Liquidmatrix Security Digest Podcast – Episode 1B

Episode 0x1B — Happy New Year, Start Yer Complaining NOW!

That’s audio episode 28 out of us – not too bad to start off the new year.

PITHY COMMENTARY

Upcoming this week…

1. Lots of News
2. Breaches
3. The SCADAs/ICS and Cyber
4. DERPs!!!
5. and then we’re going to shoot through a whole bunch of brief items without discussionin our new segment – BRIEFS (which goes well with Ben’s male bag doesn’t it)

And if you’ve got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Privacy czar tries to find web surveillance bill solution
2. Los Alamos nuclear weapons lab removes Chinese tech over spying concerns
3. Facebook bug: Reset anybody’s password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your “friends”
4. Rails Fail Whale (Sail, Mail, Hail) ..and boom
5. Software maker faces jail for other people using his software
6. malware author on sploit buying spree
7. Another “WE HACKED YOUR FULL DISC ENCRYPTION” by having physical access to the device. No shit. Really? Same as in 2005 people – never sleep a FDE machine, always hibernate or poweroff.
8. From NYTimes – “Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt” Really? No shit. Hmmm. I hadn’t thought of that. (h/t Securosis)
• Breaches – The never ending never ending story…
1. Raj Musicals – 12000
2. SCMagazine (@SCMagazine) 2012-12-23 9:25 Here’s a list of the top 8 breaches that took place in 2012.
3. wiki.debian.org security breach
4. Hacker at public works goes unnoticed
5. Army says hacker got Fort Monmouth personal info
• The SCADAs/ICS and Cyber
1. Industrial Control Systems Faced Nearly 200 Attacks: DHS
2. Building a 21st Century Cyber Workforce
3. Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs
4. Secret Plan Aims to Defend Power Grid (Perfect Citizen)
5. PDF LINK – Canada’s National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond)
6. CMaaS – Continuous Monitoring as a Service. WTF.
7. ProfiNet fuzzer developed
8. 29C3: SCADA Strangelove – an ICS talk with the wrong name on it. Good nonetheless
• Mailbag / Bizarro Land
1. Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? – Mike, SC
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. 20+ best FREE security tools
2. Yahoo DOM XSS
3. Top 10 web hacking technique vote – 2012
   
4. Honeydrive!
5. An off premise browser
6. NTLM Challenge Response is completely broken
7. A couple of University of Washington courses on Coursera – If I was carrying fewer courses this semester, I’d be on these two.If you’re a grandfathered CRISC, you might want to take these to fulfill your CPE’s for 2013!
   Information Security and Risk Management in Context and
   Building an Information Risk Management Toolkit
8. From BSI – PAS555: Cyber Security Risk – Governance and Management Specification
9. OSINT Tools – Recommendations from Subliminal Hacking
10. Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don’t know how I missed this on kickstarter. MIght just order one anyways.
11. The Slow Data Movement
12. The Process Myth
13. And lastly… WTF. Eugene is #8 on Wired’s list of the most dangerous people in the world?

• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
3. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
• In Closing
1. Movie Review not a movie, but go read Wool and it’s prequels
2. Security Blogger Awards 2013…ah hem (not like we’re pandering for votes or anything, we only do that for ISC2 board seats) 🙂
3. everyday is CTF! go set up a team
4. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
5. And big news for next week, but it’s still a secret.
6. Seacrest Says: “INSERT SEACREST COMMENT HERE”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA