Episode 0x18-- How Do You Spell Aguardiente?

Beginning the end of 2012 - Because it's time to start making up lists of resolutions that we're not going to follow.

Dave developed a new giggity move, it's called "the kasperskian" - y'all should consider it a way to buy votes that this is an audio only podcast.

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-18.mp3
Category:LSD_Podcasts -- posted at: 1:24pm EDT

Episode 0x17-- Turkey Time

We're going to try to keep this one relatively short. Seriously.

Of course, it's a day late because I did a boo boo on the recording. Don't ask.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • News
    1. Hack any skype account in 6 easy steps
    2. FACEBOOK SSL FOR EVERYONE
    3. Linux rootkit doing iFrame injections  [Full Disclosure]  [CrowdStrike]
    4. Dissecting a Facebook Scam
    5. Telstra - still can't get security right
    6. Killing 4G networks with a suitcase radio thingy
    7. Wikid Publishes free eGuide on adding 2factor
    8. Web Engineer's Online Toolbox
  • Breaches - The never ending never ending story...
    1. FreeBSD intruded upon
    2. Skype
    3. Adobe
    4. NASA - good at going to Mars, not so much at keeping laptops safe
    5. Health facilities in Mass and RI lose tapes
  • The SCADAs
    1. (WARNING: PDF) From Luigi Auriemma - ABB has problems that look like CoDeSys
    2. Obama signs secret directive to help thwart cyberattacks
  • Errata / DERP of the week award
    1. United States on Brink of Major Cyber Attack, Industry Executive Predicts  Deloitte Center for Cyber Innovation
  • Mailbag / Bizarro Land
    1. RE: Canadian Satellites

      Hey guys.
      Thanks for the shout-out in Episode 14 regarding the Diginotar report.
      Unfortunately I'm going to have to award you guys a mini-derp award for your comments that same episode on the story about the Canadian Navy buying satellite services from Inmarsat as satellites just happen to be my area of expertise. Yes, Canada does have its own communications satellites.
      They are managed by a company called Telesat.
      However, they are not of use to the Canadian Navy because they are located in the wrong place, operate on the wrong frequencies, and provide the wrong types of services for what the Navy needs. Communications satellites of this type operate in the geostationary belt (GEO), an orbit around the Equator 36,000 km above the Earth.
      The radio spectrum in this orbit is pretty congested, so early on international regulation of the satellites in this orbit and the spectrum they use was given to an organization called the ITU. Countries apply to the ITU for specific orbital slots and frequencies in the GEO belt and then license those to their companies. Canada has slots over North America and associated frequencies that are used by Telesat for what's called Fixed Satellite Services (FSS) - mainly broadcast TV and a host of communications services to remote communities in northern Canada. But these frequencies and antenna patterns are not what's used for mobile communications, nor does Canada have any satellite slots in other locations to provide global coverage which is kinda important for ships. Inmarsat on the other hand has the slots and frequency allocations to specialize in Mobile Satellite Services (MSS). They have a fleet of satellites located at various points around the Equator to give global coverage and the types of frequencies and coverage to provide mobile services to ships. Pretty much if you're operating a ship you're going to buy services from Inmarsat. More: Telesat and Inmarsat

      Brian W.

    2. Skyrim Jokes

      Hey guys, I don't have any Skyrim jokes but do have an odd anecdote for you. While playing Skyrim and listening to the LSD, I've found that I _have_ to turn off the xbox kinect controls or else bad things happen. Apparently Matt's voice is finely tuned as a Weirding Word. I'll be merrily bopping around a character in a dungeon of some type when, all of a sudden, a dragon shout get kicked off and kills all attempts at stealth that I've been trying to muster. It's only Matt's voice that kicks off the shouts. Take that for what you will. John D.

      Fus Roh Dah!
    3. Wrong questions being asked about security involvement in PMO/SDLC work

      Hey guys, I'm listening to 0x15 and a question made in there really got in between my teeth. "Does making security part of the SDLC make the software more secure?" is the wrong question to be asking. Whether or not having risk evaluations or threat modeling part of the SDLC should be a concern but not the approach I've found work when I've introduced it into the SDLCs of which I've been involved. Let's break out of our security cliques for a moment and realize that ultimately many of use tell ourselves that what we do matters in order to justify the dissonance we have in our brains for putting up with the crap we do because we actually enjoy what we do, for the most part. By and large, we're not altruists. Having the guts to come out and say "Yeah, I know what I do for an organization rarely makes the world a better place, but gosh darn it I like/love what I do." can go a long way to asking the right questions to keep ourselves employed and pertinent to the business that pays us to do cool things. Once you get out of the "what I do is important, dammit" mindset, asking the following question better serves us as a whole. Does making security part of the SDLC/project/product make the business more money or save the business more money had it not been part of the SDLC/project/product as much as we're pushing? If you can justify the change, you can be relatively assured that someone in charge of playing with the moneys with listen. Phrasing the question that way also lends to promoting the idea to the money people that what they do is ultimately important and feeds their own dissonance hating mechanisms. John D. P.S. This approach has also saved me from the dreaded infosec burnout.

  • In Closing
    1. Movie Review Matt saw Twilight - point and laugh!
    2. We do research too - Ben's running a survey and will publish results. Check it out!
    3. The Security Conference Library
    4. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
    5. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
    6. Upcoming Appearances: James at SecurityZone in Cali, Colombia
    7. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
    8. Seacrest Says: "go do bad bad things to a turkey"

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-17.mp3
Category:LSD_Podcasts -- posted at: 4:44pm EDT

Episode 0x16-- One Time, At Security Camp...

There's too much news. We need to do MORE podcasts!

Also, it's time to say goodbye Mitt!!! Can't say as we're sorry to see you go, but yaknow.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic -- hunting dirty traitor rat bastids!!!

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-16.mp3
Category:LSD_Podcasts -- posted at: 5:34pm EDT

Episode 0x15 -- So Much News...

Pre-election Bets Are Off

Starting off this week with a couple of Con Reports - Ben, you go first... how was HackFest? ((wait)) and Dave - what was the high point of your HackFest experience? ((crickets))

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic -- Security in a Project Context

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-15.mp3
Category:LSD_Podcasts -- posted at: 3:14pm EDT

Episode 0x14-- Happy Birthday Mr. Gattaca... we'll vote for you too.

There's interesting things afoot. Y'all should pay attention.

This is the 21st episode for those of you that don't have 16 fingers. Not sure we should be revealing this yet, but it's going to be a wild winter solstice celebration this year. The southern folk at Southern Fried Security and this gang of teenage malcontents are up to no good. Well, actually extra special good. Let me sum up - it's Security Charity... Gangnam Style.

Stay tuned for the carnage.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--Disaster Recovery

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-14.mp3
Category:LSD_Podcasts -- posted at: 1:58pm EDT

Episode 0x13 -- the 20th episode for those of you that don't have 16 fingers

The Pirate Bay is in the clouds, but we got here first, so suck it!!!

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic - Responsible Disclosure

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-13.mp3
Category:LSD_Podcasts -- posted at: 6:19pm EDT

Episode 12 -- These are the Daves I know I know

He claims it's not his fault he missed an episode...

Yes, we're still doing a podcast. Lots of you listen. It's kinda awesome. We promise to be more awesome in the future.

And tonight, let us regale you with tales of:

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. …and then our discussion topic - IDS IS DEAD

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-12.mp3
Category:LSD_Podcasts -- posted at: 6:24pm EDT

Episode 11 -- Dave's Away

w00000000000000000t!

Hey Everyone, welcome to the Liquidmatrix Security Podcast - Episode 0x11 or the 18th recording for those who don’t start with zero and are not good at Hexadecimal - or math, like us.

Everyone showed up except Dave. Something about Canadian Thanksgiving causing a Turkey Coma. We manage to struggle through without him. Actually, we think the show turned out just fine. We don't need no stinkin' Dave.

And tonight, let us regale you with tales of:

  1. LOTS OF NEWS
  2. Breaches
  3. SCADAs
  4. Errata
  5. …and then our discussion topic - the con report SecTor and Derbycon

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-11.mp3
Category:LSD_Podcasts -- posted at: 5:48pm EDT

Episode 10 -- It's Special

recorded live at SecTor 2012

There is no Matt. Again. So we found a replacement. As it turns out, pretty much any American who's name starts with "M" will do. Huge thanks to Mike Rothman for helping out with the madness.

This discussion has only the four topics:

  1. Summer of Breaches
  2. Cyber
  3. authN / authZ
  4. Compliancy

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-10.mp3
Category:LSD_Podcasts -- posted at: 6:47pm EDT

Episode F -- Aboot that

it's not a boot, it's just a really big shoe

Matt won’t be joining us tonight, it’s Ben’s fault. A quick shout out to Jimmy Vo, you will need approximately 15 or F shot glasses for this episode.

Aboot, Aboot, Aboot, Aboot!

And tonight, let us regale you with tales of:

  1. More Malware
  2. Less Malware
  3. The SSL monsters
  4. Ry-Hi
  5. Twitter
  6. GoDaddy
  7. Breaches
  8. SCADAs
  9. …and then our discussion topic - what happens after the bad thing happens

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-F.mp3
Category:LSD_Podcasts -- posted at: 7:30pm EDT



-->

Syndication

Categories

Archives

March 2024
S M T W T F S
     
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31