Liquidmatrix Security Digest Podcast – Episode 24

Episode 0x24 — The Robot Uprising

You’d think those worthless meatbag humans would be more respectful.

It looks like we will have a limited incidence of Robots in tonights episode. Of course, nothing in life can be ACTUALLY robot free. That’s just silly talk. Also, pro-tip: make grilled cheese sandwiches in the George Foreman after making steak – better than butter.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. THE DEEP DIVE
7. Our new weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Pwn2Own: IE, Firefox, Chrome and Java go down …and Adobe Flash, Reader and Oracle Java exploits Chrome hack details (threat post link) Thanks Ben!
2. Indian .gov puts bounty on botnet takedown
3. China’s internet backbone will have security features (also censorship) (SAVA)
4. How Facebook Prepared to Be Hacked
5. Having the MD5 hash of “123456” is probably not the best way to store passwords in your publicly searchable code on github… /via Thierry Zoller. (also don’t put your twitter oauth keys in github)
6. International Womens’ Day – Don’t forget Admiral Grace
7. Freeze All The Robots: Put Android ICS in the freezer to break crypto
8. Harvard sneaks through 16 Deans’ email
9. Deja vote: Iran blocks VPN use ahead of elections
• The Breach Report
1. Another bitcoin exchange gets p0wned
2. Ausie Ausie Ausia Bank Oy Oy Oy (Reserve Bank of Australia gets infected, then found out)
3. Pakistan .gov gets hacked
• SCADA / Cyber, cyber… etc
1. Metasploit releases exploit module for Honeywell ICS that has a patch available
2. Formal Paper (pdf) from Ralph Langner Bound to Fail: Why Cyber Security Risk Cannot Be “Managed” Away
3. US Military Advisory Panel Says Nuke a Cyber Attacker
4. Reasons to depend on Kaspersky for ICS/SCADA operating systems — EXCELLENT IPv6 STACKS
5. BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO
6. Cyberwar: you lack imagination
• DERP
1. TELUS releases qualitive security survey (pdf link) – completely ignores science, math and proper research
2. Survival of the fittest: Some data-breach victims can’t be helped – but they enjoy reacharounds
3. China points at USA and cries “you’re stinky and mean”
• Mailbag / Bizarro Land

1. Dear Dudes of the Liquid

   I found a vuln when I was browsing a company’s website with w3af? Should I report it?

   Yimmy, Warsaw

• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. From Space Rogue – The Infinite Daft Loop – productivity in a can
2. Play Donkey Kong as the Princess
3. Browser sec
4. Tripwire aquires nCircle
5. Click to play!!!!
6. Microsoft preps UPDATE EVERYTHING patch batch
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- We threatened more news. There will be passes distributed. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James speaking at Thotcon, BSidesChicago, BSidesRochester and Training (with Rich Mogull) at BHUSA. Dave will be at Secure Dusseldorf, Infosecurity Europe, Black Hat, DEF CON, Secure Asia
• In Closing
1. Movie Review Moon (it’s all about clones – BTW spoiler alert)
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: “Here’s to a hoopy frood who really knew where his towel was.” RIP Douglas Adams

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA