Liquidmatrix Security Digest Podcast – Episode 2C

Episode 0x2C

This is the 49th time!

All I can hear is the voice of Edward R. Rooney saying “Nine Times”… well, that and the 49th parallel (which is 6 parallels north of where 3/5ths of the gang is hanging out). No one reads the notes so I know that I’m just talking to myself here. It’s probably bad when you start talking to yourself. Perhaps.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. OWASP Top 10 for 2013 is out
2. What the NSA doesn’t have: iMessages and FaceTime chats
3. Woz: This is not my America
4. This is some cold ass James Bond shit
   (Countries are upset)
   (they even setup fake internet cafes)
5. NSA leaks hint Microsoft may have lied about Skype security
• Breaches
1. Head of U.S. Nuclear Security Agency hacked by “Guccifer”
• SCADA / Cyber, cyber… etc
1. @c7five tweets on Cyberwar
2. US FDA calls on medical device makers to focus on cybersecurity
3. Trove of medical devices found to have password problems
• DERP
1. Zamfoo gets a derp for responsible fail disclosure (also in the mailbag from Graham S)
   (and a reddit thread)
2. TSA agent tells teen to ‘cover herself’
3. Sys-admin selfies courtesy of The Grugq
• Mailbag

1. I’d like to start by saying that I thoroughly enjoy your podcast. It’s a great combination of security news, comedy, and tragedy. It’s great, keep it up. I’m emailing about your podcast to you rather than posting on the appropriate Facebook page, as I find email to be a preferred method of communication. I hope that’s okay.

   Now, my question. I’m a young, ambitious Engineer who finds the topic of Network Security to be exciting and interesting. I work in a network security team in a large company and I am always trying to expand my skills and abilities. Simply put, I’m wondering what advice you have for an inspiring individual in this industry. Also, what resources did you rely on when you were starting out. What resources do you find to be the most valuable now?

   Specifically I struggle with finding friends, co-workers, or online buddies that share the same career interests and passion. After I spend a day troubleshooting a particular security issue I want to have a group of individuals I can spit ball ideas with. I find myself feeling like I am in a silo. This is particularly odd because I know for a fact that the world is full of brilliant network security minds. I’m thinking of attending one of the upcoming security conferences this year just to make some like minded friends. It’s just annoying/expensive because I’d likely have to fly to the US. Any guidance that you could provide would be helpful.

   Anonymous By Request

• The Deep Dive — SETEC ASTRONOMY
1. We Should All Have Something To Hide
• Briefly — NO ARGUING OR DISCUSSION ALLOWED
1. Disconnect raises 3.5mil
2. Pimp My Own Matt – Doing a webinar 6/20
3. CycleOverRide – Security Nerds on Wheels
4. Sixth Annual Movie-Plot Threat Contest Semifinalists
5. Hardvard Business Review talks infosec
6. I’m hiring
7. Loon
8. How to make The Internet (from The IT Crowd)
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave is attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013 in Chicago. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013’s return of the (canadian) fail panel.
• In Closing
1. Word of the Week — Cybercentrifuge: vendors spinning stories fast enough to refine uranium. @jack_daniel
2. Movie Review — Time to see Hackers again. And read The Conscience of a Hacker again. Trust me.
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
5. Seacrest Says: Double ROT13 is NSA proof

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA