Liquidmatrix Security Digest Podcast – Episode 1E

Episode 0x1E — Absenteeism

Insert Subtitle Here

With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you’ll understand what I mean when you get to the end.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. No Scadas, no Matt, No Jamie
5. finishing it off with DERPs/Mailbag and
6. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary

1. The RCMP says they have no intention of using their Drones for surveilance purposes.
2. Rapid7 white-paper says 81 million descrete publicly routable addresses responded to UPnP poll, as recently as last year.
3. Sony fined many many quid
4. India bars ZTE, Huawei and others from sensitive government projects
5. Govt Sites Hacked Following Arrest of Alleged Jember Hacker
6. FBI going after potential leakers of Stuxnet info
• Breaches – The never ending never ending story…
1. USSC.gov Hacked : pwned
2. Hackers in China Attacked The New York Times for Last 4 Months
• Errata / DERP of the week award
1. Barracuda!!!!
2. More Fishy
• Mailbag / Bizarro Land

1. Hi all,

   Just came across this crazy story.GitHub’s new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it’s not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user’s account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub’s search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile.

   Reddit Thread

   Keep up the good work!

   — Graham Sutherland

• Briefly – NO ARGUING OR DISCUSSION ALLOWED

1. Red teaming at a CCDC
2. Honey Spider
3. Whisper Systems’ Spring Break of Code
4. FTC Reaches Settlement Over Cord Blood Bank’s Data Breach
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
3. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
• In Closing
1. We’re thinking about doing a live podcast with audience participation – drop us a tweet or a line if you’re interested 
2. Movie Review Under The Tuscan Scan
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
5. Seacrest Says: vote SEACREST!!!!!… I mean LiquidMatrix

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA