Liquidmatrix Security Digest Podcast

Hangzhou Xiongmai recalls IoT devices - http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS Comodo CA relies on broken OCR and issues certs incorrectly - https://bugzilla.mozilla.org/show_bug.cgi?id=1311713 Using Rowhammer on Android - http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/

Hyper scale defenses (https://youtu.be/90kxsEOSZQ8), scaring the Russians (http://www.cbc.ca/beta/news/technolog...) and rigged elections in the Philippines (http://thestandard.com.ph/mobile/arti...) -- turns out its very old news which popped up in my news feed and I can't read dates

Mini episode #4: crazy TLDs and DDoS on Dyn. https://twitter.com/kpyke/status/789156391726387200 https://www.dynstatus.com/incidents/5r9mppc1kb77 https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/amp/ https://youtu.be/90kxsEOSZQ8

Friday's episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks Yahoo! and Boards of Directors and Linux privilege escalation and Wikileaks and HE JUST KEEPS TALKING. 

The SECOND episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro talks data exfiltration.

In this first episode of the new Liquidmatrix Security Digest TV minis, Ben Sapiro walks you through SecTor 2016.

Episode 0x6E IT LIVES (Live from SecTor 2016) All five LSDP's in one room at the same time. It actually happened. Upcoming this week... Catching Up! And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: LIVE FROM SECTOR!!! Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Closing Thoughts Seacrest Says: Eventually we will return. Maybe. Creative Commons license: BY-NC-SA

Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Ag

Episode 0x6C I'm bringing Six Cee Back... Oh yeah, bad joke from the start. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary VirusTotal pitches a fit^Wethical stance Another attack against the SWIFT network but the attack was stopped althought SWIFT is now warning its members DERP/Cybers Honey... it may look like I'm looking at Pornhub but this midget porn is an essential part of my bug hunting SYMANTEC... this is not how you do malware analysis saf

Episode 0x6B SIX BEEEEEEEEEEEEE Ben, Wil, and Dave provide entertainment value that is also questionable. Upcoming this week... Lots of News Breaches? SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Facebook bug bounty hacker finds that he wasn't the first there (Tech details) (Trey's talk on sharing incident details) Jericho et. al run some numbers on the VZDBIR (Michael Roytman's response) There was irony, and then there was getting the message out I love Gooooold DERP/Cybers Brazilian ju

Episode 0x6A All about the VZ-DBIR Ok. Not completely weekly. And sorry Mom that we missed last week. We'll get it together. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Verizon's 2016 Data Breach Investigations Report How Hacking Team got hacked (with a detailed writeup from Phisher himself) U.K. official confirms surveillance bill would let cops force companies to decrypt data Katie Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147 Vulne

Episode 0x69 Still Weekly! Still difficult to get everyone together for a recording but damn, we're trying. Keep sending in your questions to mailbag@liquidmatrix.org and if you see one of us at a conference, ask nicely and we'll give you a sticker! PS: The Security Intern joins us tonight - sorry you all can't see her commentary on the rest of the Liquidmatrix crew. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Badlock Bug Site Get out your Sad Trombo

Episode 0x68 Weekly Monthly Somethignly At least a few of the boys are back to whine, bitch and moan. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whatsapp integrates whisper systems AXOLOTL here's a whitepaper (but they still collects the metadata) so stick with Signal if you don't like NSA Who Has Access - to unscrew your Google Drive mess. Medium article by CEO Panama papers: China censors online discussion DERP I ate the evidence Nest to permane

Episode 0x67 The One With The Stunt Double Hey, James here. The boys recorded this one without me and managed to really munge up the audio. My apologies. For what it's worth, this is what happens when Dave and Wil are in charge. Upcoming this week... Lots of News Breaches finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary FBI say "You don't need to know how we hacked you, because you're a dirty dirty pedo." December DNS Root attack get's curiouser and curiouser... Slick Heatmap of the traffic source analysis. Security and small

Episode 0x66 The One Where Ben and Jamie Aren't At RSAC So the rest of the gang are out playing in either San Fran or Calgary. You get what's left over - actual security professionals doing actual security work. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Pentagon Admits, Only a Bug Bounty Will Work US Companies Prefer China over Pentagon, Generals try Cybering Harder John McAfee doesn't computer Breaches Internet of Crap - now with Patriot Missile

Episode 0x65 Ben and Matt Screw Up HTML Thanks Matt-Dave, this is Ben-Jamie for episode 0x65 (82 for those of you not good with the hexa-ma-decimal) and we're down a bunch of peope tonight but that's okay because we're super committed (except Wil, he's doing who knows what somewhere). Tonight we've got a lot of news about vulns and then a brief stroll through the cybers, derps and mailbags before calling it a night. Hey Matt, what's in the news? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

Episode 0x64 FIVE Golden Digests... Yup, back again. Actually a thing. There's even some people here to talk to you about security things. And whining. Also, fuck you Skype. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Dridex Malware Platform installing Avira Let's encrypt has crossed 500K SANS Securing the Human Newsletters And use Gophish to test them out... Job hunting? White House seeking a CISO SCADA / Cyber, cyber... etc Obama gonna make it ra

Episode 0x63 May The Forth Be With You! Dave's here. Wil's here. Matt's here. Ben's here. I'm here. There's a guest (or two) HOLY CRAP IT'S A REGULARLY SCHEDULED LIQUIDMATRIX PODCAST. Also, Dave claims he's fixed the website - we'll see how that goes. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Lessons Learned from the Java Deserialization Bug ( Apache Nose Job that Ben mentioned - everything old is new again) Let's talk a bit about privacy on Tor B

Episode 0x62 The Return of Dave? Well, we weren't kidding folks. This is number 3 inside of a month. If you include the special "Blast From The Past" Episode 0x40 Live from SecTor 2014, that's FOUR episodes in a month. Wooooooooo. Now, time to talk security. But first, a moment for Abe. Upcoming this week... Lots of News SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Amazon Customer Service Backdoor Bug in Linux Kernel... Patch now The gory details from Perception Point ISO 27017: A New Standar

Episode 0x40 BLAST FROM THE PAST I lost this recording - sorry. But I found it so it's all good. Despite being more than a year old, the entire episode is relevant. Still. (Because InfoSec). Listen in as Dave, Ben, and James discuss the infosec job, career, education, professional development quagmire with a live audience interjecting with questions and non-canned laughter. Closing Thoughts Seacrest Says: Where we're going, we don't need roads... Creative Commons license: BY-NC-SA