Episode 0x1D — Oops, We Did It Again
Sometimes, breaches happen to the nicest folks
A PSA on TFA!
TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn’t tell my wife about it for a while because I thought that it would bring up the whole ‘if you love me you’ll share you password’ argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well.
Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I’ll even use it on the train when I go to work, I don’t care who sees me key in my OTP because I know TFA will keep me safe; it’s a good feeling.
- Upcoming this week…
- Lots of News
- Breaches
- The SCADAs/ICS and Cyber
- finishing it off with DERPs/Mailbag and
- Our new weekly Briefs – no arguing or discussion allowed
And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Bug Bounties! Pwn2own 2013 looking good
- Kimdotcom is back – Mega and encryption is haardddddd
- Another Java vuln confirmed
- the brits do some identity outsourcing
- Red October (Be very careful not to shoot the nuclear missiles)
- Student expelled for finding flaws in edu-software
- Blue Coat Caught Up In Global Surveillance Storm Again
- Canadian report on ethical hacking sidestepped
- Breaches – The never ending never ending story…
- Liquidmatrix branches out into Viagra…apparently
- The SCADAs/ICS and Cyber
- DHS to regulate medical device security
- More releases from the SCADA Strangelove folks
- Canada has a bad case of the Cybers
- Singapore Cybers You Back
- Endgame Systems is going to Bonesaw you
- US succumbs to sneakernet. Time to glue up your USB ports
- Errata / DERP of the week award
- Mailbag / Bizarro Land
-
Gentlemen,
Where did you guys get the term “Narcasistic vulnerability pimps”?
Jonesy, GTA
- Briefly – NO ARGUING OR DISCUSSION ALLOWED
- Like garfield without garfield, it’s Risk Unicorns without Alex Hutton!!!
Webappsec Quiz!
Whoops!!
Bobby Tables!
httpOnly cookie flag Stats - Mikko gives you video tips on banking online
- Condoms and Castles
- Google Authenticator for WordPress. Just sayin.
- HackDesign – good for your eyeballs
- Record number of British schoolkids participate in National Cypher Challenge (h/t to my Mom, seriously)
- TSA ends contract with Rapiscan, maker of full-body scanner
- Your Mac Keeps A Log Of All Your Downloads
- iGotYa leads to arrest
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
- If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking
- In Closing
- We’re thinking about doing a live podcast with audience participation – drop us a tweet or a line if you’re interested
- Movie Review Mikko was on stage with Eugene at DLD 2013… did it get weird?
- Security Blogger Awards 2013…ah hem (not like we’re pandering for votes or anything, we only do that for ISC2 board seats) 🙂
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
- Seacrest Says: “Al Roker pooped his pants. Seacrest Out!” http://www.vulture.com/2013/01/al-roker-pooped-his-pants-the-remix.html
Download the MP3
Listen:
Subscribe to us using plain old
Also, we’re now available through
Creative Commons license: BY-NC-SA
Thanks for the mention fellas. Some great feedback a food for thought too.
FYI – We’ve updated and added a bunch more entries to the active bug bounty, and we’re now keeping an ear out for new programs (e.g. Avast) and monitoring people signed up with us when they come out.
Also, people have been sharing (A LOT) their experiences of different bounties. We’ve not figured out a way to fairly integrate this data without investigating each claim (we’re a touch time poor right now to do this properly) but we’re working on it.