Liquidmatrix Security Digest Podcast – Episode 29

Episode 0x29 — Not just CrO2, but now with Dolby

Does anyone read show notes?

So last week had a really annoying failure in the workflow that gets this podcast from a bad Skype conference call to your ears oh precious listener. In this case, it was the failure to apply the noise canceller magic. This means that if you downloaded the podcast from the time that it was posted until I overheard the Liquidmatrix Intern listening to the podcast, you got to hear all of the background noise from each recording. Including Wil’s unfortunately loud Bermuda frogs. I can’t promise that it won’t happen again, mostly because so much of the production workflow is human-based and not automatically awesome like it could be. Sigh. I suppose all of those automation people can’t be wrong. Or something.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. But there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. Microsoft YouTube app DERP
2. Bang with Friends Facebook glitch
3. APPLE MULTIFACTOR FOR TEH CANADAZ!!!!!
4. PayPal Exec vows to go thermonuclear on passwords.
5. Data breach leads to lots of many
6. Privacy Breach on Bloomberg’s Data Terminals
• Breaches
1. In Hours, Thieves Took $45 Million in A.T.M. Scheme
   (also covered by Ars)
   (and the krebs)
2. Name.com got p0wned
• SCADA / Cyber, cyber… etc
1. The police need an app for that
• DERP
1. Saudi’s tried to hire Moxie to spy on their citizens mobile app traffic
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Troy Hunt on Clickjacking
2. Interesting note from David Seah on Procrastination.
3. Mainframes can be hacked and backdoored
4. Why certificate revocation doesn’t work
5. Cory Doctrow talking about freedom, society, computers and the internet
6. Cmdr. Hadfield bids adieu to ISS with “Space Oddity” cover.
7. Government subpoenas, obtains wide set of AP phone records in investigation
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) at BHUSA. Dave will be at Black Hat, DEF CON, Secure Asia. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013’s return of the (canadian) fail panel.
• In Closing
1. Movie Review Big: All about authentication and authorization when biometrics won’t work anymore.
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: This is ground control to Major Seacrest…

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA