Episode 0x73

Surprise! Happy Holidays

Are you having a happy holiday? Listen to us and you'll have a happy holiday.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x73.mp3
Category:LSD_Podcasts -- posted at: 11:01pm EDT

Episode 0x72

SPECIAL ELECTION EDITION

Vote Dave... please?

Upcoming this week...

  1. We yammer about stuff with no real direction or point.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x72.mp3
Category:LSD_Podcasts -- posted at: 11:18am EDT

Episode 0x71

Um... We're back?

I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon?

Upcoming this week...

  1. /dev/random

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • We totally forgot show-notes

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x71.mp3
Category:LSD_Podcasts -- posted at: 4:20pm EDT

Samy Kamkar - PoisonTap - https://samy.pl/poisontap/

RCMP want an iphone unlocker - http://www.cbc.ca/news/investigates/police-power-privacy-encryption-1.3856375

Discussion paper - https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-scrt-grn-ppr-2016-bckgrndr/index-en.aspx

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x1E.mp3
Category:LSD_Television -- posted at: 5:18pm EDT

More Travels With Dave...

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x1D.mp3
Category:LSD_Television -- posted at: 10:34am EDT

Reporting on the infosec implications of Walt Disney World...

https://disneyworld.disney.go.com/
https://www.wired.com/2015/03/disney-magicband/

http://www.nytimes.com/1998/08/20/technology/roller-coasters-take-a-ride-from-wild-to-wired.html
http://www.rockwellautomation.com/global/industries/entertainment/overview.page
http://dsicontrols.com/amusement.html

Direct download: mini0x1C.mp3
Category:LSD_Television -- posted at: 8:50am EDT

Dave is actually alive. We have video proof.

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x1B.mp3
Category:LSD_Television -- posted at: 12:00pm EDT

No notes.

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x1A.mp3
Category:LSD_Television -- posted at: 12:00pm EDT

https://2016.pycon.ca/en/

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x19.mp3
Category:LSD_Television -- posted at: 12:00pm EDT

Russian Hacker group responsible for DNC Hack is at it again - https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/

Russian banks getting hit back by DDoS Attack - https://themoscowtimes.com/news/ddos-attack-hits-russian-banks-56077

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x18.mp3
Category:LSD_Television -- posted at: 12:00pm EDT

(Ben didn't do show notes)

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x17.mp3
Category:LSD_Television -- posted at: 11:00am EDT

MS16-137 - https://g-laurent.blogspot.ca/2016/11/ms16-137-lsass-remote-memory-corruption.html?m=1

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x16.mp3
Category:LSD_Television -- posted at: 6:46am EDT

Tesco was breached - https://www.google.ca/amp/www.bbc.co.uk/news/amp/37907441

The grugq on Security, Cyber, and Elections - https://medium.com/@thegrugq/security-cyber-and-elections-part-1-cd04de8ed125#.9dtgkxkut

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x15.mp3
Category:LSD_Television -- posted at: 6:43am EDT

http://www.mprnews.org/story/2016/11/07/npr-how-hostile-nation-could-disrupt-election

 

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x14.mp3
Category:LSD_Television -- posted at: 6:39am EDT

Nobody knew what CSIS was up to - http://www.cbc.ca/beta/news/politics/what-you-need-to-know-about-csis-metadata-1.3837104

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x13.mp3
Category:LSD_Television -- posted at: 6:35am EDT

Matthew Keys is in jail for not giving up a source - http://arstechnica.com/tech-policy/2016/11/speaking-from-prison-incarcerated-reporter-maintains-innocence/

Go Secure botnet analysis - https://gosecure.net/2016/11/02/exposing-the-ego-market-the-cybercrime-performed-by-the-linux-moose-botnet/

Blackhat EU talks - https://www.blackhat.com/eu-16/

getting root on wemos - https://www.invincealabs.com/blog/tag/wemo/

 

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x12.mp3
Category:LSD_Television -- posted at: 6:26am EDT

Quebec police spied on multiple journalists - https://www.engadget.com/2016/11/03/quebec-canada-cops-monitor-journalists/

Canadian intelligence agency gets hands slapped - http://www.cbc.ca/news/politics/csis-metadata-ruling-1.3835472

EMET EOL announced - https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x11.mp3
Category:LSD_Television -- posted at: 6:23am EDT

 

Episode 0x70

Dave Doesn't Exist

We've been unable to capture Dave on video yet despite turning out a absolutely epic amount of video material. We think it's because he doesn't actually exist. Do not even get me started on the hipster beard and hipster actor. Those two. Sigh. In any case...

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x70.mp3
Category:LSD_Podcasts -- posted at: 6:15am EDT

Typed JSON - https://tonyarcieri.com/introducing-tjson-a-stricter-typed-form-of-json

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x10.mp3
Category:LSD_Television -- posted at: 12:30pm EDT

http://www.cbc.ca/beta/news/canada/toronto/woman-toronto-police-database-unauthorized-searches-1.3830541

http://www.cbc.ca/beta/news/canada/calgary/gerard-brand-calgary-police-trial-breach-trust-1.3829644

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0F.mp3
Category:LSD_Television -- posted at: 11:14am EDT

Google talks about disclosing 0days - https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html

 

Finically regulator loses some records - https://www.engadget.com/2016/10/31/us-comptroller-data-breach/

 

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0E.mp3
Category:LSD_Television -- posted at: 1:50pm EDT

I need a new computer. Or maybe I just want one.

  1. Owen Williams writes on Medium Apple just told the world it has no idea who the mac is for and I'm not entirely sure I disagree.
  2. Rui Carmo lamenting the state of the macOS ecosystem and talking Elementary IO.
  3. Touch bar is cool. I think it might work, but a fully reprogrammable awesome Sonder E Ink Keyboard or the 9.7" retina touchscreen would've made more sense.
  4. Despite having no hardware upon which to test... here's someone's attempt at sudo-touchid with a minor caveat :(
  5. And if you're a student - here's a nice deal JetBrains Developer Tools

Tomorrow I'm leaving this up to Ben, I'm not a morning person.

 

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0D.mp3
Category:LSD_Television -- posted at: 7:00am EDT

Good morning!

Coming to you live from O'Reilly Security in NYC. Well, the breakfast buffet anyways.

  1. Great 101 article from Ars Technica How security flaws work: SQL Injection
  2. The always eloquent friend of the show / my friend Violet Blue cuts to the bone with the awesome phrase "Infosec smarty-pantses" in her article on That Time Your Smart Toaster Broke The Internet Note that @gattaca's toaster doesn't obey him either
  3. Twitter does dumb shit again and pisses off long term users Hiding Usernames In @Replys
  4. DMCA exemption list finally updated and has a great list covered exemptions from The Register

Tune in tomorrow for a SPOOOKY story from me still in NYC.

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0C.mp3
Category:LSD_Television -- posted at: 1:30pm EDT

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0B.mp3
Category:LSD_Television -- posted at: 4:04am EDT

Australia's Blood Service's exposed lots of personal data - https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x0A.mp3
Category:LSD_Television -- posted at: 9:36am EDT

Machine Learning Appsec testing - http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps

Mozilla doesn't trust Ernst & Young audits of CAs - https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x09.mp3
Category:LSD_Television -- posted at: 11:55am EDT

Episode 0x6F

THE CENTENNIAL!

We are happy to announce that we've got a full show... with only two hosts. But hey - it's number 100(decimal)

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x6F.mp3
Category:LSD_Podcasts -- posted at: 10:00am EDT

UNENCRYPTED SCADA PAGERS!!! http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/ (watch Jamie and Dave's head explode when they read that)

MS threat modelling tool - https://www.microsoft.com/en-us/download/details.aspx?id=49168

 

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x08.mp3
Category:LSD_Television -- posted at: 9:37am EDT

Yet another - this is LSD TV mini0x07.

Talking about the Defense again.

Oh, and Ben's got a link for you - http://mooc.fi/courses/2016/cybersecurity/

Direct download: Liquidmatrix_Security_Digest_TV_mini0x07.mp3
Category:LSD_Television -- posted at: 12:40pm EDT

Hangzhou Xiongmai recalls IoT devices - http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS

Comodo CA relies on broken OCR and issues certs incorrectly - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713

Using Rowhammer on Android - http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x06.mp3
Category:LSD_Television -- posted at: 12:27pm EDT

Hyper scale defenses (https://youtu.be/90kxsEOSZQ8), scaring the Russians (http://www.cbc.ca/beta/news/technolog...) and rigged elections in the Philippines (http://thestandard.com.ph/mobile/arti...) -- turns out its very old news which popped up in my news feed and I can't read dates

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x05.mp3
Category:LSD_Television -- posted at: 5:28pm EDT

Mini episode #4: crazy TLDs and DDoS on Dyn.

https://twitter.com/kpyke/status/789156391726387200 https://www.dynstatus.com/incidents/5r9mppc1kb77 https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/amp/
https://youtu.be/90kxsEOSZQ8

Direct download: Liquidmatrix_Security_Digest_TV_-_mini0x04.mp3
Category:LSD_Television -- posted at: 11:43am EDT

Friday's episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks Yahoo! and Boards of Directors and Linux privilege escalation and Wikileaks and HE JUST KEEPS TALKING. 

Direct download: Liquidmatrix_Security_Digest_TV_mini0x03.mp3
Category:LSD_Television -- posted at: 10:40am EDT

The SECOND episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks data exfiltration.

Direct download: Liquidmatrix_Security_Digest_TV_mini0x02.mp3
Category:LSD_Television -- posted at: 10:31am EDT

In this first episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro walks you through SecTor 2016.

Direct download: Liquidmatrix_Security_Digest_TV_mini0x01.mp3
Category:LSD_Television -- posted at: 10:28am EDT

Episode 0x6E

IT LIVES (Live from SecTor 2016)

All five LSDP's in one room at the same time. It actually happened.

Upcoming this week...

  1. Catching Up!

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSD-Podcast-0x6E.mp3
Category:LSD_Podcasts -- posted at: 3:35pm EDT

Episode 0x6D

We've been gone for a month, we've been drunk since we left

hej till våra lyssnare i Sverige

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x6D.mp3
Category:LSD_Podcasts -- posted at: 12:13pm EDT

Episode 0x6C

I'm bringing Six Cee Back...

Oh yeah, bad joke from the start.

Upcoming this week...

  1. Lots of News
  2. Breaches?
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

 

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x6C.mp3
Category:LSD_Podcasts -- posted at: 9:41am EDT

Episode 0x6B

SIX BEEEEEEEEEEEEE

Ben, Wil, and Dave provide entertainment value that is also questionable.

Upcoming this week...

  1. Lots of News
  2. Breaches?
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x6B.mp3
Category:LSD_Podcasts -- posted at: 3:37pm EDT

Episode 0x6A

All about the VZ-DBIR

Ok. Not completely weekly. And sorry Mom that we missed last week. We'll get it together.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x6A.mp3
Category:LSD_Podcasts -- posted at: 11:25am EDT

Episode 0x69

Still Weekly!

Still difficult to get everyone together for a recording but damn, we're trying. Keep sending in your questions to mailbag@liquidmatrix.org and if you see one of us at a conference, ask nicely and we'll give you a sticker!

PS: The Security Intern joins us tonight - sorry you all can't see her commentary on the rest of the Liquidmatrix crew.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x69.mp3
Category:LSD_Podcasts -- posted at: 1:08pm EDT

Episode 0x68

Weekly Monthly Somethignly

At least a few of the boys are back to whine, bitch and moan.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x68.mp3
Category:LSD_Podcasts -- posted at: 12:11pm EDT

Episode 0x67

The One With The Stunt Double

Hey, James here. The boys recorded this one without me and managed to really munge up the audio. My apologies. For what it's worth, this is what happens when Dave and Wil are in charge.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. finishing it off with DERPs/Mailbag (or Deep Dive)
  4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x67.mp3
Category:LSD_Podcasts -- posted at: 11:39am EDT

Episode 0x66

The One Where Ben and Jamie Aren't At RSAC

So the rest of the gang are out playing in either San Fran or Calgary. You get what's left over - actual security professionals doing actual security work.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x66.mp3
Category:LSD_Podcasts -- posted at: 11:39pm EDT

Episode 0x65

Ben and Matt Screw Up HTML

Thanks Matt-Dave, this is Ben-Jamie for episode 0x65 (82 for those of you not good with the hexa-ma-decimal) and we're down a bunch of peope tonight but that's okay because we're super committed (except Wil, he's doing who knows what somewhere). Tonight we've got a lot of news about vulns and then a brief stroll through the cybers, derps and mailbags before calling it a night. Hey Matt, what's in the news?

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x65.mp3
Category:LSD_Podcasts -- posted at: 5:51pm EDT

Episode 0x64

FIVE Golden Digests...

Yup, back again. Actually a thing. There's even some people here to talk to you about security things. And whining. Also, fuck you Skype.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • Upcoming Appearances:  -- more gratuitous self-promotion
    1. Dave: - RSA, CSA Summit 2016 (Slovenia), FIRST ...25th?
    2. James: - I work. A lot.
    3. Ben: - Also works. A lot.
    4. Matt: - There is no Matt.
    5. Wil: - Doesn't work so much... Rehearsing for Radioheaded (again...), more CBC news coming...
    6. Other LSD Writers: - There is no Other Writers
    7. Closing Thoughts
      1. Seacrest Says: Eggplant

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x64.mp3
Category:LSD_Podcasts -- posted at: 3:15pm EDT

Episode 0x63

May The Forth Be With You!

Dave's here. Wil's here. Matt's here. Ben's here. I'm here. There's a guest (or two) HOLY CRAP IT'S A REGULARLY SCHEDULED LIQUIDMATRIX PODCAST. Also, Dave claims he's fixed the website - we'll see how that goes.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x63.mp3
Category:LSD_Podcasts -- posted at: 10:25am EDT

Episode 0x62

The Return of Dave?

Well, we weren't kidding folks. This is number 3 inside of a month. If you include the special "Blast From The Past" Episode 0x40 Live from SecTor 2014, that's FOUR episodes in a month. Wooooooooo. Now, time to talk security. But first, a moment for Abe.

Upcoming this week...

  1. Lots of News
  2. SCADA / Cyber, cyber... etc.
  3. finishing it off with DERPs/Mailbag (or Deep Dive)
  4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x62.mp3
Category:LSD_Podcasts -- posted at: 3:25pm EDT

Episode 0x40

BLAST FROM THE PAST

I lost this recording - sorry. But I found it so it's all good.

Despite being more than a year old, the entire episode is relevant. Still. (Because InfoSec).

Listen in as Dave, Ben, and James discuss the infosec job, career, education, professional development quagmire with a live audience interjecting with questions and non-canned laughter.

Closing Thoughts

Seacrest Says: Where we're going, we don't need roads...

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x40.mp3
Category:LSD_Podcasts -- posted at: 10:53am EDT

Episode 0x61

THERE IS NO DAVE, ONLY ZUUL

Twice in two weeks. It's almost like we're making this thing a thing. Of course it'd be nice if Dave would fix the website so I could post there. At least libsyn and iTunes still work.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x61.mp3
Category:LSD_Podcasts -- posted at: 11:19am EDT

Episode 0x60

Mid-Season Cliffhanger

Short paragraph containing introductory material and a thanks to listeners (if reasonable)

Upcoming this week...

  1. Lots of News
  2. SCADA / Cyber, cyber... etc.
  3. finishing it off with DERPs/Mailbag (or Deep Dive)
  4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x60.mp3
Category:LSD_Podcasts -- posted at: 3:46pm EDT

Episode 0x51

Not Dead

Yup, we're still a thing. Scheduling is hard. Look forward to more of these with less than a full cast of characters. It happens.

Upcoming this week...

    1. Just some general ranting. It's what we've got.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

    • Closing Thoughts
      1. Seacrest Says: Do this again sometime, eh?
    Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x51.mp3
Category:LSD_Podcasts -- posted at: 11:57am EDT

Episode 0x50

Revenge of the Fourth

We've been around, just not... you know... around. It's best that you do not think about what happened to episodes that were not published.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x50.mp3
Category:LSD_Podcasts -- posted at: 5:32pm EDT

Episode 0x3F

Last one before Summer Security Camp

Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we'd be back and this time we're pretending we care.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x3F.mp3
Category:LSD_Podcasts -- posted at: 11:08am EDT

Episode 0x3E

HAPPY $COUNTRY JULY PAID DAY OFF

We're back. Reasons shall be enumerated. And so forth.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x3E.mp3
Category:LSD_Podcasts -- posted at: 1:22pm EDT

Episode 0x3D

My Heart Bleeds for Windows XP

Well this is certainly an exciting week around these here parts. I reckon we've not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I'm not a huge fan of this crap.

Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x3d.mp3
Category:LSD_Podcasts -- posted at: 11:09am EDT

Episode 0x3C

You Got Breached.

And in other news... April 8 is coming up FAST.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x3c.mp3
Category:LSD_Podcasts -- posted at: 12:47pm EDT

Episode 0x3B

We Have Quorum!

Getting tired of hearing about the latest $problem. Can we do something different with our cognitive surplus?

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

We're reaching a tipping point around the concept of Privacy. Here's a few examples to discuss:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-3b.mp3
Category:LSD_Podcasts -- posted at: 11:35am EDT

Episode 0x3A

We Can Do Better

Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along...

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0x3A.mp3
Category:LSD_Podcasts -- posted at: 1:40pm EDT

Episode 0x39

Auld Lang Syne

The Syrian Liberation Army would like to thank Liquidmatrix for their use of Skype.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. finishing it off with DERPs/Mailbag (or Deep Dive)
  4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-39.mp3
Category:LSD_Podcasts -- posted at: 6:19pm EDT

Episode 0x38

Dreidel Turkey Dreidel Peter Mackay!!!

Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team.

Upcoming this week...

  1. Lots of News
  2. Breaches, anti-derps!!
  3. It's Chanukah!!!
  4. and many turkeys are now dead
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-38.mp3
Category:LSD_Podcasts -- posted at: 5:20pm EDT

Episode 0x37

Two Guys !HTML

It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-37.mp3
Category:LSD_Podcasts -- posted at: 12:36pm EDT

Episode 0x36

Which part of WEEKLY is this?

There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-36.mp3
Category:LSD_Podcasts -- posted at: 12:47pm EDT

Episode 0x35

Halloween!

We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy.

Upcoming this week...

  1. Breaches
  2. SCADA / Cyber, cyber... etc.
  3. finishing it off with DERPs/Mailbag (or Deep Dive)
  4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-35.mp3
Category:LSD_Podcasts -- posted at: 4:01am EDT

Episode 0x34

Just the two of us

Another week, another attempt at a full house for the show.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-34.mp3
Category:LSD_Podcasts -- posted at: 2:11pm EDT

Episode 0x33

Liquidmatrix Live at SecTor 2013

In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time!

  1. Upcoming this week...
  2. We didn't even bother with show notes. Seriously. Just listen, it's good stuff.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

  • Liquidmatrix Staff Projects -- gratuitous self-promotion
    1. The Security Conference Library
    2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
    3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
  • Upcoming Appearances:  -- more gratuitous self-promotion
    1. Dave: - Attending HITB Malaysia, Deepsec in Austria. And finally speaking at Hackfest in Quebec City.
    2. James: - Speaking at Hackfest.
    3. Ben: - Hanging out with his other toaster friends
    4. Matt: - Glossy eyed boy in love
    5. Wil: - Hacking banks across state lines
    6. Other LSD Writers: - wait? There are other writers?
  • Advertising - pay the bills...
    1. Hackfest registration is open
    2. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-33.mp3
Category:LSD_Podcasts -- posted at: 8:02pm EDT

Episode 0x32

Getting the Band Together?

Another week, another attempt at a full house for the show.

  1. Upcoming this week...
  2. Lots of News
  3. non-infosec stuff
  4. Breaches
  5. SCADA / Cyber, cyber... etc.
  6. finishing it off with DERPs/Mailbag (or Deep Dive)
  7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-32.mp3
Category:LSD_Podcasts -- posted at: 6:15pm EDT

Episode  -- SB005

CON FLU!

CON FLU! It's awesome. Dave has it. Teehee.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • News Briefs -- NO NEWS THIS WEEK
    1. HOST Has An Opinion
      1. Go to DerbyCon
    2. Parting Notes -- a few one-liners...
      1. Also go to SecTor next week.
      2. And bSidesTO this weekend.
    3. Liquidmatrix Staff Projects -- gratuitous self-promotion
      1. The Security Conference Library
      2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
      3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
    4. Upcoming Appearances:  -- more gratuitous self-promotion
      1. Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other.
      2. James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
      3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
      4. Matt: - Still on his honeymoon... And will be speaking at SecTor
      5. Wil: - Getting playa out of his areas... But will be at SecTor
      6. Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
    5. Advertising - pay the bills...
      1. Hackfest registration is open
      2. BSides Toronto!!!!
      3. SecTor 2013
      4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
      5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-SB005.mp3
Category:LSD_Podcasts -- posted at: 7:22pm EDT

Episode  -- SB004

With Dave Away Minions Play

Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-SB004.mp3
Category:LSD_Podcasts -- posted at: 12:44pm EDT

Episode 0x31

Tinfoil Hats for EVERYONE

Short paragraph containing introductory material and a thanks to listeners (if reasonable)

Upcoming this week...

  1. Lots of News
  2. Paranoia / NSA
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-31.mp3
Category:LSD_Podcasts -- posted at: 2:04am EDT

Episode  -- SB003

Thrice is NICE

Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-SB003.mp3
Category:LSD_Podcasts -- posted at: 1:53pm EDT

Episode  --  SB002

Twice is Nice

Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: Liquidmatrix_Security_Digest_-_Briefing_002.mp3
Category:LSD_Podcasts -- posted at: 11:25am EDT

Episode 0x30

Getting the band back together...

Because you know, it *IS* a weekly podcast afterall.

  1. Upcoming this week...
  2. Lots of News
  3. Kittens
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag
  6. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-30.mp3
Category:LSD_Podcasts -- posted at: 12:41am EDT

Liquidmatrix Security Digest Podcast - Briefing 001

Episode SB001

Something New Is Tried

Be gentle, this "security briefing" is a new format.

Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.

  1. Starting off this week...
  2. News news news...

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:



Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-SB001.mp3
Category:LSD_Podcasts -- posted at: 11:56am EDT

Episode 0x2F

things happen

Anyone else think that it would be nice if life had a bit of regularity?

  1. Upcoming this week...
  2. Lots of News
  3. Kittens
  4. Breaches
  5. SCADA / Cyber, cyber... etc.
  6. finishing it off with DERPs/Mailbag and
  7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2f.mp3
Category:LSD_Podcasts -- posted at: 12:52pm EDT

Episode 0x2D

Nobody loves us.

It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.

  1. Upcoming this week...
  2. Lots of News
  3. Kittens
  4. Breaches
  5. SCADA / Cyber, cyber... etc.
  6. finishing it off with DERPs/Mailbag and
  7. There will NOT be a DEEP DIVE
  8. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2d.mp3
Category:LSD_Podcasts -- posted at: 12:42pm EDT

Episode 0x2C

This is the 49th time!

All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. There will be a DEEP DIVE
  7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2c.mp3
Category:LSD_Podcasts -- posted at: 2:29pm EDT

Episode 0x2B -- Or !2b

Nothin that we can't fix

Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. There will be a DEEP DIVE
  7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2b.mp3
Category:LSD_Podcasts -- posted at: 2:07pm EDT

Episode 0x2A -- Happy One Year Later

And we still suck at scheduling

Despite efforts to the contrary... we're still not good at this. We should be getting better.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. There will be a DEEP DIVE
  7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2a.mp3
Category:LSD_Podcasts -- posted at: 12:13pm EDT

Episode 0x29 -- Not just CrO2, but now with Dolby

Does anyone read show notes?

So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-29.mp3
Category:LSD_Podcasts -- posted at: 1:21pm EDT

Episode 0x28 -- For Reals... it's here.

I SAID it's a weekly podcast

Life gets in the way of art. There's five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We're trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. There will be a DEEP DIVE
  7. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-28.mp3
Category:LSD_Podcasts -- posted at: 4:34pm EDT

Episode 0x27 -- Wednesday is the new Monday

It's the podcast that never ends

We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using?

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. There will be no DEEP DIVE -- our SCUBA gear is in the shop
  7. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-27.mp3
Category:LSD_Podcasts -- posted at: 4:01pm EDT

Episode 0x26 -- The First Rule...

Ministry of Information Bulletin: Liquidmatrix is a weekly podcast.

While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results.

  1. Upcoming this week...
  2. Lots of News
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag and
  5. THE DEEP DIVE
  6. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-26.mp3
Category:LSD_Podcasts -- posted at: 2:44pm EDT

Episode 0x25 -- The one with ALL the cybers

We're not sure why this keeps happening.

As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy!

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-25.mp3
Category:LSD_Podcasts -- posted at: 3:57pm EDT

Episode 0x24 -- The Robot Uprising

You'd think those worthless meatbag humans would be more respectful.

It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-24.mp3
Category:LSD_Podcasts -- posted at: 3:24pm EDT

Episode 0x23 -- Post RSA Actual News

Recovery takes time. There has not been enough time.

There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep.

You might want to stay until the end of the show to hear about a CONTEST and something even cooler...

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-23.mp3
Category:LSD_Podcasts -- posted at: 1:43pm EDT

Episode 0x22 -- RSA is almost over...

Yes, we all survived, but RSAConflu hurts

LSD4-CROP

So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over.

  1. For this week's special episode...
  2. Stupid Vendor tricks
  3. BSidesSF + harrassment
  4. Buzzword Bingo
  5. Speed Dating
  6. We Lost
  7. I've got 99 problems and Rich ain't one
  8. Brian "CyberPotato" Honan

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • No Notes due to SPECIAL REASONS
  • Liquidmatrix Staff Projects
    1. The Security Conference Library 
    2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
    3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
    4. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
  • In Closing
    1. Movie Review: No Review
    2. everyday is CTF! go set up a team
    3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
    4. Seacrest Says: I came for the booth babes and stayed for the bacon licking.

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-22.mp3
Category:LSD_Podcasts -- posted at: 7:10pm EDT

Episode 0x21 -- In which we prepare for RSA

Are you ready for RSA? Packed 500 business cards and a spare liver?

There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-21.mp3
Category:LSD_Podcasts -- posted at: 10:08pm EDT

Episode 0x20 -- Can Dave count to 20?

Special Bonus Episode!

Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon!

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

InternetSecurityExpert

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-20.mp3
Category:LSD_Podcasts -- posted at: 2:23pm EDT

Episode 0x1F -- The Confusing Part Starts NOW

Can't wait till next week when Dave can start reading the episode numbers again!

I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy!

The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working?

These are all questions that you dear listener can answer. Let us know at mailbag@liquidmatrix.org. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. SCADA / Cyber, cyber... etc.
  5. finishing it off with DERPs/Mailbag and
  6. THE RETURN OF THE DEEP DIVE
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1F.mp3
Category:LSD_Podcasts -- posted at: 4:54pm EDT

Episode 0x1E -- Absenteeism

Insert Subtitle Here

With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. No Scadas, no Matt, No Jamie
  5. finishing it off with DERPs/Mailbag and
  6. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1E.mp3
Category:LSD_Podcasts -- posted at: 3:50pm EDT

Episode 0x1D -- Oops, We Did It Again

Sometimes, breaches happen to the nicest folks

A PSA on TFA!

TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn't tell my wife about it for a while because I thought that it would bring up the whole 'if you love me you'll share you password' argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well.
Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I'll even use it on the train when I go to work, I don't care who sees me key in my OTP because I know TFA will keep me safe; it's a good feeling.

  1. Upcoming this week...
  2. Lots of News
  3. Breaches
  4. The SCADAs/ICS and Cyber
  5. finishing it off with DERPs/Mailbag and
  6. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1D.mp3
Category:LSD_Podcasts -- posted at: 12:13pm EDT

Episode 0x1C -- The New Guy

That's audio episode 29 out of us - and so it's time to go gracefully into our middle age with a new guy.

We are pleased to announce that we're adding a new regular contributor to the Podcast - Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He's also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome - so make sure you tell him how awesome he really is -- @wintr on Twitter.

Normally there is an opportunity for witty goofing about here. This week, I'm taking the time to soapbox for a moment. If you're not aware of Aaron Swartz, you should be. Unless you're listening to this podcast by going directly to the website and downloading, it's his spec that's running the RSS you're using. Also, everything else. Here's a few links to get you thinking.

  1. Boing Boing / Cory Doctorow
  2. The Nation / Rick Perlstein
  3. Quinn Norton
  4. Lawrence Lessig
  5. Summary posting on The Laughing Squid

Upcoming this week...

  1. THE NEW GUY
  2. Lots of News
  3. Breaches
  4. The SCADAs/ICS and Cyber
  5. and then our discussion topic - Planning for staff turnover?
  6. finishing it off with DERPs/Mailbag and
  7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1C.mp3
Category:LSD_Podcasts -- posted at: 10:21am EDT

Episode 0x1B -- Happy New Year, Start Yer Complaining NOW!

That's audio episode 28 out of us - not too bad to start off the new year.

PITHY COMMENTARY

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. The SCADAs/ICS and Cyber
  4. DERPs!!!
  5. and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it)

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1B.mp3
Category:LSD_Podcasts -- posted at: 9:27pm EDT

Episode 0x1A -- Happy Holidays Everyone

Upcoming this week...

  1. SCREW THE NEWS!!!!!!!
  2. and then our discussion topic-- Predictions and Prognostication

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • Discussion topic -
    1. Dave's Point of view(cough cough sputter germs)
    2. Ben Says...looking back... weaponized stuff, and the lack of it looking forward... good enough security leads us to more awesome projects like security onion
    3. The Intern opines on conferences, human resources and infosec
    4. Matt is in denial about... Jamie and I quoted in an article together! Hack all the toasters! Breaches!! 2012 Web Vuln Stats super crazy chicken pants. SQLi What?! Passwords suck! (Password Reset sucks harder!) Bug Bounty! (Yandex)
    5. James gets the last word... THE FUCKING SCADAS
    6. no he doesn't... Ben wants to say something
  • In Closing
    1. Seacrest Says: You'll see my ball dropping in a week!

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-1A.mp3
Category:LSD_Podcasts -- posted at: 5:18pm EDT

In what can only be described as a collision of intergalactic import, the three bestest information security podcasts have come together and produced...

THE SOUTHERN MATRIX HOSE PODCAST

Have a listen for a half hour of:

Bringing you the infosec commentary that you crave from the Security Zone conference in beautiful Cali Columbia.

Since we're in a tropical paradise, there really isn't the patience for things like show notes. Have a listen and you'll be impressed, we swear.

Creative Commons license: BY-NC-SA

Direct download: slmrh1.mp3
Category:LSD_Podcasts -- posted at: 5:21pm EDT

Episode 0x19 -- It's EARLY - and we like it!

No Matt. But Ben does a great Matt impression. In mashed potatoes.

It's another week in the wide wonderful world of Infosec. And every day feels like drinking from the firehose of Infosec Reactions. Seriously.

Upcoming this week...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic-- You Got Half A Budget Now What?

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-19.mp3
Category:LSD_Podcasts -- posted at: 12:58pm EDT

Episode 0x18-- How Do You Spell Aguardiente?

Beginning the end of 2012 - Because it's time to start making up lists of resolutions that we're not going to follow.

Dave developed a new giggity move, it's called "the kasperskian" - y'all should consider it a way to buy votes that this is an audio only podcast.

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-18.mp3
Category:LSD_Podcasts -- posted at: 1:24pm EDT

Episode 0x17-- Turkey Time

We're going to try to keep this one relatively short. Seriously.

Of course, it's a day late because I did a boo boo on the recording. Don't ask.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

  • News
    1. Hack any skype account in 6 easy steps
    2. FACEBOOK SSL FOR EVERYONE
    3. Linux rootkit doing iFrame injections  [Full Disclosure]  [CrowdStrike]
    4. Dissecting a Facebook Scam
    5. Telstra - still can't get security right
    6. Killing 4G networks with a suitcase radio thingy
    7. Wikid Publishes free eGuide on adding 2factor
    8. Web Engineer's Online Toolbox
  • Breaches - The never ending never ending story...
    1. FreeBSD intruded upon
    2. Skype
    3. Adobe
    4. NASA - good at going to Mars, not so much at keeping laptops safe
    5. Health facilities in Mass and RI lose tapes
  • The SCADAs
    1. (WARNING: PDF) From Luigi Auriemma - ABB has problems that look like CoDeSys
    2. Obama signs secret directive to help thwart cyberattacks
  • Errata / DERP of the week award
    1. United States on Brink of Major Cyber Attack, Industry Executive Predicts  Deloitte Center for Cyber Innovation
  • Mailbag / Bizarro Land
    1. RE: Canadian Satellites

      Hey guys.
      Thanks for the shout-out in Episode 14 regarding the Diginotar report.
      Unfortunately I'm going to have to award you guys a mini-derp award for your comments that same episode on the story about the Canadian Navy buying satellite services from Inmarsat as satellites just happen to be my area of expertise. Yes, Canada does have its own communications satellites.
      They are managed by a company called Telesat.
      However, they are not of use to the Canadian Navy because they are located in the wrong place, operate on the wrong frequencies, and provide the wrong types of services for what the Navy needs. Communications satellites of this type operate in the geostationary belt (GEO), an orbit around the Equator 36,000 km above the Earth.
      The radio spectrum in this orbit is pretty congested, so early on international regulation of the satellites in this orbit and the spectrum they use was given to an organization called the ITU. Countries apply to the ITU for specific orbital slots and frequencies in the GEO belt and then license those to their companies. Canada has slots over North America and associated frequencies that are used by Telesat for what's called Fixed Satellite Services (FSS) - mainly broadcast TV and a host of communications services to remote communities in northern Canada. But these frequencies and antenna patterns are not what's used for mobile communications, nor does Canada have any satellite slots in other locations to provide global coverage which is kinda important for ships. Inmarsat on the other hand has the slots and frequency allocations to specialize in Mobile Satellite Services (MSS). They have a fleet of satellites located at various points around the Equator to give global coverage and the types of frequencies and coverage to provide mobile services to ships. Pretty much if you're operating a ship you're going to buy services from Inmarsat. More: Telesat and Inmarsat

      Brian W.

    2. Skyrim Jokes

      Hey guys, I don't have any Skyrim jokes but do have an odd anecdote for you. While playing Skyrim and listening to the LSD, I've found that I _have_ to turn off the xbox kinect controls or else bad things happen. Apparently Matt's voice is finely tuned as a Weirding Word. I'll be merrily bopping around a character in a dungeon of some type when, all of a sudden, a dragon shout get kicked off and kills all attempts at stealth that I've been trying to muster. It's only Matt's voice that kicks off the shouts. Take that for what you will. John D.

      Fus Roh Dah!
    3. Wrong questions being asked about security involvement in PMO/SDLC work

      Hey guys, I'm listening to 0x15 and a question made in there really got in between my teeth. "Does making security part of the SDLC make the software more secure?" is the wrong question to be asking. Whether or not having risk evaluations or threat modeling part of the SDLC should be a concern but not the approach I've found work when I've introduced it into the SDLCs of which I've been involved. Let's break out of our security cliques for a moment and realize that ultimately many of use tell ourselves that what we do matters in order to justify the dissonance we have in our brains for putting up with the crap we do because we actually enjoy what we do, for the most part. By and large, we're not altruists. Having the guts to come out and say "Yeah, I know what I do for an organization rarely makes the world a better place, but gosh darn it I like/love what I do." can go a long way to asking the right questions to keep ourselves employed and pertinent to the business that pays us to do cool things. Once you get out of the "what I do is important, dammit" mindset, asking the following question better serves us as a whole. Does making security part of the SDLC/project/product make the business more money or save the business more money had it not been part of the SDLC/project/product as much as we're pushing? If you can justify the change, you can be relatively assured that someone in charge of playing with the moneys with listen. Phrasing the question that way also lends to promoting the idea to the money people that what they do is ultimately important and feeds their own dissonance hating mechanisms. John D. P.S. This approach has also saved me from the dreaded infosec burnout.

  • In Closing
    1. Movie Review Matt saw Twilight - point and laugh!
    2. We do research too - Ben's running a survey and will publish results. Check it out!
    3. The Security Conference Library
    4. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
    5. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
    6. Upcoming Appearances: James at SecurityZone in Cali, Colombia
    7. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
    8. Seacrest Says: "go do bad bad things to a turkey"

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-17.mp3
Category:LSD_Podcasts -- posted at: 4:44pm EDT

Episode 0x16-- One Time, At Security Camp...

There's too much news. We need to do MORE podcasts!

Also, it's time to say goodbye Mitt!!! Can't say as we're sorry to see you go, but yaknow.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic -- hunting dirty traitor rat bastids!!!

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-16.mp3
Category:LSD_Podcasts -- posted at: 5:34pm EDT

Television Episode 0x03 -- SecTor Interviews The Third

NFC with Charlie - IT'S MILLER TIME

Back again again - An interview with Charlie Miller at Sector during which you may want to hold your phone tightly in a tinfoil hat of it's own.

If you don't know the name Charlie Miller - you should head over and read his Wikipedia Page first and then come back and watch the video. Charlie has been doing some cool things with NFC on phones. He's goooooood at messing them up using only a passive NFC tag! You'll learn something if you pay attention, I swear.

There's more of these in the queue. Tell us what you think or what you'd like to see.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Creative Commons license: BY-NC-SA

Direct download: LSD-TVEp0x03-med.m4v
Category:LSD_Television -- posted at: 9:24pm EDT

Episode 0x15 -- So Much News...

Pre-election Bets Are Off

Starting off this week with a couple of Con Reports - Ben, you go first... how was HackFest? ((wait)) and Dave - what was the high point of your HackFest experience? ((crickets))

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic -- Security in a Project Context

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-15.mp3
Category:LSD_Podcasts -- posted at: 3:14pm EDT

Episode 0x14-- Happy Birthday Mr. Gattaca... we'll vote for you too.

There's interesting things afoot. Y'all should pay attention.

This is the 21st episode for those of you that don't have 16 fingers. Not sure we should be revealing this yet, but it's going to be a wild winter solstice celebration this year. The southern folk at Southern Fried Security and this gang of teenage malcontents are up to no good. Well, actually extra special good. Let me sum up - it's Security Charity... Gangnam Style.

Stay tuned for the carnage.

Upcoming over the next hour...

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic--Disaster Recovery

And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-14.mp3
Category:LSD_Podcasts -- posted at: 1:58pm EDT

Episode 0x13 -- the 20th episode for those of you that don't have 16 fingers

The Pirate Bay is in the clouds, but we got here first, so suck it!!!

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. and then our discussion topic - Responsible Disclosure

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-13.mp3
Category:LSD_Podcasts -- posted at: 6:19pm EDT

Television Episode 0x02 -- SecTor Interviews The Second

A Full Dose of Rothman

Back again - and understand that we're serious this time.

Attempt to not learn something as I interview Mike Rothman (@securityincite), Analyst and The PRESIDENT of Securosis. Please try to pay attention. There's an awesome amount of information in there.

There's more of these in the queue. Tell us what you think or what you'd like to see.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Download the m4v

Direct download: LSD-TVEp0x02-med.m4v
Category:LSD_Television -- posted at: 12:49pm EDT

Episode 12 -- These are the Daves I know I know

He claims it's not his fault he missed an episode...

Yes, we're still doing a podcast. Lots of you listen. It's kinda awesome. We promise to be more awesome in the future.

And tonight, let us regale you with tales of:

  1. Lots of News
  2. Breaches
  3. SCADAs
  4. DERPs!!!
  5. …and then our discussion topic - IDS IS DEAD

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-12.mp3
Category:LSD_Podcasts -- posted at: 6:24pm EDT

Television Episode 0x01 -- SecTor Interviews The First

Video even - inorite!

We gave you a warning and then didn't follow through, so we understand the confusion. This is the first of many Liquidmatrix Security Television Episodes which we naively think you might enjoy.

To start off, we've got this delicious interview with Dave Mortman (@mortman), the Chief Security Architect of Enstratus. Watch as Dave regales you with tales of the way things where back when he was a boy ((It appears that he's still a boy, but that's all charm.))

There's more of these in the queue. Tell us what you think or what you'd like to see.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Creative Commons license: BY-NC-SA

Direct download: LSD-TVEp0x01-med.m4v
Category:LSD_Television -- posted at: 11:03am EDT

Episode 11 -- Dave's Away

w00000000000000000t!

Hey Everyone, welcome to the Liquidmatrix Security Podcast - Episode 0x11 or the 18th recording for those who don’t start with zero and are not good at Hexadecimal - or math, like us.

Everyone showed up except Dave. Something about Canadian Thanksgiving causing a Turkey Coma. We manage to struggle through without him. Actually, we think the show turned out just fine. We don't need no stinkin' Dave.

And tonight, let us regale you with tales of:

  1. LOTS OF NEWS
  2. Breaches
  3. SCADAs
  4. Errata
  5. …and then our discussion topic - the con report SecTor and Derbycon

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-11.mp3
Category:LSD_Podcasts -- posted at: 5:48pm EDT

Episode 10 -- It's Special

recorded live at SecTor 2012

There is no Matt. Again. So we found a replacement. As it turns out, pretty much any American who's name starts with "M" will do. Huge thanks to Mike Rothman for helping out with the madness.

This discussion has only the four topics:

  1. Summer of Breaches
  2. Cyber
  3. authN / authZ
  4. Compliancy

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-10.mp3
Category:LSD_Podcasts -- posted at: 6:47pm EDT

Episode F -- Aboot that

it's not a boot, it's just a really big shoe

Matt won’t be joining us tonight, it’s Ben’s fault. A quick shout out to Jimmy Vo, you will need approximately 15 or F shot glasses for this episode.

Aboot, Aboot, Aboot, Aboot!

And tonight, let us regale you with tales of:

  1. More Malware
  2. Less Malware
  3. The SSL monsters
  4. Ry-Hi
  5. Twitter
  6. GoDaddy
  7. Breaches
  8. SCADAs
  9. …and then our discussion topic - what happens after the bad thing happens

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-F.mp3
Category:LSD_Podcasts -- posted at: 7:30pm EDT

Episode E -- Just a bunch of hosers

Teh Podcast Warz Haz Begun!

It's another week in infosec. I can't get excited about it either. Too many news stories of note, breaches and a new section - the SCADAs. In the same way that we had too many breach stories so we broke them out, we're doing the same with SCADA. Expect a lot of derision from Dave and I -- there's a lot of bullshit and we're calling it.

We'd also like to wave hello to the team at Riskhose. We're sorry that you misinterpreted young Matt's question - we'll straighten you out when we do our Risk-tacular episode this fall. Also, we're starting to suspect that the Riskhose Utahian may be a closet Canadian - he knows too much about Canadian musicians and he does know all of the words to Romantic Traffic (and yes Alex, when you come to Toronto, we'll go visit all of the subway stations so that you can produce your fan version of the video.)

Interestingly, between the Riskhose podcast and some threats from the Southern Fried Security bunch, it's on - the Podcast Wars are here - expect that the next few months are going to be epic in the world of infosec podcasting. We may even take a swipe at NetSec!

  1. Syria
  2. SSL Certificate Hijinks
  3. Cyber
  4. Hackers
  5. OSX
  6. Canadianisms
  7. The WIFIs
  8. Google-ized
  9. …and then our discussion topic - Dumb Stories

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Direct download: LSDPodcast-E.mp3
Category:LSD_Podcasts -- posted at: 12:36pm EDT

Episode D -- The Boys of Summer

Good News Everybody!

This is the longest one we've recorded yet -- by 0:59 -- and we will try to get these back down under an hour. Pinky swear. We've also gone over 10000 downloads from 63 countries. That's kinda cool - and thank you all very much. Lots of good stuff in this episode, it's totally worth the 74 minutes.

  1. Hackers
  2. The SCADAs
  3. Java
  4. Lawyers
  5. MOAR SCADAS!!!!
  6. Apple, Microsoft
  7. Stupid Employee Tricks
  8. …and then our discussion topic - Employee Tricks

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-D.mp3
Category:LSD_Podcasts -- posted at: 3:13pm EDT

Episode C -- Brain Dump Semi-slow news week this week so we used the bulk of our time to talk about a topic most of us struggle with (even some of us on the show) productivity! A few stories and our opinions as usual and also a letter from a listener regarding our own Dave running for the ISC2 board. Again, if you have anything comments, questions, suggestions, hatred, bickering, cyberdouchery, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-C.mp3
Category:LSD_Podcasts -- posted at: 2:33pm EDT

Episode B -- Artificial Intelligence Something pithy should probably be written here. All of us have so much on the go that we're saving our creativity for the podcast. Also, this one is pretty long. If you have thoughts or ideas, please send them to the MailBag (mailbag@liquidmatrix.org) and we'll talk about it here. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Direct download: LSDPodcast-B.mp3
Category:LSD_Podcasts -- posted at: 3:29pm EDT

Episode A -- The Revolving Absence No James this week. Apparently, he's afraid of the Cylon^WBen invasion. Also, don't forget to throw something in the old email for us (mailbag@liquidmatrix.org), we're getting lonely - don't you still love us? DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Direct download: LSDPodcast-A.mp3
Category:LSD_Podcasts -- posted at: 11:31am EDT

Episode 9 -- No Need For Syncizationhron So we find ourselves again again Mattless. We skipped out last week cause of bad hair, bad mojo, conflu and bad karma -- and $19.95 hotel internet (we have no budget and Canadian telco’s suck for roaming. )Also, this episode is a week late. The blame lies entirely with Ben's computer/ISP issues. Either that or Ben is a closet Cylon and doesn't want us to know. Notes etc. to mailbag@liquidmatrix.org -- we love to hear from you! DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Direct download: LSDPodcast-9.mp3
Category:LSD_Podcasts -- posted at: 11:23am EDT

Episode 8 -- Bikini Troubles So we find ourselves again Mattless. What is it with security professionals and Hawaii? Good stuff in here, sorry about botching last week's episode link - this one should work better, also, go back and download last weeks. Notes etc. to mailbag@liquidmatrix.org -- we love to hear from you! DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Direct download: LSDPodcast-8.mp3
Category:LSD_Podcasts -- posted at: 4:44pm EDT

Episode 7 -- Breach Week Special! Perfectionism is the enemy of publishing on time. It's another week and we've got a solid hour of discussion about the stuff that's important in the world of infosec this week. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-7.mp3
Category:LSD_Podcasts -- posted at: 10:30pm EDT

Episode 6 -- Anybody Know How Google Voice Works? MAGIC! Sorry for the delay in posting folks, someone (cough, @gattaca, cough) has a crappy ISP and someone (cough, SEACREST, cough) talks quietly and has a crappy mic, there's about 7 hours of editing and tweaking on this one -- and it still sounds like crap. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

  • News
    1. BREAKING NEWS: Liquidmatrix Security Male Model on COVER of SCMag (also talks about Risk Management or something)
    2. Debit/credit card photos in tweets -- This Twitter account proves the infinite stupidity of humans (and other stupid shit ways to post pictures of your douchetacularness NSFW)
    3. Amazon talks about what went wrong in US East & Leap second makes availability pain (Check out the funny Twitter @AmazonStatus & CAP theorem)
    4. Phisher faces 50 years in the slammer
    5. Alaska Department of Health and Social Services fined for breach & Appeals court calls bank’s security “commercially unreasonable”
    6. Pornoscanners go mobile
    7. Wireless Hacking Suspected in Air Raid Siren Miscues
    8. Comodo blacklists itself (truth in Certificate Selling)
    9. Something bad happened in the iOS App Store... twice. Which (considering the relative sizes of the install base of iOS vs. well, everything) is still pretty awesome.
  • Commentary
    1. Errata
    2. Foot In The Door
      • hire the right auditors
      • use them as a tool to raise issues up to the executive
      • tell them the problem areas
      • invest time in the auditors and point them to your pain
      • feed them recommendation
      • don’t let them position compliance as security
    3. Hardcore
      • The box kicking story
      • For example -- finding a way to get the answer they don’t want to give
      • The prevarication story
      • Another opportunity to learn from auditors/old people
      • Asking questions into negative space -- to find answers you need to find the place in the middle where the facts have not coalesced.
      • Peter Falk - Just one more thing...
      • Matlock - How to get the jury to see it your way...
  • Mailbag
    1. mailbag@liquidmatrix.org

      Long time listener, first time writing in...

      I find myself compelled to write inasmuch as I found myself shouting at my iPod yesterday. I, of course, am referring to "Liquid Matrix Security Digest Podcast Episode 2" where a conversation about "What Should You Do If You Are The CISO Of A Breached Company?" occurred. Forgive me as I left the Post-It note with the timestamps of the offending speech on the mirror in my bathroom so that I may focus my Daily Rage upon it as I carefully shave "I da CISO, bitch!" into my scalp each morning.

      In essence Ben argued that the role of the CISO in the event of a password breach is to stride confidently into the CEOs office and say "I told you this was going to happen, this is not my fault, and we need to force all users to change passwords - Damn The Consequences, Man!" (While this is not a direct quote it it was I very distinctly heard...)

      While this is a nice gedankenexperiment in that it is very cool to imagine ourselves in the role of "Captain Astounding: Protector Of Users" but the reality of a breached company has certain rules..

      1) If the breached company is a startup or new venture the Senior Management regards this event as an existential crisis. Not so much to the company itself - but to their exit plan (hey, who doesn't dream of being bought by Facebook or Microsoft for a billion dollars?) or to their about-to-be-so-far-underwater-they-implode stock options. Lose track of this fact and You Are Toast.

      2) If the breached company is an older company the critical component is the quality of business leadership available. If they take counsel of their fears - see Rule 1. If they take a more mature view you can actually get effective response but know that you have almost no influence on that outcome.

      3) If you were the CISO pre-breach you have to realize your credibility and professional competence is seriously in question by *everyone*. It matters not that you wrote 523 emails protesting storage of passwords in clear text, nor that you did not get the budget to keep your IPS under maintenance, nor that $Security_Requirement was ignored. If this offends your sensibilities I would simply refer you to the Book of Hezekiah, Chapter 9, Verse 27 where it is written "Yea, and the LORD spake unto the people, and the LORD spake "Life is not fair - never said it was, never said it will be - Get Over It!" and thus the people were greatly nonplussed".

      4) If you are the successor to the CISO who ran the shop pre-breach you have to realize that nobody believes anything you say without the Incident Response Consultants agreeing with you. You have not been around long enough for anyone to trust you or to accept your influence. You will not be seen having the same "at-risk" quotient as everyone else (See Rule 1 above).

      5) Almost everyone company that experiences a major breach turns a significant portion of the response and decision making to Outside Counsel and Incident Response Consultants. There are good and bad reasons for doing this - let's just accept that it happens. Fighting these folks - especially Outside Counsel - is generally a No Win situation (See Rule 3 & 4 above).

      So what do you do?

      You do what you can. You use whatever influence you have to try to do the right thing. But realize a breach response is *not* a Security Problem it is a Business Problem and that business folks are going to be in charge. If you cannot deal with that - you might want to become a Incident Response Consultant.

      Love, Uncle @armorguy

  • In Closing
    1. Tweetup - has to be pushed, sorry folks
    2. Bsides/BlackHat/DEF CON -- all but Ben / The Intern shall be there.
    3. Also, DEF CON has been cancelled - check status here
    4. Hacker Pyramid!
    5. Also, have a look at the Declaration of Internet Freedom. We like it. You should like it too. Although Liking it on Facebook shows that you don’t understand the fucking point of the Declaration.
    6. As of recording time, tomorrow is the day when the internet shuts down -- DNSchanger DNS servers are going down. So I guess you won’t ever hear this episode.
    7. THERE IS NO SEACREST.

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-6.mp3
Category:LSD_Podcasts -- posted at: 2:06pm EDT

We've been threatening to do something interesting and cool...

We're happy to announce that we will be producing a bi-weekly video podcast edition - tightly edited to a broadcast friendly 22 minutes in length. Perfect to watch while having lunch or between an episode of M*A*S*H and Barney Miller. 

Thanks for all of your support so far and we look forward to invading your space regularly to make some friends and maybe even learn a thing or two.

((PS: Based on comments from listeners, we're going to make some changes and give you a more granular set of RSS feeds so that you can select to receive exactly the version of our show that makes you the happiest. If you're subscribed to the general feed, this is the last full video episode you'll see.))

Direct download: LSD-TVepisode-1960x540.m4v
Category:LSD_Television -- posted at: 1:45pm EDT

Episode 5 -- Everybody's Working For The Weekend (Canada Day Edition) The fun with the Liquidmatrix gang continues in this episode. Pay close attention and you'll notice that there aren't any edits in this one. That's right - one take and we've got it in the can. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

  • News
    1. Operation Card Shop - UGNazi and 23 others get silver bracelets for free from the feds
    2. Hotels misrepresent credit card data security measures, FTC is not happy
    3. Typo squatter gets spanked by law firm
    4. Bank settles with wire fraud victim
    5. DHS gives federal agencies threat detection packages and DHS demos cyber attack to help sway lawmakers to pass a cyber bill
    6. RSA securid key not so secure - it’s broken - no it isn’t - yes it is - Damn you people - it's the smartcard portion of a dual-use device that's 'broken', quit slamming multi-factor authN.
    7. Portswigger get’s new tricks
    8. -
    9. Errata Charlatan of the Week
  • Commentary
    1. Foot In The Door
      • LM Team,

        First off I want to say that I'm really enjoying the podcast. I'm still very early into my career and trying to transition into InfoSec. I would love to hear about all of your views on Information Security in colleges. I was thinking about it following some twitter chatter between some people and Chris Eng about this. I thought that there were some good conversations. I'm a little bit disappointed since I just finished my M.S in Computer Info Sys with a security concentration. In the classes I took we learned some basic network security concepts. Only touched a bit on web application security. I was hoping we would of done some offensive stuff, but we never did.

        I compared my classes to pen testing classes out there and it seems to me they’re on a better track but what do I know.

        Just some thoughts,
        Jimmy

    2. Hardcore
  • Mailbag
    1. mailbag@liquidmatrix.org
    2. Hi there LiquidM,

      Long-time listener, first time emailer!

      I was wondering if you could help me with a small dilemma I'm facing. I've been working as one of those penetration tester types in the financial sector for a while now, and my company treats me right... but more and more I hear the calling of the darkside... no, not THAT darkside, the calls of those working for security companies and $vendor that get to do exciting things with exciting people! The ones that get to actually TALK about their research...

      So, what's a guy to do? Please LiquidM help me, you're my only hope!
      Chris

      P.S: Love the show... but you guys are very Canadian O.o' ;) See you guys in Vegas I hope.... eh!

    3. Hey there fellow Canucks…

      Over the years I've had many IT jobs, from network admin to system admin for small consulting firms in my area (nothing big). A common theme was the unwillingness to implement the most basic of security mechanisms, or acknowledge the possibility that the systems/networks we would implement for our clients were perhaps done in a un-secure fashion. As a security enthusiast this was very frustrating.

      On a few occasions, I would prove this using a few simple demonstrations on how easy malware, or human, could compromise the network (malicious emails, word/pdf docs, ms08_067 for example). Every time my demonstrations were brushed off as "unlikely" or "impossible", requiring a level of technical knowledge that no employee possesses inside "client X". One such place was an ISP, where we would setup and host websites, providing clients with FTP access to upload and download content. I was actually instructed not to make the passwords too complicated, to ensure our clients were able to use it. Even after I had showed my boss a public exploit (from exploit-db) was available for the FTP software used. Again brushed off as "unlikely" seeing the exploit needed to be authenticated to properly function. This, of course, started the debate of weak passwords that lasted all of 2 seconds… At another spot, I actually showed the senior administrator (my supervisor), hosting a SSH server on port 80 was possible… funny. By now I think you get the picture on how security was handled, so I won't go any further.

      My question is what would you say to the lonely sys-admin, in a small to mid sized firm, on how to handle an employer that doesn't seem concerned at all with security? How should the lonely admin tackle these types of issues without annoying "the boss" with this silly thing called "security", when it's obvious he or she is not willing to listen?

      I'm fortunate enough to no longer be in this situation, but I'm sure there are many out there still living with these types of conditions.
      Steven

      ps.: hope all of this made sense, and good job on the podcast very much enjoying it so far

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-5.mp3
Category:LSD_Podcasts -- posted at: 11:20am EDT

Episode 4 -- The Gang's all here. Matt has returned from the distant shores of the western USA... but he didn't listen to the podcast from last week - sucker. Lots of good stuff in here - let us know if we missed anything. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Listen: Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-4.mp3
Category:LSD_Podcasts -- posted at: 11:26am EDT

It's Episode 3 -- We Should Be So Committed. Your heroes find themselves completely Canadian this week as @mattjay is visiting the extreme west coast of America. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-3.mp3
Category:LSD_Podcasts -- posted at: 12:12pm EDT

It's Episode 2 -- and I'm sure you all know what that means... ... no more talk of midichlorians. And the continuing saga of 4 infosec nerds who will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Download the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-2.mp3
Category:LSD_Podcasts -- posted at: 11:30am EDT

Previously on the Liquidmatrix Security Digest Podcast... There was some talk, it was kinda nice. People said "do it again!" and now you're caught up. Welcome back to the Liquidmatrix Security Digest Podcast. The continuing saga of 4 infosec nerds who will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Creative Commons license: BY-NC-SA Oh, and just because it's awesome... thanks to Bill Pennington!

Direct download: LSDPodcast-1.mp3
Category:LSD_Podcasts -- posted at: 12:55pm EDT

You knew it was going to happen sooner or later... Welcome to the first Liquidmatrix Security Digest Podcast. In this series, we will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:

Creative Commons license: BY-NC-SA

Direct download: LSDPodcast-0.mp3
Category:LSD_Podcasts -- posted at: 1:28pm EDT



-->

Syndication

Categories

Archives

August 2018
S M T W T F S
     
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31