Liquidmatrix Security Digest Podcast – Episode 1C

Episode 0x1C — The New Guy

That’s audio episode 29 out of us – and so it’s time to go gracefully into our middle age with a new guy.

We are pleased to announce that we’re adding a new regular contributor to the Podcast – Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He’s also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome – so make sure you tell him how awesome he really is — @wintr on Twitter.

Normally there is an opportunity for witty goofing about here. This week, I’m taking the time to soapbox for a moment. If you’re not aware of Aaron Swartz, you should be. Unless you’re listening to this podcast by going directly to the website and downloading, it’s his spec that’s running the RSS you’re using. Also, everything else. Here’s a few links to get you thinking.

1. Boing Boing / Cory Doctorow
2. The Nation / Rick Perlstein
3. Quinn Norton
4. Lawrence Lessig
5. Summary posting on The Laughing Squid

Upcoming this week…

1. THE NEW GUY
2. Lots of News
3. Breaches
4. The SCADAs/ICS and Cyber
5. and then our discussion topic – Planning for staff turnover?
6. finishing it off with DERPs/Mailbag and
7. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary

1. Under the Hood of DDoS attacks against banks
2. Texas School Pupil who refused to wear RFID, loses appeal
   Disney Too!
3. The Australians want to spy on us all
4. Zeus Botmaster arrested
5. Opsec for hackers by The Gruq
6. Errors Mount at High-Speed Exchanges in New Year
7. Thales DMCA takedown of manual
8. Zero Day in Oracle Java 7
9. Petition on “We The People” US government site seeks to legitimise DDoS as a form of civil protest
   Akamai CSO Andy Ellis tweets…
10. TSA Once Again Considering Using Commercial Data To Profile Passengers
11. Hack turns the Cisco phone on your desk into a remote bugging device
• Breaches – The never ending never ending story…
1. “Oops we did it again” Canadian .gov looses 538,000 records
2. Vicurex didn’t listen to the Ruby on Rails warning
3. Indonesian President’s Web Site Hacked by Jember Hacker Team
4. Hacker group exposes corruption in universities
• The SCADAs/ICS and Cyber
1. PDF LINK: Update on 3S Codesys Multiple Vulns
2. PDF LINK: SpecView Directory Traversal
3. PDF LINK: Roxwell Automation Controllogix
• Errata / DERP of the week award
1. Nokia is MITM’ing users
2. Oracle + Java vuln slow repair = WTF
• Mailbag / Bizarro Land
1. Hi Guys:
   A good friend and CTO of a small oil & gas service firm has learned enough about infosec to be terrified. I blush to suggest I may have helped him along his journey. 😉 How about discussing how one locates & selects a pure fee-for-service consultancy to set a smallish firm on the straight & narrow? My friend’s firm is well funded — but myself, I have a prejudice against “big name” firms, so I will not be passing on any such recommendations to him.
   Thanks for the great podcast, Mark
2. Sirs,
   I listen regularly and really enjoy your podcast and the insightful, intelligent, sober analysis you provide. I must disagree with your assessment, in episode 1B, of the New York Times article Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt.” It seems your analysis fell victim to the standard industry response to the piece, which, summed up, amounted to “duh, so what?” I would like to respectfully submit that the value of the article isn’t so much its content, but the fact that it appeared in the Business Section of the New York Times that landed on my doorstep. It has long been well known in the information security community that antivirus was less than effective, but the fact that the Times ran an article indicting the industry, and served it up to lay people across the globe is a fairly significant event. The article begins: “the antivirus industry has a dirty little secret: its products are often not very good at stopping viruses,” but the moment the Times went to press that fact was no longer secret. This type of mainstream media analysis could spell real trouble for an industry that has been struggling to find relevance in the modern threat environment, and the fact that popular media is beginning to get on the AV-bashing bandwagon does not bode well for the future of your favorite yellow swirly products. The PHB’s of the world may not listen to their security officers, but they probably read the New York Times, which can change financial decisions for a company in significant ways.
   Cheers, Justin C. K. K.
• Briefly – NO ARGUING OR DISCUSSION ALLOWED

1. If you go back and listen carefully to the entire podcast, there’s a SECOND podcast hidden in the silence.
2. Automating Security for developers from Mozilla
3. effective approaches on app sec from etsy
4. twitter on automating app sec
5. 5 more tough security questions (and tips on answering them)
6. Windows 8 RT Jailbreak
7. Remember Aaron Swartz
• Liquidmatrix Staff Projects
1. The Security Conference Library 
2. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
3. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
• In Closing
1. We’re thinking about doing a live podcast with audience participation – drop us a tweet or a line if you’re interested 
2. Movie Review Silver Linings Playbook
3. Security Blogger Awards 2013…ah hem (not like we’re pandering for votes or anything, we only do that for ISC2 board seats) 🙂
4. everyday is CTF! go set up a team
5. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
6. Seacrest Says: “goodbye Aaron, we’re saddened by your passing, the world is a less brilliant place without you” International list of Suicide Hotlines For the rest of you – “depression is a flaw in chemistry not character”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA