Liquidmatrix Security Digest Podcast

Television Episode 0x02 -- SecTor Interviews The Second

A Full Dose of Rothman

Back again - and understand that we're serious this time.

Attempt to not learn something as I interview Mike Rothman (@securityincite), Analyst and The PRESIDENT of Securosis. Please try to pay attention. There's an awesome amount of information in there.

There's more of these in the queue. Tell us what you think or what you'd like to see.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Download the m4v

Episode 12 -- These are the Daves I know I know

He claims it's not his fault he missed an episode...

Yes, we're still doing a podcast. Lots of you listen. It's kinda awesome. We promise to be more awesome in the future.

And tonight, let us regale you with tales of:

1. Lots of News
2. Breaches
3. SCADAs
4. DERPs!!!
5. …and then our discussion topic - IDS IS DEAD

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Capital One targeted in CYBERATTACKS
2. HTML5 Full Screen API Attack
3. Firefox 16 gets pulled (just like the goalie) - exploit follows in 24 hours
4. Lone packet takes out SS7 networks
5. FX beats up on Huawei at HITB
6. Myrcurial Complains: These Kids Today
7. High Court in the Philippines Suspends Contentious Internet Law
8. Panetta Warns of Dire Threat of Cyberattack on US
• Breaches
1. Northwest Florida State College - 300,000
2. Facebook - everyone on the internet!!!!!!!
3. TD Bank (US - a subsidiary of TD Bank Canada) loses a tape IN MARCH!!!! - 260,000 records
4. Nationwide Address book Android app - 760,000 via @WeldPond
• The SCADAs
1. LittleBlackBox is a collection of thousands of private SSL and SSH keys extracted from various embedded devices. Thanks @lmacvittie
2. What is Critical Infrastructure? A long twitter conversation on 2012-10-12 about the REAL rule-of-thumb criteria for what makes something critical infrastructure or not.
• Errata
1. DERP of the week award: Samer Bishay said. “Network security lies ultimately with the service provider. So, if you can control your network well, then I don't see how any outside force could really override these controls.” (h/t @taosecurity)
• Commentary
1. Foot In The Door - IDS IS DEAD
• I can't even come up with notes. Just listen.
2. Hardcore - EXCEPT IT ISN'T
• See above.
• Mailbag / Bizarro Land
• In Closing
1. Matt reviews “Trouble with the Curve” - was there any infosec in it, nope, ok then
2. We do research too - Ben's running a survey and will publish results. Check it out!
3. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
4. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
5. A moment of silence for Amanda Todd, sadly a victim to online bullying
6. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
7. Upcoming Appearances: James at COUNTERMEASURE 2012 in Ottawa, Matt at AppSecUSA in TEXAS, Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia
8. The Seacrest says “Oh My G-d, I’m falllllling, why won’t this parachute open!?!?"

Creative Commons license: BY-NC-SA

Television Episode 0x01 -- SecTor Interviews The First

Video even - inorite!

We gave you a warning and then didn't follow through, so we understand the confusion. This is the first of many Liquidmatrix Security Television Episodes which we naively think you might enjoy.

To start off, we've got this delicious interview with Dave Mortman (@mortman), the Chief Security Architect of Enstratus. Watch as Dave regales you with tales of the way things where back when he was a boy ((It appears that he's still a boy, but that's all charm.))

There's more of these in the queue. Tell us what you think or what you'd like to see.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones/cover the screen if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Creative Commons license: BY-NC-SA

Episode 11 -- Dave's Away

w00000000000000000t!

Hey Everyone, welcome to the Liquidmatrix Security Podcast - Episode 0x11 or the 18th recording for those who don’t start with zero and are not good at Hexadecimal - or math, like us.

Everyone showed up except Dave. Something about Canadian Thanksgiving causing a Turkey Coma. We manage to struggle through without him. Actually, we think the show turned out just fine. We don't need no stinkin' Dave.

And tonight, let us regale you with tales of:

1. LOTS OF NEWS
2. Breaches
3. SCADAs
4. Errata
5. …and then our discussion topic - the con report SecTor and Derbycon

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Why no Security for Obama Campaign Website? ((PCI-DSS FTW?))
2. Skeezy fake AV sellers get fined!
3. Criminals seeking botmasters (apparently that’s a word) for MiTM and/or trojan attacks against US banks
4. Practising the cybers in Europe
5. Maple Syrup Strategic Reserve returns to Quebec
6. Cell phones just keep getting more interesting
7. AuthN and Oracle = :(
• Breaches
1. World of Warcraft Catches The Plague and Matt laughs
2. University of Chicago - 9100 identities incl. SSN
• The SCADAs
1. Telvent compromised
2. Smart Meter Data Shared Far and Wide
• Errata
1. hakin9 - “Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning” DICKS!!!
• Commentary
1. Foot In The Door - SecTor
• Geist
• Miller
• Kellman
• Arlen
• Mortman/Bellis
• Trustwave - more and more and more malware
• Failpanel (we had the originator in the audience)
• thoughts on the echo chamber
2. Hardcore - DerbyCon
• The D's Talk
• The Hallway Track
• The Awesome AV
• The Corporate CTF
• Mailbag / Bizarro Land

1. Hey!

   I just watched Ben’s talking head on CTV news, what are your thoughts on Huawei, ZTE? What does this mean to Canada?

   Paranoidly,

   Jacques L, QC

2. Also, awesome feedback from @armorguy (master Martin Fisher of Southern Fried Security podcast) on episode F, he said we were awesome and other people should copy us (we’re looking at you Riskhose)
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming appearances by the Liquidmatrix Crew at HouSecCon and HackFest.ca
5. It’s been rebooted! The Doing Infosec Right Sexy Defense team is off to a flying start with the Strategic Defense Execution Standard (#SDES)
6. The Seacrest says “We miss you Dave, please come back soon."

Creative Commons license: BY-NC-SA

Episode 10 -- It's Special

recorded live at SecTor 2012

There is no Matt. Again. So we found a replacement. As it turns out, pretty much any American who's name starts with "M" will do. Huge thanks to Mike Rothman for helping out with the madness.

This discussion has only the four topics:

1. Summer of Breaches
2. Cyber
3. authN / authZ
4. Compliancy

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

• Useful Links
1. Slides
2. Video of Presentation (low quality)
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. The Seacrest says “Move to Atlanta, there's no snow!"

Creative Commons license: BY-NC-SA

Episode F -- Aboot that

it's not a boot, it's just a really big shoe

Matt won’t be joining us tonight, it’s Ben’s fault. A quick shout out to Jimmy Vo, you will need approximately 15 or F shot glasses for this episode.

Aboot, Aboot, Aboot, Aboot!

And tonight, let us regale you with tales of:

1. More Malware
2. Less Malware
3. The SSL monsters
4. Ry-Hi
5. Twitter
6. GoDaddy
7. Breaches
8. SCADAs
9. …and then our discussion topic - what happens after the bad thing happens

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Blackhole 2.0 is out (aboot!)
2. Microsoft takes on Nitol (aboot!)
3. A story Aboot more SSL weaknesses, let’s introduce you to the CRIME attack
4. Aboot getting more skilled at Ryerson - there’s a Rainbow in Toronto for a Certificate in Computer Security and Digital Forensics
5. Twitter bows to subpoena, releases Occupy protester's tweets
6. GoDaddy, everyones favourite SOPA supporters goes down
• Breaches
1. Miami hospital hit by second patient breach this year
2. Ankit Fadia gets hacked
• The SCADAs
1. If Congress and the Senate can’t do it - by gosh, the PRESIDENT will -- Executive Order on Cyber Security in the works?
2. Interesting little bit on the side of Digital Bond’s website... “Schneider Has Not Removed Modicon FTP Backdoor Account In 2101 days”
• Errata
1. Every vendor that has been sitting on a known vuln for more than 1000 days. Jerks.
• Commentary
1. Foot In The Door - Aboot Investigations
• corporate policy
• lawyers are your friends
• purpose of the investigation (knowledge or action)
• http://it.toolbox.com/blogs/securitymonkey/
• http://www.sleuthkit.org/
• http://www.guidancesoftware.com/
2. Hardcore
• Defensible Methods
• Chain of Custody
• Judgement Day
• Mailbag / Bizarro Land

1. There is this website where I noticed that they display your login details after offering a quote in plaintext, ie. they display your username and a password on a http:// connection. So I called their call center and spoke with the manager, yeah, she will relay that information (but I kinda got the impression that she didn't understand what the problem is). Nothing happens for weeks. After maybe 2 months I go back to check and here you go, my username with password are still shown in plaintext on the site. So I sent them an email, clearly marked "to IT or IT security something" explaining it a little bit more technical. Nothing happens again. Since I raised the original issue, about 4 months have passed.

   The question is now - is it worth pursuing this further?

   Cheers

   T

   PS: Should anyone of you guys be once in London, pls ping me and I buy you a beer! Or two?

2. Ben says: http://www.ico.gov.uk/
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you're thinking of attending SecTor 2012, grab 10% off with discount code "liquidmatrix-2012" or if you can only make it to the expo floor, grab a free expo pass with code "liquidmatrix-Expo2012"
5. Vote Dave for ISC2 Board Ballot!
6. The Seacrest says “'Aboot' to Jimmy Vo, 'Shana Tova' or to our non-Jewish friends, that means 'have a good new year' and it’s time to party like it’s 5772 and then get yourself up and off to work because 5773 is going to be WILD."

Creative Commons license: BY-NC-SA

Episode E -- Just a bunch of hosers

Teh Podcast Warz Haz Begun!

It's another week in infosec. I can't get excited about it either. Too many news stories of note, breaches and a new section - the SCADAs. In the same way that we had too many breach stories so we broke them out, we're doing the same with SCADA. Expect a lot of derision from Dave and I -- there's a lot of bullshit and we're calling it.

We'd also like to wave hello to the team at Riskhose. We're sorry that you misinterpreted young Matt's question - we'll straighten you out when we do our Risk-tacular episode this fall. Also, we're starting to suspect that the Riskhose Utahian may be a closet Canadian - he knows too much about Canadian musicians and he does know all of the words to Romantic Traffic (and yes Alex, when you come to Toronto, we'll go visit all of the subway stations so that you can produce your fan version of the video.)

Interestingly, between the Riskhose podcast and some threats from the Southern Fried Security bunch, it's on - the Podcast Wars are here - expect that the next few months are going to be epic in the world of infosec podcasting. We may even take a swipe at NetSec!

1. Syria
2. SSL Certificate Hijinks
3. Cyber
4. Hackers
5. OSX
6. Canadianisms
7. The WIFIs
8. Google-ized
9. …and then our discussion topic - Dumb Stories

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Java.com SSL cert expired
2. Al-Jazeera websites hacked by Assad loyalist group
3. Cyber attacks grow increasingly "reckless", official says
4. 3 years later, hackers who hit Google continue string of potent attacks …and no one is looking out for the stuff that really matters.
5. New utility nabs OS X keychain passwords
6. Global virus downs N.S. computer system for a month
7. Sniffing open WiFi networks is not wiretapping, judge says:
8. VirusTotal acquired by Google
9. No shooting at protest? Police may block mobile devices via Apple
• Breaches
1. Guild Wars 2 officials say ongoing password attack affects 11,000 accounts
2. Antisec Leaks 1,000,001 UDIDs From A Trove Of 12 Million Allegedly Stolen From An FBI Laptop Or was it 12 million? ...or not? and some apps use IMEI as password!
3. NullCrew pillages Sony servers?
• The SCADAs
1. Secret account in mission-critical router opens power plants to tampering
2. Anonymous Hack Lukoil Bulgaria Site
• Errata
1. Vendor Cybercrime Stats
• Commentary
1. Foot In The Door - Your Dumbest Story EVAH!!!!
• Dave - VIEW SOURCE HACKERZ
• Jamie - our developer broke SSL -- that’s why we use proprietary encryption. But we’re not telling anyone what/how he did.
• Matt - SQL injected a DB to /dev/null
• Ben - I didn’t feel 3DES was secure because the source is available online, so I invented my own variant
2. Hardcore
• Skipping the hardcore because we've got a great Mailbag question.
• Mailbag / Bizarro Land

1. Love your podcast, even if you try to count in Hex :-) It would be great if you were able to dive deep into what modern defenders need to do to get ahead of attackers. Right now, attackers need to only make simple changes to their attacks and defenders are left on their kiesters. How do we change that pattern?

   Besides deploying antivirus :-)

   thanks,

   Paul of Seattle

2. Matt suggests a cool slide deck from Zane over at Etsy
3. Ben suggests you read Liquidmatrix ;)
4. … and thanks to Thomas Preissler for his comments about the show!
• In Closing
1. We do research too - Ben's running a survey and will publish results. Check it out!
2. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you're thinking of attending SecTor 2012, grab 10% off with discount code "liquidmatrix-2012" or if you can only make it to the expo floor, grab a free expo pass with code "liquidmatrix-Expo2012"
5. Vote Dave for ISC2 Board Ballot!
6. The Seacrest says “I miss Gilmore Girls" and "Skerple"

Episode D -- The Boys of Summer

Good News Everybody!

This is the longest one we've recorded yet -- by 0:59 -- and we will try to get these back down under an hour. Pinky swear. We've also gone over 10000 downloads from 63 countries. That's kinda cool - and thank you all very much. Lots of good stuff in this episode, it's totally worth the 74 minutes.

1. Hackers
2. The SCADAs
3. Java
4. Lawyers
5. MOAR SCADAS!!!!
6. Apple, Microsoft
7. Stupid Employee Tricks
8. …and then our discussion topic - Employee Tricks

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Microsoft NZ exposes TechEd delegates' passwords
2. Hackers vent ire, deface Youth Congress site
3. Antisec Hackers Breach Globalcerts, Post Data Online
4. Oilsands a hacker target: RCMP
5. Particularly good article on impact of Java vulns on Mac users and
6. American Bar Association Ethics rules now require IT knowledge
7. Apple Genius Training Manual
8. Toyota hacked by ex-IT worker, sensitive info stolen
9. ZOMG ANOTHER SCADAS! RasGas computers are “aramco’d” and Who's responsible
• Breaches
1. 1 MILLION accounts leaked in megahack on banks, websites
2. Indianapolis based Cancer Care Group -- 55k medical records
3. Canada's Maple Syrup Strategic Reserve Stolen (no, not a joke)
• Errata
1. Something hinky going on with Aaron Portnoy (former TippingPoint ZDI manager)
• Commentary
1. Foot In The Door - Employee Tricks
• How to find the really great employees
2. Hardcore
• And how to get rid of the really bad ones
• Mailbag / Bizarro Land

1. Hi LSD crew

   REDACTED REDACTED REDACTED. What about REDACTED?

   ((We're taking this as "how to manage the need to communicate without being able to communicate" -- aka, the frieNDA.))

   thanks,

   Jimmy, Nova Scotia

• In Closing
1. The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: that link will send you to http://myrcurial.com/conferences but you can totally trust that guy)
2. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
3. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor
4. Vote Dave for ISC2 Board Ballot!
5. The Seacrest says “Everybody's working for the weekend"

Creative Commons license: BY-NC-SA

Episode C -- Brain Dump Semi-slow news week this week so we used the bulk of our time to talk about a topic most of us struggle with (even some of us on the show) productivity! A few stories and our opinions as usual and also a letter from a listener regarding our own Dave running for the ISC2 board. Again, if you have anything comments, questions, suggestions, hatred, bickering, cyberdouchery, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

• News
1. Stripe CTF
2. DropBox implementing 2-factor Auth!
3. More U.S. military hacking in Afghanistan
4. Yet another Java 0-day being exploited in the wild
   Exploit Code!
5. ISC-CERT issues warning on RuggedCom/Siemens gear
   ICS-Alert PDF
6. Gauss researchers trip over Kaspersky operated sinkhole
7. NIST releases a standard on secure BIOS
8. Aramco threatened with more breaches
• Breaches
1. University of South Carolina (34,000) of a total 81,000 since 2006) - ThreatPost Article
• Commentary
1. Errata
• Not much in Errata this week
2. Foot In The Door
• Infosec Productivity

• James posted about triple monitor setup and got a bunch of questions about how his work environment is set up.

  And productivity porn is always cool (don’t deny it, you’re all fetishistically interested in getting your to-do lists underway)
  
  - we’re getting around to the beginning of the school year here in Canada (we know that most americans have already started)
  - so it’s time for the annual trip to Staples for school/office supplies
  - How do you keep your stuff in order as you work through the life that many of us share:
  + multiple concurrent lives
  + “work” work
  + “volunteering” work
  + family / friends
  + professional development
  +
  - Do you trust your digital minions?
  - Do you commingle in a BYOD way?
  - What about people that you have relationships with (spouse uses paper?)
  - Covey? David Allen (GTD)?
  - “Time Management for System Administrators” (Thomas A. Limoncelli)
  - Getting Things Done

3. Hardcore
• Stuff We Each Use To Get By:
• James:
• Devices: MBA11 / iPad2 / iPhone4s
• Scanner to go paperless
• Sync: iCloud
• SpiderOak Here's my referral link
• Dropbox Here's my referral link
• Box.com
• Rsync w/ local duplicates
• Local Software:
• Mail
• Calendar
• Reminders
• OmniFocus (OSX / iPad)
• Evernote
• Web Stuff:
• Google for years - getting away from them now
• Remember The Milk - moved all of that into OmniFocus
• If This Then That
• Trello (because the Securosis boys require it and it comes from Joel)
• When I’m working at client sites, I generally have to use the things that they use.
• Dave ditto, James.
• Ben
• schedule, schedule, schedule - religiosity with my Outlook calendar
• task lists
• shared knowledge - team wiki
• team meetings & delegation
• risk tracking tools - e.g. RSAM/
• clear boundaries - turn your phone off - giant whiteboard
• Matt
• To-Do List App
• Pen & Paper!!!
• Keep yourself away from your screen Anti-RSI
• Save a few seconds a day if you are a multi-monitor user Stay App
• Mailbag

1. Hi Dave

   What’s the deal with running for the ISC2 board?

   
   JJ
• In Closing
1. Matt’s movie review...
2. There shall be LSD folk at TASK in Toronto next week.
3. University of Reddit - Open Security Training classes on malware analysis
4. Sector CFP selections Monday night.
5. Vote Dave! http://www.liquidmatrix.org/blog/vote-for-dave/
6. The Seacrest says “1st star to the left and straight ahead, Mr Armstrong”

Creative Commons license: BY-NC-SA

Episode B -- Artificial Intelligence Something pithy should probably be written here. All of us have so much on the go that we're saving our creativity for the podcast. Also, this one is pretty long. If you have thoughts or ideas, please send them to the MailBag (mailbag@liquidmatrix.org) and we'll talk about it here. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode:

• News
1. iOS SMS spoofing (a problem with SMS in general) and Apple’s response (use iMessage) - trust us it’s secure - via reddit
2. Court Rules That It's OK for Your Facebook Friends To Rat You Out to the FBI
3. Google helps vuln researchers make bank with Pwnium2 - get your sploits on (but not you Vupen)
4. NSS asked: Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? - short answer, sorta, but not so much over SSL PDF Link
5. Some smart-ass talks about scada and cyberdouchery referencing the Rugged issue
6. Fidelis get’s bought by the military industrial complex
7. Artillery Threat Intelligence Feed
8. shamoon makes your day worse after stealing your data
• Breaches
1. Check out the Summer of Breaches "Scorecard"
2. AMD
3. Philips
• Commentary
1. Errata
• Dave had a chat with Dorsey Morrow at ISC2
• The Seacrest stands on an embassy balcony and tries to tell the world what do