8 RT Jailbreak
- Remember Aaron Swartz
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review Silver Linings Playbook
- Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: "goodbye Aaron, we're saddened by your passing, the world is a less brilliant place without you" International list of Suicide Hotlines For the rest of you - "depression is a flaw in chemistry not character"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1C.mp3
Category: LSD_Podcasts
-- posted at: 10:21am EDT
|
|
Wed, 9 January 2013
Episode 0x1B -- Happy New Year, Start Yer Complaining NOW!
That's audio episode 28 out of us - not too bad to start off the new year.
PITHY COMMENTARY
Upcoming this week...
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- DERPs!!!
- and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it)
And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News
- Privacy czar tries to find web surveillance bill solution
- Los Alamos nuclear weapons lab removes Chinese tech over spying concerns
- Facebook bug: Reset anybody's password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your "friends"
- Rails Fail Whale (Sail, Mail, Hail) ..and boom
- Software maker faces jail for other people using his software
- malware author on sploit buying spree
- Another "WE HACKED YOUR FULL DISC ENCRYPTION" by having physical access to the device. No shit. Really? Same as in 2005 people - never sleep a FDE machine, always hibernate or poweroff.
- From NYTimes - "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt" Really? No shit. Hmmm. I hadn't thought of that. (h/t Securosis)
- Breaches - The never ending never ending story...
- Raj Musicals - 12000
- SCMagazine (@SCMagazine) 2012-12-23 9:25 Here's a list of the top 8 breaches that took place in 2012.
- wiki.debian.org security breach
- Hacker at public works goes unnoticed
- Army says hacker got Fort Monmouth personal info
- The SCADAs/ICS and Cyber
- Industrial Control Systems Faced Nearly 200 Attacks: DHS
- Building a 21st Century Cyber Workforce
- Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs
- Secret Plan Aims to Defend Power Grid (Perfect Citizen)
- PDF LINK - Canada's National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond)
- CMaaS - Continuous Monitoring as a Service. WTF.
- ProfiNet fuzzer developed
- 29C3: SCADA Strangelove - an ICS talk with the wrong name on it. Good nonetheless
- Mailbag / Bizarro Land
- Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? - Mike, SC
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- 20+ best FREE security tools
- Yahoo DOM XSS
- Top 10 web hacking technique vote - 2012
- Honeydrive!
- An off premise browser
- NTLM Challenge Response is completely broken
- A couple of University of Washington courses on Coursera - If I was carrying fewer courses this semester, I'd be on these two.If you're a grandfathered CRISC, you might want to take these to fulfill your CPE's for 2013! Information Security and Risk Management in Context and Building an Information Risk Management Toolkit
- From BSI - PAS555: Cyber Security Risk - Governance and Management Specification
- OSINT Tools - Recommendations from Subliminal Hacking
- Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don't know how I missed this on kickstarter. MIght just order one anyways.
- The Slow Data Movement
- The Process Myth
- And lastly... WTF. Eugene is #8 on Wired's list of the most dangerous people in the world?
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- Movie Review not a movie, but go read Wool and it's prequels
- Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- And big news for next week, but it's still a secret.
- Seacrest Says: "INSERT SEACREST COMMENT HERE"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1B.mp3
Category: LSD_Podcasts
-- posted at: 9:27pm EDT
|
|