Mon, 1 August 2022
Episode 0x76 Ready for a surprise thing? Yup. We found spare time and did a thing. Here's the thing. You get to spend a whole lot of time listen to security old farts. Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x76.m4a
Category: LSD_Podcasts
-- posted at: 8:27pm EDT
|
|
Fri, 1 July 2022
Episode 0x75 10th Anniversary Special We should have something snappy here, but we're old and out of belt-onions Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x75.mp3
Category: LSD_Podcasts
-- posted at: 6:07pm EDT
|
|
Fri, 20 March 2020
Episode 0x74 Quarantine 2020 Edition All the late shows are doing the "I phoned in from home" why shouldn't we? Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x74.mp3
Category: LSD_Podcasts
-- posted at: 9:37am EDT
|
|
Sun, 24 December 2017
Episode 0x73 Surprise! Happy Holidays Are you having a happy holiday? Listen to us and you'll have a happy holiday. Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x73.mp3
Category: LSD_Podcasts
-- posted at: 11:01pm EDT
|
|
Mon, 22 May 2017
Episode 0x72 SPECIAL ELECTION EDITION Vote Dave... please? Upcoming this week... - We yammer about stuff with no real direction or point.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x72.mp3
Category: LSD_Podcasts
-- posted at: 11:18am EDT
|
|
Thu, 9 March 2017
Episode 0x71 Um... We're back? I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon? Upcoming this week... - /dev/random
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: - We totally forgot show-notes
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x71.mp3
Category: LSD_Podcasts
-- posted at: 4:20pm EDT
|
|
Fri, 18 November 2016
Samy Kamkar - PoisonTap - https://samy.pl/poisontap/ RCMP want an iphone unlocker - http://www.cbc.ca/news/investigates/police-power-privacy-encryption-1.3856375 Discussion paper - https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-scrt-grn-ppr-2016-bckgrndr/index-en.aspx
|
|
Thu, 17 November 2016
More Travels With Dave...
|
|
Wed, 16 November 2016
Reporting on the infosec implications of Walt Disney World... https://disneyworld.disney.go.com/ https://www.wired.com/2015/03/disney-magicband/ http://www.nytimes.com/1998/08/20/technology/roller-coasters-take-a-ride-from-wild-to-wired.html http://www.rockwellautomation.com/global/industries/entertainment/overview.page http://dsicontrols.com/amusement.html
Direct download: mini0x1C.mp3
Category: LSD_Television
-- posted at: 8:50am EDT
|
|
Tue, 15 November 2016
Dave is actually alive. We have video proof.
|
|
Mon, 14 November 2016
|
|
Sat, 12 November 2016
https://2016.pycon.ca/en/
|
|
Fri, 11 November 2016
Russian Hacker group responsible for DNC Hack is at it again - https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/ Russian banks getting hit back by DDoS Attack - https://themoscowtimes.com/news/ddos-attack-hits-russian-banks-56077
|
|
Thu, 10 November 2016
(Ben didn't do show notes)
|
|
Thu, 10 November 2016
MS16-137 - https://g-laurent.blogspot.ca/2016/11/ms16-137-lsass-remote-memory-corruption.html?m=1
|
|
Thu, 10 November 2016
Tesco was breached - https://www.google.ca/amp/www.bbc.co.uk/news/amp/37907441 The grugq on Security, Cyber, and Elections - https://medium.com/@thegrugq/security-cyber-and-elections-part-1-cd04de8ed125#.9dtgkxkut
|
|
Thu, 10 November 2016
http://www.mprnews.org/story/2016/11/07/npr-how-hostile-nation-could-disrupt-election
|
|
Thu, 10 November 2016
Nobody knew what CSIS was up to - http://www.cbc.ca/beta/news/politics/what-you-need-to-know-about-csis-metadata-1.3837104
|
|
Thu, 10 November 2016
Matthew Keys is in jail for not giving up a source - http://arstechnica.com/tech-policy/2016/11/speaking-from-prison-incarcerated-reporter-maintains-innocence/ Go Secure botnet analysis - https://gosecure.net/2016/11/02/exposing-the-ego-market-the-cybercrime-performed-by-the-linux-moose-botnet/ Blackhat EU talks - https://www.blackhat.com/eu-16/ getting root on wemos - https://www.invincealabs.com/blog/tag/wemo/
|
|
Thu, 10 November 2016
Quebec police spied on multiple journalists - https://www.engadget.com/2016/11/03/quebec-canada-cops-monitor-journalists/ Canadian intelligence agency gets hands slapped - http://www.cbc.ca/news/politics/csis-metadata-ruling-1.3835472 EMET EOL announced - https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
|
|
Thu, 10 November 2016
Episode 0x70 Dave Doesn't Exist We've been unable to capture Dave on video yet despite turning out a absolutely epic amount of video material. We think it's because he doesn't actually exist. Do not even get me started on the hipster beard and hipster actor. Those two. Sigh. In any case... Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x70.mp3
Category: LSD_Podcasts
-- posted at: 6:15am EDT
|
|
Thu, 3 November 2016
Typed JSON - https://tonyarcieri.com/introducing-tjson-a-stricter-typed-form-of-json
|
|
Wed, 2 November 2016
http://www.cbc.ca/beta/news/canada/toronto/woman-toronto-police-database-unauthorized-searches-1.3830541 http://www.cbc.ca/beta/news/canada/calgary/gerard-brand-calgary-police-trial-breach-trust-1.3829644
|
|
Tue, 1 November 2016
|
|
Mon, 31 October 2016
I need a new computer. Or maybe I just want one. - Owen Williams writes on Medium Apple just told the world it has no idea who the mac is for and I'm not entirely sure I disagree.
- Rui Carmo lamenting the state of the macOS ecosystem and talking Elementary IO.
- Touch bar is cool. I think it might work, but a fully reprogrammable awesome Sonder E Ink Keyboard or the 9.7" retina touchscreen would've made more sense.
- Despite having no hardware upon which to test... here's someone's attempt at sudo-touchid with a minor caveat :(
- And if you're a student - here's a nice deal JetBrains Developer Tools
Tomorrow I'm leaving this up to Ben, I'm not a morning person.
|
|
Sun, 30 October 2016
Good morning! Coming to you live from O'Reilly Security in NYC. Well, the breakfast buffet anyways. - Great 101 article from Ars Technica How security flaws work: SQL Injection
- The always eloquent friend of the show / my friend Violet Blue cuts to the bone with the awesome phrase "Infosec smarty-pantses" in her article on That Time Your Smart Toaster Broke The Internet Note that @gattaca's toaster doesn't obey him either
- Twitter does dumb shit again and pisses off long term users Hiding Usernames In @Replys
- DMCA exemption list finally updated and has a great list covered exemptions from The Register
Tune in tomorrow for a SPOOOKY story from me still in NYC.
|
|
Sun, 30 October 2016
|
|
Fri, 28 October 2016
Australia's Blood Service's exposed lots of personal data - https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
|
|
Thu, 27 October 2016
Machine Learning Appsec testing - http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps Mozilla doesn't trust Ernst & Young audits of CAs - https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
|
|
Wed, 26 October 2016
Episode 0x6F THE CENTENNIAL! We are happy to announce that we've got a full show... with only two hosts. But hey - it's number 100(decimal) Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6F.mp3
Category: LSD_Podcasts
-- posted at: 10:00am EDT
|
|
Wed, 26 October 2016
UNENCRYPTED SCADA PAGERS!!! http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/ (watch Jamie and Dave's head explode when they read that) MS threat modelling tool - https://www.microsoft.com/en-us/download/details.aspx?id=49168
|
|
Tue, 25 October 2016
Yet another - this is LSD TV mini0x07. Talking about the Defense again. Oh, and Ben's got a link for you - http://mooc.fi/courses/2016/cybersecurity/
|
|
Mon, 24 October 2016
Hangzhou Xiongmai recalls IoT devices - http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS Comodo CA relies on broken OCR and issues certs incorrectly - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713 Using Rowhammer on Android - http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
|
|
Sun, 23 October 2016
Hyper scale defenses (https://youtu.be/90kxsEOSZQ8), scaring the Russians (http://www.cbc.ca/beta/news/technolog...) and rigged elections in the Philippines (http://thestandard.com.ph/mobile/arti...) -- turns out its very old news which popped up in my news feed and I can't read dates
|
|
Sat, 22 October 2016
Mini episode #4: crazy TLDs and DDoS on Dyn. https://twitter.com/kpyke/status/789156391726387200 https://www.dynstatus.com/incidents/5r9mppc1kb77 https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/amp/ https://youtu.be/90kxsEOSZQ8
|
|
Fri, 21 October 2016
Friday's episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks Yahoo! and Boards of Directors and Linux privilege escalation and Wikileaks and HE JUST KEEPS TALKING.
|
|
Fri, 21 October 2016
The SECOND episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks data exfiltration.
|
|
Fri, 21 October 2016
In this first episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro walks you through SecTor 2016.
|
|
Thu, 20 October 2016
Episode 0x6E IT LIVES (Live from SecTor 2016) All five LSDP's in one room at the same time. It actually happened. Upcoming this week... - Catching Up!
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSD-Podcast-0x6E.mp3
Category: LSD_Podcasts
-- posted at: 3:35pm EDT
|
|
Mon, 27 June 2016
Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... - Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: - News and Commentary
-
- Etherium TheDAO attack simplified
- People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr
- "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA)
- DHS seeks to ask foreign visitors their social media accounts
- Breaches
-
- All your gotomypc are belong to us
- DERP
-
- Comodo are the good guys, seriously (not seriously)
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
-
- The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated)
- Mooltipass
- Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says
- Liquidmatrix Products and Services - We do some stuff. Seriously.
-
- LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil)
- Upcoming Appearances: -- more gratuitous self-promotion
-
- Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress...
- James: - Vegas. Sigh.
- Ben: - Coding my ass for SECTOR building G.Tool
- Matt: - Keeping banker's hours.
- Wil: - BSidesLV, DEF CON, Burning Man...
- Other LSD Writers: - Who?
- Advertising - pay the bills...
-
- Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0
- Closing Thoughts
-
- Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6D.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Wed, 18 May 2016
Episode 0x6C I'm bringing Six Cee Back... Oh yeah, bad joke from the start. Upcoming this week... - Lots of News
- Breaches?
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6C.mp3
Category: LSD_Podcasts
-- posted at: 9:41am EDT
|
|
Thu, 5 May 2016
Episode 0x6B SIX BEEEEEEEEEEEEE Ben, Wil, and Dave provide entertainment value that is also questionable. Upcoming this week... - Lots of News
- Breaches?
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x6B.mp3
Category: LSD_Podcasts
-- posted at: 3:37pm EDT
|
|
Wed, 27 April 2016
Episode 0x6A
All about the VZ-DBIR
Ok. Not completely weekly. And sorry Mom that we missed last
week. We'll get it together.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion
allowed
And if you've got commentary, please sent it to
mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may
want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear,
this is the story of 5 opinionated infosec pros who have sufficient
opinions of their own they don't need to speak for anyone except
themselves. Ok? Good.
In this episode:
- News and Commentary
-
- Verizon's
2016 Data Breach Investigations Report
- How
Hacking Team got hacked (with a detailed writeup from
Phisher himself)
- U.K.
official confirms surveillance bill would let cops force companies
to decrypt data
- Katie
Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147
Vulnerability Disclosure
- How
iMessage distributes security to block “phantom devices”
- Breaches
-
- Philipines
got hacked... yes, a whole country
... by a 23 year old student
-
... and Mexico
- A
Bangladeshi bank got popped for (almost) a billion
(more analysis) (technical
analysis)
- SCADA / Cyber, cyber... etc
-
- UBER
META DATA US or something like that (Uber says gave U.S. agencies
data on more than 12 million users)
-
US Special Forces Are 'Dropping Cyberbombs' on ISIS
- DERP
-
-
Four hundred MILLION vulnerable Androids are out there
-
Microsoft sues US government over 'unconstitutional' cloud data
searches
-
The FBI paid more than $1 million to crack the San Bernardino
iPhone
-
Jeff Moss talks about grooming presidents
- Mailbag
-
- Making security a big "P" Profession
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
-
- Sadlock
Bug
- Listen to
Paul @dcept905 when he says interesting things on Twitter
- DevOps Days
Austin
- Setting
up a home malware lab
- Spy Chief Complains That Edward Snowden Sped Up
Spread of Encryption by 7 Years
- Upcoming Appearances: -- more gratuitous
self-promotion
-
- Dave: - Interop, RMISC,
HackMiami, NolaCon, SecurityFest, InfosecurityEU,
CircleCityCon
- James: - Not much until Vegas...
As far as I know.
- Ben: - A Cyber Insurance
conference. Listening. yes... really
- Matt: - DevOps Days Austin, DFIR
Summit, Vegas
- Wil: - CBC Calgary
- Other LSD Writers: - Shrug,
Dunno.
- Liquidmatrix Products and Services - We do some
stuff. Seriously.
-
- LSDP-Rawfeed - where
LSDP stories get posted (except Matt... and Dave... and Ben... and
Wil)
- Advertising - pay the bills...
-
- Thinking about SecTor this
October? Be sure to use the code "liquidmatrix2016" and save 10%
off the registration fee! Or if you've just got time to cruise the
SecTor Expo Hall, the code
"liquidmatrix2016expo" will get you in for $0
- Closing Thoughts
-
- Seacrest Says: Hey Ergodan - watch this you despotic little
arsehole this
Creative Commons license:
BY-NC-SA
Direct download: LSDPodcast-0x6A.mp3
Category: LSD_Podcasts
-- posted at: 11:25am EDT
|
|
Wed, 13 April 2016
Episode 0x69
Still Weekly!
Still difficult to get everyone together for a recording but damn, we're trying. Keep sending in your questions to mailbag@liquidmatrix.org and if you see one of us at a conference, ask nicely and we'll give you a sticker!
PS: The Security Intern joins us tonight - sorry you all can't see her commentary on the rest of the Liquidmatrix crew.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Badlock Bug Site Get out your Sad Trombones everyone. Steve Ragan Fulfils Curmudgeon Role - Badlock Hype Tero Hänninen calls bullshit in a simple way Network World notes that Microsoft doesn't think it's Logo-worthy
- Eset et al. Take down Mumblehard Linux/BSD botnet
- Breaking Google Captcha
- Investigating the Potential for Miscommunication Using Emoji
- California lawmakers take step toward outlawing 'ransomware'
- Breaches
- Security Flaws found in 3 state health insurance websites (THANKS OBAMA)
- Petya Ransomware Encryption Defeated
- SCADA / Cyber, cyber... etc
- Lockheed Martin - Integrated Infrastructure: Cyber Resiliency in Society
- OMGee - Canada is vulnerable, eh?
- FBI Claims that businesses have lost $2.3 Billion to Email Scams from October 2013 to February 2016
- DERP
- Maynor Fixes All The Maps - MaxMind and Default Locations in GeoIP
- Misconfigure your way to Panama Success
- Mailbag
- Compliance is the Naturopathy of Information Security - DISCUSS.
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Random MAC addresses not enough...
- Integrating Bro IDS with the Elastic Stack
- Dealing with Digital Death
- Automating thought leadership
- Scan Onion Services for Security Issues
- Submit to the SecTor CFP!Early acceptance deadline is Sunday April 17 - final deadline is August 14th
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - NAB Show, Interop, RMISC, HackMiami, NolaCon
- James: - Desperately working on new material for Blackhat Cloud Security Training
- Ben: - Vogon poetry reading
- Wil: - Remedial HTML for beginners (Cue Jamie's rant here)
- Other LSD Writers: - Really?
- Advertising - pay the bills...
- Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0
- Next Week - because we'll be here next week!
- We'll be discussing the idea of making cyber a regulated profession. Send us your thoughts. Also, California, what's up with that?
- Closing Thoughts
- Seacrest Says: Cause, baby, now we got badlock
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x69.mp3
Category: LSD_Podcasts
-- posted at: 1:08pm EDT
|
|
Wed, 6 April 2016
Episode 0x68
Weekly Monthly Somethignly
At least a few of the boys are back to whine, bitch and moan.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x68.mp3
Category: LSD_Podcasts
-- posted at: 12:11pm EDT
|
|
Fri, 1 April 2016
Episode 0x67
The One With The Stunt Double
Hey, James here. The boys recorded this one without me and managed to really munge up the audio. My apologies. For what it's worth, this is what happens when Dave and Wil are in charge.
Upcoming this week...
- Lots of News
- Breaches
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x67.mp3
Category: LSD_Podcasts
-- posted at: 11:39am EDT
|
|
Wed, 2 March 2016
Episode 0x66
The One Where Ben and Jamie Aren't At RSAC
So the rest of the gang are out playing in either San Fran or Calgary. You get what's left over - actual security professionals doing actual security work.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x66.mp3
Category: LSD_Podcasts
-- posted at: 11:39pm EDT
|
|
Wed, 17 February 2016
Episode 0x65
Ben and Matt Screw Up HTML
Thanks Matt-Dave, this is Ben-Jamie for episode 0x65 (82 for those of you not good with the hexa-ma-decimal) and we're down a bunch of peope tonight but that's okay because we're super committed (except Wil, he's doing who knows what somewhere). Tonight we've got a lot of news about vulns and then a brief stroll through the cybers, derps and mailbags before calling it a night. Hey Matt, what's in the news?
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x65.mp3
Category: LSD_Podcasts
-- posted at: 5:51pm EDT
|
|
Wed, 10 February 2016
Episode 0x64
FIVE Golden Digests...
Yup, back again. Actually a thing. There's even some people here to talk to you about security things. And whining. Also, fuck you Skype.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - RSA, CSA Summit 2016 (Slovenia), FIRST ...25th?
- James: - I work. A lot.
- Ben: - Also works. A lot.
- Matt: - There is no Matt.
- Wil: - Doesn't work so much... Rehearsing for Radioheaded (again...), more CBC news coming...
- Other LSD Writers: - There is no Other Writers
- Closing Thoughts
- Seacrest Says: Eggplant
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x64.mp3
Category: LSD_Podcasts
-- posted at: 3:15pm EDT
|
|
Wed, 3 February 2016
Episode 0x63
May The Forth Be With You!
Dave's here. Wil's here. Matt's here. Ben's here. I'm here. There's a guest (or two) HOLY CRAP IT'S A REGULARLY SCHEDULED LIQUIDMATRIX PODCAST. Also, Dave claims he's fixed the website - we'll see how that goes.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Lessons Learned from the Java Deserialization Bug ( Apache Nose Job that Ben mentioned - everything old is new again)
- Let's talk a bit about privacy on Tor
- Baby Monitors live in New York!
- 2016 Social Security Blogger Award Voting is Open Now
- Security Firm Norse Corp. Imploding Threat Butt
- Breaches
- Let's just assume that there have been some.
- SCADA / Cyber, cyber... etc
- The Muricans are invading Canada's all bran fibre (h/t @ultramegaman)
- Israel got hacked by the NSA and James Bond
- Go get your prescriptions from these guys
- Curmudgeon's Corner
- The latest from Internet Curmudgeons -- tonight Spacerogue - YES THAT SPACEROGUE!
- DERP
- Developers Accidentially Ship Dropbox and Gmail Logins - Motorola
- HSBC succesfully defends against DDoS but is offline
- Security researcher finds 'backdoor' to MediaTek processors
- Tavis wrecks Comodo
- Mailbag
-
Gentlemen,
First let me say how happy I am that the Liquidmatrix podcast is pushing out new episodes in 2016. I look forward to listening more.
That said I find I must take exception to the "Mailbag" commentary in Episode 61.
<rant>
What definition of "enterprise" are you using?
I will heartily endorse that Matt is an "awesome" hacker and that the toolkit he is building at the startup he's at is likely totally awesome. But in what world is a startup also an enterprise?
Startups use homebrew and open source systems because they are cash-short and it makes more business sense (meaning a combination of financial, risk, compliance, and resource sense) to build versus buy.
But any true enterprise CISO that used a SIEM built by one of their team members is (using the language of the kids today) “smoking crack”.
Why? Allow me to expand the thought.. Assume Matt works for me at an $8B company and I adopted the SIEM platform he developed versus using MSSP or SIEM…
1. As the company grows the amount of time Matt will need to spend building connectors and enhancing the system will continue to grow. Matt will need to take time away from actual security (which is what I hired him for in the first place) and act more like a developer than a security staff member. Is that the best use of his limited time? I doubt it. 2. Some compliance regimes (yeah, I know, I can hear the complaints now but at the enterprise level this stuff matters) require systems you rely on for security to “have support”. I’m not a development shop! I do security for a company that makes widgets! Crap – now I have a finding in my external audit and my PCI assessor is twitching. 3. What happens when Matt gets bored (and he will – all good hackers do after a period of time) and leaves the company? Who’s going to support this thing? Now I have to go find an equally awesome hacker (not an easy prospect these days) and hope they can support this now critical piece of security infrastructure. There is a very real possibility that the system will degrade into a useless piece of crap before I can find someone to take over… That’s potentially devastating as I have *nothing* to fall back on.
Are you seriously asking me to sign up for this amount of risk? REALLY?
</rant>
Homebrew and open source security tools have their place and properly used are likely viable solutions in the startup/SMB space. Use in a true enterprise, IMO, is likely going to add so much risk that the cash expense of $VENDORPRODUCT is very much worth it.
Keep up the good podcast work, y’all. I look forward to more episodes.
Martin Fisher
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Michael Geist on the TPP
- Internet Link Tester / Validator w/ Raspberry Pi (or any Linux)
- Maximum Absorbency Garment
- Bill Clinton has used email once or twice. Nope just twice.
- Safe Harbour 2 is here
- Google's Vulnerability Reward Program paid out more than $2 million in 2015
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- Messages from our Sponsors
- We really need to have more projects
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - RSA, ATLSECCON, NAB, Interop, Bill's thong shop
- James: - Currently nothing till Vegas.
- Ben: - At home
- Matt: - RSA? Maybe? Come buy me beer during SXSW
- Wil: - Waiting to take OSCP...
- Other LSD Writers: - Apparently bloggering...
- Closing Thoughts
- Seacrest Says: Out.
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x63.mp3
Category: LSD_Podcasts
-- posted at: 10:25am EDT
|
|
Wed, 27 January 2016
Episode 0x62
The Return of Dave?
Well, we weren't kidding folks. This is number 3 inside of a month. If you include the special "Blast From The Past" Episode 0x40 Live from SecTor 2014, that's FOUR episodes in a month. Wooooooooo. Now, time to talk security. But first, a moment for Abe.
Upcoming this week...
- Lots of News
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x62.mp3
Category: LSD_Podcasts
-- posted at: 3:25pm EDT
|
|
Tue, 26 January 2016
Episode 0x40
BLAST FROM THE PAST
I lost this recording - sorry. But I found it so it's all good.
Despite being more than a year old, the entire episode is relevant. Still. (Because InfoSec).
Listen in as Dave, Ben, and James discuss the infosec job, career, education, professional development quagmire with a live audience interjecting with questions and non-canned laughter.
Closing Thoughts
Seacrest Says: Where we're going, we don't need roads...
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x40.mp3
Category: LSD_Podcasts
-- posted at: 10:53am EDT
|
|
Wed, 20 January 2016
Episode 0x61
THERE IS NO DAVE, ONLY ZUUL
Twice in two weeks. It's almost like we're making this thing a thing. Of course it'd be nice if Dave would fix the website so I could post there. At least libsyn and iTunes still work.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x61.mp3
Category: LSD_Podcasts
-- posted at: 11:19am EDT
|
|
Wed, 13 January 2016
Episode 0x60
Mid-Season Cliffhanger
Short paragraph containing introductory material and a thanks to listeners (if reasonable)
Upcoming this week...
- Lots of News
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x60.mp3
Category: LSD_Podcasts
-- posted at: 3:46pm EDT
|
|
Thu, 28 May 2015
Episode 0x51
Not Dead
Yup, we're still a thing. Scheduling is hard. Look forward to more of these with less than a full cast of characters. It happens.
Upcoming this week...
- Just some general ranting. It's what we've got.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
- Closing Thoughts
- Seacrest Says: Do this again sometime, eh?
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x51.mp3
Category: LSD_Podcasts
-- posted at: 11:57am EDT
|
|
Fri, 16 January 2015
Episode 0x50
Revenge of the Fourth
We've been around, just not... you know... around. It's best that you do not think about what happened to episodes that were not published.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x50.mp3
Category: LSD_Podcasts
-- posted at: 5:32pm EDT
|
|
Thu, 17 July 2014
Episode 0x3F
Last one before Summer Security Camp
Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we'd be back and this time we're pretending we care.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Police Dog Sniffs Out Child Porn Hard Drives
- News about the news - the WaPo launches it's own wiki-leaks-esque platform
- Rogers Releases New Policy on Disclosing Subscriber Information
- UN human rights report blows apart governments’ pro-surveillance arguments
- Breaches
- HotelHippo.com Closes after Data Leak
- Lastpass doesn't think it got breached
- SCADA / Cyber, cyber... etc
- Senate "Intelligence Committee" approves cybersecurity bill.
- If you read Boing Boing, the NSA considers you a target for deep surveillance
- The NSA Revelations All in One Chart
- DERP
- Congress in middle of Hollywood copyright clash with Silicon Valley from listener Marco Tietz
- Mailbag / Deep Dive
- We're coming up to Summer Security Camp in Vegas. Some thoughts on how to survive - and even prosper - while retaining your mind.
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Plain Text Offenders - one of many Tumblrs to follow
- Putting the TOR back in Torrent
- Telehash
- Australian bill will put journos in prison for 10 years for reporting leaks
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Speaking at RSA Asia next week, Attending Black Hat/Defcon (goon) and BSidesLV, BSides Cape Breton as keynote and will be speaking at 44CON, Sector and BSides Toronto is coming.
- James: - Blackhat, DEF CON, Derbycon, BSides Toronto, Sector - dunno where else... somewhere I suppose
- Ben: - Staying at home - cause baby
- Matt: - If you see me, call me. I'm lost. Perhaps I'll be in Las Vegas.
- Wil: -
- Other LSD Writers: - We added another one. Trying to clean up our image. Say hi to Bill - yes, that Bill.
- Advertising - pay the bills...
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5"
- Closing Thoughts
- Seacrest Says: Viva Las Vegas!!!!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x3F.mp3
Category: LSD_Podcasts
-- posted at: 11:08am EDT
|
|
Fri, 4 July 2014
Episode 0x3E
HAPPY $COUNTRY JULY PAID DAY OFF
We're back. Reasons shall be enumerated. And so forth.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- cryptolocker extortionists use bitcoin for less traceable blackmail payments, extortion payments visible in the blockchain till it goes through a mixer. crime pays
- Harper - Canada needs NSA lite because protesters
- More details on the Hacking Team spying software.
- Los Angeles Police Department Kept User ID and Password to “Big Data Policing” Software on Office Whiteboard, Incidentally Broadcast to CNN Viewers During Interview (UK gov/World Cup)
- Breaches
- Benjamin F. Edwards Co. Discloses Data Breach Affecting Customers
- DDoS Attack Puts Code Spaces Out of Business
- Feedly Suffers Extortion Related DDoS Attack
- SCADA / Cyber, cyber... etc
- The Akamai State of the Internet Report
- Deloitte Global Defense Outlook 2014
- OpenSSL roadmap - we're going faster now
- DERP
- Austria prosecutes a TOR node operate - forgets about other common carriers
- CASL means no more security notifications
- Microsoft steals no-ip's domain
- Mailbag
-
Hi guys,
Where the fuck have you been?
Sincerely,
The Internet
PS Can we have your domain name if you're not using it anymore?
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Awesome Sysadmin: A curated list of sysadmin resources
- Goals are for losers
- iOS 8 is Randomizing MAC Addresses
- Passwords
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Speaking at RSA Asia, Defcon, Black Hat, BSidesLV, Speaking at BSides Cape Breton, Speaking at 44CON, BSides Toronto, Speaking at Sector
- James: - Lots of work travel, Black Hat, DEF CON, BSidesLV, BSides Toronto, Speaking at Sector
- Ben: - Diaper changing
- Matt: - Seacrest OUT
- Wil: - Maybe painting the bathroom before DefCon and Burning Man.
- Other LSD Writers: - At least someone is blogging
- Advertising - pay the bills...
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5"
- Closing Thoughts
- Seacrest Says: "Look at that subtle off-white coloring. The tasteful thickness of it. Oh, my God. It even has a watermark."
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x3E.mp3
Category: LSD_Podcasts
-- posted at: 1:22pm EDT
|
|
Thu, 10 April 2014
Episode 0x3D
My Heart Bleeds for Windows XP
Well this is certainly an exciting week around these here parts. I reckon we've not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I'm not a huge fan of this crap.
Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x3d.mp3
Category: LSD_Podcasts
-- posted at: 11:09am EDT
|
|
Thu, 27 March 2014
Episode 0x3C
You Got Breached.
And in other news... April 8 is coming up FAST.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x3c.mp3
Category: LSD_Podcasts
-- posted at: 12:47pm EDT
|
|
Thu, 23 January 2014
Episode 0x3B
We Have Quorum!
Getting tired of hearing about the latest $problem. Can we do something different with our cognitive surplus?
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
We're reaching a tipping point around the concept of Privacy. Here's a few examples to discuss:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-3b.mp3
Category: LSD_Podcasts
-- posted at: 11:35am EDT
|
|
Thu, 9 January 2014
Episode 0x3A
We Can Do Better
Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along...
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets.
- Mandiant gets bought by FireEye
- Infographic: New ISO 27001:2013 - What Has Changed?
- Find security flaw, go to jail?
- Breaches
- Former TIAA-CREF Worker Gets 6 Years for Selling IDs
- OpenSSL Defacement - Not a Hypervisor Thing
- Riverside Health System 4-year-long HIPAA Breach
- Thank Goodness for the NSA! - a fable
- Yahoo infects people with Malware and makes the bitcoin
- SCADA / Cyber, cyber... etc
- Several European manufacturers spawn NSA-proof Android “cryptophones”
- NSA denials
- DERP
- UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services
- Mailbag
- We receive some of the most batcrap crazy emails here at LSD. What's the right response to people who don't just have a tinfoil hat, but are opting for the full ensemble?
- Dear Mailbag
I'm thinking about not speaking at RSA because of the NSAs, what do you think? Hugs Mikko H. (not the other Mikko guy)
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Crypto Hardening guide for Sysadmins
- Penetration Testing Lab Contents Mindmap
- sigcheck now with Virus total
- Wordpress plugin exploit data
- Skipfish Scanner Used In Financial Sector Attacks
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Shmoocon, SOURCE, Infosec EU, BSides London, HITB EU, Secure360, FIRST...
- James: - At Shmoocon (with a cool surprise), then RSA (sad trombone)
- Ben: - N/A
- Matt: - behind the beard
- Wil: - Gave up, is a car dealer now
- Other LSD Writers: - huh?
- Advertising - pay the bills...
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5"
- Closing Thoughts
- Seacrest Says: My Voice Is My Passport, Verify Me
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-0x3A.mp3
Category: LSD_Podcasts
-- posted at: 1:40pm EDT
|
|
Sun, 5 January 2014
Episode 0x39
Auld Lang Syne
The Syrian Liberation Army would like to thank Liquidmatrix for their use of Skype.
Upcoming this week...
- Lots of News
- Breaches
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-39.mp3
Category: LSD_Podcasts
-- posted at: 6:19pm EDT
|
|
Mon, 2 December 2013
Episode 0x38
Dreidel Turkey Dreidel Peter Mackay!!!
Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team.
Upcoming this week...
- Lots of News
- Breaches, anti-derps!!
- It's Chanukah!!!
- and many turkeys are now dead
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-38.mp3
Category: LSD_Podcasts
-- posted at: 5:20pm EDT
|
|
Sun, 24 November 2013
Episode 0x37
Two Guys !HTML
It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-37.mp3
Category: LSD_Podcasts
-- posted at: 12:36pm EDT
|
|
Thu, 14 November 2013
Episode 0x36
Which part of WEEKLY is this?
There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-36.mp3
Category: LSD_Podcasts
-- posted at: 12:47pm EDT
|
|
Thu, 31 October 2013
Episode 0x35
Halloween!
We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy.
Upcoming this week...
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-35.mp3
Category: LSD_Podcasts
-- posted at: 4:01am EDT
|
|
Tue, 29 October 2013
Episode 0x34
Just the two of us
Another week, another attempt at a full house for the show.
Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-34.mp3
Category: LSD_Podcasts
-- posted at: 2:11pm EDT
|
|
Thu, 10 October 2013
Episode 0x33
Liquidmatrix Live at SecTor 2013
In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time!
- Upcoming this week...
- We didn't even bother with show notes. Seriously. Just listen, it's good stuff.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, Deepsec in Austria. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Hackfest.
- Ben: - Hanging out with his other toaster friends
- Matt: - Glossy eyed boy in love
- Wil: - Hacking banks across state lines
- Other LSD Writers: - wait? There are other writers?
- Advertising - pay the bills...
- Hackfest registration is open
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-33.mp3
Category: LSD_Podcasts
-- posted at: 8:02pm EDT
|
|
Thu, 3 October 2013
Episode 0x32
Getting the Band Together?
Another week, another attempt at a full house for the show.
- Upcoming this week...
- Lots of News
- non-infosec stuff
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- SilkRoad seized. Dread Pirate Roberts arrested. Tor hidden service de-anonymised?
- Silent Circle moves away from NIST approved ciphers
- Sometimes, 7 milliseconds is REALLY important
- Breaches
- ALL THE BREACHES!!!!
- SCADA / Cyber, cyber... etc
- UK gets the cybers
- DERP
- John McAfee copies Occupy.here and TOR
- Cyber warrior crush!
- Mailbag
- Hi
I'm a middle aged infosec dude who's hit a slump in his career and thinking about going to the USA to pursue infosec awesomeness. I'm torn between good beer, healthcare and no republicans vs the possibility of all the cyber I could ever want. Help me please, I need advice!!! PJ McGuff, Ontario
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Whistleblowers and the Crypto-Anarchist Underground: An Interview with Andy Greenberg
- ESXi 5.5 drops limits on RAM and Physical CPU
- 101 Free Tools for VMWare Administrators
- An awkward hug for our own Mr Arlen
- Old people make riskier and more inconsistent decisions
- Bittorrent chat!
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at SecTor and Hackfest, Panelist at SecTor (twice), and speaking at bSidesTO
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon...
- Wil: - Trying to cut weight before new headshots, but will be at SecTor.
- Other LSD Writers: - wait? There are other writers?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Random Kids in the Hall Clip - French Canadian Trappers
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-32.mp3
Category: LSD_Podcasts
-- posted at: 6:15pm EDT
|
|
Mon, 30 September 2013
Episode -- SB005
CON FLU!
CON FLU! It's awesome. Dave has it. Teehee.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News Briefs -- NO NEWS THIS WEEK
- HOST Has An Opinion
- Go to DerbyCon
- Parting Notes -- a few one-liners...
- Also go to SecTor next week.
- And bSidesTO this weekend.
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending HITB Malaysia, speaking at Deepsec in Austria, and bsidesTO. Panelist at SecTor, speaking at Hackfest in Quebec City... And finally, I'll be attending Blackhat one way or the other.
- James: - Speaking at bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB005.mp3
Category: LSD_Podcasts
-- posted at: 7:22pm EDT
|
|
Mon, 23 September 2013
Episode -- SB004
With Dave Away Minions Play
Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News Briefs
- @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner
- Charlatan hijacks iPhone 5S fingerprint hack contest, fools press
- CCC uses traditional biometric smackdown techniques - and wins.
- From the annals of Schneier: Google knows passwords
- RSA to customers: Trust not the encryptions
- HOST Has An Opinion
- Focusing on the wrong thing.
- Parting Notes -- a few one-liners...
- Turing machine in Excel
- Did you know that there's a new Microsoft Surface? Do you care?
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Wait... there are "writers"? What deviousness is this?
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB004.mp3
Category: LSD_Podcasts
-- posted at: 12:44pm EDT
|
|
Thu, 19 September 2013
Episode 0x31
Tinfoil Hats for EVERYONE
Short paragraph containing introductory material and a thanks to listeners (if reasonable)
Upcoming this week...
- Lots of News
- Paranoia / NSA
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Fingerprints as passwords: New iPhone Touch ID
- Skipping Ben's turn because he's really impressed about upcoming stories.
- Certification WTF: Payment Card Industry Professional (PCIP)
- WordPress < 3.6.1 PHP Object Injection
- Paranoia / NSA -- AKA "The BIG Breech of 2013"
- The NSA is a customer of VUPEN
- NIST says maybe don't use the ECC random bit thingie
- Wireless firms agree to give Ottawa ability to monitor calls, phone data
- No telco ever challenged NSA data collection
- New NSA Leak Shows MITM Attacks Against Major Internet Services
- EZpass is tracking you
- NSA Hacks Belgium
- NSA slurped bank records and credit card data
- Canada handed over control of crypto standard setting to the NSA
- NSA phone program is all legit
- FISA courts joining the FOIA party late
- SCADA / Cyber, cyber... etc
- Today Cyber means War but back in the 1990s...
- Hacker Group in China linked to big cyber-attacks
- Brazil and Argentina make a cyber pinkie pact
- DERP
- Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety'
- Twitter does link scraping
- PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust.
- Mailbag and/or Deep Dive
-
Hey LSD-P
I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them.
Nervously, Your Friend
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Crypthook
- ShmooCon CFP - Pay attention to the Proceedings
- Binary Risk Assessment
- FreedomBox
- The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti
- MOV is turing complete
- Meredith Patterson at 28c3 - The language of insecurity
- SimpleRisk: Enterprise Risk Management Simplified
- Browser fuzzing: introducing bamboo.js
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... And will be speaking at SecTor
- Wil: - Getting playa out of his areas... But will be at SecTor
- Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now.
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- SecTor 2013
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: oh jeremiah!!!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-31.mp3
Category: LSD_Podcasts
-- posted at: 2:04am EDT
|
|
Mon, 16 September 2013
Episode -- SB003
Thrice is NICE
Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB003.mp3
Category: LSD_Podcasts
-- posted at: 1:53pm EDT
|
|
Tue, 10 September 2013
Episode -- SB002
Twice is Nice
Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature.
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
|
|
Tue, 10 September 2013
Episode 0x30
Getting the band back together...
Because you know, it *IS* a weekly podcast afterall.
- Upcoming this week...
- Lots of News
- Kittens
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- TOR crypto might not be all that
- CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities
- Canadian Universities Navigate Learning Curve for New Copyright Rules
- SCADA / Cyber, cyber... etc
- Speculation on Bullrun (more NSA funtime)
- Zee germans say the NSAs can hack our berries and iThingies
- DERP
- Parallels pulls head into ass
- and just keeps pulling
- HP laptops comes with built in audio eavesdropping feature
- Mailbag
-
Hi LSD People
I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"?
Thanks, Naked Computer Nerd
Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas?
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Watch this video of a "drone's eye view" of Burning Man and look for Wintr
- MDM for free yaknow.
- Don't succumb to security nihlism
- Liquidmatrix Staff Projects -- gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: -- more gratuitous self-promotion
- Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City.
- James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO
- Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
- Matt: - Still on his honeymoon... he's appearing in the materimonial chamber
- Wil: - Getting playa out of his areas...
- Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks.
- Advertising - pay the bills...
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-30.mp3
Category: LSD_Podcasts
-- posted at: 12:41am EDT
|
|
Tue, 3 September 2013
Episode SB001
Something New Is Tried
Be gentle, this "security briefing" is a new format.
Hi folks, Dave here. I've set up a new short security news briefing format for a weekly update in addition to our main podcast. This is just a test balloon for this week. I plan to get it smoother for next week.
- Starting off this week...
- News news news...
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 1 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-SB001.mp3
Category: LSD_Podcasts
-- posted at: 11:56am EDT
|
|
Sun, 25 August 2013
Episode 0x2F
things happen
Anyone else think that it would be nice if life had a bit of regularity?
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe...
- Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit
- Hitting The Panic Button
- Breaches
- wifi baby monitors a bit hackable (surprise!!!!)
- Visa's alert of possible data breach impacts Rivermark Credit Union members
- SCADA / Cyber, cyber... etc
- US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again)
- DERP
- Source: New York Times Website Hit by Cyber Attack
- IAB urges people to stop “Mozilla from hijacking the Internet”
- Mailbag
-
Noob Advice?
I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available.
Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government.
If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience?
Or would remaining a civilian throughout school present me with more opportunities?
-Shane
Non-Noob Response
The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector.
Dave Kennedy - SET, TrustedSec, Derbycon, Awesome
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Stay tuned for "The Myrcurial Fund"
- PoC||GTFO
- Hacking mifare cards
- Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor.
- Hackfest registration is open
- BSides Toronto!!!!
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- In Closing
- Word of the Week -- cyber-spatula
- Movie Review -- The Nutty Professor 2
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it...
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2f.mp3
Category: LSD_Podcasts
-- posted at: 12:52pm EDT
|
|
Thu, 11 July 2013
Episode 0x2D
Nobody loves us.
It's all about us this week. Well, not really. It's more about getting the world to get off the crazy train.
- Upcoming this week...
- Lots of News
- Kittens
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will NOT be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- The web is a bad bad place
- SSL: Intercepted today, decrypted tomorrow (or why you need to use PFS) (but PFS TLS has a peformance impact)
- The Future of Civil Disobedience Online
- OECD complaint against finfisher
- The personal side of taking on the NSA: emerging smears
- Breaches
- Facebook exposes itself
- Opera's breach lady sings
- 47k student teachers in Florida exposed
- SCADA / Cyber, cyber... etc
- So you want to be a CIP consultant.
- Australia decides not to be American
- DERP
- South Korea misidentifies China as cyberattack origin
- Mailbag
-
Hi,
Greetings!
Would you be interested to reach out to your target market for your Marketing Initiatives like Email Marketing, Tele Marketing, Direct Mailing and Fax Campaigns?
Our list comes with the following information such as: First Name, Last Name, Title, Email, Tele-phone Number, Mobile Number, Company, Current Address, Country State/Province, City, Zip Code, Employee size, Sales; SIC Code/Industry, NAICS and Web Address.
If you are interested please send me your target audience and geographical area, so that I can get back to you with exact counts and list details.
Best Regards,
Linda
Lead Generation
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Burp trips and tricks PDF
- Cyanogen mod gets secure messaging
- Running a Hackerspace
- Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
- MITM via PPTP
- Hacking monopoly
- Pentagon's failed flash drive ban policy: A lesson for every CIO
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave now will be writing for CSO Online and will be attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago and Hackfest in Quebec City. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cyberlympics - I think it means CTF, but I'm not sure. Check it out here.
- Movie Review -- Firewall! Because you know that Harrison Ford can type 120 words per minute.
- everyday is CTF! go set up a team
- Hackfest registration is open
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013
- Seacrest Says: Good night Kitten
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2d.mp3
Category: LSD_Podcasts
-- posted at: 12:42pm EDT
|
|
Tue, 18 June 2013
Episode 0x2C
This is the 49th time!
All I can hear is the voice of Edward R. Rooney saying "Nine Times"... well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I'm just talking to myself here. It's probably bad when you start talking to yourself. Perhaps.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- OWASP Top 10 for 2013 is out
- What the NSA doesn’t have: iMessages and FaceTime chats
- Woz: This is not my America
- This is some cold ass James Bond shit (Countries are upset) (they even setup fake internet cafes)
- NSA leaks hint Microsoft may have lied about Skype security
- Breaches
- Head of U.S. Nuclear Security Agency hacked by "Guccifer"
- SCADA / Cyber, cyber... etc
- @c7five tweets on Cyberwar
- US FDA calls on medical device makers to focus on cybersecurity
- Trove of medical devices found to have password problems
- DERP
- Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S) (and a reddit thread)
- TSA agent tells teen to 'cover herself'
- Sys-admin selfies courtesy of The Grugq
- Mailbag
-
I'd like to start by saying that I thoroughly enjoy your podcast. It's a great combination of security news, comedy, and tragedy. It's great, keep it up. I'm emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that's okay.
Now, my question. I'm a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I'm wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?
Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I'm thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It's just annoying/expensive because I'd likely have to fly to the US. Any guidance that you could provide would be helpful.
Anonymous By Request
- The Deep Dive -- SETEC ASTRONOMY
- We Should All Have Something To Hide
- Briefly -- NO ARGUING OR DISCUSSION ALLOWED
- Disconnect raises 3.5mil
- Pimp My Own Matt - Doing a webinar 6/20
- CycleOverRide - Security Nerds on Wheels
- Sixth Annual Movie-Plot Threat Contest Semifinalists
- Hardvard Business Review talks infosec
- I'm hiring
- Loon
- How to make The Internet (from The IT Crowd)
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel.
- In Closing
- Word of the Week -- Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
- Movie Review -- Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: Double ROT13 is NSA proof
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2c.mp3
Category: LSD_Podcasts
-- posted at: 2:29pm EDT
|
|
Tue, 11 June 2013
Episode 0x2B -- Or !2b
Nothin that we can't fix
Infosec news is pretty light this week. Let's have a good start for year two of Liquidmatrix Security Digest Podcast.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2b.mp3
Category: LSD_Podcasts
-- posted at: 2:07pm EDT
|
|
Tue, 4 June 2013
Episode 0x2A -- Happy One Year Later
And we still suck at scheduling
Despite efforts to the contrary... we're still not good at this. We should be getting better.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- And there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-2a.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Tue, 14 May 2013
Episode 0x29 -- Not just CrO2, but now with Dolby
Does anyone read show notes?
So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil's unfortunately loud Bermuda frogs. I can't promise that it won't happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can't be wrong. Or something.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-29.mp3
Category: LSD_Podcasts
-- posted at: 1:21pm EDT
|
|
Thu, 9 May 2013
Episode 0x28 -- For Reals... it's here.
I SAID it's a weekly podcast
Life gets in the way of art. There's five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We're trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be a DEEP DIVE
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-28.mp3
Category: LSD_Podcasts
-- posted at: 4:34pm EDT
|
|
Thu, 11 April 2013
Episode 0x27 -- Wednesday is the new Monday
It's the podcast that never ends
We've collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they're not using?
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- There will be no DEEP DIVE -- our SCUBA gear is in the shop
- But there are weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Kim Jong Un needs a snickers!!!
- Linksys Routers Screwed
- Bitcoin dDoS destroy world economy... nah (also bitcoin social engineering) (and skype bitcoin mining malware bot)
- Security BSides - Rochester
- Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share.
- Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight.
- DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages
- Breaches
- Vudu resets user passwords after hard drives lost in office burglary
- SCADA / Cyber, cyber... etc
- NIST CyberSecurity Framework Recordings
- Anonymous hacks DPRNK Twitter and Flickr
- Anonymous launches massive cyber assault on Israel Israel says: "Anonymous doesn't have the skills to damage the country's vital infrastructure" And fixes things up so that Anonymous' C&C plays "Hatikvah"
- USAF designates some of their software as CYBERWEAPONS
- Apparently there are CYBER-WEAPONS in the Korean Conflict
- Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus
- DERP
- Papa, m'entends tu?
- French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect
- Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation.
- IRS Doesn’t Deny Snooping Emails Without A Warrant
- Dongle-gate - this makes it so much clearer
- Mailbag / Bizarro Land
-
Subject:OMG, Arlen was right...
I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it... IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997!
I take it back. Anything coded in 1997 would be faster than Blackboard is today.
Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less... suck?
Thanks, -Jim
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Deutsche Telecom SOC big board
- Ingress - check it out
- Non-SSL active content on SSL pages is blocked by default in FireFox 18
- Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed
- The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- You've asked when and where - that'd be "We don't know yet" and "The week of Blackhat/BSides/DEFCON". You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel.
- In Closing
- Movie Review Die Hard 4 - It's a blast. Seriously. Quick, there's a fire sale.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: I have no mouth with which to scream
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-27.mp3
Category: LSD_Podcasts
-- posted at: 4:01pm EDT
|
|
Tue, 2 April 2013
Episode 0x26 -- The First Rule...
Ministry of Information Bulletin: Liquidmatrix is a weekly podcast.
While we'd like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our "Infosec Anonymous" program? Perhaps we should go with a different name: searching "infosec anonymous" gives me about 210,000 results.
- Upcoming this week...
- Lots of News
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- To hack back or to not hack back The Grugg on Opsec for Hackers (how not get p0wned while p0wning)
- The dDoS to end all dDosssses that almost broke the ENTIRE internet, then again maybe not, but maybe sorta it did
- Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN'T HAVE IT.
- FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
- SCADA / Cyber, cyber... etc
- DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks
- FERC U MAD BRO ???? (PDF)
- Cyber Divers take Egypt offline (except it might have been a ship's anchor)
- First time that it looks like actual details were stolen
- The Reality of Attribution about Cyber Attacks
- Cyber Security: The Digital Arms Trade
- Cyber RFI for the Space Race
- Fukushima Cooling Knocked Offline By... a Rat... that ended badly
- DERP
- Security hole allows anyone to reset an Apple ID with email and DOB
- Mailbag / Bizarro Land
-
My official statement of begging for getting onto the Vegas party list. Thank you for your consideration.
Kris
-
Hello!
Any chance I can get a couple of tickets to the party? I'm an infosec "professional" from Vancouver BC. I've met some of you guys at various cons, Hope, Defcon, Derbycon.
thanks! Kevin
- The Deep Dive - Security Awareness Training
- Is Bruce ALWAYS right?
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Is OwnCloud Good Enough?
- Monitoring for humans
- Pimp myself - Top 10 Web Hacks
- Attempted child abduction thwarted when girl asks stranger for code word
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review: Wargames
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: "I kinda really wanted to jump in and slam him!"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-26.mp3
Category: LSD_Podcasts
-- posted at: 2:44pm EDT
|
|
Fri, 22 March 2013
Episode 0x25 -- The one with ALL the cybers
We're not sure why this keeps happening.
As is the new normal around here, we've spent more time arguing about the show instead of actually doing the show. Add to that Dave's issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of "listenable". But hey, it's done now. Enjoy!
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Krebs gets whacked And does some digging
- Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 - so another reason to stop using it)
- Hacked retailers up in arms over $13 million 'fine', Visa lands up in court
- It's Kali Time
- MCMC probes The Malaysian Insider over spyware story
- The Breach Report
- Second Factor FTW
- Philippines National Telecom Commission Defaced by Anon
- CCTV hack wins gamblers $33*10^6 (cue Ocean's 11/12/13)
- SCADA / Cyber, cyber... etc
- You Say: Cyber. I Say: Unsubscribe
- North Korea restores Internet access, blames US hackers
- Queensland police to use surveillance drones to combat crime ahead of G20 conference
- Federal Judge Finds National Security Letters Unconstitutional, Bans Them
- NERC 2012 Annual Report (pdf)
- Medical device hacking: The 6 lines of code that could bring down a hospital
- US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine
- U.S. Demands China Crack Down on Cyberattacks
- Who’s Really Attacking Your ICS Devices?
- DERP
- EC-Council goes off the deep end
- Mailbag / Bizarro Land
- Question:
Anyway, anyway, guys guys guys, come on. I'm in this computer, right. So I'm looking around, looking around, you know, throwing commands at it, I don't know where it is or what it does or anything. It's like, it's like choice, it's just beautiful, okay. Like four hours I'm just messing around in there. Finally I figure out, that it's a bank. Right, okay wait, okay, so it's a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street.
That was me. That was me. I did that.
- Answer:
What are you, stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything?
- The Deep Dive - Security Research and the Law
- Internet troll “weev” sentenced to 41 months for AT&T/iPad hack.
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- The Matrix in less than 600 bytes of JavaScript
- Branching breach impact model
- Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman)
- Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads.
- Microsoft to push Windows 7 Service Pack 1 to users starting March 19
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review Hackers
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: Dave says "screw you Cogeco"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-25.mp3
Category: LSD_Podcasts
-- posted at: 3:57pm EDT
|
|
Tue, 12 March 2013
Episode 0x24 -- The Robot Uprising
You'd think those worthless meatbag humans would be more respectful.
It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That's just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak - better than butter.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Pwn2Own: IE, Firefox, Chrome and Java go down ...and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben!
- Indian .gov puts bounty on botnet takedown
- China's internet backbone will have security features (also censorship) (SAVA)
- How Facebook Prepared to Be Hacked
- Having the MD5 hash of "123456" is probably not the best way to store passwords in your publicly searchable code on github... /via Thierry Zoller. (also don't put your twitter oauth keys in github)
- International Womens' Day - Don't forget Admiral Grace
- Freeze All The Robots: Put Android ICS in the freezer to break crypto
- Harvard sneaks through 16 Deans' email
- Deja vote: Iran blocks VPN use ahead of elections
- The Breach Report
- Another bitcoin exchange gets p0wned
- Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out)
- Pakistan .gov gets hacked
- SCADA / Cyber, cyber... etc
- Metasploit releases exploit module for Honeywell ICS that has a patch available
- Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be "Managed" Away
- US Military Advisory Panel Says Nuke a Cyber Attacker
- Reasons to depend on Kaspersky for ICS/SCADA operating systems -- EXCELLENT IPv6 STACKS
- BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO
- Cyberwar: you lack imagination
- DERP
- TELUS releases qualitive security survey (pdf link) - completely ignores science, math and proper research
- Survival of the fittest: Some data-breach victims can't be helped - but they enjoy reacharounds
- China points at USA and cries "you're stinky and mean"
- Mailbag / Bizarro Land
-
Dear Dudes of the Liquid
I found a vuln when I was browsing a company's website with w3af? Should I report it?
Yimmy, Warsaw
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- From Space Rogue - The Infinite Daft Loop - productivity in a can
- Play Donkey Kong as the Princess
- Browser sec
- Tripwire aquires nCircle
- Click to play!!!!
- Microsoft preps UPDATE EVERYTHING patch batch
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review Moon (it's all about clones - BTW spoiler alert)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
- Seacrest Says: "Here's to a hoopy frood who really knew where his towel was." RIP Douglas Adams
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-24.mp3
Category: LSD_Podcasts
-- posted at: 3:24pm EDT
|
|
Thu, 7 March 2013
Episode 0x23 -- Post RSA Actual News
Recovery takes time. There has not been enough time.
There's really not anything significant to note off the top. There's much going on in the world of infosec. I wish that it weren't as true, but even with the wildness of RSA, the cybers never sleep.
You might want to stay until the end of the show to hear about a CONTEST and something even cooler...
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Miniduke is older than we thought (Miniduke tells time in China)
- Cloudflare dDoS post mortem
- Google services should not require real names: Vint Cerf
- Oracle Issues Emergency Java Update
- Wireless brain sensor pack. Future - here we come!
- The Lightning Digital AV Adapter Surprise
- When will we trust robots?
- The Breach Report
- Evernote Security Notice: Service-wide Password Reset Evernote hacked: Emails, encrypted passwords stolen But it's ok, there will be 2 factor auth someday Critics say Evernote breach was avoidable.
- Envelopes mailed to 26k retired government employees in N.C. exposes SSNs
- Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary
- City of Owen Sound websites offline due to porn hack
- SCADA / Cyber, cyber... etc
- Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA)
- NEWS TO NO ONE: SANS SCADA and Process Control Security Survey - the state of the industry is discouraging
- Recent 10-Ks mentioning "cyber" incidents
- Canadian Anti-hacking agency slow to learn about Chinese cyberattack
- Symantec: work on Stuxnet worm started two years earlier than first thought
- SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
- DERP
- Jailed hacker allowed into IT class, hacks prison computers
- Nearly Every NYC Crime Involves Cyber, Says Manhattan DA
- Mailbag / Bizarro Land
-
Dearest Son,
Why do you people always talk about "the echo chamber"? What is the echo chamber for?
Love, Mom
- Deep Dive -
- Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Recon 2013 CFP opened
- APT 1 goes back years
- There's a vuln in sudo (yes, that sudo)
- Quick and dirty pcap slicing with tshark and friends
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- More news to follow
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I'd suggest you start buying a vote early.
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- RIP Stompin' Tom We'll leave a light on.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: I'm drinking beer at HouSec bitches!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-23.mp3
Category: LSD_Podcasts
-- posted at: 1:43pm EDT
|
|
Sun, 3 March 2013
Episode 0x22 -- RSA is almost over...
Yes, we all survived, but RSAConflu hurts
So, 4/5th of Liquidmatrix is hanging out at RSAC this week. And we are really tired and would like to go home. Voices are pretty blown so we apologize for channeling Mike Rothman. It's been an exciting week and… well… thank goodness it's over.
- For this week's special episode...
- Stupid Vendor tricks
- BSidesSF + harrassment
- Buzzword Bingo
- Speed Dating
- We Lost
- I've got 99 problems and Rich ain't one
- Brian "CyberPotato" Honan
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- No Notes due to SPECIAL REASONS
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Movie Review: No Review
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: I came for the booth babes and stayed for the bacon licking.
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-22.mp3
Category: LSD_Podcasts
-- posted at: 7:10pm EDT
|
|
Wed, 20 February 2013
Episode 0x21 -- In which we prepare for RSA
Are you ready for RSA? Packed 500 business cards and a spare liver?
There's oh so much to talk about. Things we need to talk about, things we really want to not talk about, things you don't want to hear about.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Facebook unlikes being hacked (Ars Technica) (The Atlantic Wire) (NYT) (BH Consulting) (IBI Times) (Apple too) (watering hole located)
- Dutch MP fined for hacking medical system
- NASA makes an oopsy with its software update
- Kaspersky says "Trust us, we're good with software"
- McAfee responds to criticism of AV industry with OpsFail
- Telecom NZ cancels 60k Yahoo Xtra passwords amid attack
- Exclusive: The Burger King and Jeep Hacker Is Probably This DJ From New England
- Obama says share!!!
- The Breach Report
- Mandiant. That is all.
- Burger King twitter gets hacked
- SCADA / Cyber, cyber... etc
- Electricity Market 101 - SCADA isn't just about the electricity
- Turns out all that airgapping was just theoretical
- Cyber Medals for Cyber Warriors
- DERP
- MTV fakes their twotter account being haxored
- Mailbag / Bizarro Land
-
Hi,
I just wondered if the Liquid Matrix team would be interested in commenting on the subject of Digital Forensics with Infrastruture-as-a-Service Cloud environments?
....
Adam Robson
Answer from the team:
No
- Ben Rants
- Ben Loses His Mind. Also, would you like a cheap certificate?
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Securosis RSA Guide - 2013 Edition
- HDCP is dead, really
- Ronin
- Punk Spider - a searchable reference for web app vulns
- Magazine article on Chinese online takedown services gets taken down
- RoboPlow
- RoboSurgeon (warning - super gross - avoid)
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: Ben, Matt James and Dave attending RSA. James and Dave speaking at RSA-e10+. James speaking at Thotcon, BSidesChicago, BSidesRochester and secret coolness for Hacker Summer Camp in Vegas. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- Come find us at RSA!
- Movie Review: Live Free or Die Hard (and you thought it was just a cyberwarfare training video)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: Am I the only one that crapped my pants when I heard a meteor hit russia?
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-21.mp3
Category: LSD_Podcasts
-- posted at: 10:08pm EDT
|
|
Wed, 13 February 2013
Episode 0x20 -- Can Dave count to 20?
Special Bonus Episode!
Since Dave (and a few select others) have problems with actually showing up to recordings, you'll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon!
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Password Dump stats for January 2013 and December for those curious
- LA Post serving Black Holes
- WaPo - ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage)
- NIST 800-53 Rev4 is in Draft read it, comment on it.
- DHS declares 100 mile "4th Amendment Free" zone adjacent to US border
- Kaspersky update hoses Internet access for Windows XP users.
- Canadian Business Groups Lobby For Right To Install Spyware on Your Computer.
- The Everyday Agony of the Password
- Audacious Hack Exposes Bush Family Pix, E-Mail
- The Breach Report
- Bit9h got hacked!!!!
- SCADA / Cyber, cyber... etc
- Cyber Lobbists
- SCADA for the home players - turn the Belkin Wemo into a deathtrap
- Mailbag / Bizarro Land
-
Hi LSD crew... just finished 0x1E again and again, well done! Many thanks.
I am missing a bit the "central topic" what you had in earlier ones. What I mean is like in episode 0x14 about "Hardcore – Recovering from the Disaster you didn’t plan for" or "hiring". This was really interesting and gave some good insight. I understand quite a number of things are "common sense", but still, unfortunately quite a number (of the other?) things are not "common practice" and I think these need to be communicated.
Cheers guys Thomas
- Discussion - Keeping up with new technical developments
-
Because Thomas is a good guy, and he actually sent us an entire book of ideas, we're going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you're supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3... 2... 1...)
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- If you permit USB keyboards or mice, you're permitting exfiltration
- Log stash book!!!
- Payment Card Industry clears up confusion over cloud use.
- Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he's not a social media expert)
- Not done yet: Oracle to ship revised Java fix on February 19
- Jeremiah Grossman's Self Pwnage
- Another RoR SQLi vuln
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn't - yummy yummy vicodin.... tasty)
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-20.mp3
Category: LSD_Podcasts
-- posted at: 2:23pm EDT
|
|
Tue, 12 February 2013
Episode 0x1F -- The Confusing Part Starts NOW
Can't wait till next week when Dave can start reading the episode numbers again!
I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy!
The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working?
These are all questions that you dear listener can answer. Let us know at mailbag@liquidmatrix.org. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show.
- Upcoming this week...
- Lots of News
- Breaches
- SCADA / Cyber, cyber... etc.
- finishing it off with DERPs/Mailbag and
- THE RETURN OF THE DEEP DIVE
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1F.mp3
Category: LSD_Podcasts
-- posted at: 4:54pm EDT
|
|
Thu, 31 January 2013
Episode 0x1E -- Absenteeism
Insert Subtitle Here
With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end.
- Upcoming this week...
- Lots of News
- Breaches
- No Scadas, no Matt, No Jamie
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- The RCMP says they have no intention of using their Drones for surveilance purposes.
- Rapid7 white-paper says 81 million descrete publicly routable addresses responded to UPnP poll, as recently as last year.
- Sony fined many many quid
- India bars ZTE, Huawei and others from sensitive government projects
- Govt Sites Hacked Following Arrest of Alleged Jember Hacker
- FBI going after potential leakers of Stuxnet info
- Breaches - The never ending never ending story...
- USSC.gov Hacked : pwned
- Hackers in China Attacked The New York Times for Last 4 Months
- Errata / DERP of the week award
- Barracuda!!!!
- More Fishy
- Mailbag / Bizarro Land
-
Hi all,
Just came across this crazy story.GitHub's new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it's not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user's account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub's search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile.
Reddit Thread
Keep up the good work!
-- Graham Sutherland
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- Red teaming at a CCDC
- Honey Spider
- Whisper Systems' Spring Break of Code
- FTC Reaches Settlement Over Cord Blood Bank's Data Breach
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review Under The Tuscan Scan
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: vote SEACREST!!!!!... I mean LiquidMatrix
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1E.mp3
Category: LSD_Podcasts
-- posted at: 3:50pm EDT
|
|
Tue, 22 January 2013
Episode 0x1D -- Oops, We Did It Again
Sometimes, breaches happen to the nicest folks
A PSA on TFA!
TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn't tell my wife about it for a while because I thought that it would bring up the whole 'if you love me you'll share you password' argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well. Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I'll even use it on the train when I go to work, I don't care who sees me key in my OTP because I know TFA will keep me safe; it's a good feeling.
- Upcoming this week...
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1D.mp3
Category: LSD_Podcasts
-- posted at: 12:13pm EDT
|
|
Mon, 14 January 2013
Episode 0x1C -- The New Guy
That's audio episode 29 out of us - and so it's time to go gracefully into our middle age with a new guy.
We are pleased to announce that we're adding a new regular contributor to the Podcast - Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He's also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome - so make sure you tell him how awesome he really is -- @wintr on Twitter.
Normally there is an opportunity for witty goofing about here. This week, I'm taking the time to soapbox for a moment. If you're not aware of Aaron Swartz, you should be. Unless you're listening to this podcast by going directly to the website and downloading, it's his spec that's running the RSS you're using. Also, everything else. Here's a few links to get you thinking.
- Boing Boing / Cory Doctorow
- The Nation / Rick Perlstein
- Quinn Norton
- Lawrence Lessig
- Summary posting on The Laughing Squid
Upcoming this week...
- THE NEW GUY
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- and then our discussion topic - Planning for staff turnover?
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs - no arguing or discussion allowed
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Under the Hood of DDoS attacks against banks
- Texas School Pupil who refused to wear RFID, loses appeal Disney Too!
- The Australians want to spy on us all
- Zeus Botmaster arrested
- Opsec for hackers by The Gruq
- Errors Mount at High-Speed Exchanges in New Year
- Thales DMCA takedown of manual
- Zero Day in Oracle Java 7
- Petition on "We The People" US government site seeks to legitimise DDoS as a form of civil protest Akamai CSO Andy Ellis tweets...
- TSA Once Again Considering Using Commercial Data To Profile Passengers
- Hack turns the Cisco phone on your desk into a remote bugging device
- Breaches - The never ending never ending story...
- "Oops we did it again" Canadian .gov looses 538,000 records
- Vicurex didn't listen to the Ruby on Rails warning
- Indonesian President's Web Site Hacked by Jember Hacker Team
- Hacker group exposes corruption in universities
- The SCADAs/ICS and Cyber
- PDF LINK: Update on 3S Codesys Multiple Vulns
- PDF LINK: SpecView Directory Traversal
- PDF LINK: Roxwell Automation Controllogix
- Errata / DERP of the week award
- Nokia is MITM'ing users
- Oracle + Java vuln slow repair = WTF
- Mailbag / Bizarro Land
- Hi Guys:
A good friend and CTO of a small oil & gas service firm has learned enough about infosec to be terrified. I blush to suggest I may have helped him along his journey. ;-) How about discussing how one locates & selects a pure fee-for-service consultancy to set a smallish firm on the straight & narrow? My friend's firm is well funded -- but myself, I have a prejudice against "big name" firms, so I will not be passing on any such recommendations to him. Thanks for the great podcast, Mark
- Sirs,
I listen regularly and really enjoy your podcast and the insightful, intelligent, sober analysis you provide. I must disagree with your assessment, in episode 1B, of the New York Times article Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt." It seems your analysis fell victim to the standard industry response to the piece, which, summed up, amounted to "duh, so what?" I would like to respectfully submit that the value of the article isn't so much its content, but the fact that it appeared in the Business Section of the New York Times that landed on my doorstep. It has long been well known in the information security community that antivirus was less than effective, but the fact that the Times ran an article indicting the industry, and served it up to lay people across the globe is a fairly significant event. The article begins: "the antivirus industry has a dirty little secret: its products are often not very good at stopping viruses," but the moment the Times went to press that fact was no longer secret. This type of mainstream media analysis could spell real trouble for an industry that has been struggling to find relevance in the modern threat environment, and the fact that popular media is beginning to get on the AV-bashing bandwagon does not bode well for the future of your favorite yellow swirly products. The PHB's of the world may not listen to their security officers, but they probably read the New York Times, which can change financial decisions for a company in significant ways. Cheers, Justin C. K. K.
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- If you go back and listen carefully to the entire podcast, there's a SECOND podcast hidden in the silence.
- Automating Security for developers from Mozilla
- effective approaches on app sec from etsy
- twitter on automating app sec
- 5 more tough security questions (and tips on answering them)
- Windows 8 RT Jailbreak
- Remember Aaron Swartz
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested
- Movie Review Silver Linings Playbook
- Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- Seacrest Says: "goodbye Aaron, we're saddened by your passing, the world is a less brilliant place without you" International list of Suicide Hotlines For the rest of you - "depression is a flaw in chemistry not character"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1C.mp3
Category: LSD_Podcasts
-- posted at: 10:21am EDT
|
|
Wed, 9 January 2013
Episode 0x1B -- Happy New Year, Start Yer Complaining NOW!
That's audio episode 28 out of us - not too bad to start off the new year.
PITHY COMMENTARY
Upcoming this week...
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- DERPs!!!
- and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it)
And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- News
- Privacy czar tries to find web surveillance bill solution
- Los Alamos nuclear weapons lab removes Chinese tech over spying concerns
- Facebook bug: Reset anybody's password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your "friends"
- Rails Fail Whale (Sail, Mail, Hail) ..and boom
- Software maker faces jail for other people using his software
- malware author on sploit buying spree
- Another "WE HACKED YOUR FULL DISC ENCRYPTION" by having physical access to the device. No shit. Really? Same as in 2005 people - never sleep a FDE machine, always hibernate or poweroff.
- From NYTimes - "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt" Really? No shit. Hmmm. I hadn't thought of that. (h/t Securosis)
- Breaches - The never ending never ending story...
- Raj Musicals - 12000
- SCMagazine (@SCMagazine) 2012-12-23 9:25 Here's a list of the top 8 breaches that took place in 2012.
- wiki.debian.org security breach
- Hacker at public works goes unnoticed
- Army says hacker got Fort Monmouth personal info
- The SCADAs/ICS and Cyber
- Industrial Control Systems Faced Nearly 200 Attacks: DHS
- Building a 21st Century Cyber Workforce
- Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs
- Secret Plan Aims to Defend Power Grid (Perfect Citizen)
- PDF LINK - Canada's National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond)
- CMaaS - Continuous Monitoring as a Service. WTF.
- ProfiNet fuzzer developed
- 29C3: SCADA Strangelove - an ICS talk with the wrong name on it. Good nonetheless
- Mailbag / Bizarro Land
- Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? - Mike, SC
- Briefly - NO ARGUING OR DISCUSSION ALLOWED
- 20+ best FREE security tools
- Yahoo DOM XSS
- Top 10 web hacking technique vote - 2012
- Honeydrive!
- An off premise browser
- NTLM Challenge Response is completely broken
- A couple of University of Washington courses on Coursera - If I was carrying fewer courses this semester, I'd be on these two.If you're a grandfathered CRISC, you might want to take these to fulfill your CPE's for 2013! Information Security and Risk Management in Context and Building an Information Risk Management Toolkit
- From BSI - PAS555: Cyber Security Risk - Governance and Management Specification
- OSINT Tools - Recommendations from Subliminal Hacking
- Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don't know how I missed this on kickstarter. MIght just order one anyways.
- The Slow Data Movement
- The Process Myth
- And lastly... WTF. Eugene is #8 on Wired's list of the most dangerous people in the world?
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
- If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- Movie Review not a movie, but go read Wool and it's prequels
- Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :)
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee!
- And big news for next week, but it's still a secret.
- Seacrest Says: "INSERT SEACREST COMMENT HERE"
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1B.mp3
Category: LSD_Podcasts
-- posted at: 9:27pm EDT
|
|
Mon, 24 December 2012
Episode 0x1A -- Happy Holidays Everyone
Upcoming this week...
- SCREW THE NEWS!!!!!!!
- and then our discussion topic-- Predictions and Prognostication
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
- Discussion topic -
- Dave's Point of view(cough cough sputter germs)
- Ben Says...looking back... weaponized stuff, and the lack of it looking forward... good enough security leads us to more awesome projects like security onion
- The Intern opines on conferences, human resources and infosec
- Matt is in denial about... Jamie and I quoted in an article together! Hack all the toasters! Breaches!! 2012 Web Vuln Stats super crazy chicken pants. SQLi What?! Passwords suck! (Password Reset sucks harder!) Bug Bounty! (Yandex)
- James gets the last word... THE FUCKING SCADAS
- no he doesn't... Ben wants to say something
- In Closing
- Seacrest Says: You'll see my ball dropping in a week!
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-1A.mp3
Category: LSD_Podcasts
-- posted at: 5:18pm EDT
|
|
Sun, 2 December 2012
In what can only be described as a collision of intergalactic import, the three bestest information security podcasts have come together and produced...
THE SOUTHERN MATRIX HOSE PODCAST
Have a listen for a half hour of:
Bringing you the infosec commentary that you crave from the Security Zone conference in beautiful Cali Columbia.
Since we're in a tropical paradise, there really isn't the patience for things like show notes. Have a listen and you'll be impressed, we swear.
Creative Commons license: BY-NC-SA
Direct download: slmrh1.mp3
Category: LSD_Podcasts
-- posted at: 5:21pm EDT
|
|
Fri, 30 November 2012
Episode 0x19 -- It's EARLY - and we like it!
No Matt. But Ben does a great Matt impression. In mashed potatoes.
It's another week in the wide wonderful world of Infosec. And every day feels like drinking from the firehose of Infosec Reactions. Seriously.
Upcoming this week...
- Lots of News
- Breaches
- SCADAs
- DERPs!!!
- and then our discussion topic-- You Got Half A Budget Now What?
And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
Creative Commons license: BY-NC-SA
Direct download: LSDPodcast-19.mp3
Category: LSD_Podcasts
-- posted at: 12:58pm EDT
|
|