Episode 0×29 — Not just CrO2, but now with Dolby

Does anyone read show notes?

So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil’s unfortunately loud Bermuda frogs. I can’t promise that it won’t happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can’t be wrong. Or something.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. But there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Microsoft YouTube app DERP
2. Bang with Friends Facebook glitch
3. APPLE MULTIFACTOR FOR TEH CANADAZ!!!!!
4. PayPal Exec vows to go thermonuclear on passwords.
5. Data breach leads to lots of many
6. Privacy Breach on Bloomberg’s Data Terminals
• Breaches
1. In Hours, Thieves Took $45 Million in A.T.M. Scheme
   (also covered by Ars)
   (and the krebs)
2. Name.com got p0wned
• SCADA / Cyber, cyber… etc
1. The police need an app for that
• DERP
1. Saudi’s tried to hire Moxie to spy on their citizens mobile app traffic
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Troy Hunt on Clickjacking
2. Interesting note from David Seah on Procrastination.
3. Mainframes can be hacked and backdoored
4. Why certificate revocation doesn’t work
5. Cory Doctrow talking about freedom, society, computers and the internet
6. Cmdr. Hadfield bids adieu to ISS with “Space Oddity” cover.
7. Government subpoenas, obtains wide set of AP phone records in investigation
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON, Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013′s return of the (canadian) fail panel.
• In Closing
1. Movie Review Big: All about authentication and authorization when biometrics won’t work anymore.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: This is ground control to Major Seacrest…

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

Episode 0×28 — For Reals… it’s here.

I SAID it’s a weekly podcast

Life gets in the way of art. There’s five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We’re trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. But there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Stonesoft bought by McAfee/Intel
2. How I got here: Hoff
3. Thotcon / BSidesChicago – Jericho says I did a good job
4. Is the U.S. Government Recording and Saving All Domestic Telephone Calls?
5. Systems manager arrested for hacking former employer’s network
• Breaches
1. Study: Utah Health Breach Could Approach $406M
2. The Onion Hacked by Syrians
   and the Onion responds
3. 1 million dollars (Kreb’s said “cyberheist” drink!)
• SCADA / Cyber, cyber… etc
1. Many MANY sources: Your inability to understand Google Earth is entertaining
• DERP
1. This time, the DERP is on us. With five schedules spread across 3 time zones and about 12 different jobs (not including parenting)… the Liquidmatrix Crew takes the DERP of the week.
   We promise we will attempt to get back on ye olde horse. Although it may be in the form of us no longer trying to have all hands on deck. What say you dear listener?
2. Hide a bitcoin miner in your code
3. vendor just called me, offered “a great solution for cyber defense by securing end points using DoD standards” #salesFail
• Mailbag / Bizarro Land

1. Hey,

   I’m stupid busy at work. Can’t keep up. People know where I sit. The email. The phone calls. I’m trying to use the damn bathroom now. Please help?

   SRSLY
   Bizzay Secpro

• DEEP DIVING – Productivity In The Security Hotseat
1. Interupt driven lifestyle for the win?
2. Rage Quit
3. Plan to be interupted – get in earlier or stay later than most of your co-workers
4. Use a trick to determine how much productive time you have (Carmack and his CD player)
5. Arrange a “cover” for the day
6. Emergent Time Planner & Task Order Up
7. kanban
8. Trello (free)
9. Lean Kit (not Free)
10. Atlassian (jira) Greenhopper ($)
11. Time Management for System Administrators
12. Trusted Systems
13. “Heroes are Zeroes” – Identify and Manage
14. Failure to document makes you a team liability
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Notch says practice your typing skills
2. Cyber Observable Expression from MITRE
3. OpenBSD 5.3 Released.
4. Teacher ‘powerless’ to stop ex-girlfriend’s cyberstalking
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON (AMFYOYO), Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013′s return of the (canadian) fail panel.
• In Closing
1. Movie Review Terminator 2: All your PINs belong in my Atari handheld HSM
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: She sells sea shells on the sea shore.

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

So, when I arrived this morning in the heat…yes, heat. It’s actually warm here in London. Who knew? I ran into Daf Stuttard aka Portswigger who was good enough to give me an awesome sticker. He is the one who wrote Burp Suite. If you’re not familiar with this software please click the link to check it out. You should really buy a copy.

Opening ceremonies.

I found Wendy Nather working crew for BSides. Fun surprise.

David Rook’s (securityninja) talk on App Sec security practice.

A very cool thing that David did was to produce his slides as a comic book…and then give copies out to the audience. Sadly, I didn’t grab one in time.

Found Jack Daniel who wasn’t feeling very ‘lulz’y this morning. Club Mate to keep him from screaming.

A pic from Javvad’s talk on building a personal brand. A very well executed presentation.

“…peanut butter jelly time, peanut butter jelly time…”

Episode 0×27 — Wednesday is the new Monday

It’s the podcast that never ends

We’ve collected up something like 4 times more stories than we can use. We need to find a sponsor who will pay us to do this twice a week. Anyone got some money they’re not using?

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. There will be no DEEP DIVE — our SCUBA gear is in the shop
7. But there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Kim Jong Un needs a snickers!!!
2. Linksys Routers Screwed
3. Bitcoin dDoS destroy world economy… nah (also bitcoin social engineering) (and skype bitcoin mining malware bot)
4. Security BSides – Rochester
5. Windows XP Security Updates ending in one year IE6 Countdown Windows XP still maintains 39% overall market share.
6. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight.
7. DEA Accused Of Leaking Misleading Info Falsely Implying That It Can’t Read Apple iMessages
• Breaches
1. Vudu resets user passwords after hard drives lost in office burglary
• SCADA / Cyber, cyber… etc
1. NIST CyberSecurity Framework Recordings
2. Anonymous hacks DPRNK Twitter and Flickr
3. Anonymous launches massive cyber assault on Israel Israel says: “Anonymous doesn’t have the skills to damage the country’s vital infrastructure” And fixes things up so that Anonymous’ C&C plays “Hatikvah”
4. USAF designates some of their software as CYBERWEAPONS
5. Apparently there are CYBER-WEAPONS in the Korean Conflict
6. Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus
• DERP
1. Papa, m’entends tu?
2. French Government discovers Streisand Effect on Wikipedia (without actually looking up) The Streisand Effect
3. Interesting to note: The Wikipedia article on The Streisand Effect DOES link to the communication from WIkimedia Foundation.
4. IRS Doesn’t Deny Snooping Emails Without A Warrant
5. Dongle-gate – this makes it so much clearer
• Mailbag / Bizarro Land

1. Subject: OMG, Arlen was right…

   I thought Jamie was just whining about how bad Blackboard is, but now that I have to use it… IT SUUUUUUCKS. It feels like an application that was rather forward thinking for its time, assuming it was built in 1997!

   I take it back. Anything coded in 1997 would be faster than Blackboard is today.

   Would it be wrong of me to try to find flaws in this thing, to try to get them to make it less… suck?

   Thanks,
   -Jim

• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Deutsche Telecom SOC big board
2. Ingress – check it out
3. Non-SSL active content on SSL pages is blocked by default in FireFox 18
4. Montreal police arrest a 20 year old woman after she posts a photo of graffiti to her instagram feed
5. The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe (including European Security Bloggers Meetup), Black Hat, DEF CON, Secure Asia. Matt speaking at Adelphi University Cyber Security Educational Panel.
• In Closing
1. Movie Review Die Hard 4 – It’s a blast. Seriously. Quick, there’s a fire sale.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: I have no mouth with which to scream

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

So, what if it was your device?

Well, here is a great article that walks you through what to do if your iPhone gets stolen.

From Mac Security Blog:

Theft is a lame and unfortunate risk of living in close proximity to other humans. In the case of iPhones, it’s a growing problem. But there are things you can do to make the theft of your device a less terrible experience and to minimize the possibility of strangers accessing your accounts or your personal data. Some of these are actions you can (and should) take while your phone is still in your safe care, while the rest are things you should do to keep from singing the blues after your device has been taken from you.

Some good advice for users.

Read on: Article Link

Episode 0×26 — The First Rule…

Ministry of Information Bulletin: Liquidmatrix is a weekly podcast.

While we’d like to be able to say that the Ministry of Information is always correct, that would not necessarily be the case. The past few weeks of Infosec have certainly been interesting. The echo chamber is at an all time echo stratosphere and the daily slog of infosec professionals remains at an all time crappiness. Anyone want to join our “Infosec Anonymous” program? Perhaps we should go with a different name: searching “infosec anonymous” gives me about 210,000 results.

1. Upcoming this week…
2. Lots of News
3. SCADA / Cyber, cyber… etc.
4. finishing it off with DERPs/Mailbag and
5. THE DEEP DIVE
6. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. To hack back or to not hack back
   The Grugg on Opsec for Hackers (how not get p0wned while p0wning)
2. The dDoS to end all dDosssses
   that almost broke the ENTIRE internet,
   then again maybe not,
   but maybe sorta it did
3. Uptime = 16 years = AWESOME. Feature parity with Netware 16 years later = STILL CAN’T HAVE IT.
4. FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
• SCADA / Cyber, cyber… etc
1. DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks
2. FERC U MAD BRO ???? (PDF)
3. Cyber Divers take Egypt offline
   (except it might have been a ship’s anchor)
4. First time that it looks like actual details were stolen
5. The Reality of Attribution about Cyber Attacks
6. Cyber Security: The Digital Arms Trade
7. Cyber RFI for the Space Race
8. Fukushima Cooling Knocked Offline By…
   a Rat… that ended badly
• DERP
1. Security hole allows anyone to reset an Apple ID with email and DOB
• Mailbag / Bizarro Land

1. My official statement of begging for getting onto the Vegas party list. Thank you for your consideration.

   Kris

2. Hello!

   Any chance I can get a couple of tickets to the party? I’m an infosec “professional” from Vancouver BC. I’ve met some of you guys at various cons, Hope, Defcon, Derbycon.

   thanks! Kevin

• The Deep Dive – Security Awareness Training
1. Is Bruce ALWAYS right?
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Is OwnCloud Good Enough?
2. Monitoring for humans
3. Pimp myself – Top 10 Web Hacks
4. Attempted child abduction thwarted when girl asks stranger for code word
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review: Wargames
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: “I kinda really wanted to jump in and slam him!”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

Episode 0×25 — The one with ALL the cybers

We’re not sure why this keeps happening.

As is the new normal around here, we’ve spent more time arguing about the show instead of actually doing the show. Add to that Dave’s issues with (a)using a computer, and (b)having a decent ISP. It took a whole lot of goofing about to get this episode into the realm of “listenable”. But hey, it’s done now. Enjoy!

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Krebs gets whacked And does some digging
2. Forbes magazine internet thingy talks about cracking crypto (so does Sophos) (and a lawsuit on the use of RC4 – so another reason to stop using it)
3. Hacked retailers up in arms over $13 million ‘fine’, Visa lands up in court
4. It’s Kali Time
5. MCMC probes The Malaysian Insider over spyware story
• The Breach Report
1. Second Factor FTW
2. Philippines National Telecom Commission Defaced by Anon
3. CCTV hack wins gamblers $33*10^6 (cue Ocean’s 11/12/13)
• SCADA / Cyber, cyber… etc
1. You Say: Cyber. I Say: Unsubscribe
2. North Korea restores Internet access, blames US hackers
3. Queensland police to use surveillance drones to combat crime ahead of G20 conference
4. Federal Judge Finds National Security Letters Unconstitutional, Bans Them
5. NERC 2012 Annual Report (pdf)
6. Medical device hacking: The 6 lines of code that could bring down a hospital
7. US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine
8. U.S. Demands China Crack Down on Cyberattacks
9. Who’s Really Attacking Your ICS Devices?
• DERP
1. EC-Council goes off the deep end
• Mailbag / Bizarro Land
1. Question:

   Anyway, anyway, guys guys guys, come on. I’m in this computer, right. So I’m looking around, looking around, you know, throwing commands at it, I don’t know where it is or what it does or anything. It’s like, it’s like choice, it’s just beautiful, okay. Like four hours I’m just messing around in there. Finally I figure out, that it’s a bank. Right, okay wait, okay, so it’s a bank. So, this morning, I look in the paper, some cash machine in like Bumsville Idaho, spits out seven hundred dollars into the middle of the street.

   That was me. That was me. I did that.

2. Answer:

   What are you, stoned or stupid? You don’t hack a bank across state lines from your house, you’ll get nailed by the FBI. Where are your brains, in your ass? Don’t you know anything?

• The Deep Dive – Security Research and the Law
1. Internet troll “weev” sentenced to 41 months for AT&T/iPad hack.
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. The Matrix in less than 600 bytes of JavaScript
2. Branching breach impact model
3. Top 10 Web Hacks of 2012 Webinar (Matt is hosting it with Jeremiah Grossman)
4. Hackers play Space Invaders on Belgrade billboard, get rewarded with iPads.
5. Microsoft to push Windows 7 Service Pack 1 to users starting March 19
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review Hackers
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: Dave says “screw you Cogeco”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

Episode 0×24 — The Robot Uprising

You’d think those worthless meatbag humans would be more respectful.

It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That’s just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak – better than butter.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Pwn2Own: IE, Firefox, Chrome and Java go down …and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben!
2. Indian .gov puts bounty on botnet takedown
3. China’s internet backbone will have security features (also censorship) (SAVA)
4. How Facebook Prepared to Be Hacked
5. Having the MD5 hash of “123456″ is probably not the best way to store passwords in your publicly searchable code on github… /via Thierry Zoller. (also don’t put your twitter oauth keys in github)
6. International Womens’ Day – Don’t forget Admiral Grace
7. Freeze All The Robots: Put Android ICS in the freezer to break crypto
8. Harvard sneaks through 16 Deans’ email
9. Deja vote: Iran blocks VPN use ahead of elections
• The Breach Report
1. Another bitcoin exchange gets p0wned
2. Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out)
3. Pakistan .gov gets hacked
• SCADA / Cyber, cyber… etc
1. Metasploit releases exploit module for Honeywell ICS that has a patch available
2. Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be “Managed” Away
3. US Military Advisory Panel Says Nuke a Cyber Attacker
4. Reasons to depend on Kaspersky for ICS/SCADA operating systems — EXCELLENT IPv6 STACKS
5. BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO
6. Cyberwar: you lack imagination
• DERP
1. TELUS releases qualitive security survey (pdf link) – completely ignores science, math and proper research
2. Survival of the fittest: Some data-breach victims can’t be helped – but they enjoy reacharounds
3. China points at USA and cries “you’re stinky and mean”
• Mailbag / Bizarro Land

1. Dear Dudes of the Liquid

   I found a vuln when I was browsing a company’s website with w3af? Should I report it?

   Yimmy, Warsaw

• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. From Space Rogue – The Infinite Daft Loop – productivity in a can
2. Play Donkey Kong as the Princess
3. Browser sec
4. Tripwire aquires nCircle
5. Click to play!!!!
6. Microsoft preps UPDATE EVERYTHING patch batch
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review Moon (it’s all about clones – BTW spoiler alert)
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: “Here’s to a hoopy frood who really knew where his towel was.” RIP Douglas Adams

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA

Episode 0×23 — Post RSA Actual News

Recovery takes time. There has not been enough time.

There’s really not anything significant to note off the top. There’s much going on in the world of infosec. I wish that it weren’t as true, but even with the wildness of RSA, the cybers never sleep.

You might want to stay until the end of the show to hear about a CONTEST and something even cooler…

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Miniduke is older than we thought
   (Miniduke tells time in China)
2. Cloudflare dDoS post mortem
3. Google services should not require real names: Vint Cerf
4. Oracle Issues Emergency Java Update
5. Wireless brain sensor pack. Future – here we come!
6. The Lightning Digital AV Adapter Surprise
7. When will we trust robots?
• The Breach Report
1. Evernote Security Notice: Service-wide Password Reset
   Evernote hacked: Emails, encrypted passwords stolen
   But it’s ok, there will be 2 factor auth someday
   Critics say Evernote breach was avoidable.
2. Envelopes mailed to 26k retired government employees in N.C. exposes SSNs
3. Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary
4. City of Owen Sound websites offline due to porn hack
• SCADA / Cyber, cyber… etc
1. Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA)
2. NEWS TO NO ONE: SANS SCADA and Process Control Security Survey – the state of the industry is discouraging
3. Recent 10-Ks mentioning “cyber” incidents
4. Canadian Anti-hacking agency slow to learn about Chinese cyberattack
5. Symantec: work on Stuxnet worm started two years earlier than first thought
6. SCADA ‘Sandbox’ Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
• DERP
1. Jailed hacker allowed into IT class, hacks prison computers
2. Nearly Every NYC Crime Involves Cyber, Says Manhattan DA
• Mailbag / Bizarro Land

1. Dearest Son,

   Why do you people always talk about “the echo chamber”? What is the echo chamber for?

   Love, Mom

• Deep Dive –
1. Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Recon 2013 CFP opened
2. APT 1 goes back years
3. There’s a vuln in sudo (yes, that sudo)
4. Quick and dirty pcap slicing with tshark and friends
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- More news to follow
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early.

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. RIP Stompin’ Tom We’ll leave a light on.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150″ and save $150 off the course fee!
4. Seacrest Says: I’m drinking beer at HouSec bitches!

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA