Mon, 16 September 2013
Episode -- SB003
Thrice is NICE
Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB003.mp3
Category: LSD_Podcasts
-- posted at: 1:53pm EDT
|
|
Tue, 10 September 2013
Episode -- SB002
Twice is Nice
Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
|
|
Tue, 10 September 2013
Episode 0x30
Getting the band back together...
Because you know, it *IS* a weekly podcast afterall.
- Upcoming this week...
- Lots of News
- Kittens
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- TOR crypto might not be all that
- CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities
- Canadian Universities Navigate Learning Curve for New Copyright Rules
- SCADA / Cyber, cyber... etc
- Speculation on Bullrun (more NSA funtime)
- Zee germans say the NSAs can hack our berries and iThingies
- DERP
- Parallels pulls head into ass
- and just keeps pulling
- HP laptops comes with built in audio eavesdropping feature
- Mailbag
-
Hi LSD People
I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"?
Thanks, Naked Computer Nerd
Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas?
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Watch this video of a "drone's eye view" of Burning Man and look for Wintr
- MDM for free yaknow.
- Don't succumb to security nihlism
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... he's appearing in the materimonial chamber
- Wil: - Getting playa out of his areas...
- Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-30.mp3
Category: LSD_Podcasts
-- posted at: 12:41am EDT
|
|
Tue, 3 September 2013
Episode SB001
Something New Is Tried
Be gentle, this "security briefing" is a new format.
Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.
- Starting off this week...
- News news news...
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB001.mp3
Category: LSD_Podcasts
-- posted at: 11:56am EDT
|
|
Sun, 25 August 2013
Episode 0x2F
things happen
Anyone else think that it would be nice if life had a bit of regularity?
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe...
- Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit
- Hitting The Panic Button
- Breaches
- wifi baby monitors a bit hackable (surprise!!!!)
- Visa's alert of possible data breach impacts Rivermark Credit Union members
- SCADA / Cyber, cyber... etc
- US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again)
- DERP
- Source: New York Times Website Hit by Cyber Attack
- IAB urges people to stop “Mozilla from hijacking the Internet”
- Mailbag
-
Noob Advice?
I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available.
Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government.
If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience?
Or would remaining a civilian throughout school present me with more opportunities?
-Shane
Non-Noob Response
The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector.
Dave Kennedy - SET, TrustedSec, Derbycon, Awesome
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Stay tuned for "The Myrcurial Fund"
- PoC||GTFO
- Hacking mifare cards
- Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- In Closing
- Word of the Week -- cyber-spatula
- Movie Review -- The Nutty Professor 2
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it...
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2f.mp3
Category: LSD_Podcasts
-- posted at: 12:52pm EDT
|
|
Thu, 11 July 2013
Episode 0x2D
Nobody loves us.
It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will NOT be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- The web is a bad bad place
- SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact)
- The Future of Civil Disobedience Online
- OECD complaint against finfisher
- The personal side of taking on the NSA: emerging smears
- Breaches
- Facebook exposes itself
- Opera's breach lady sings
- 47k student teachers in Florida exposed
- SCADA / Cyber, cyber... etc
- So you want to be a CIP consultant.
- Australia decides not to be American
- DERP
- South Korea misidentifies China as cyberattack origin
- Mailbag
-
Hi,
Greetings!
Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns?
Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address.
If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details.
Best Regards,
Linda
Lead Generation
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Burp trips and tricks PDF
- Cyanogen mod gets secure messaging
- Running a Hackerspace
- Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
- MITM via PPTP
- Hacking monopoly
- Pentagon's failed flash drive ban policy: A lesson for every CIO
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here.
- Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute.
- everyday is CTF! go set up a team
- Hackfest registration is open
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Seacrest Says: Good night Kitten
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2d.mp3
Category: LSD_Podcasts
-- posted at: 12:42pm EDT
|
|
Tue, 18 June 2013
Episode 0x2C
This is the 49th time!
All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- OWASP Top 10 for 2013 is out
- What the NSA doesn’t have: iMessages and FaceTime chats
- Woz: This is not my America
- This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes)
- NSA leaks hint Microsoft may have lied about Skype security
- Breaches
- Head of U.S. Nuclear Security Agency hacked by "Guccifer"
- SCADA / Cyber, cyber... etc
- @c7five tweets on Cyberwar
- US FDA calls on medical device makers to focus on cybersecurity
- Trove of medical devices found to have password problems
- DERP
- Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread)
- TSA agent tells teen to 'cover herself'
- Sys-admin selfies courtesy of The Grugq
- Mailbag
-
I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay.
Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?
Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful.
Anonymous By Request
- The Deep Dive -- SETEC ASTRONOMY
- We Should All Have Something To Hide
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Disconnect raises 3.5mil
- Pimp My Own Matt - Doing a webinar 6/20
- CycleOverRide - Security Nerds on Wheels
- Sixth Annual Movie-Plot Threat Contest Semifinalists
- Hardvard Business Review talks infosec
- I'm hiring
- Loon
- How to make The Internet (from The IT Crowd)
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
- Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: Double ROT13 is NSA proof
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2c.mp3
Category: LSD_Podcasts
-- posted at: 2:29pm EDT
|
|
Tue, 11 June 2013
Episode 0x2B -- Or !2b
Nothin that we can't fix
Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2b.mp3
Category: LSD_Podcasts
-- posted at: 2:07pm EDT
|
|
Tue, 4 June 2013
Episode 0x2A -- Happy One Year Later
And we still suck at scheduling
Despite efforts to the contrary... we're still not good at this. We should be getting better.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2a.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Tue, 14 May 2013
Episode 0x29 -- Not just CrO2, but now with Dolby
Does anyone read show notes?
So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-29.mp3
Category: LSD_Podcasts
-- posted at: 1:21pm EDT
|
|