Episode 0x1F -- The Confusing Part Starts NOW

Can't wait till next week when Dave can start reading the episode numbers again!

I'm going to go ahead and apologize for this episode. We really couldn't seem to get it together last week so we bolted together some recording materials from last week and some that we put together last night. It's an unholy mess. Enjoy!

The show keeps getting longer. Even when 2/5ths of the hosts are absent, we're still in the hour long range. What's a podcast to do? Should we start trimming content? Not according to at least one of our listeners who really misses the Deep Dive Segment. Should we split into two episodes and release twice a week? Could we start recording any earlier so that those of us who live on the eastern side of the continent aren't yawning before the end? What's the best part of the show? What could we do less of? Should we just stick to what seems to be working?

These are all questions that you dear listener can answer. Let us know at [email protected]. Did you know that you can also send us tips and links and things that you wish got a little more coverage? Yes you can! Now back to the show.

And if you've got commentary, please sent it to [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Episode 0x1E -- Absenteeism

Insert Subtitle Here

With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end.

And if you've got commentary, please sent it to [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Hi all,

Just came across this crazy story.GitHub's new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it's not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user's account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub's search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile.

Reddit Thread

Keep up the good work!

-- Graham Sutherland

Creative Commons license: BY-NC-SA

Episode 0x1D -- Oops, We Did It Again

Sometimes, breaches happen to the nicest folks

A PSA on TFA!

TFA is addictive, a year ago I started using it at work and then I began using it at home on my webmail. I didn't tell my wife about it for a while because I thought that it would bring up the whole 'if you love me you'll share you password' argument again. My TFA use began to spread to other cloud services and soon I was trying to get other people to start using it as well. Now I do TFA everywhere, whenever I have a quiet moment to access a cloud service. Sometimes I'll even use it on the train when I go to work, I don't care who sees me key in my OTP because I know TFA will keep me safe; it's a good feeling.

And if you've got commentary, please sent it to [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Gentlemen,

Where did you guys get the term "Narcasistic vulnerability pimps"?

Jonesy, GTA

Creative Commons license: BY-NC-SA

Episode 0x1C -- The New Guy

That's audio episode 29 out of us - and so it's time to go gracefully into our middle age with a new guy.

We are pleased to announce that we're adding a new regular contributor to the Podcast - Wil Knoll is a Calgary-based infosec consultant / hackerspace founder who has been a key contributor to Hacker Pyramid as well as knowing his shit when it comes to infosec. He's also an accomplished actor and once upon a time could be mistaken for Joey from Hackers. We are thrilled to have him join the show and in this first outing, he did a wonderful job. He also suffers from impostor syndrome - so make sure you tell him how awesome he really is -- @wintr on Twitter.

Normally there is an opportunity for witty goofing about here. This week, I'm taking the time to soapbox for a moment. If you're not aware of Aaron Swartz, you should be. Unless you're listening to this podcast by going directly to the website and downloading, it's his spec that's running the RSS you're using. Also, everything else. Here's a few links to get you thinking.

Upcoming this week...

And if you've got commentary, please sent it to [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Episode 0x1B -- Happy New Year, Start Yer Complaining NOW!

That's audio episode 28 out of us - not too bad to start off the new year.

PITHY COMMENTARY

Upcoming this week...

And if you've got commentary, please sent it [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Episode 0x1A -- Happy Holidays Everyone

Upcoming this week...

And if you've got commentary, please sent it to [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

In what can only be described as a collision of intergalactic import, the three bestest information security podcasts have come together and produced...

THE SOUTHERN MATRIX HOSE PODCAST

Have a listen for a half hour of:

Bringing you the infosec commentary that you crave from the Security Zone conference in beautiful Cali Columbia.

Since we're in a tropical paradise, there really isn't the patience for things like show notes. Have a listen and you'll be impressed, we swear.

Creative Commons license: BY-NC-SA

Episode 0x19 -- It's EARLY - and we like it!

No Matt. But Ben does a great Matt impression. In mashed potatoes.

It's another week in the wide wonderful world of Infosec. And every day feels like drinking from the firehose of Infosec Reactions. Seriously.

Upcoming this week...

And if you've got commentary, please sent it [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

Creative Commons license: BY-NC-SA

Episode 0x18-- How Do You Spell Aguardiente?

Beginning the end of 2012 - Because it's time to start making up lists of resolutions that we're not going to follow.

Dave developed a new giggity move, it's called "the kasperskian" - y'all should consider it a way to buy votes that this is an audio only podcast.

And if you've got commentary, please sent it [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

why do you make fun of Kaspersky's secure SCADA software

Boris the squirrel

Creative Commons license: BY-NC-SA

Episode 0x17-- Turkey Time

We're going to try to keep this one relatively short. Seriously.

Of course, it's a day late because I did a boo boo on the recording. Don't ask.

Upcoming over the next hour...

And if you've got commentary, please sent it [email protected] for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

RE: Canadian Satellites

Hey guys.
Thanks for the shout-out in Episode 14 regarding the Diginotar report.
Unfortunately I'm going to have to award you guys a mini-derp award for your comments that same episode on the story about the Canadian Navy buying satellite services from Inmarsat as satellites just happen to be my area of expertise. Yes, Canada does have its own communications satellites.
They are managed by a company called Telesat.
However, they are not of use to the Canadian Navy because they are located in the wrong place, operate on the wrong frequencies, and provide the wrong types of services for what the Navy needs. Communications satellites of this type operate in the geostationary belt (GEO), an orbit around the Equator 36,000 km above the Earth.
The radio spectrum in this orbit is pretty congested, so early on international regulation of the satellites in this orbit and the spectrum they use was given to an organization called the ITU. Countries apply to the ITU for specific orbital slots and frequencies in the GEO belt and then license those to their companies. Canada has slots over North America and associated frequencies that are used by Telesat for what's called Fixed Satellite Services (FSS) - mainly broadcast TV and a host of communications services to remote communities in northern Canada. But these frequencies and antenna patterns are not what's used for mobile communications, nor does Canada have any satellite slots in other locations to provide global coverage which is kinda important for ships. Inmarsat on the other hand has the slots and frequency allocations to specialize in Mobile Satellite Services (MSS). They have a fleet of satellites located at various points around the Equator to give global coverage and the types of frequencies and coverage to provide mobile services to ships. Pretty much if you're operating a ship you're going to buy services from Inmarsat. More: Telesat and Inmarsat

Brian W.

Skyrim Jokes

Hey guys, I don't have any Skyrim jokes but do have an odd anecdote for you. While playing Skyrim and listening to the LSD, I've found that I _have_ to turn off the xbox kinect controls or else bad things happen. Apparently Matt's voice is finely tuned as a Weirding Word. I'll be merrily bopping around a character in a dungeon of some type when, all of a sudden, a dragon shout get kicked off and kills all attempts at stealth that I've been trying to muster. It's only Matt's voice that kicks off the shouts. Take that for what you will. John D.

Wrong questions being asked about security involvement in PMO/SDLC work

Hey guys, I'm listening to 0x15 and a question made in there really got in between my teeth. "Does making security part of the SDLC make the software more secure?" is the wrong question to be asking. Whether or not having risk evaluations or threat modeling part of the SDLC should be a concern but not the approach I've found work when I've introduced it into the SDLCs of which I've been involved. Let's break out of our security cliques for a moment and realize that ultimately many of use tell ourselves that what we do matters in order to justify the dissonance we have in our brains for putting up with the crap we do because we actually enjoy what we do, for the most part. By and large, we're not altruists. Having the guts to come out and say "Yeah, I know what I do for an organization rarely makes the world a better place, but gosh darn it I like/love what I do." can go a long way to asking the right questions to keep ourselves employed and pertinent to the business that pays us to do cool things. Once you get out of the "what I do is important, dammit" mindset, asking the following question better serves us as a whole. Does making security part of the SDLC/project/product make the business more money or save the business more money had it not been part of the SDLC/project/product as much as we're pushing? If you can justify the change, you can be relatively assured that someone in charge of playing with the moneys with listen. Phrasing the question that way also lends to promoting the idea to the money people that what they do is ultimately important and feeds their own dissonance hating mechanisms. John D. P.S. This approach has also saved me from the dreaded infosec burnout.

Creative Commons license: BY-NC-SA