Liquidmatrix Security Digest Podcast – Episode 12

Episode 12 — These are the Daves I know I know

He claims it’s not his fault he missed an episode…

Yes, we’re still doing a podcast. Lots of you listen. It’s kinda awesome. We promise to be more awesome in the future.

And tonight, let us regale you with tales of:

1. Lots of News
2. Breaches
3. SCADAs
4. DERPs!!!
5. …and then our discussion topic – IDS IS DEAD

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News

1. Capital One targeted in CYBERATTACKS
2. HTML5 Full Screen API Attack
3. Firefox 16 gets pulled (just like the goalie) – exploit follows in 24 hours
4. Lone packet takes out SS7 networks
5. FX beats up on Huawei at HITB
6. Myrcurial Complains: These Kids Today
7. High Court in the Philippines Suspends Contentious Internet Law
8. Panetta Warns of Dire Threat of Cyberattack on US
• Breaches
1. Northwest Florida State College – 300,000
2. Facebook – everyone on the internet!!!!!!!
3. TD Bank (US – a subsidiary of TD Bank Canada) loses a tape IN MARCH!!!! – 260,000 records
4. Nationwide Address book Android app – 760,000 via @WeldPond
• The SCADAs
1. LittleBlackBox is a collection of thousands of private SSL and SSH keys extracted from various embedded devices. Thanks @lmacvittie
2. What is Critical Infrastructure? A long twitter conversation on 2012-10-12 about the REAL rule-of-thumb criteria for what makes something critical infrastructure or not.
• Errata
1. DERP of the week award: Samer Bishay said. “Network security lies ultimately with the service provider. So, if you can control your network well, then I don’t see how any outside force could really override these controls.” (h/t @taosecurity)
• Commentary

1. Foot In The Door – IDS IS DEAD
• I can’t even come up with notes. Just listen.
2. Hardcore – EXCEPT IT ISN’T
• See above.

• Mailbag / Bizarro Land
• In Closing
1. Matt reviews “Trouble with the Curve” – was there any infosec in it, nope, ok then
2. We do research too – Ben’s running a survey and will publish results. Check it out!
3. The Security Conference Library — is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library — send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
4. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
5. A moment of silence for Amanda Todd, sadly a victim to online bullying
6. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
7. Upcoming Appearances: James at COUNTERMEASURE 2012 in Ottawa, Matt at AppSecUSA in TEXAS, Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia
8. The Seacrest says “Oh My G-d, I’m falllllling, why won’t this parachute open!?!?”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA