Liquidmatrix Security Digest Podcast

Episode  -- SB003

Thrice is NICE

Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Argentina arrests teen hacker who netted $50,000 a month
2. NSA gets data from Germany’s domestic security agency - reports
• HOST Has An Opinion
1. Exam Protection. Really. CISSP issues. :) because Dave can't talk about it
• Parting Notes -- a few one-liners...
1. Firewall Management Essentials: Change Management
2. The end of kindness: Weev and the cult of the angry young man
3. The Road Warrior's Lament: In Search Of The Perfect Carry-On
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Speaking at Deepsec in Austria and maybe bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon...
5. Wil: - Getting playa out of his areas...
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode  --  SB002

Twice is Nice

Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Vulnerability bureaucracy: Unchanged after 12 years
2. Crypto prof asked to remove NSA-related blog post
3. ZMap: Fast Internet-wide Scanning and Its Security Applications (22nd USENIX Security Symposium)
4. Downloading ZMap
5. Dave Has An Opinion
1. It's time to plan to fail.
6. Parting Notes  --  a few one-liners...
1. Republic of India has published all of their standards, including Infosec... and ISO 27000 series - for FREE
2. Safe and Secure Online - Internet Safety for Kids from (ISC)^2
3. Installing Dropbox? Prepare to lose ASLR.
4. "Here Be Dragons", Keeping Kids Safe Online
7. Liquidmatrix Staff Projects  --  gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES)  and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
8. Upcoming Appearances:  --  more gratuitous self-promotion
1. Dave:  -  Attending Derbycon, HITB Malaysia and bsidesTOspeaking at Security Congress in Chicago, Deepsec in Austria. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James:  -  Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben:  -  Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt:  -  Still on his honeymoon...
5. Wil:  -  Getting playa out of his areas...
6. Other LSD Writers:  -  Chris Sistrunk speaking at EnergySec in a couple of weeks.
9. Advertising  -  pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x30

Getting the band back together...

Because you know, it *IS* a weekly podcast afterall.

1. Upcoming this week...
2. Lots of News
3. Kittens
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag
6. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. TOR crypto might not be all that
2. CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities
3. Canadian Universities Navigate Learning Curve for New Copyright Rules
• SCADA / Cyber, cyber... etc
1. Speculation on Bullrun (more NSA funtime)
2. Zee germans say the NSAs can hack our berries and iThingies
• DERP
1. Parallels pulls head into ass
2. and just keeps pulling
3. HP laptops comes with built in audio eavesdropping feature
• Mailbag

1. Hi LSD People

   I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"?

   Thanks, Naked Computer Nerd

   
   

   Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas?

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Watch this video of a "drone's eye view" of Burning Man and look for Wintr
2. MDM for free yaknow.
3. Don't succumb to security nihlism
• Liquidmatrix Staff Projects -- gratuitous self-promotion
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
• Upcoming Appearances:  -- more gratuitous self-promotion
1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
2. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
4. Matt: - Still on his honeymoon... he's appearing in the materimonial chamber
5. Wil: - Getting playa out of his areas...
6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
• Advertising - pay the bills...
1. Hackfest registration is open
2. BSides Toronto!!!!
3. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding

Creative Commons license: BY-NC-SA

Episode SB001

Something New Is Tried

Be gentle, this "security briefing" is a new format.

Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.

1. Starting off this week...
2. News news news...

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News Briefs
1. Microsoft and Google to sue over US surveillance requests
2. An IT Flaw Has Let Unauthorized Users Exploit Army PCs for Years
3. UK asked N.Y. Times to destroy Snowden material
4. Unpatched Mac bug gives attackers “super user” status by going back in time

• Parting Notes  -- 
1. NIST releases draft of security framework
2. Akamai gets FedRAMP approval
3. Innovation And The Law Of Unintended Consequences
• Liquidmatrix Staff Projects
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: Dave will be attending Security Congress, in Chicago then on a plane to Derbycon, HITB in Malaysia, Deepsec in Austria and Hackfest in Quebec City. James will be speaking at Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
5. Hackfest registration is open
6. BSides Toronto!!!!
7. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
• In Closing
1. Word of the Week -- cyberrrrific
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course

Creative Commons license: BY-NC-SA

Episode 0x2F

things happen

Anyone else think that it would be nice if life had a bit of regularity?

1. Upcoming this week...
2. Lots of News
3. Kittens
4. Breaches
5. SCADA / Cyber, cyber... etc.
6. finishing it off with DERPs/Mailbag and
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe...
2. Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit
3. Hitting The Panic Button
• Breaches
1. wifi baby monitors a bit hackable (surprise!!!!)
2. Visa's alert of possible data breach impacts Rivermark Credit Union members
• SCADA / Cyber, cyber... etc
1. US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again)
• DERP
1. Source: New York Times Website Hit by Cyber Attack
2. IAB urges people to stop “Mozilla from hijacking the Internet”
• Mailbag

1. Noob Advice?

   I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available.

   Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government.

   If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience?

   Or would remaining a civilian throughout school present me with more opportunities?

   -Shane

   
   

   Non-Noob Response

   The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector.

   Dave Kennedy - SET, TrustedSec, Derbycon, Awesome

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Stay tuned for "The Myrcurial Fund"
2. PoC||GTFO
3. Hacking mifare cards
4. Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator
• Liquidmatrix Staff Projects
1. The Security Conference Library
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
5. Hackfest registration is open
6. BSides Toronto!!!!
7. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
• In Closing
1. Word of the Week -- cyber-spatula
2. Movie Review -- The Nutty Professor 2
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it...

Creative Commons license: BY-NC-SA

Episode 0x2D

Nobody loves us.

It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.

1. Upcoming this week...
2. Lots of News
3. Kittens
4. Breaches
5. SCADA / Cyber, cyber... etc.
6. finishing it off with DERPs/Mailbag and
7. There will NOT be a DEEP DIVE
8. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. The web is a bad bad place
2. SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact)
3. The Future of Civil Disobedience Online
4. OECD complaint against finfisher
5. The personal side of taking on the NSA: emerging smears
• Breaches
1. Facebook exposes itself
2. Opera's breach lady sings
3. 47k student teachers in Florida exposed
• SCADA / Cyber, cyber... etc
1. So you want to be a CIP consultant.
2. Australia decides not to be American
• DERP
1. South Korea misidentifies China as cyberattack origin
• Mailbag

1. Hi,

   Greetings!

   Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns?

   Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address.

   If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details.

   Best Regards,

   Linda

   Lead Generation

• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Burp trips and tricks PDF
2. Cyanogen mod gets secure messaging
3. Running a Hackerspace
4. Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
5. MITM via PPTP
6. Hacking monopoly
7. Pentagon's failed flash drive ban policy: A lesson for every CIO
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here.
2. Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute.
3. everyday is CTF! go set up a team
4. Hackfest registration is open
5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
6. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
7. Seacrest Says: Good night Kitten

Creative Commons license: BY-NC-SA

Episode 0x2C

This is the 49th time!

All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. OWASP Top 10 for 2013 is out
2. What the NSA doesn’t have: iMessages and FaceTime chats
3. Woz: This is not my America
4. This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes)
5. NSA leaks hint Microsoft may have lied about Skype security
• Breaches
1. Head of U.S. Nuclear Security Agency hacked by "Guccifer"
• SCADA / Cyber, cyber... etc
1. @c7five tweets on Cyberwar
2. US FDA calls on medical device makers to focus on cybersecurity
3. Trove of medical devices found to have password problems
• DERP
1. Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread)
2. TSA agent tells teen to 'cover herself'
3. Sys-admin selfies courtesy of The Grugq
• Mailbag

1. I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay.

   Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?

   Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful.

   Anonymous By Request

• The Deep Dive -- SETEC ASTRONOMY
1. We Should All Have Something To Hide
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
1. Disconnect raises 3.5mil
2. Pimp My Own Matt - Doing a webinar 6/20
3. CycleOverRide - Security Nerds on Wheels
4. Sixth Annual Movie-Plot Threat Contest Semifinalists
5. Hardvard Business Review talks infosec
6. I'm hiring
7. Loon
8. How to make The Internet (from The IT Crowd)
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
2. Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: Double ROT13 is NSA proof

Creative Commons license: BY-NC-SA

Episode 0x2B -- Or !2b

Nothin that we can't fix

Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Microsoft seizes malware search domains
2. Jude says child porn suspect does not need to decrypt his files... Or maybe yes he does.
3. The Chinese hack Israel
4. Hetzner web hosting service hacked
• Breaches / Cyber / DERP
1. Wired says NSA is on all Verizon calls
2. Meet PRISM and 9 big internet companies
3. EFF's handy timeline
4. Tech Companies Concede to Surveillance Program
5. Boundless Informant: the NSA's secret tool to track global surveillance data
6. Director of National Intelligence declassifies PRISM info to clear up 'inaccuracies'
7. Why Canadians Should Be Demanding Answers About Secret Surveillance Programs
8. It's in Canada too - Data-collection program got green light from MacKay in 2011
9. Whistleblower / future rendition candidate
10. Why Prism kills Cloud (wow, wtf is wrong w/ people)
11. More Links
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Google Upping their XSS Bounty on a few key domains. $7,500
2. Let's all weigh in on how these thugs are steeling cars...
3. Modern IE - browsers + HTML = weirdness
4. Bradley Manning trial transcripts
5. Using lotsa data to make web apps secure
6. No security without maturity
7. O Hai - I haz new job
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave will be speaking at SC Congress Toronto and attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Movie Review Enemy of the State
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: Hi NSA, I didn't mean all those things I said about you in private

Creative Commons license: BY-NC-SA

Episode 0x2A -- Happy One Year Later

And we still suck at scheduling

Despite efforts to the contrary... we're still not good at this. We should be getting better.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. IE 10 Most Secure Browser according to NSS Labs ....Really?
2. Privacy commissioner baffled about gas plant emails
3. Google says 7 days!
4. The Canadian Government's Embarrassing Opposition to Security Breach Disclosure Legislation (actual details on the opposition)
• Breaches
1. Drupal
2. France learns e-voting is Haaarrdddd
• SCADA / Cyber, cyber... etc
1. BBC: Smart meters need to be harder to hack, experts say
2. China blamed after ASIO blueprints stolen in major cyber attack on Canberra HQ
3. Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
• DERP
1. Woman Brags About Hitting Cyclist, Discovers Police Also Use Twitter (a hurr durr)
2. Twitter is evil!!!
3. Paypal bounty program FAIL
• Mailbag

1. So I was listening to 0x29 and a thought came to me during the part about Moxie and the line that the Saudi recruiter used on him which was the standard refrain of: "You either stand with us, or you stand with the terrorists!" Or "You either stand for surveillance or you stand with the child pornographers."

   Can we not just turn that on its head using their own logic and say: "You either stand for privacy and security or you stand with the human rights abusers."

   Since the people pushing the big brother agenda only chose to use black and white in their pictures of the world, what happens when the colours are reversed?

   Bob

• The Deep Dive
1. The Case For A Government Bug Bounty Program
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Facebook Bug Bounty 4500.. Blackhats say worth $800k Google forbids facial recognition in Google Glass for privacy reasons
2. Wintersmith - another static site generator
3. The global cyber game
4. Lahana!!!
5. Getting started with login verification (Twitter 2FA)
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave will be speaking at SC Congress Toronto and attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Movie Review -- GoldenEye: The answer is always send a SPIKE
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: I can't say Z properly

Creative Commons license: BY-NC-SA

Episode 0x29 -- Not just CrO2, but now with Dolby

Does anyone read show notes?

So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Microsoft YouTube app DERP
2. Bang with Friends Facebook glitch
3. APPLE MULTIFACTOR FOR TEH CANADAZ!!!!!
4. PayPal Exec vows to go thermonuclear on passwords.
5. Data breach leads to lots of many
6. Privacy Breach on Bloomberg’s Data Terminals
• Breaches
1. In Hours, Thieves Took $45 Million in A.T.M. Scheme (also covered by Ars) (and the krebs)
2. Name.com got p0wned
• SCADA / Cyber, cyber... etc
1. The police need an app for that
• DERP
1. Saudi's tried to hire Moxie to spy on their citizens mobile app traffic
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Troy Hunt on Clickjacking
2. Interesting note from David Seah on Procrastination.
3. Mainframes can be hacked and backdoored
4. Why certificate revocation doesn't work
5. Cory Doctrow talking about freedom, society, computers and the internet
6. Cmdr. Hadfield bids adieu to ISS with “Space Oddity” cover.
7. Government subpoenas, obtains wide set of AP phone records in investigation
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON, Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Movie Review Big: All about authentication and authorization when biometrics won't work anymore.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: This is ground control to Major Seacrest...

Creative Commons license: BY-NC-SA