Liquidmatrix Security Digest Podcast

Episode 0x28 -- For Reals... it's here.

I SAID it's a weekly podcast

Life gets in the way of art. There's five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We're trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Stonesoft bought by McAfee/Intel
2. How I got here: Hoff
3. Thotcon / BSidesChicago - Jericho says I did a good job
4. Is the U.S. Government Recording and Saving All Domestic Telephone Calls?
5. Systems manager arrested for hacking former employer's network
• Breaches
1. Study: Utah Health Breach Could Approach $406M
2. The Onion Hacked by Syrians and the Onion responds
3. 1 million dollars (Kreb's said "cyberheist" drink!)
• SCADA / Cyber, cyber... etc
1. Many MANY sources: Your inability to understand Google Earth is entertaining
• DERP
1. This time, the DERP is on us. With five schedules spread across 3 time zones and about 12 different jobs (not including parenting)... the Liquidmatrix Crew takes the DERP of the week.
   We promise we will attempt to get back on ye olde horse. Although it may be in the form of us no longer trying to have all hands on deck. What say you dear listener?
2. Hide a bitcoin miner in your code
3. vendor just called me, offered "a great solution for cyber defense by securing end points using DoD standards" #salesFail
• Mailbag / Bizarro Land

1. Hey,

   I'm stupid busy at work. Can't keep up. People know where I sit. The email. The phone calls. I'm trying to use the damn bathroom now. Please help?

   SRSLY
   Bizzay Secpro

• DEEP DIVING - Productivity In The Security Hotseat
1. Interupt driven lifestyle for the win?
2. Rage Quit
3. Plan to be interupted - get in earlier or stay later than most of your co-workers
4. Use a trick to determine how much productive time you have (Carmack and his CD player)
5. Arrange a "cover" for the day
6. Emergent Time Planner & Task Order Up
7. kanban
8. Trello (free)
9. Lean Kit (not Free)
10. Atlassian (jira) Greenhopper ($)
11. Time Management for System Administrators
12. Trusted Systems
13. "Heroes are Zeroes" - Identify and Manage
14. Failure to document makes you a team liability
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Notch says practice your typing skills
2. Cyber Observable Expression from MITRE
3. OpenBSD 5.3 Released.
4. Teacher 'powerless' to stop ex-girlfriend's cyberstalking
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON (AMFYOYO), Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
• In Closing
1. Movie Review Terminator 2: All your PINs belong in my Atari handheld HSM
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: She sells sea shells on the sea shore.

Creative Commons license: BY-NC-SA

Episode 0x27 -- Wednesday is the new Monday

It's the podcast that never ends

We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using?

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. There will be no DEEP DIVE -- our SCUBA gear is in the shop
7. But there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Kim Jong Un needs a snickers!!!
2. Linksys Routers Screwed
3. Bitcoin dDoS destroy world economy... nah (also bitcoin social engineering) (and skype bitcoin mining malware bot)
4. Security BSides - Rochester
5. Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share.
6. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight.
7. DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages
• Breaches
1. Vudu resets user passwords after hard drives lost in office burglary
• SCADA / Cyber, cyber... etc
1. NIST CyberSecurity Framework Recordings
2. Anonymous hacks DPRNK Twitter and Flickr
3. Anonymous launches massive cyber assault on Israel Israel says: "Anonymous doesn't have the skills to damage the country's vital infrastructure" And fixes things up so that Anonymous' C&C plays "Hatikvah"
4. USAF designates some of their software as CYBERWEAPONS
5. Apparently there are CYBER-WEAPONS in the Korean Conflict
6. Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus
• DERP
1. Papa, m'entends tu?
2. French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect
3. Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation.
4. IRS Doesn’t Deny Snooping Emails Without A Warrant
5. Dongle-gate - this makes it so much clearer
• Mailbag / Bizarro Land

1. Subject:OMG, Arlen was right...

   I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it... IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997!

   I take it back. Anything coded in 1997 would be faster than Blackboard is today.

   Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less... suck?

   Thanks,
   -Jim

• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Deutsche Telecom SOC big board
2. Ingress - check it out
3. Non-SSL active content on SSL pages is blocked by default in FireFox 18
4. Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed
5. The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel.
• In Closing
1. Movie Review Die Hard 4 - It's a blast. Seriously. Quick, there's a fire sale.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: I have no mouth with which to scream

Creative Commons license: BY-NC-SA

Episode 0x26 -- The First Rule...

Ministry of Information Bulletin: Liquidmatrix is a weekly podcast.

While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results.

1. Upcoming this week...
2. Lots of News
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag and
5. THE DEEP DIVE
6. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. To hack back or to not hack back The Grugg on Opsec for Hackers (how not get p0wned while p0wning)
2. The dDoS to end all dDosssses that almost broke the ENTIRE internet, then again maybe not, but maybe sorta it did
3. Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN'T HAVE IT.
4. FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
• SCADA / Cyber, cyber... etc
1. DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks
2. FERC U MAD BRO ???? (PDF)
3. Cyber Divers take Egypt offline (except it might have been a ship's anchor)
4. First time that it looks like actual details were stolen
5. The Reality of Attribution about Cyber Attacks
6. Cyber Security: The Digital Arms Trade
7. Cyber RFI for the Space Race
8. Fukushima Cooling Knocked Offline By... a Rat... that ended badly
• DERP
1. Security hole allows anyone to reset an Apple ID with email and DOB
• Mailbag / Bizarro Land

1. My official statement of begging for getting onto the Vegas party list. Thank you for your consideration.

   Kris

2. Hello!

   Any chance I can get a couple of tickets to the party? I'm an infosec "professional" from Vancouver BC. I've met some of you guys at various cons, Hope, Defcon, Derbycon.

   thanks! Kevin

• The Deep Dive - Security Awareness Training
1. Is Bruce ALWAYS right?
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Is OwnCloud Good Enough?
2. Monitoring for humans
3. Pimp myself - Top 10 Web Hacks
4. Attempted child abduction thwarted when girl asks stranger for code word
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review: Wargames
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: "I kinda really wanted to jump in and slam him!"

Creative Commons license: BY-NC-SA

Episode 0x25 -- The one with ALL the cybers

We're not sure why this keeps happening.

As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy!

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Krebs gets whacked And does some digging
2. Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 - so another reason to stop using it)
3. Hacked retailers up in arms over $13 million 'fine', Visa lands up in court
4. It's Kali Time
5. MCMC probes The Malaysian Insider over spyware story
• The Breach Report
1. Second Factor FTW
2. Philippines National Telecom Commission Defaced by Anon
3. CCTV hack wins gamblers $33*10^6 (cue Ocean's 11/12/13)
• SCADA / Cyber, cyber... etc
1. You Say: Cyber. I Say: Unsubscribe
2. North Korea restores Internet access, blames US hackers
3. Queensland police to use surveillance drones to combat crime ahead of G20 conference
4. Federal Judge Finds National Security Letters Unconstitutional, Bans Them
5. NERC 2012 Annual Report (pdf)
6. Medical device hacking: The 6 lines of code that could bring down a hospital
7. US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine
8. U.S. Demands China Crack Down on Cyberattacks
9. Who’s Really Attacking Your ICS Devices?
• DERP
1. EC-Council goes off the deep end
• Mailbag / Bizarro Land
1. Question:

   Anyway, anyway, guys guys guys, come on. I'm in this computer, right. So I'm looking around, looking around, you know, throwing commands at it, I don't know where it is or what it does or anything. It's like, it's like choice, it's just beautiful, okay. Like four hours I'm just messing around in there. Finally I figure out, that it's a bank. Right, okay wait, okay, so it's a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street.

   That was me. That was me. I did that.

2. Answer:

   What are you, stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything?

• The Deep Dive - Security Research and the Law
1. Internet troll “weev” sentenced to 41 months for AT&T/iPad hack.
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. The Matrix in less than 600 bytes of JavaScript
2. Branching breach impact model
3. Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman)
4. Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads.
5. Microsoft to push Windows 7 Service Pack 1 to users starting March 19
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review Hackers
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: Dave says "screw you Cogeco"

Creative Commons license: BY-NC-SA

Episode 0x24 -- The Robot Uprising

You'd think those worthless meatbag humans would be more respectful.

It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Pwn2Own: IE, Firefox, Chrome and Java go down ...and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben!
2. Indian .gov puts bounty on botnet takedown
3. China's internet backbone will have security features (also censorship) (SAVA)
4. How Facebook Prepared to Be Hacked
5. Having the MD5 hash of "123456" is probably not the best way to store passwords in your publicly searchable code on github... /via Thierry Zoller. (also don't put your twitter oauth keys in github)
6. International Womens' Day - Don't forget Admiral Grace
7. Freeze All The Robots: Put Android ICS in the freezer to break crypto
8. Harvard sneaks through 16 Deans' email
9. Deja vote: Iran blocks VPN use ahead of elections
• The Breach Report
1. Another bitcoin exchange gets p0wned
2. Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out)
3. Pakistan .gov gets hacked
• SCADA / Cyber, cyber... etc
1. Metasploit releases exploit module for Honeywell ICS that has a patch available
2. Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be "Managed" Away
3. US Military Advisory Panel Says Nuke a Cyber Attacker
4. Reasons to depend on Kaspersky for ICS/SCADA operating systems -- EXCELLENT IPv6 STACKS
5. BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO
6. Cyberwar: you lack imagination
• DERP
1. TELUS releases qualitive security survey (pdf link) - completely ignores science, math and proper research
2. Survival of the fittest: Some data-breach victims can't be helped - but they enjoy reacharounds
3. China points at USA and cries "you're stinky and mean"
• Mailbag / Bizarro Land

1. Dear Dudes of the Liquid

   I found a vuln when I was browsing a company's website with w3af? Should I report it?

   Yimmy, Warsaw

• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. From Space Rogue - The Infinite Daft Loop - productivity in a can
2. Play Donkey Kong as the Princess
3. Browser sec
4. Tripwire aquires nCircle
5. Click to play!!!!
6. Microsoft preps UPDATE EVERYTHING patch batch
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review Moon (it's all about clones - BTW spoiler alert)
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: "Here's to a hoopy frood who really knew where his towel was." RIP Douglas Adams

Creative Commons license: BY-NC-SA

Episode 0x23 -- Post RSA Actual News

Recovery takes time. There has not been enough time.

There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep.

You might want to stay until the end of the show to hear about a CONTEST and something even cooler...

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Miniduke is older than we thought (Miniduke tells time in China)
2. Cloudflare dDoS post mortem
3. Google services should not require real names: Vint Cerf
4. Oracle Issues Emergency Java Update
5. Wireless brain sensor pack. Future - here we come!
6. The Lightning Digital AV Adapter Surprise
7. When will we trust robots?
• The Breach Report
1. Evernote Security Notice: Service-wide Password Reset Evernote hacked: Emails, encrypted passwords stolen But it's ok, there will be 2 factor auth someday Critics say Evernote breach was avoidable.
2. Envelopes mailed to 26k retired government employees in N.C. exposes SSNs
3. Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary
4. City of Owen Sound websites offline due to porn hack
• SCADA / Cyber, cyber... etc
1. Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA)
2. NEWS TO NO ONE: SANS SCADA and Process Control Security Survey - the state of the industry is discouraging
3. Recent 10-Ks mentioning "cyber" incidents
4. Canadian Anti-hacking agency slow to learn about Chinese cyberattack
5. Symantec: work on Stuxnet worm started two years earlier than first thought
6. SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
• DERP
1. Jailed hacker allowed into IT class, hacks prison computers
2. Nearly Every NYC Crime Involves Cyber, Says Manhattan DA
• Mailbag / Bizarro Land

1. Dearest Son,

   Why do you people always talk about "the echo chamber"? What is the echo chamber for?

   Love, Mom

• Deep Dive -
1. Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Recon 2013 CFP opened
2. APT 1 goes back years
3. There's a vuln in sudo (yes, that sudo)
4. Quick and dirty pcap slicing with tshark and friends
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- More news to follow
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early.

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
5. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. RIP Stompin' Tom We'll leave a light on.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
4. Seacrest Says: I'm drinking beer at HouSec bitches!

Creative Commons license: BY-NC-SA

Episode 0x22 -- RSA is almost over...

Yes, we all survived, but RSAConflu hurts

So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over.

1. For this week's special episode...
2. Stupid Vendor tricks
3. BSidesSF + harrassment
4. Buzzword Bingo
5. Speed Dating
6. We Lost
7. I've got 99 problems and Rich ain't one
8. Brian "CyberPotato" Honan

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• No Notes due to SPECIAL REASONS
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review: No Review
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
4. Seacrest Says: I came for the booth babes and stayed for the bacon licking.

Creative Commons license: BY-NC-SA

Episode 0x21 -- In which we prepare for RSA

Are you ready for RSA? Packed 500 business cards and a spare liver?

There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Facebook unlikes being hacked (Ars Technica) (The Atlantic Wire) (NYT) (BH Consulting) (IBI Times) (Apple too) (watering hole located)
2. Dutch MP fined for hacking medical system
3. NASA makes an oopsy with its software update
4. Kaspersky says "Trust us, we're good with software"
5. McAfee responds to criticism of AV industry with OpsFail
6. Telecom NZ cancels 60k Yahoo Xtra passwords amid attack
7. Exclusive: The Burger King and Jeep Hacker Is Probably This DJ From New England
8. Obama says share!!!
• The Breach Report
1. Mandiant. That is all.
2. Burger King twitter gets hacked
• SCADA / Cyber, cyber... etc
1. Electricity Market 101 - SCADA isn't just about the electricity
2. Turns out all that airgapping was just theoretical
3. Cyber Medals for Cyber Warriors
• DERP
1. MTV fakes their twotter account being haxored
• Mailbag / Bizarro Land

1. Hi,

   I just wondered if the Liquid Matrix team would be interested in commenting on the subject of Digital Forensics with Infrastruture-as-a-Service Cloud environments?

   ....

   Adam Robson

   Answer from the team:

   No

• Ben Rants
1. Ben Loses His Mind. Also, would you like a cheap certificate?
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Securosis RSA Guide - 2013 Edition
2. HDCP is dead, really
3. Ronin
4. Punk Spider - a searchable reference for web app vulns
5. Magazine article on Chinese online takedown services gets taken down
6. RoboPlow
7. RoboSurgeon (warning - super gross - avoid)
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: Ben, Matt James and Dave attending RSA. James and Dave speaking at RSA-e10+. James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Come find us at RSA! 
2. Movie Review: Live Free or Die Hard (and you thought it was just a cyberwarfare training video)
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
5. Seacrest Says: Am I the only one that crapped my pants when I heard a meteor hit russia?

Creative Commons license: BY-NC-SA

Episode 0x20 -- Can Dave count to 20?

Special Bonus Episode!

Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon!

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Password Dump stats for January 2013 and December for those curious
2. LA Post serving Black Holes
3. WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage)
4. NIST 800-53 Rev4 is in Draft read it, comment on it.
5. DHS declares 100 mile "4th Amendment Free" zone adjacent to US border
6. Kaspersky update hoses Internet access for Windows XP users.
7. Canadian Business Groups Lobby For Right To Install Spyware on Your Computer.
8. The Everyday Agony of the Password
9. Audacious Hack Exposes Bush Family Pix, E-Mail
• The Breach Report
1. Bit9h got hacked!!!!
• SCADA / Cyber, cyber... etc
1. Cyber Lobbists
2. SCADA for the home players - turn the Belkin Wemo into a deathtrap
• Mailbag / Bizarro Land

1. Hi LSD crew...
   just finished 0x1E again and again, well done! Many thanks.

   I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated.

   Cheers guys
   Thomas

• Discussion - Keeping up with new technical developments

1. Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...)

• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. If you permit USB keyboards or mice, you're permitting exfiltration
2. Log stash book!!!
3. Payment Card Industry clears up confusion over cloud use.
4. Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert)
5. Not done yet: Oracle to ship revised Java fix on February 19
6. Jeremiah Grossman's Self Pwnage
7. Another RoR SQLi vuln
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia
• In Closing
1. We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested 
2. Movie Review 
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
5. Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty)

Creative Commons license: BY-NC-SA

Episode 0x1F -- The Confusing Part Starts NOW

Can't wait till next week when Dave can start reading the episode numbers again!

I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy!

The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working?

These are all questions that you dear listener can answer. Let us know at mailbag@liquidmatrix.org. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show.

1. Upcoming this week...
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber... etc.
5. finishing it off with DERPs/Mailbag and
6. THE RETURN OF THE DEEP DIVE
7. Our new weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. HTTPS everywhere for IE
2. NYT hacked for 4 months (and WSJ and WaPo and Ha'aretz and and and) Symantec didn't help (gasp!) As Per Symantec, You need more than AV. (DERP)
3. Tuesday is the 10th annual safer internet day
4. Twitter got p0wned ("not the work of amateurs")
5. Was the Superbowl Hacked? Entergy doesn't think so... And there's something to be said for resilient system design (Probably not)
• SCADA / Cyber, cyber... etc
1. SANS gets some things very right and some very wrong - this is CIP 002 done WRONG
2. Eric Byres weighs in on the "broken by design" issues in ICS/SCADA
3. Hackers breach U.S. Energy Department networks
• Briefly - NO ARGUING OR DISCUSSION ALLOWED
1. Postel's Principle needs modification. Good stuff. Go see Shotgun Parsers at Shmoocon
2. Vuln Hub (not like github) - it's metasploitable and friends
3. Security engineering book - free!
4. Recon-ng (thanks /r/netsec)
5. Kim Dotcom puts up 13,500 bounty for Mega
6. John Melton's Year of security for Java (PDF)
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
3. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon
• In Closing
1. We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested 
2. Movie Review SOMETHING
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
5. Seacrest Says: TOUCHDOWN. Something about Football.

Creative Commons license: BY-NC-SA