Liquidmatrix Security Digest Podcast – Episode 2A

Episode 0x2A — Happy One Year Later

And we still suck at scheduling

Despite efforts to the contrary… we’re still not good at this. We should be getting better.

1. Upcoming this week…
2. Lots of News
3. Breaches
4. SCADA / Cyber, cyber… etc.
5. finishing it off with DERPs/Mailbag and
6. There will be a DEEP DIVE
7. And there are weekly Briefs – no arguing or discussion allowed

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News and Commentary
1. IE 10 Most Secure Browser according to NSS Labs ….Really?
2. Privacy commissioner baffled about gas plant emails
3. Google says 7 days!
4. The Canadian Government’s Embarrassing Opposition to Security Breach Disclosure Legislation
   (actual details on the opposition)
• Breaches
1. Drupal
2. France learns e-voting is Haaarrdddd
• SCADA / Cyber, cyber… etc
1. BBC: Smart meters need to be harder to hack, experts say
2. China blamed after ASIO blueprints stolen in major cyber attack on Canberra HQ
3. Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
• DERP
1. Woman Brags About Hitting Cyclist, Discovers Police Also Use Twitter (a hurr durr)
2. Twitter is evil!!!
3. Paypal bounty program FAIL
• Mailbag

1. So I was listening to 0x29 and a thought came to me during the part about Moxie and the line that the Saudi recruiter used on him which was the standard refrain of: “You either stand with us, or you stand with the terrorists!” Or “You either stand for surveillance or you stand with the child pornographers.”

   Can we not just turn that on its head using their own logic and say: “You either stand for privacy and security or you stand with the human rights abusers.”

   Since the people pushing the big brother agenda only chose to use black and white in their pictures of the world, what happens when the colours are reversed?

   Bob

• The Deep Dive
1. The Case For A Government Bug Bounty Program
• Briefly – NO ARGUING OR DISCUSSION ALLOWED
1. Facebook Bug Bounty 4500.. Blackhats say worth $800k
   Google forbids facial recognition in Google Glass for privacy reasons
2. Wintersmith – another static site generator
3. The global cyber game
4. Lahana!!!
5. Getting started with login verification (Twitter 2FA)
• Liquidmatrix Staff Projects
1. The Liquidmatrix Vegas Party- You’ve asked when and where – that’d be “We don’t know yet” and “The week of Blackhat/BSides/DEFCON”. You can beg your way onto the list by sending an email to vegas2013party@liquidmatrix.org.
2. The BSidesLV Ticket Give-away-

   Three tickets up for grabs:

   • best original piece of artwork incorporating a security rock star; bonus points for using a unicorn
   • best rap song about a major breach
   • best poem describing a vendor DERP

   Judging will be done by The Liquidmatrix Intern. Mocking will be done by us. I’d suggest you start buying a vote early. Email your submission to bsideslv2013@liquidmatrix.org

3. The Security Conference Library 
4. Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
5. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
6. Upcoming Appearances: James Training (with Rich Mogull) and Matt Speaking at BHUSA. Dave will be speaking at SC Congress Toronto and attending Black Hat, DEF CON, Secure Asia in Manila and Security Congress 2013. Matt and Wil will be at Blackhat/DEF CON and James, Ben and Dave will be joined by Mike Rothman for SecTor 2013’s return of the (canadian) fail panel.
• In Closing
1. Movie Review — GoldenEye: The answer is always send a SPIKE
2. everyday is CTF! go set up a team
3. Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
4. Seacrest Says: I can’t say Z properly

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA