Liquidmatrix Security Digest Podcast – Episode E

Episode E — Just a bunch of hosers

Teh Podcast Warz Haz Begun!

It’s another week in infosec. I can’t get excited about it either. Too many news stories of note, breaches and a new section – the SCADAs. In the same way that we had too many breach stories so we broke them out, we’re doing the same with SCADA. Expect a lot of derision from Dave and I — there’s a lot of bullshit and we’re calling it.

We’d also like to wave hello to the team at Riskhose. We’re sorry that you misinterpreted young Matt’s question – we’ll straighten you out when we do our Risk-tacular episode this fall. Also, we’re starting to suspect that the Riskhose Utahian may be a closet Canadian – he knows too much about Canadian musicians and he does know all of the words to Romantic Traffic (and yes Alex, when you come to Toronto, we’ll go visit all of the subway stations so that you can produce your fan version of the video.)

Interestingly, between the Riskhose podcast and some threats from the Southern Fried Security bunch, it’s on – the Podcast Wars are here – expect that the next few months are going to be epic in the world of infosec podcasting. We may even take a swipe at NetSec!

1. Syria
2. SSL Certificate Hijinks
3. Cyber
4. Hackers
5. OSX
6. Canadianisms
7. The WIFIs
8. Google-ized
9. …and then our discussion topic – Dumb Stories

And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.

In this episode:

• News
1. Java.com SSL cert expired
2. Al-Jazeera websites hacked by Assad loyalist group
3. Cyber attacks grow increasingly “reckless”, official says
4. 3 years later, hackers who hit Google continue string of potent attacks …and no one is looking out for the stuff that really matters.
5. New utility nabs OS X keychain passwords
6. Global virus downs N.S. computer system for a month
7. Sniffing open WiFi networks is not wiretapping, judge says:
8. VirusTotal acquired by Google
9. No shooting at protest? Police may block mobile devices via Apple
• Breaches
1. Guild Wars 2 officials say ongoing password attack affects 11,000 accounts
2. Antisec Leaks 1,000,001 UDIDs From A Trove Of 12 Million Allegedly Stolen From An FBI Laptop Or was it 12 million? …or not? and some apps use IMEI as password!
3. NullCrew pillages Sony servers?
• The SCADAs
1. Secret account in mission-critical router opens power plants to tampering
2. Anonymous Hack Lukoil Bulgaria Site
• Errata
1. Vendor Cybercrime Stats
• Commentary
1. Foot In The Door – Your Dumbest Story EVAH!!!!
• Dave – VIEW SOURCE HACKERZ
• Jamie – our developer broke SSL — that’s why we use proprietary encryption. But we’re not telling anyone what/how he did.
• Matt – SQL injected a DB to /dev/null
• Ben – I didn’t feel 3DES was secure because the source is available online, so I invented my own variant
2. Hardcore
• Skipping the hardcore because we’ve got a great Mailbag question.

• Mailbag / Bizarro Land

1. Love your podcast, even if you try to count in Hex 🙂 It would be great if you were able to dive deep into what modern defenders need to do to get ahead of attackers. Right now, attackers need to only make simple changes to their attacks and defenders are left on their kiesters. How do we change that pattern?

   Besides deploying antivirus 🙂

   thanks,

   Paul of Seattle

2. Matt suggests a cool slide deck from Zane over at Etsy
3. Ben suggests you read Liquidmatrix 😉
4. … and thanks to Thomas Preissler for his comments about the show!
• In Closing
1. We do research too – Ben’s running a survey and will publish results. Check it out!
2. The Security Conference Library — is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library — send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy)
3. If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
4. Three Quarters of Liquidmatrix (with some Securosis added in) are doing a panel at SecTor If you’re thinking of attending SecTor 2012, grab 10% off with discount code “liquidmatrix-2012” or if you can only make it to the expo floor, grab a free expo pass with code “liquidmatrix-Expo2012”
5. Vote Dave for ISC2 Board Ballot!
6. The Seacrest says “I miss Gilmore Girls” and “Skerple”

And as punishment, feel free to use this for whatever need you may have. Matt + Gilmore Girls + Skerple. YOU’RE WELCOME!

Download the MP3

Listen:

Subscribe to us using plain old

Also, we’re now available through

Creative Commons license: BY-NC-SA