Liquidmatrix Security Digest Podcast

Episode 0x76 Ready for a surprise thing? Yup. We found spare time and did a thing. Here's the thing. You get to spend a whole lot of time listen to security old farts.   Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Rogers Outage - the CRTC letter and An analysis on the BGP route withdrawal Why Bug Bounty Programs are Failing CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks Breaches Yeah. You've been Shanghai'd - maybe? SCADA / Cyber, cyber... etc SCADA market to reach 13+ Billion in 4 years - will any of it be secure? Uber won't get prosecuted for their 2016 breach, but... DERP Oldie but goodie - Elon's plane being tracked is a security issue... and Drake tries to make it better and fails so miserably... derp. Mailbag You guys are not good at segways... or segues https://www.merriam-webster.com/dictionary/segue Briefly -- NO ARGUING OR DISCUSSION ALLOWED Awesome Security (tools and stuff) Samsung has a thing that sounds like a backdoor but actually isn't As Microsoft blocks Office macros, hackers find new attack vectors Closing Thoughts Seacrest Says: Seacrest says see you at band camp Creative Commons license: BY-NC-SA

Episode 0x75 10th Anniversary Special We should have something snappy here, but we're old and out of belt-onions Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whats changed in infosec since we last talked? Coinbase highlighting the risk of centralizing a decentralized system Great podcast from Odd Lots - the ponzinomics of cryptocurrency New Vulnerability Database Catalogs Cloud Security Issues Data breach at US ambulance billing service Comstar exposed patients’ healthcare information Breaches   In Canada... largest breach settlement SCADA / Cyber, cyber... etc Wired knows shit. Deep fake remote IT job applicants DERP   Mailbag It's been a rough couple of years. We missed a lot. Some friends departed. How are y'all handling things? ~a long time listener Briefly -- NO ARGUING OR DISCUSSION ALLOWED I'm hiring Me too Risk Disconnect in the Cloud Supply chain Levels for Software Artifacts https://jobs.cisco.com/We're hiring at Cisco Closing Thoughts Seacrest Says: Dave qualifies for senior AARPdiscounts now   Creative Commons license: BY-NC-SA

Episode 0x74 Quarantine 2020 Edition All the late shows are doing the "I phoned in from home" why shouldn't we? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary coronavirus insider trading fixing vulns at scale US authorities battle surge in coronavirus scams, from phishing to fake treatments Coronavirus Sets the Stage for Hacking Mayhem Breaches Princess Cruises Confirms Data Breach Rogers had a woopsie SCADA / Cyber, cyber... etc Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis DERP Stupid shit that vendors say due to Coronavirus (THIS) Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet What do you mean our RSS feed didn't update? What do you mean RSS is dead? Briefly -- NO ARGUING OR DISCUSSION ALLOWED cyentia 2020 information risk insights study On Making Work Less Remote: How the Heroku Team Works Together HBR has some thoughts on newly remote teams too automated reasoning about AWS security s3 thinger https://twitter.com/JSTOR/status/1240306471168028674?s=20Get bent JSTOR Closing Thoughts Seacrest Says: There's finally a word for what we do... On-nomi Creative Commons license: BY-NC-SA

Episode 0x73 Surprise! Happy Holidays Are you having a happy holiday? Listen to us and you'll have a happy holiday. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Comparison of DNS resolvers  Stylish Norton Core Router Russian wessels messing with underwater internets  Submarine Cable Map Keeper Security learns about The Striesand Effect Russian hackers targeted more than 200 journalists globally Breaches Internet Hijacking Free Credit Monitoring from Nissan Finance Canada! SCADA / Cyber, cyber... etc VMWare has bugs. Who knew? DERP The person that thought we our recent fail panel was unprofessional Screenshot kernel patch Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Enpass Pineapple Fund Die Hard at the Theatre Magic Leap is real... ish Has no link. Closing Thoughts Seacrest Says: Where the fuck is Matt? Has anyone seen Matt?   Creative Commons license: BY-NC-SA

Episode 0x72 SPECIAL ELECTION EDITION Vote Dave... please? Upcoming this week... We yammer about stuff with no real direction or point. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: SCADA / Cyber, cyber... etc ETERNALBLUE was being used before wannacry DERP Hacking Mar-A-Largo... Kinda? Is this legal? Briefly -- NO ARGUING OR DISCUSSION ALLOWED https://securityheaders.io/ https://www.gofundme.com/crunch-medical-fund Liquidmatrix Products and Services - We do some stuff. Seriously. Advertising - pay the bills... Thinking about SecTor this November? Be sure to use the code "liquidmatrix2017" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2017expo" will get you in for $0 Seacrest Says: I can't even remember... something about Kelly. Closing Thoughts   Creative Commons license: BY-NC-SA

Episode 0x71 Um... We're back? I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon? Upcoming this week... /dev/random And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: We totally forgot show-notes   Creative Commons license: BY-NC-SA

Samy Kamkar - PoisonTap - https://samy.pl/poisontap/ RCMP want an iphone unlocker - http://www.cbc.ca/news/investigates/police-power-privacy-encryption-1.3856375 Discussion paper - https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-scrt-grn-ppr-2016-bckgrndr/index-en.aspx

More Travels With Dave...

Reporting on the infosec implications of Walt Disney World... https://disneyworld.disney.go.com/ https://www.wired.com/2015/03/disney-magicband/ http://www.nytimes.com/1998/08/20/technology/roller-coasters-take-a-ride-from-wild-to-wired.html http://www.rockwellautomation.com/global/industries/entertainment/overview.page http://dsicontrols.com/amusement.html

Dave is actually alive. We have video proof.

No notes.

https://2016.pycon.ca/en/

Russian Hacker group responsible for DNC Hack is at it again - https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/ Russian banks getting hit back by DDoS Attack - https://themoscowtimes.com/news/ddos-attack-hits-russian-banks-56077

(Ben didn't do show notes)

MS16-137 - https://g-laurent.blogspot.ca/2016/11/ms16-137-lsass-remote-memory-corruption.html?m=1

Tesco was breached - https://www.google.ca/amp/www.bbc.co.uk/news/amp/37907441 The grugq on Security, Cyber, and Elections - https://medium.com/@thegrugq/security-cyber-and-elections-part-1-cd04de8ed125#.9dtgkxkut

http://www.mprnews.org/story/2016/11/07/npr-how-hostile-nation-could-disrupt-election  

Nobody knew what CSIS was up to - http://www.cbc.ca/beta/news/politics/what-you-need-to-know-about-csis-metadata-1.3837104

Matthew Keys is in jail for not giving up a source - http://arstechnica.com/tech-policy/2016/11/speaking-from-prison-incarcerated-reporter-maintains-innocence/ Go Secure botnet analysis - https://gosecure.net/2016/11/02/exposing-the-ego-market-the-cybercrime-performed-by-the-linux-moose-botnet/ Blackhat EU talks - https://www.blackhat.com/eu-16/ getting root on wemos - https://www.invincealabs.com/blog/tag/wemo/  

Quebec police spied on multiple journalists - https://www.engadget.com/2016/11/03/quebec-canada-cops-monitor-journalists/ Canadian intelligence agency gets hands slapped - http://www.cbc.ca/news/politics/csis-metadata-ruling-1.3835472 EMET EOL announced - https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/