Liquidmatrix Security Digest Podcast – Episode D

Episode D — The Boys of Summer

Good News Everybody!

This is the longest one we’ve recorded yet — by 0:59 — and we will try to get these back down under an hour. Pinky swear. We’ve also gone over 10000 downloads from 63 countries. That’s kinda cool – and thank you all very much. Lots of good stuff in this episode, it’s totally worth the 74 minutes.

1. Hackers
2. The SCADAs
3. Java
4. Lawyers
5. MOAR SCADAS!!!!
6. Apple, Microsoft
7. Stupid Employee Tricks
8. …and then our discussion topic – Employee Tricks

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Microsoft NZ exposes TechEd delegates’ passwords
2. Hackers vent ire, deface Youth Congress site
3. Antisec Hackers Breach Globalcerts, Post Data Online
4. Oilsands a hacker target: RCMP
5. Particularly good article on impact of Java vulns on Mac users and
6. American Bar Association Ethics rules now require IT knowledge
7. Apple Genius Training Manual
8. Toyota hacked by ex-IT worker, sensitive info stolen
9. ZOMG ANOTHER SCADAS! RasGas computers are “aramco’d” and Who’s responsible
• Breaches
1. 1 MILLION accounts leaked in megahack on banks, websites
2. Indianapolis based Cancer Care Group — 55k medical records
3. Canada’s Maple Syrup Strategic Reserve Stolen (no, not a joke)
• Errata
1. Something hinky going on with Aaron Portnoy (former TippingPoint ZDI manager)
• Commentary
1. Foot In The Door – Employee Tricks
• How to find the really great employees
2. Hardcore
• And how to get rid of the really bad ones

• Mailbag / Bizarro Land

1. Hi LSD crew

   REDACTED REDACTED REDACTED. What about REDACTED?

   ((We’re taking this as “how to manage the need to communicate without being able to communicate” — aka, the frieNDA.))

   thanks,

   Jimmy, Nova Scotia

• In Closing
1. The Security Conference Library — is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library — send us a note (mailbag) and we’ll take your bits and file them. (NOTE: that link will send you to http://myrcurial.com/conferences but you can totally trust that guy)
2. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
3. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor
4. Vote Dave for ISC2 Board Ballot!
5. The Seacrest says “Everybody’s working for the weekend”

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA