Liquidmatrix Security Digest Podcast – Episode 11

Episode 11 — Dave’s Away

w00000000000000000t!

Hey Everyone, welcome to the Liquidmatrix Security Podcast – Episode 0x11 or the 18th recording for those who don’t start with zero and are not good at Hexadecimal – or math, like us.

Everyone showed up except Dave. Something about Canadian Thanksgiving causing a Turkey Coma. We manage to struggle through without him. Actually, we think the show turned out just fine. We don’t need no stinkin’ Dave.

And tonight, let us regale you with tales of:

1. LOTS OF NEWS
2. Breaches
3. SCADAs
4. Errata
5. …and then our discussion topic – the con report SecTor and Derbycon

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News

1. Why no Security for Obama Campaign Website? ((PCI-DSS FTW?))
2. Skeezy fake AV sellers get fined!
3. Criminals seeking botmasters (apparently that’s a word) for MiTM and/or trojan attacks against US banks
4. Practising the cybers in Europe
5. Maple Syrup Strategic Reserve returns to Quebec
6. Cell phones just keep getting more interesting
7. AuthN and Oracle = 🙁
• Breaches
1. World of Warcraft Catches The Plague and Matt laughs
2. University of Chicago – 9100 identities incl. SSN
• The SCADAs
1. Telvent compromised
2. Smart Meter Data Shared Far and Wide
• Errata
1. hakin9 – “Nmap: The Internet Considered Harmful – DARPA Inference Checking Kludge Scanning” DICKS!!!
• Commentary

1. Foot In The Door – SecTor
• Geist
• Miller
• Kellman
• Arlen
• Mortman/Bellis
• Trustwave – more and more and more malware
• Failpanel (we had the originator in the audience)
• thoughts on the echo chamber
2. Hardcore – DerbyCon
• The D’s Talk
• The Hallway Track
• The Awesome AV
• The Corporate CTF

• Mailbag / Bizarro Land

1. Hey!

   I just watched Ben’s talking head on CTV news, what are your thoughts on Huawei, ZTE? What does this mean to Canada?

   Paranoidly,

   Jacques L, QC

2. Also, awesome feedback from @armorguy (master Martin Fisher of Southern Fried Security podcast) on episode F, he said we were awesome and other people should copy us (we’re looking at you Riskhose)
• In Closing
1. We do research too – Ben’s running a survey and will publish results. Check it out!
2. The Security Conference Library — is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library — send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming appearances by the Liquidmatrix Crew at HouSecCon and HackFest.ca
5. It’s been rebooted! The Doing Infosec Right Sexy Defense team is off to a flying start with the Strategic Defense Execution Standard (#SDES)
6. The Seacrest says “We miss you Dave, please come back soon.”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA