Liquidmatrix Security Digest Podcast – Episode 28

Episode 0x28 — For Reals… it’s here.

I SAID it’s a weekly podcast

Life gets in the way of art. There’s five of us, we are operating from 3 time zones and several of us have a whole lot more than just one job, and then parenting duties as well. This negatively contributes to the possibility of getting all of us together at the same time for a recording. We’re trying to figure out what to do about it. It may be that we go for more frequent recordings of whomever is available and stuff together the rest of us when we can. Sigh. Or something.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. But there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Stonesoft bought by McAfee/Intel
2. How I got here: Hoff
3. Thotcon / BSidesChicago – Jericho says I did a good job
4. Is the U.S. Government Recording and Saving All Domestic Telephone Calls?
5. Systems manager arrested for hacking former employer’s network
• Breaches
1. Study: Utah Health Breach Could Approach $406M
2. The Onion Hacked by Syrians
   and the Onion responds
3. 1 million dollars (Kreb’s said “cyberheist” drink!)
• SCADA / Cyber, cyber… etc
1. Many MANY sources: Your inability to understand Google Earth is entertaining
• DERP
1. This time, the DERP is on us. With five schedules spread across 3 time zones and about 12 different jobs (not including parenting)… the Liquidmatrix Crew takes the DERP of the week.
   We promise we will attempt to get back on ye olde horse. Although it may be in the form of us no longer trying to have all hands on deck. What say you dear listener?
2. Hide a bitcoin miner in your code
3. vendor just called me, offered “a great solution for cyber defense by securing end points using DoD standards” #salesFail
• Mailbag / Bizarro Land

1. Hey,

   I’m stupid busy at work. Can’t keep up. People know where I sit. The email. The phone calls. I’m trying to use the damn bathroom now. Please help?

   SRSLY
   Bizzay Secpro

• DEEP DIVING – Productivity In The Security Hotseat
1. Interupt driven lifestyle for the win?
2. Rage Quit
3. Plan to be interupted – get in earlier or stay later than most of your co-workers
4. Use a trick to determine how much productive time you have (Carmack and his CD player)
5. Arrange a “cover” for the day
6. Emergent Time Planner & Task Order Up
7. kanban
8. Trello (free)
9. Lean Kit (not Free)
10. Atlassian (jira) Greenhopper ($)
11. Time Management for System Administrators
12. Trusted Systems
13. “Heroes are Zeroes” – Identify and Manage
14. Failure to document makes you a team liability
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Notch says practice your typing skills
2. Cyber Observable Expression from MITRE
3. OpenBSD 5.3 Released.
4. Teacher ‘powerless’ to stop ex-girlfriend’s cyberstalking
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON (AMFYOYO), Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013’s return of the (canadian) fail panel.
• In Closing
1. Movie Review Terminator 2: All your PINs belong in my Atari handheld HSM
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: She sells sea shells on the sea shore.

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA