Episode 0x1B — Happy New Year, Start Yer Complaining NOW!
That’s audio episode 28 out of us – not too bad to start off the new year.
PITHY COMMENTARY
Upcoming this week…
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- DERPs!!!
- and then we’re going to shoot through a whole bunch of brief items without discussionin our new segment – BRIEFS (which goes well with Ben’s male bag doesn’t it)
And if you’ve got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.
In this episode:
- News
- Privacy czar tries to find web surveillance bill solution
- Los Alamos nuclear weapons lab removes Chinese tech over spying concerns
- Facebook bug: Reset anybody’s password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your “friends”
- Rails Fail Whale (Sail, Mail, Hail) ..and boom
- Software maker faces jail for other people using his software
- malware author on sploit buying spree
- Another “WE HACKED YOUR FULL DISC ENCRYPTION” by having physical access to the device. No shit. Really? Same as in 2005 people – never sleep a FDE machine, always hibernate or poweroff.
- From NYTimes – “Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt” Really? No shit. Hmmm. I hadn’t thought of that. (h/t Securosis)
- Breaches – The never ending never ending story…
- Raj Musicals – 12000
- SCMagazine (@SCMagazine) 2012-12-23 9:25 Here’s a list of the top 8 breaches that took place in 2012.
- wiki.debian.org security breach
- Hacker at public works goes unnoticed
- Army says hacker got Fort Monmouth personal info
- The SCADAs/ICS and Cyber
- Industrial Control Systems Faced Nearly 200 Attacks: DHS
- Building a 21st Century Cyber Workforce
- Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs
- Secret Plan Aims to Defend Power Grid (Perfect Citizen)
- PDF LINK – Canada’s National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond)
- CMaaS – Continuous Monitoring as a Service. WTF.
- ProfiNet fuzzer developed
- 29C3: SCADA Strangelove – an ICS talk with the wrong name on it. Good nonetheless
- Mailbag / Bizarro Land
- Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? – Mike, SC
- Briefly – NO ARGUING OR DISCUSSION ALLOWED
- 20+ best FREE security tools
- Yahoo DOM XSS
- Top 10 web hacking technique vote – 2012
- Honeydrive!
- An off premise browser
- NTLM Challenge Response is completely broken
- A couple of University of Washington courses on Coursera – If I was carrying fewer courses this semester, I’d be on these two.If you’re a grandfathered CRISC, you might want to take these to fulfill your CPE’s for 2013!
Information Security and Risk Management in Context and
Building an Information Risk Management Toolkit- From BSI – PAS555: Cyber Security Risk – Governance and Management Specification
- OSINT Tools – Recommendations from Subliminal Hacking
- Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don’t know how I missed this on kickstarter. MIght just order one anyways.
- The Slow Data Movement
- The Process Myth
- And lastly… WTF. Eugene is #8 on Wired’s list of the most dangerous people in the world?
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
- If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- Movie Review not a movie, but go read Wool and it’s prequels
- Security Blogger Awards 2013…ah hem (not like we’re pandering for votes or anything, we only do that for ISC2 board seats) 🙂
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
- And big news for next week, but it’s still a secret.
- Seacrest Says: “INSERT SEACREST COMMENT HERE”
Download the MP3
Listen:
Subscribe to us using plain old
Also, we’re now available through
Creative Commons license: BY-NC-SA