Liquidmatrix Security Digest Podcast

Episode 0x61 THERE IS NO DAVE, ONLY ZUUL Twice in two weeks. It's almost like we're making this thing a thing. Of course it'd be nice if Dave would fix the website so I could post there. At least libsyn and iTunes still work. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Adblock Plus just got uninvited from the ininternet-advertising industry's big conference Yahoo 10k bug bounty Affinity Gaming sues Trustwave AWS Enterprise Accelerator - Compliance --

Episode 0x60 Mid-Season Cliffhanger Short paragraph containing introductory material and a thanks to listeners (if reasonable) Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary TrendMicro security fails TrendMicro also asks: What About Canada, Eh? Juniper ScreenOS VPN traffic possibly snoopable... and admin access backdoored. But... They are patching it. And Fortinet as well? We can read encrypted emails on BlackBerry devices, Dutch team says Microsoft Drops Suppor

Episode 0x51 Not Dead Yup, we're still a thing. Scheduling is hard. Look forward to more of these with less than a full cast of characters. It happens. Upcoming this week... Just some general ranting. It's what we've got. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Closing Thoughts Seacrest Says: Do this again sometime, eh? Creative Commons license: BY-NC-SA

Episode 0x50 Revenge of the Fourth We've been around, just not... you know... around. It's best that you do not think about what happened to episodes that were not published. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Home routers take down Sony, Microsoft, Kerbs... you're next Google won't fix old vulns (but it's not their fault) JJX talks about Year 1 -- And it's my first year too! 3 Problems With UK PM Cameron's Crypto Proposal SCADA / Cyber, cy

Episode 0x3F Last one before Summer Security Camp Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we'd be back and this time we're pretending we care. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Police Dog Sniffs Out Child Porn Hard Drives News about the news - the WaPo launches it's own wiki-leaks-esque platform Rogers Releases New Policy on Disclosing Subscriber Information UN human rights report blows apart g

Episode 0x3E HAPPY $COUNTRY JULY PAID DAY OFF We're back. Reasons shall be enumerated. And so forth. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary cryptolocker extortionists use bitcoin for less traceable blackmail payments, extortion payments visible in the blockchain till it goes through a mixer. crime pays Harper - Canada needs NSA lite because protesters More details on the Hacking Team spying software. Los Angeles Police Department Kept User ID an

Episode 0x3D My Heart Bleeds for Windows XP Well this is certainly an exciting week around these here parts. I reckon we've not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I'm not a huge fan of this crap. Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and

Episode 0x3C You Got Breached. And in other news... April 8 is coming up FAST. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary ErrataSec may have witnessed SHOTGIANT in action... more likely the CIA though... Trustwave gets sued Are You An Expert? Breaches Hackers compromise EA website, use it to steal Apple IDs (report) Security certification group EC-Council’s website defaced with Snowden passport SCADA / Cyber, cyber... etc Full Disclosure is dea

Episode 0x3B We Have Quorum! Getting tired of hearing about the latest $problem. Can we do something different with our cognitive surplus? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook Awards Largest Bug Bounty To Date for Remote Code Execution Vulnerability - $33,500 Gang Rigged Gas Pumps with Bluetooth Enabled Card Skimmers US Courts uphold that you need an actual reason to search people's stuff F-35 Fighter Plans Intercepted In Shipping Co

Episode 0x3A We Can Do Better Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone

Episode 0x39 Auld Lang Syne The Syrian Liberation Army would like to thank Liquidmatrix for their use of Skype. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Unencrypted Windows Error Crash Reports a Treasure for NSA RSA gave it (Dual EC DRBG) up to the NSA (also turns out Dual EC DRBG was always key escrow) Cash machines robbed with infected USB sticks Breaches Target get's p0wnied ...and so do their customers The Doctor Who website (also known as the BeeBeeCee) was allegedly h

Episode 0x38 Dreidel Turkey Dreidel Peter Mackay!!! Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team. Upcoming this week... Lots of News Breaches, anti-derps!! It's Chanukah!!! and many turkeys are now dead And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Someone's been MiTMing the internets... Bruce Schnier thinks Ars Technica had an okay write up about it... And more reporting on Renesys's original research on it. (and a little more) Japan is awesome

Episode 0x37 Two Guys !HTML It's completely unreasonable for me to ask that they come up with a short pithy paragraph to start off the show notes. Of course, I'm fairly certain that no one refers to these notes anyways. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary GitHub undergoing a massive automated brute force attack GitHub blog post announcement Police set poor example by paying $750 CryptoLocker ransom China get's more with the censorship Silver

Episode 0x36 Which part of WEEKLY is this? There's a chance that you'll learn something during this romp through the wonderful world of infosec. Or something. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Homeland Security Has to Explain Why and When It Can Kill Cell Networks GitHub DERPS Are Why We Can't Have Nice Things Cyber-arms dealer APT APT APT (fun stuff about cve-2013-3906) Toyota's killer firmware: Bad design and its consequences Obligatory R

Episode 0x35 Halloween! We're all dressed up and ready to scare you as long as you promise to give us candy. Well, as many of us as will actually show up. Busy lives are busy. Upcoming this week... Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: Breaches - the BIG one Snowden says "You're all owned"... basically. NSA is inside Google and Yahoo datacenters worldwide. How to Get Ahead at the NSA - What the NSA can and can not spy on. Google in 2010 on China and surveillance Canadians sue their own government o

Episode 0x34 Just the two of us Another week, another attempt at a full house for the show. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary CryptoSeal VPN shuts down rather than give up crypto keys to NSA Court order is an inside attacker Breaches Hacker stole $100,000 from Users of California based ISP using SQL Injection Premptive Breach: Complete Persistent Compromise of NETGEAR, D-Link and Tenda (But not Dick Cheney) SCADA / Cyber, cyber... etc B

Episode 0x33 Liquidmatrix Live at SecTor 2013 In a literal first, the entire Liquidmatrix Podcast crew were in the same room at the same time. After nearly 18 months of (kinda) weekly Skype sessions, finally we did a live recording with all of us together. It's only a half hour, but we had a great time! Upcoming this week... We didn't even bother with show notes. Seriously. Just listen, it's good stuff. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helpin

Episode 0x32 Getting the Band Together? Another week, another attempt at a full house for the show. Upcoming this week... Lots of News non-infosec stuff Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary SilkRoad seized. Dread Pirate Roberts arrested. Tor hidden service de-anonymised? Silent Circle moves away from NIST approved ciphers Sometimes, 7 milliseconds is REALLY important Breaches ALL THE BREACHES!!!! SCADA / Cyber, cyber... etc UK gets the cybers DERP John McAfee copies Occu

Episode  -- SB005 CON FLU! CON FLU! It's awesome. Dave has it. Teehee. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs -- NO NEWS THIS WEEK HOST Has An Opinion Go to DerbyCon Parting Notes -- a few one-liners... Also go to SecTor next week. And bSidesTO this weekend. Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances:  -- more gratuitous self-promotion Dave: - Attending HITB Malaysia, speaki

Episode  -- SB004 With Dave Away Minions Play Dave is at the ISC2 Security Congress in Chicago right now and muttered something about really bad hotel wifi. Not sure whether it's the hotel or the wifi that is bad. I did not the correlation between expensive hotel and really bad wifi. Wonder if Hutton has modeled that yet. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs @nickdepetrillo, @thegrugq, @quine, @erratarob and a laundry list of the infosec who's who offer a bounty for a biometric hack against Apple's new scanner Charlatan hijacks iPhone 5S fingerprint hack contest, fools press CCC uses traditional biometric smackdown techniques - and wins