Episode 0x23 — Post RSA Actual News
Recovery takes time. There has not been enough time.
There’s really not anything significant to note off the top. There’s much going on in the world of infosec. I wish that it weren’t as true, but even with the wildness of RSA, the cybers never sleep.
You might want to stay until the end of the show to hear about a CONTEST and something even cooler…
- Upcoming this week…
- Lots of News
- Breaches
- SCADA / Cyber, cyber… etc.
- finishing it off with DERPs/Mailbag and
- THE DEEP DIVE
- Our new weekly Briefs – no arguing or discussion allowed
And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Miniduke is older than we thought
(Miniduke tells time in China) - Cloudflare dDoS post mortem
- Google services should not require real names: Vint Cerf
- Oracle Issues Emergency Java Update
- Wireless brain sensor pack. Future – here we come!
- The Lightning Digital AV Adapter Surprise
- When will we trust robots?
- The Breach Report
- Evernote Security Notice: Service-wide Password Reset
Evernote hacked: Emails, encrypted passwords stolen
But it’s ok, there will be 2 factor auth someday
Critics say Evernote breach was avoidable. - Envelopes mailed to 26k retired government employees in N.C. exposes SSNs
- Encrypted laptop, casino reports belonging to federal agency stolen from rental car in Calgary
- City of Owen Sound websites offline due to porn hack
- SCADA / Cyber, cyber… etc
- Information Assurance Certification Review Board: Certified SCADA Security Architect (CSSA)
- NEWS TO NO ONE: SANS SCADA and Process Control Security Survey – the state of the industry is discouraging
- Recent 10-Ks mentioning “cyber” incidents
- Canadian Anti-hacking agency slow to learn about Chinese cyberattack
- Symantec: work on Stuxnet worm started two years earlier than first thought
- SCADA ‘Sandbox’ Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
- DERP
- Jailed hacker allowed into IT class, hacks prison computers
- Nearly Every NYC Crime Involves Cyber, Says Manhattan DA
- Mailbag / Bizarro Land
-
Dearest Son,
Why do you people always talk about “the echo chamber”? What is the echo chamber for?
Love, Mom
- Deep Dive –
- Government Malware! discuss (Finfisher, Hacking Team)Zero Day Doc
- Briefly – NO ARGUING OR DISCUSSION ALLOWED
- Recon 2013 CFP opened
- APT 1 goes back years
- There’s a vuln in sudo (yes, that sudo)
- Quick and dirty pcap slicing with tshark and friends
- Liquidmatrix Staff Projects
- The Liquidmatrix Vegas Party- More news to follow
- The BSidesLV Ticket Give-away-
Three tickets up for grabs:
- best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
- best rap song about a major breach
- best poem describing a vendor DERP
Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early.
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
- If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
- In Closing
- RIP Stompin’ Tom We’ll leave a light on.
- everyday is CTF! go set up a team
- Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee!
- Seacrest Says: I’m drinking beer at HouSec bitches!
Download the MP3
Listen:
Subscribe to us using plain old 
Also, we’re now available through 
Creative Commons license: BY-NC-SA