Liquidmatrix Security Digest Podcast

Episode 0x38

Dreidel Turkey Dreidel Peter Mackay!!!

Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team.

Upcoming this week...

1. Lots of News
2. Breaches, anti-derps!!
3. It's Chanukah!!!
4. and many turkeys are now dead
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Someone's been MiTMing the internets... Bruce Schnier thinks Ars Technica had an okay write up about it... And more reporting on Renesys's original research on it. (and a little more)
2. Japan is awesome, told NSA no thanks because it believed the request was illegal
3. Canada's Bill C-13 is a Trojan Horse (and Michael Geist weighs in too) (and the Ontario privacy commissioner does comment on it)
• Breaches
1. Health Canada doesn't understand privacy (and the bad things start happen)
2. Clearport Mercantile exchange (and the 450,000 daily contracts they process) got p0wned
3. EU is not good with the Wifi
• Anti-derps
1. Anti-DERP - Diffie is awesome! so is newegg (but sadly the lost - which sucks)
2. Anti-DERP - konami button press sequence is not a hack (it's a metaphor)
3. Anti-DERP - Mom takes on revenge porn site, a creepy hacker and Anonymous to the rescue
• Mailbag
1. Hi Guys:
   0x37 was good -- thanks!
   

   During recording the podcast one of youse (Ben?) wanted to determine the version of Silverlight installed on a browser. I make Rapid7's browserscan the home page for all of my browsers. It displays a nice list of the plugins currently installed & enabled in your browser. The list includes the plugin's installed version, the currently available version and -- when appropriate -- a Red Download Button in case you want to download the latest version.

   
   cheers,
   Mark
   
   1. Rapid 7's Browserscan
   2. Qualys
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Amber Baldet's DefCon 21 talk on Suicide Risk Assesment and Intervention Tactics.
2. Dan Geer speaks more wisdom... go read it now
3. Awesome hack - private LCD
4. BIPS suffers Bitcoin heist
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Bluehat and Hushcon to close out the year.
2. James: - Chicago, we think
3. Ben: - nowhere in particular
4. Matt: - Turkey coma
5. Wil: - On location. He's looking for representation so get him while he's still cute...
6. Other LSD Writers: - MIA
• Advertising - pay the bills...
1. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
2. Seacrest Says: Tell Peter Mackay everything

Creative Commons license: BY-NC-SA

Episode 0x37

Two Guys !HTML

It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways.

Upcoming this week...

1. Lots of News
2. Breaches
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. GitHub undergoing a massive automated brute force attack GitHub blog post announcement
2. Police set poor example by paying $750 CryptoLocker ransom
3. China get's more with the censorship
4. Silverlight users beware (That means you Netflix watchers)
• Breaches
1. Cupid Media dating website exposes 42 million plaintext passwords Krebs reporting on it.
2. Dave Maclure's email gets breached
• SCADA / Cyber, cyber... etc
1. FBI says the .gov has been breached lots
2. Stuxnet's twin
• DERP
1. Jeremy Hammond gets nailed with a 10 year sentence
2. LG Smart TVs logging USB filenames and viewing info to LG servers
3. Idiot steals NATO data to prove a point - goes to jail
• Mailbag / Deep Dive
1. Dear Liquidmatrix Why won't they PATCH THE VULNS!!!!???? So many vulns!!!! unpatched vulns survivor
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Hacker Opsec
2. Go Dave Kennedy Go!
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - At a Chiropracter near you!
2. James: - In the United States
3. Ben: - Cyloning
4. Matt: - Possibly Seattle soon and AppSec California
5. Wil: - Acting!
6. Other LSD Writers: - What's that again?
• Advertising - pay the bills...
1. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
2. Seacrest Says: Rob Ford is my homeboy

Creative Commons license: BY-NC-SA

Episode 0x36

Which part of WEEKLY is this?

There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something.

Upcoming this week...

1. Lots of News
2. Breaches
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Homeland Security Has to Explain Why and When It Can Kill Cell Networks
2. GitHub DERPS Are Why We Can't Have Nice Things
3. Cyber-arms dealer APT APT APT (fun stuff about cve-2013-3906)
4. Toyota's killer firmware: Bad design and its consequences
5. Obligatory Rob Ford Story... Hacker Destructo Needed.
• SCADA / Cyber, cyber... etc
1. More Stuxnet CyberDerping.
2. FBI Posts Bad Craigslist Casual Encounters Ad
• DERP
1. Enabling the Snowdens? Users like you and me (or, at least, people who work at the NSA)
2. Humblebraging is still not cool... MacRumors attacker says "Relax guys"
• Mailbag
1. Friend of the show @JimmyVo asks:
   @myrcurial Definitely beyond 140 chr answer but how would you train up SIEM/SOC analysts?
2. The Liquidmatrix Crew respondeth thusly:
   DO THESE THINGS.
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. ErrataRob's isowall
2. Google Inactive Account Manager
3. WhiteHat Hiring A Ruby Dev
4. Why Korea uses internet exploder
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - In the YYZ Air Canada lounge.
2. James: - Probably no where until Shmoocon.
3. Ben: - Dancing on the ceiling.
4. Matt: - Hiding behind a beard. AppSec trip canceled :(
5. Wil: - On stage, probably acting, or probably in one of his drunken stupors.
6. Other LSD Writers: - Someone forgot to feed them.
• Advertising - pay the bills...
1. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
2. Seacrest Says: Skype is teh suck. Scotch saveth thee.

Creative Commons license: BY-NC-SA

Episode 0x35

Halloween!

We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy.

Upcoming this week...

1. Breaches
2. SCADA / Cyber, cyber... etc.
3. finishing it off with DERPs/Mailbag (or Deep Dive)
4. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• Breaches - the BIG one
1. Snowden says "You're all owned"... basically. NSA is inside Google and Yahoo datacenters worldwide.
2. How to Get Ahead at the NSA - What the NSA can and can not spy on.
3. Google in 2010 on China and surveillance
4. Canadians sue their own government over domestic spying
• SCADA / Cyber, cyber... etc
1. DRAFT Guidelines for Smart Grid Cybersecurity
• DERP
1. LinkedIn Intro: Data, Meet Security Issues
• Mailbag
1. The Cybersecurity Industry is Hiring, But Young People Aren't Interested
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Halloween idea: biometric breaking face makeup using CV Dazzle.
2. University student asks Nicholas Percoco to perform a "Personal Pen-test" and is blown away by what is found out.
3. Ben to @JimmyVo you are dead to me
4. Lavabit and Silent Circle try to fix email
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Where ISN'T Dave?
2. James: - Hackfest!
3. Ben: - Will come out in the spring - infosec bear!
4. Matt: - AppSecUSA in November
5. Wil: - Going as his defeated sense of "self worth" for halloween. It's a pretty lame costume.
6. Other LSD Writers: - We're not sure - with new found fame, Chris Sistrunk isn't talking to us anymore
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Jackson (Mississippi)
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: I'm not available anymore, because Texas. Please leave your message at the tone.

Creative Commons license: BY-NC-SA

Episode 0x34

Just the two of us

Another week, another attempt at a full house for the show.

Upcoming this week...

1. Lots of News
2. Breaches
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. CryptoSeal VPN shuts down rather than give up crypto keys to NSA
2. Court order is an inside attacker
• Breaches
1. Hacker stole $100,000 from Users of California based ISP using SQL Injection
2. Premptive Breach: Complete Persistent Compromise of NETGEAR, D-Link and Tenda (But not Dick Cheney)
• SCADA / Cyber, cyber... etc
1. Bug Hunters find 25 ICS SCADA vulnerabilities
• DERP
1. Bluetooth sniffing
2. Verizon
3. Experian sold consumer data to id theft service
• Mailbag
1. I really loved your live session at SecTor! You guys are all so dreamy! - Alex Hutton
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. A graphical explanation of Rijndael (warning Shockwave)
2. "Call yourself a hacker and lose your 4th amendment rights" - Not entirely true but definitely worth the read
• Liquidmatrix Staff Projects -- 
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - will be playing another round of where's Waldo / Carmen Sandiego
2. Matt: - LASCON This Friday 10/25, OWASP AppSecUSA in November
3. James: - Hackfest in November
• Advertising - pay the bills...
1. Hackfest registration is open
2. BsidesJackson (Mississippi)
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Random Kids in the Hall Clip

Creative Commons license: BY-NC-SA

Episode 0x33

Liquidmatrix Live at SecTor 2013

In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time!

1. Upcoming this week...
2. We didn't even bother with show notes. Seriously. Just listen, it's good stuff.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending HITB Malaysia, Deepsec in Austria. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Hackfest.
3. Ben: - Hanging out with his other toaster friends
4. Matt: - Glossy eyed boy in love
5. Wil: - Hacking banks across state lines
6. Other LSD Writers: - wait? There are other writers?
• Advertising - pay the bills...
1. Hackfest registration is open
2. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x32

Getting the Band Together?

Another week, another attempt at a full house for the show.

1. Upcoming this week...
2. Lots of News
3. non-infosec stuff
4. Breaches
5. SCADA / Cyber, cyber... etc.
6. finishing it off with DERPs/Mailbag (or Deep Dive)
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. SilkRoad seized. Dread Pirate Roberts arrested. Tor hidden service de-anonymised?
2. Silent Circle moves away from NIST approved ciphers
3. Sometimes, 7 milliseconds is REALLY important
• Breaches
1. ALL THE BREACHES!!!!
• SCADA / Cyber, cyber... etc
1. UK gets the cybers
• DERP
1. John McAfee copies Occupy.here and TOR
2. Cyber warrior crush!
• Mailbag
1. Hi
   I'm a middle aged infosec dude who's hit a slump in his career and thinking about going to the USA to pursue infosec awesomeness. I'm torn between good beer, healthcare and no republicans vs the possibility of all the cyber I could ever want. Help me please, I need advice!!!
   PJ McGuff, Ontario
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Whistleblowers and the Crypto-Anarchist Underground: An Interview with Andy Greenberg
2. ESXi 5.5 drops limits on RAM and Physical CPU
3. 101 Free Tools for VMWare Administrators
4. An awkward hug for our own Mr Arlen
5. Old people make riskier and more inconsistent decisions
6. Bittorrent chat!
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at SecTor and Hackfest, Panelist at SecTor (twice), and speaking at bSidesTO
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon...
5. Wil: - Trying to cut weight before new headshots, but will be at SecTor.
6. Other LSD Writers: - wait? There are other writers?
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Random Kids in the Hall Clip - French Canadian Trappers

Creative Commons license: BY-NC-SA

Episode  -- SB005

CON FLU!

CON FLU! It's awesome. Dave has it. Teehee.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs -- NO NEWS THIS WEEK
1. HOST Has An Opinion
1. Go to DerbyCon
2. Parting Notes -- a few one-liners...
1. Also go to SecTor next week.
2. And bSidesTO this weekend.
3. Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other.
2. James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
5. Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode  -- SB004

With Dave Away Minions Play

Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner
2. Charlatan hijacks iPhone 5S fingerprint hack contest, fools press
3. CCC uses traditional biometric smackdown techniques - and wins.
4. From the annals of Schneier: Google knows passwords
5. RSA to customers: Trust not the encryptions
6. HOST Has An Opinion
1. Focusing on the wrong thing.
7. Parting Notes -- a few one-liners...
1. Turing machine in Excel
2. Did you know that there's a new Microsoft Surface? Do you care?
8. Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
9. Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
10. Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x31

Tinfoil Hats for EVERYONE

Short paragraph containing introductory material and a thanks to listeners (if reasonable)

Upcoming this week...

1. Lots of News
2. Paranoia / NSA
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Fingerprints as passwords: New iPhone Touch ID
2. Skipping Ben's turn because he's really impressed about upcoming stories.
3. Certification WTF: Payment Card Industry Professional (PCIP)
4. WordPress < 3.6.1 PHP Object Injection
• Paranoia / NSA -- AKA "The BIG Breech of 2013"
1. The NSA is a customer of VUPEN
2. NIST says maybe don't use the ECC random bit thingie
3. Wireless firms agree to give Ottawa ability to monitor calls, phone data
4. No telco ever challenged NSA data collection
5. New NSA Leak Shows MITM Attacks Against Major Internet Services
6. EZpass is tracking you
7. NSA Hacks Belgium
8. NSA slurped bank records and credit card data
9. Canada handed over control of crypto standard setting to the NSA
10. NSA phone program is all legit
11. FISA courts joining the FOIA party late
• SCADA / Cyber, cyber... etc
1. Today Cyber means War but back in the 1990s...
2. Hacker Group in China linked to big cyber-attacks
3. Brazil and Argentina make a cyber pinkie pact
• DERP
1. Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety'
2. Twitter does link scraping
3. PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust.
• Mailbag and/or Deep Dive

1. Hey LSD-P

   I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them.

   Nervously,
   Your Friend

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Crypthook
2. ShmooCon CFP - Pay attention to the Proceedings
3. Binary Risk Assessment
4. FreedomBox
5. The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti
6. MOV is turing complete
7. Meredith Patterson at 28c3 - The language of insecurity
8. SimpleRisk: Enterprise Risk Management Simplified
9. Browser fuzzing: introducing bamboo.js
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... And will be speaking at SecTor
5. Wil: - Getting playa out of his areas... But will be at SecTor
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. SecTor 2013
4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
6. Seacrest Says: oh jeremiah!!!

Creative Commons license: BY-NC-SA