Wed, 18 May 2016
Episode 0x6C I'm bringing Six Cee Back... Oh yeah, bad joke from the start. Upcoming this week... - Lots of News
- Breaches?
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6C.mp3
Category: LSD_Podcasts
-- posted at: 9:41am EDT
|
|
Thu, 5 May 2016
Episode 0x6B SIX BEEEEEEEEEEEEE Ben, Wil, and Dave provide entertainment value that is also questionable. Upcoming this week... - Lots of News
- Breaches?
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6B.mp3
Category: LSD_Podcasts
-- posted at: 3:37pm EDT
|
|
Wed, 27 April 2016
Episode 0x6A
All about the VZ-DBIR
Ok. Not completely weekly. And sorry Mom that we missed last
week. We'll get it together.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion
allowed
And if you've got commentary, please sent it to
mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may
want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear,
this is the story of 5 opinionated infosec pros who have sufficient
opinions of their own they don't need to speak for anyone except
themselves. Ok? Good.
In this episode:
- News and Commentary
-
- Verizon's
2016 Data Breach Investigations Report
- How
Hacking Team got hacked (with a detailed writeup from
Phisher himself)
- U.K.
official confirms surveillance bill would let cops force companies
to decrypt data
- Katie
Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147
Vulnerability Disclosure
- How
iMessage distributes security to block “phantom devices”
- Breaches
-
- Philipines
got hacked... yes, a whole country
... by a 23 year old student
-
... and Mexico
- A
Bangladeshi bank got popped for (almost) a billion
(more analysis) (technical
analysis)
- SCADA / Cyber, cyber... etc
-
- UBER
META DATA US or something like that (Uber says gave U.S. agencies
data on more than 12 million users)
-
US Special Forces Are 'Dropping Cyberbombs' on ISIS
- DERP
-
-
Four hundred MILLION vulnerable Androids are out there
-
Microsoft sues US government over 'unconstitutional' cloud data
searches
-
The FBI paid more than $1 million to crack the San Bernardino
iPhone
-
Jeff Moss talks about grooming presidents
- Mailbag
-
- Making security a big "P" Profession
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
-
- Sadlock
Bug
- Listen to
Paul @dcept905 when he says interesting things on Twitter
- DevOps Days
Austin
- Setting
up a home malware lab
- Spy Chief Complains That Edward Snowden Sped Up
Spread of Encryption by 7 Years
- Upcoming Appearances: -- more gratuitous
self-promotion
-
- Dave: - Interop, RMISC,
HackMiami, NolaCon, SecurityFest, InfosecurityEU,
CircleCityCon
- James: - Not much until Vegas...
As far as I know.
- Ben: - A Cyber Insurance
conference. Listening. yes... really
- Matt: - DevOps Days Austin, DFIR
Summit, Vegas
- Wil: - CBC Calgary
- Other LSD Writers: - Shrug,
Dunno.
- Liquidmatrix Products and Services - We do some
stuff. Seriously.
-
- LSDP-Rawfeed - where
LSDP stories get posted (except Matt... and Dave... and Ben... and
Wil)
- Advertising - pay the bills...
-
- Thinking about SecTor this
October? Be sure to use the code "liquidmatrix2016" and save 10%
off the registration fee! Or if you've just got time to cruise the
SecTor Expo Hall, the code
"liquidmatrix2016expo" will get you in for $0
- Closing Thoughts
-
- Seacrest Says: Hey Ergodan - watch this you despotic little
arsehole this
Creative Commons license:
BY-NC-SA
Direct download: LSDPodcast-0x6A.mp3
Category: LSD_Podcasts
-- posted at: 11:25am EDT
|
|
Wed, 13 April 2016
Episode 0x69
Still Weekly!
Still difficult to get everyone together for a recording but damn, we're trying. Keep sending in your questions to mailbag@liquidmatrix.org and if you see one of us at a conference, ask nicely and we'll give you a sticker!
PS: The Security Intern joins us tonight - sorry you all can't see her commentary on the rest of the Liquidmatrix crew.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Badlock Bug Site Get out your Sad Trombones everyone. Steve Ragan Fulfils Curmudgeon Role - Badlock Hype Tero Hänninen calls bullshit in a simple way Network World notes that Microsoft doesn't think it's Logo-worthy
- Eset et al. Take down Mumblehard Linux/BSD botnet
- Breaking Google Captcha
- Investigating the Potential for Miscommunication Using Emoji
- California lawmakers take step toward outlawing 'ransomware'
- Breaches
- Security Flaws found in 3 state health insurance websites (THANKS OBAMA)
- Petya Ransomware Encryption Defeated
- SCADA / Cyber, cyber... etc
- Lockheed Martin - Integrated Infrastructure: Cyber Resiliency in Society
- OMGee - Canada is vulnerable, eh?
- FBI Claims that businesses have lost $2.3 Billion to Email Scams from October 2013 to February 2016
- DERP
- Maynor Fixes All The Maps - MaxMind and Default Locations in GeoIP
- Misconfigure your way to Panama Success
- Mailbag
- Compliance is the Naturopathy of Information Security - DISCUSS.
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Random MAC addresses not enough...
- Integrating Bro IDS with the Elastic Stack
- Dealing with Digital Death
- Automating thought leadership
- Scan Onion Services for Security Issues
- Submit to the SecTor CFP!Early acceptance deadline is Sunday April 17 - final deadline is August 14th
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - NAB Show, Interop, RMISC, HackMiami, NolaCon
- James: - Desperately working on new material for Blackhat Cloud Security Training
- Ben: - Vogon poetry reading
- Wil: - Remedial HTML for beginners (Cue Jamie's rant here)
- Other LSD Writers: - Really?
- Advertising - pay the bills...
- Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0
- Next Week - because we'll be here next week!
- We'll be discussing the idea of making cyber a regulated profession. Send us your thoughts. Also, California, what's up with that?
- Closing Thoughts
- Seacrest Says: Cause, baby, now we got badlock
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x69.mp3
Category: LSD_Podcasts
-- posted at: 1:08pm EDT
|
|
Wed, 6 April 2016
Episode 0x68
Weekly Monthly Somethignly
At least a few of the boys are back to whine, bitch and moan.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x68.mp3
Category: LSD_Podcasts
-- posted at: 12:11pm EDT
|
|
Fri, 1 April 2016
Episode 0x67
The One With The Stunt Double
Hey, James here. The boys recorded this one without me and managed to really munge up the audio. My apologies. For what it's worth, this is what happens when Dave and Wil are in charge.
Upcoming this week...
- Lots of News
- Breaches
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x67.mp3
Category: LSD_Podcasts
-- posted at: 11:39am EDT
|
|
Wed, 2 March 2016
Episode 0x66
The One Where Ben and Jamie Aren't At RSAC
So the rest of the gang are out playing in either San Fran or Calgary. You get what's left over - actual security professionals doing actual security work.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x66.mp3
Category: LSD_Podcasts
-- posted at: 11:39pm EDT
|
|
Wed, 17 February 2016
Episode 0x65
Ben and Matt Screw Up HTML
Thanks Matt-Dave, this is Ben-Jamie for episode 0x65 (82 for those of you not good with the hexa-ma-decimal) and we're down a bunch of peope tonight but that's okay because we're super committed (except Wil, he's doing who knows what somewhere). Tonight we've got a lot of news about vulns and then a brief stroll through the cybers, derps and mailbags before calling it a night. Hey Matt, what's in the news?
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x65.mp3
Category: LSD_Podcasts
-- posted at: 5:51pm EDT
|
|
Wed, 10 February 2016
Episode 0x64
FIVE Golden Digests...
Yup, back again. Actually a thing. There's even some people here to talk to you about security things. And whining. Also, fuck you Skype.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - RSA, CSA Summit 2016 (Slovenia), FIRST ...25th?
- James: - I work. A lot.
- Ben: - Also works. A lot.
- Matt: - There is no Matt.
- Wil: - Doesn't work so much... Rehearsing for Radioheaded (again...), more CBC news coming...
- Other LSD Writers: - There is no Other Writers
- Closing Thoughts
- Seacrest Says: Eggplant
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x64.mp3
Category: LSD_Podcasts
-- posted at: 3:15pm EDT
|
|
Wed, 3 February 2016
Episode 0x63
May The Forth Be With You!
Dave's here. Wil's here. Matt's here. Ben's here. I'm here. There's a guest (or two) HOLY CRAP IT'S A REGULARLY SCHEDULED LIQUIDMATRIX PODCAST. Also, Dave claims he's fixed the website - we'll see how that goes.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Lessons Learned from the Java Deserialization Bug ( Apache Nose Job that Ben mentioned - everything old is new again)
- Let's talk a bit about privacy on Tor
- Baby Monitors live in New York!
- 2016 Social Security Blogger Award Voting is Open Now
- Security Firm Norse Corp. Imploding Threat Butt
- Breaches
- Let's just assume that there have been some.
- SCADA / Cyber, cyber... etc
- The Muricans are invading Canada's all bran fibre (h/t @ultramegaman)
- Israel got hacked by the NSA and James Bond
- Go get your prescriptions from these guys
- Curmudgeon's Corner
- The latest from Internet Curmudgeons -- tonight Spacerogue - YES THAT SPACEROGUE!
- DERP
- Developers Accidentially Ship Dropbox and Gmail Logins - Motorola
- HSBC succesfully defends against DDoS but is offline
- Security researcher finds 'backdoor' to MediaTek processors
- Tavis wrecks Comodo
- Mailbag
-
Gentlemen,
First let me say how happy I am that the Liquidmatrix podcast is pushing out new episodes in 2016. I look forward to listening more.
That said I find I must take exception to the "Mailbag" commentary in Episode 61.
<rant>
What definition of "enterprise" are you using?
I will heartily endorse that Matt is an "awesome" hacker and that the toolkit he is building at the startup he's at is likely totally awesome. But in what world is a startup also an enterprise?
Startups use homebrew and open source systems because they are cash-short and it makes more business sense (meaning a combination of financial, risk, compliance, and resource sense) to build versus buy.
But any true enterprise CISO that used a SIEM built by one of their team members is (using the language of the kids today) “smoking crack”.
Why? Allow me to expand the thought.. Assume Matt works for me at an $8B company and I adopted the SIEM platform he developed versus using MSSP or SIEM…
1. As the company grows the amount of time Matt will need to spend building connectors and enhancing the system will continue to grow. Matt will need to take time away from actual security (which is what I hired him for in the first place) and act more like a developer than a security staff member. Is that the best use of his limited time? I doubt it. 2. Some compliance regimes (yeah, I know, I can hear the complaints now but at the enterprise level this stuff matters) require systems you rely on for security to “have support”. I’m not a development shop! I do security for a company that makes widgets! Crap – now I have a finding in my external audit and my PCI assessor is twitching. 3. What happens when Matt gets bored (and he will – all good hackers do after a period of time) and leaves the company? Who’s going to support this thing? Now I have to go find an equally awesome hacker (not an easy prospect these days) and hope they can support this now critical piece of security infrastructure. There is a very real possibility that the system will degrade into a useless piece of crap before I can find someone to take over… That’s potentially devastating as I have *nothing* to fall back on.
Are you seriously asking me to sign up for this amount of risk? REALLY?
</rant>
Homebrew and open source security tools have their place and properly used are likely viable solutions in the startup/SMB space. Use in a true enterprise, IMO, is likely going to add so much risk that the cash expense of $VENDORPRODUCT is very much worth it.
Keep up the good podcast work, y’all. I look forward to more episodes.
Martin Fisher
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Michael Geist on the TPP
- Internet Link Tester / Validator w/ Raspberry Pi (or any Linux)
- Maximum Absorbency Garment
- Bill Clinton has used email once or twice. Nope just twice.
- Safe Harbour 2 is here
- Google's Vulnerability Reward Program paid out more than $2 million in 2015
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- Messages from our Sponsors
- We really need to have more projects
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - RSA, ATLSECCON, NAB, Interop, Bill's thong shop
- James: - Currently nothing till Vegas.
- Ben: - At home
- Matt: - RSA? Maybe? Come buy me beer during SXSW
- Wil: - Waiting to take OSCP...
- Other LSD Writers: - Apparently bloggering...
- Closing Thoughts
- Seacrest Says: Out.
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x63.mp3
Category: LSD_Podcasts
-- posted at: 10:25am EDT
|
|