Liquidmatrix Security Digest Podcast

Liquidmatrix Security Digest Podcast - Episode 31

Listen Later

Episode 0x31

Tinfoil Hats for EVERYONE

Short paragraph containing introductory material and a thanks to listeners (if reasonable)

Upcoming this week...

  1. Lots of News
  2. Paranoia / NSA
  3. SCADA / Cyber, cyber... etc.
  4. finishing it off with DERPs/Mailbag (or Deep Dive)
  5. And there are weekly Briefs - no arguing or discussion allowed

    6. And if you've got commentary, please sent it to [email protected] for us to check out.

    DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

    ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

    In this episode:

    • News and Commentary
      1. Fingerprints as passwords: New iPhone Touch ID
      2. Skipping Ben's turn because he's really impressed about upcoming stories.
      3. Certification WTF: Payment Card Industry Professional (PCIP)
      4. WordPress < 3.6.1 PHP Object Injection
      5. Paranoia / NSA -- AKA "The BIG Breech of 2013"
        1. The NSA is a customer of VUPEN
        2. NIST says maybe don't use the ECC random bit thingie
        3. Wireless firms agree to give Ottawa ability to monitor calls, phone data
        4. No telco ever challenged NSA data collection
        5. New NSA Leak Shows MITM Attacks Against Major Internet Services
        6. EZpass is tracking you
        7. NSA Hacks Belgium
        8. NSA slurped bank records and credit card data
        9. Canada handed over control of crypto standard setting to the NSA
        10. NSA phone program is all legit
        11. FISA courts joining the FOIA party late
        12. SCADA / Cyber, cyber... etc
          1. Today Cyber means War but back in the 1990s...
          2. Hacker Group in China linked to big cyber-attacks
          3. Brazil and Argentina make a cyber pinkie pact
          4. DERP
            1. Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety'
            2. Twitter does link scraping
            3. PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust.
            4. Mailbag and/or Deep Dive

              1. Hey LSD-P

                I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them.

                Nervously,Your Friend

              2. Briefly -- NO ARGUING OR DISCUSSION ALLOWED
                1. Crypthook
                2. ShmooCon CFP - Pay attention to the Proceedings
                3. Binary Risk Assessment
                4. FreedomBox
                5. The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti
                6. MOV is turing complete
                7. Meredith Patterson at 28c3 - The language of insecurity
                8. SimpleRisk: Enterprise Risk Management Simplified
                9. Browser fuzzing: introducing bamboo.js
                10. Liquidmatrix Staff Projects -- gratuitous self-promotion
                  1. The Security Conference Library
                  2. Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time.
                  3. If you're interested in helping out with openCERT.ca, drop a line to [email protected]
                  4. Upcoming Appearances -- more gratuitous self-promotion
                    1. Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City.
                    2. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice)
                    3. Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel
                    4. Matt: - Still on his honeymoon... And will be speaking at SecTor
                    5. Wil: - Getting playa out of his areas... But will be at SecTor
                    6. Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now.
                    7. Advertising - pay the bills...
                      1. Hackfest registration is open
                      2. BSides Toronto!!!!
                      3. SecTor 2013
                      4. Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).
                      5. Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course
                      6. Seacrest Says: oh jeremiah!!!

                        7. Creative Commons license: BY-NC-SA

                        ...more
                        View all episodesView all episodes
                        Download on the App Store
                        Liquidmatrix Security Digest PodcastBy Liquidmatrix Security Digest
                        • 4.8
                        • 4.8
                        • 4.8
                        • 4.8
                        • 4.8

                        4.8

                        13 ratings