Liquidmatrix Security Digest Podcast

I need a new computer. Or maybe I just want one.

1. Owen Williams writes on Medium Apple just told the world it has no idea who the mac is for and I'm not entirely sure I disagree.
2. Rui Carmo lamenting the state of the macOS ecosystem and talking Elementary IO.
3. Touch bar is cool. I think it might work, but a fully reprogrammable awesome Sonder E Ink Keyboard or the 9.7" retina touchscreen would've made more sense.
4. Despite having no hardware upon which to test... here's someone's attempt at sudo-touchid with a minor caveat :(
5. And if you're a student - here's a nice deal JetBrains Developer Tools

Tomorrow I'm leaving this up to Ben, I'm not a morning person.

Good morning!

Coming to you live from O'Reilly Security in NYC. Well, the breakfast buffet anyways.

1. Great 101 article from Ars Technica How security flaws work: SQL Injection
2. The always eloquent friend of the show / my friend Violet Blue cuts to the bone with the awesome phrase "Infosec smarty-pantses" in her article on That Time Your Smart Toaster Broke The Internet Note that @gattaca's toaster doesn't obey him either
3. Twitter does dumb shit again and pisses off long term users Hiding Usernames In @Replys
4. DMCA exemption list finally updated and has a great list covered exemptions from The Register

Tune in tomorrow for a SPOOOKY story from me still in NYC.

Australia's Blood Service's exposed lots of personal data - https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/

Machine Learning Appsec testing - http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps

Mozilla doesn't trust Ernst & Young audits of CAs - https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Episode 0x6F

THE CENTENNIAL!

We are happy to announce that we've got a full show... with only two hosts. But hey - it's number 100(decimal)

Upcoming this week...

1. Lots of News
2. Breaches
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
• 1. Apple Introduces What It Calls an Easier to Use Portable Music Player
  2. MEDSEC gets independent confirmation of their findings... St Jude is still suing
  3. New ISO Standard Is an Anti-Bribery Game-Changer
• Breaches
• 1. Vera Bradley POS Breach
• SCADA / Cyber, cyber... etc
• 1. Modbus eavesdropper from B+B SmartWorx
  2. Senators get involved in IoT
  3. Dan Kaminsky on DNS and rate limiting
• DERP
• 1. HAMAS complains about video cameras
  2. California DMV thinks "INFOS3C" is a dirty word
  3. Apple Doxes Self -- MBP w/TouchID
• Mailbag
• 1. TALK ABOUT BSIDESTO AND SECTOR
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
• 1. Liquidmatrix TV
  2. learn stuff for free from experts
• Liquidmatrix Products and Services - We do some stuff. Seriously.
• 1. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil)
• Upcoming Appearances:  -- more gratuitous self-promotion
• 1. Dave: - Claims to have 5 more conferences this year. Wife still doesn't expect him home for dinner anytime soon
  2. James: - O'Reilly Security NYC and then WDW!
  3. Ben: - work
  4. Matt: - Unknown. Hiding behind his beard.
  5. Wil: - Unknown. Check CBC Calgary
  6. Other LSD Writers: - There are others?
• Advertising - pay the bills...
• 1. Thinking about SecTor this November 2017?Check back with us for codes.
• Closing Thoughts
• 1. Terry Bradshaw Says: 100 (decimal) BABY WOOO!!! 100

Creative Commons license: BY-NC-SA

UNENCRYPTED SCADA PAGERS!!! http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/ (watch Jamie and Dave's head explode when they read that)

MS threat modelling tool - https://www.microsoft.com/en-us/download/details.aspx?id=49168

Yet another - this is LSD TV mini0x07.

Talking about the Defense again.

Oh, and Ben's got a link for you - http://mooc.fi/courses/2016/cybersecurity/

Hangzhou Xiongmai recalls IoT devices - http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS

Comodo CA relies on broken OCR and issues certs incorrectly - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713

Using Rowhammer on Android - http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/

Hyper scale defenses (https://youtu.be/90kxsEOSZQ8), scaring the Russians (http://www.cbc.ca/beta/news/technolog...) and rigged elections in the Philippines (http://thestandard.com.ph/mobile/arti...) -- turns out its very old news which popped up in my news feed and I can't read dates