Episode 0x20 — Can Dave count to 20?
Special Bonus Episode!
Since Dave (and a few select others) have problems with actually showing up to recordings, you’ll be getting this episode about one day after the much maligned and completely screwed up Episode 0x1F. We are attempting to get back on track and do things the way they should be done. Or something like that. Also, Shmoocon!
- Upcoming this week…
- Lots of News
- Breaches
- SCADA / Cyber, cyber… etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs – no arguing or discussion allowed
And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Password Dump stats for January 2013 and December for those curious
- LA Post serving Black Holes
- WaPo – ‘Fragmentation’ leaves Android phones vulnerable to hackers (some info on malware p0wnage)
- NIST 800-53 Rev4 is in Draft read it, comment on it.
- DHS declares 100 mile “4th Amendment Free” zone adjacent to US border
- Kaspersky update hoses Internet access for Windows XP users.
- Canadian Business Groups Lobby For Right To Install Spyware on Your Computer.
- The Everyday Agony of the Password
- Audacious Hack Exposes Bush Family Pix, E-Mail
- The Breach Report
- SCADA / Cyber, cyber… etc
- Mailbag / Bizarro Land
-
Hi LSD crew…
just finished 0x1E again and again, well done! Many thanks.I am missing a bit the “central topic” what you had in earlier ones. What I mean is like in episode 0x14 about “Hardcore – Recovering from the Disaster you didn’t plan for” or “hiring”. This was really interesting and gave some good insight. I understand quite a number of things are “common sense”, but still, unfortunately quite a number (of the other?) things are not “common practice” and I think these need to be communicated.
Cheers guys
Thomas - Discussion – Keeping up with new technical developments
-
Because Thomas is a good guy, and he actually sent us an entire book of ideas, we’re going to use one of them. Keeping up with new technical developments such as RFC 6797 HSTS and how to manage that along with everything else you’re supposed to be doing as an information security professional. (Cue Dave talking about the value of CPEs in 3… 2… 1…)
- Briefly – NO ARGUING OR DISCUSSION ALLOWED
- If you permit USB keyboards or mice, you’re permitting exfiltration
- Log stash book!!!
- Payment Card Industry clears up confusion over cloud use.
- Dave was on TV. He has many monitors. He is an Internet Security Expert. (fortunately he’s not a social media expert)
- Not done yet: Oracle to ship revised Java fix on February 19
- Jeremiah Grossman’s Self Pwnage
- Another RoR SQLi vuln
- Liquidmatrix Staff Projects
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
- If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking, James speaking at Thotcon and Dave will be at RSA, AltSecCon, Secure Dusseldorf, Infosecurity Europe, Black Hat, Defcon, Secure Asia
- In Closing
- We’re thinking about doing a live podcast with audience participation – drop us a tweet or a line if you’re interested
- Movie Review
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
- Seacrest Says: Seacrest Likes Vicodin. SRLSY (but who doesn’t – yummy yummy vicodin…. tasty)
Download the MP3
Listen:
Subscribe to us using plain old
Also, we’re now available through
Creative Commons license: BY-NC-SA