Liquidmatrix Security Digest Podcast – Episode 14

Episode 0x14– Happy Birthday Mr. Gattaca… we’ll vote for you too.

There’s interesting things afoot. Y’all should pay attention.

This is the 21st episode for those of you that don’t have 16 fingers. Not sure we should be revealing this yet, but it’s going to be a wild winter solstice celebration this year. The southern folk at Southern Fried Security and this gang of teenage malcontents are up to no good. Well, actually extra special good. Let me sum up – it’s Security Charity… Gangnam Style.

Stay tuned for the carnage.

Upcoming over the next hour…

1. Lots of News
2. Breaches
3. SCADAs
4. DERPs!!!
5. and then our discussion topic–Disaster Recovery

And if you’ve got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Service Sells Access to Fortune 500 Firms
2. U.S. looks to replace human surveillance with computers
3. How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole 
   CSO Online has an opinion too.
4. Broadcom DoS on BCM4325 and BCM4329 devices
5. Auditor General Report: 
   Canada is sucking  
   at the “cyber”
6. The Kiwi .gov makes their internal network kiosk accessible
7. China Unicom replaces Cisco devices over security concerns 
   Huawei gives Australia peeks at its network hardware and code to regain trust
8. Hire great infosec people (and keep them) !
• Breaches – The never ending never ending story…
1. Billabong Hacked Again (yes, again), Hackers Claim to Have Obtained 37,000 Account Details
2. Peru Domains Registrar hacked and 207116 Domain panel credentials leaked
3. South Carolina Suffers Massive Data Breach
4. Attacker grabs data for 3.6 million South Carolina taxpayers; governor wants to see culprit “brutalized”
5. Hackers crack Texan bank, Experian credit records come flooding out
6. Vermont credit union discards unencrypted data of 85,000
7. Anonymous owns a police forum
• The SCADAs
1. Critical flaw found in software used by many industrial control systems
2. Cybergeddon now? Industrial control systems targeted
• Errata / DERP of the week award

1. Dear Sir/Madame,

   My name is Jakub Walczak, and I work for Hakin9 – the magazine that reaches over 60 000 readers mainly in the USA, India, and Australia.

   I have seen your website and I was wondering if you would like to cooperate with us. Please let me know.

   I am looking forward to hearing from you.

   Regards,

   Jakub Walczak

2. Sorry Jakub, perhaps you should listen to the show or read about our opinions of Hackin9 before you send email like this again. Just sayin.
• Commentary

  Yeah, so we ran a little long… the commentary segment has been pulled out into a separate recording. It’ll show up on the RSS feed tomorrow, but if you want it right now, you can grab it here.

1. Foot In The Door – Disaster Recovery
1. c, i and A < -- that one counts
2. RTO, RPO

practice, practice, practice

• Hardcore – Recovering from the Disaster you didn’t plan for
1. Do the post-mortem.  Netflix’s AWS outage post-mortem
2. do security olde style- use the opportunties provided by the red-print report to get the thing fixed right.
3. Make sure you’ve prepared yourself
4. Including a “get home” bag at the office
5. Don’t make plans that require employees to run on infrastructure that might not be there
• Mailbag / Bizarro Land

1. The quick & dirty: Stroz Friedberg evaluated the technical watchdog (MarkMonitor) for the so-called ISP “Six Strikes”, and gave it a thumbs-up. However, SF was also actively lobbying for the RIAA between 2004 and 2009.

   I want to like this company – they’re doing it less wrong than many other folks – and thus I find myself experiencing another bout of Infosec Depression.

   Original article, albeit from a non-impartial source here

   -Jim

• In Closing
1. Matt’s Movie Review Argo was so good – That Ben Affleck is DELICIOUS
2. We do research too – Ben’s running a survey and will publish results. Check it out!
3. The Security Conference Library 
4. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
5. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
6. Upcoming Appearances: Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia
7. BSidesDave – held immediately after Hackfest, Dave will not be sleeping before his flight home, so keep him company
8. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
9. Seacrest Says: “Why are my pants wet?” Hope everyone makes it through #Sandy safely

Download the MP3
And don’t forget to download the second part of the episode.

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA