Liquidmatrix Security Digest Podcast (lsd_podcasts)

Episode  -- SB005

CON FLU!

CON FLU! It's awesome. Dave has it. Teehee.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs -- NO NEWS THIS WEEK
1. HOST Has An Opinion
1. Go to DerbyCon
2. Parting Notes -- a few one-liners...
1. Also go to SecTor next week.
2. And bSidesTO this weekend.
3. Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other.
2. James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
5. Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode  -- SB004

With Dave Away Minions Play

Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner
2. Charlatan hijacks iPhone 5S fingerprint hack contest, fools press
3. CCC uses traditional biometric smackdown techniques - and wins.
4. From the annals of Schneier: Google knows passwords
5. RSA to customers: Trust not the encryptions
6. HOST Has An Opinion
1. Focusing on the wrong thing.
7. Parting Notes -- a few one-liners...
1. Turing machine in Excel
2. Did you know that there's a new Microsoft Surface? Do you care?
8. Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
9. Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
10. Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x31

Tinfoil Hats for EVERYONE

Short paragraph containing introductory material and a thanks to listeners (if reasonable)

Upcoming this week...

1. Lots of News
2. Paranoia / NSA
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Fingerprints as passwords: New iPhone Touch ID
2. Skipping Ben's turn because he's really impressed about upcoming stories.
3. Certification WTF: Payment Card Industry Professional (PCIP)
4. WordPress < 3.6.1 PHP Object Injection
• Paranoia / NSA -- AKA "The BIG Breech of 2013"
1. The NSA is a customer of VUPEN
2. NIST says maybe don't use the ECC random bit thingie
3. Wireless firms agree to give Ottawa ability to monitor calls, phone data
4. No telco ever challenged NSA data collection
5. New NSA Leak Shows MITM Attacks Against Major Internet Services
6. EZpass is tracking you
7. NSA Hacks Belgium
8. NSA slurped bank records and credit card data
9. Canada handed over control of crypto standard setting to the NSA
10. NSA phone program is all legit
11. FISA courts joining the FOIA party late
• SCADA / Cyber, cyber... etc
1. Today Cyber means War but back in the 1990s...
2. Hacker Group in China linked to big cyber-attacks
3. Brazil and Argentina make a cyber pinkie pact
• DERP
1. Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety'
2. Twitter does link scraping
3. PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust.
• Mailbag and/or Deep Dive

1. Hey LSD-P

   I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them.

   Nervously,
   Your Friend

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Crypthook
2. ShmooCon CFP - Pay attention to the Proceedings
3. Binary Risk Assessment
4. FreedomBox
5. The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti
6. MOV is turing complete
7. Meredith Patterson at 28c3 - The language of insecurity
8. SimpleRisk: Enterprise Risk Management Simplified
9. Browser fuzzing: introducing bamboo.js
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
6. Seacrest Says: oh jeremiah!!!

Creative Commons license: BY-NC-SA

Episode  -- SB003

Thrice is NICE

Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Argentina arrests teen hacker who netted $50,000 a month
2. NSA gets data from Germany’s domestic security agency - reports
• HOST Has An Opinion
1. Exam Protection. Really. CISSP issues. :) because Dave can't talk about it
• Parting Notes -- a few one-liners...
1. Firewall Management Essentials: Change Management
2. The end of kindness: Weev and the cult of the angry young man
3. The Road Warrior's Lament: In Search Of The Perfect Carry-On
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Speaking at Deepsec in Austria and maybe bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon...
5. Wil: - Getting playa out of his areas...
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode  --  SB002

Twice is Nice

Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Vulnerability bureaucracy: Unchanged after 12 years
2. Crypto prof asked to remove NSA-related blog post
3. ZMap: Fast Internet-wide Scanning and Its Security Applications (22nd USENIX Security Symposium)
4. Downloading ZMap
5. Dave Has An Opinion
1. It's time to plan to fail.
6. Parting Notes  --  a few one-liners...
1. Republic of India has published all of their standards, including Infosec... and ISO 27000 series - for FREE
2. Safe and Secure Online - Internet Safety for Kids from (ISC)^2
3. Installing Dropbox? Prepare to lose ASLR.
4. "Here Be Dragons", Keeping Kids Safe Online
7. Liquidmatrix Staff Projects  --  gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES)  and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
8. Upcoming Appearances:  --  more gratuitous self-promotion
1. Dave:  -  Attending Derbycon, HITB Malaysia and bsidesTOspeaking at Security Congress in Chicago, Deepsec in Austria. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James:  -  Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben:  -  Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt:  -  Still on his honeymoon...
5. Wil:  -  Getting playa out of his areas...
6. Other LSD Writers:  -  Chris Sistrunk speaking at EnergySec in a couple of weeks.
9. Advertising  -  pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x30

Getting the band back together...

Because you know, it *IS* a weekly podcast afterall.

1. Upcoming this week...
2. Lots of News
3. Kittens
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag
6. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. TOR crypto might not be all that
2. CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities
3. Canadian Universities Navigate Learning Curve for New Copyright Rules
• SCADA / Cyber, cyber... etc
1. Speculation on Bullrun (more NSA funtime)
2. Zee germans say the NSAs can hack our berries and iThingies
• DERP
1. Parallels pulls head into ass
2. and just keeps pulling
3. HP laptops comes with built in audio eavesdropping feature
• Mailbag

1. Hi LSD People

   I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"?

   Thanks, Naked Computer Nerd

   
   

   Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas?

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Watch this video of a "drone's eye view" of Burning Man and look for Wintr
2. MDM for free yaknow.
3. Don't succumb to security nihlism
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... he's appearing in the materimonial chamber
5. Wil: - Getting playa out of his areas...
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding

Creative Commons license: BY-NC-SA

Episode SB001

Something New Is Tried

Be gentle, this "security briefing" is a new format.

Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.

1. Starting off this week...
2. News news news...

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Microsoft and Google to sue over US surveillance requests
2. An IT Flaw Has Let Unauthorized Users Exploit Army PCs for Years
3. UK asked N.Y. Times to destroy Snowden material
4. Unpatched Mac bug gives attackers “super user” status by going back in time

• Parting Notes  -- 
1. NIST releases draft of security framework
2. Akamai gets FedRAMP approval
3. Innovation And The Law Of Unintended Consequences
• Liquidmatrix Staff Projects
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: Dave will be attending Security Congress, in Chicago then on a plane to Derbycon, HITB in Malaysia, Deepsec in Austria and Hackfest in Quebec City. James will be speaking at Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
5. Hackfest registration is open
6. BSides Toronto!!!!
7. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
• In Closing
1. Word of the Week -- cyberrrrific
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x2F

things happen

Anyone else think that it would be nice if life had a bit of regularity?

1. Upcoming this week...
2. Lots of News
3. Kittens
4. Breaches
5. SCADA / Cyber, cyber... etc.
6. finishing it off with DERPs/Mailbag and
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe...
2. Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit
3. Hitting The Panic Button
• Breaches
1. wifi baby monitors a bit hackable (surprise!!!!)
2. Visa's alert of possible data breach impacts Rivermark Credit Union members
• SCADA / Cyber, cyber... etc
1. US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again)
• DERP
1. Source: New York Times Website Hit by Cyber Attack
2. IAB urges people to stop “Mozilla from hijacking the Internet”
• Mailbag

1. Noob Advice?

   I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available.

   Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government.

   If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience?

   Or would remaining a civilian throughout school present me with more opportunities?

   -Shane

   
   

   Non-Noob Response

   The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector.

   Dave Kennedy - SET, TrustedSec, Derbycon, Awesome

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Stay tuned for "The Myrcurial Fund"
2. PoC||GTFO
3. Hacking mifare cards
4. Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator
• Liquidmatrix Staff Projects
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
5. Hackfest registration is open
6. BSides Toronto!!!!
7. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
• In Closing
1. Word of the Week -- cyber-spatula
2. Movie Review -- The Nutty Professor 2
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it...

Creative Commons license: BY-NC-SA

Episode 0x2D

Nobody loves us.

It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.

1. Upcoming this week...
2. Lots of News
3. Kittens
4. Breaches
5. SCADA / Cyber, cyber... etc.
6. finishing it off with DERPs/Mailbag and
7. There will NOT be a DEEP DIVE
8. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. The web is a bad bad place
2. SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact)
3. The Future of Civil Disobedience Online
4. OECD complaint against finfisher
5. The personal side of taking on the NSA: emerging smears
• Breaches
1. Facebook exposes itself
2. Opera's breach lady sings
3. 47k student teachers in Florida exposed
• SCADA / Cyber, cyber... etc
1. So you want to be a CIP consultant.
2. Australia decides not to be American
• DERP
1. South Korea misidentifies China as cyberattack origin
• Mailbag

1. Hi,

   Greetings!

   Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns?

   Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address.

   If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details.

   Best Regards,

   Linda

   Lead Generation

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Burp trips and tricks PDF
2. Cyanogen mod gets secure messaging
3. Running a Hackerspace
4. Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
5. MITM via PPTP
6. Hacking monopoly
7. Pentagon's failed flash drive ban policy: A lesson for every CIO
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here.
2. Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute.
3. everyday is CTF! go set up a team
4. Hackfest registration is open
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
6. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
7. Seacrest Says: Good night Kitten

Creative Commons license: BY-NC-SA

Episode 0x2C

This is the 49th time!

All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. OWASP Top 10 for 2013 is out
2. What the NSA doesn’t have: iMessages and FaceTime chats
3. Woz: This is not my America
4. This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes)
5. NSA leaks hint Microsoft may have lied about Skype security
• Breaches
1. Head of U.S. Nuclear Security Agency hacked by "Guccifer"
• SCADA / Cyber, cyber... etc
1. @c7five tweets on Cyberwar
2. US FDA calls on medical device makers to focus on cybersecurity
3. Trove of medical devices found to have password problems
• DERP
1. Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread)
2. TSA agent tells teen to 'cover herself'
3. Sys-admin selfies courtesy of The Grugq
• Mailbag

1. I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay.

   Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?

   Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful.

   Anonymous By Request

• The Deep Dive -- SETEC ASTRONOMY
1. We Should All Have Something To Hide
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Disconnect raises 3.5mil
2. Pimp My Own Matt - Doing a webinar 6/20
3. CycleOverRide - Security Nerds on Wheels
4. Sixth Annual Movie-Plot Threat Contest Semifinalists
5. Hardvard Business Review talks infosec
6. I'm hiring
7. Loon
8. How to make The Internet (from The IT Crowd)
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
2. Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: Double ROT13 is NSA proof

Creative Commons license: BY-NC-SA