Listen Now

Episode 0x75 10th Anniversary Special We should have something snappy here, but we're old and out of belt-onions Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Whats changed in infosec since we last talked? Coinbase highlighting the risk of centralizing a decentralized system Great podcast from Odd Lots - the ponzinomics of cryptocurrency New Vulnerability Database Catalogs Cloud Security Issues Data breach at US ambulance billing service Comstar exposed patients’ healthcare information Breaches   In Canada... largest breach settlement SCADA / Cyber, cyber... etc Wired knows shit. Deep fake remote IT job applicants DERP   Mailbag It's been a rough couple of years. We missed a lot. Some friends departed. How are y'all handling things? ~a long time listener Briefly -- NO ARGUING OR DISCUSSION ALLOWED I'm hiring Me too Risk Disconnect in the Cloud Supply chain Levels for Software Artifacts https://jobs.cisco.com/We're hiring at Cisco Closing Thoughts Seacrest Says: Dave qualifies for senior AARPdiscounts now   Creative Commons license: BY-NC-SA

Episode 0x74 Quarantine 2020 Edition All the late shows are doing the "I phoned in from home" why shouldn't we? Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary coronavirus insider trading fixing vulns at scale US authorities battle surge in coronavirus scams, from phishing to fake treatments Coronavirus Sets the Stage for Hacking Mayhem Breaches Princess Cruises Confirms Data Breach Rogers had a woopsie SCADA / Cyber, cyber... etc Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis DERP Stupid shit that vendors say due to Coronavirus (THIS) Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet What do you mean our RSS feed didn't update? What do you mean RSS is dead? Briefly -- NO ARGUING OR DISCUSSION ALLOWED cyentia 2020 information risk insights study On Making Work Less Remote: How the Heroku Team Works Together HBR has some thoughts on newly remote teams too automated reasoning about AWS security s3 thinger https://twitter.com/JSTOR/status/1240306471168028674?s=20Get bent JSTOR Closing Thoughts Seacrest Says: There's finally a word for what we do... On-nomi Creative Commons license: BY-NC-SA

Episode 0x73 Surprise! Happy Holidays Are you having a happy holiday? Listen to us and you'll have a happy holiday. Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Comparison of DNS resolvers  Stylish Norton Core Router Russian wessels messing with underwater internets  Submarine Cable Map Keeper Security learns about The Striesand Effect Russian hackers targeted more than 200 journalists globally Breaches Internet Hijacking Free Credit Monitoring from Nissan Finance Canada! SCADA / Cyber, cyber... etc VMWare has bugs. Who knew? DERP The person that thought we our recent fail panel was unprofessional Screenshot kernel patch Mailbag So... what about actually doing this podcast a little more often? Signed: The Internet Briefly -- NO ARGUING OR DISCUSSION ALLOWED Enpass Pineapple Fund Die Hard at the Theatre Magic Leap is real... ish Has no link. Closing Thoughts Seacrest Says: Where the fuck is Matt? Has anyone seen Matt?   Creative Commons license: BY-NC-SA

Episode 0x72 SPECIAL ELECTION EDITION Vote Dave... please? Upcoming this week... We yammer about stuff with no real direction or point. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: SCADA / Cyber, cyber... etc ETERNALBLUE was being used before wannacry DERP Hacking Mar-A-Largo... Kinda? Is this legal? Briefly -- NO ARGUING OR DISCUSSION ALLOWED https://securityheaders.io/ https://www.gofundme.com/crunch-medical-fund Liquidmatrix Products and Services - We do some stuff. Seriously. Advertising - pay the bills... Thinking about SecTor this November? Be sure to use the code "liquidmatrix2017" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2017expo" will get you in for $0 Seacrest Says: I can't even remember... something about Kelly. Closing Thoughts   Creative Commons license: BY-NC-SA

Episode 0x71 Um... We're back? I think it's called falling off the wagon. We did that. We should get back on the wagon. Why is it always a wagon? Upcoming this week... /dev/random And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: We totally forgot show-notes   Creative Commons license: BY-NC-SA

Samy Kamkar - PoisonTap - https://samy.pl/poisontap/ RCMP want an iphone unlocker - http://www.cbc.ca/news/investigates/police-power-privacy-encryption-1.3856375 Discussion paper - https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-scrt-grn-ppr-2016-bckgrndr/index-en.aspx

More Travels With Dave...

Reporting on the infosec implications of Walt Disney World... https://disneyworld.disney.go.com/ https://www.wired.com/2015/03/disney-magicband/ http://www.nytimes.com/1998/08/20/technology/roller-coasters-take-a-ride-from-wild-to-wired.html http://www.rockwellautomation.com/global/industries/entertainment/overview.page http://dsicontrols.com/amusement.html

Dave is actually alive. We have video proof.

No notes.

https://2016.pycon.ca/en/

Russian Hacker group responsible for DNC Hack is at it again - https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/ Russian banks getting hit back by DDoS Attack - https://themoscowtimes.com/news/ddos-attack-hits-russian-banks-56077

  Episode 0x70 Dave Doesn't Exist We've been unable to capture Dave on video yet despite turning out a absolutely epic amount of video material. We think it's because he doesn't actually exist. Do not even get me started on the hipster beard and hipster actor. Those two. Sigh. In any case... Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Surveillance of reporters has chilling effects Great series of articles from Rich Mogull on Cloud Security Your Cloud Consultant Probably Sucks How to Start Moving to Cloud Seven Steps to Secure Your AWS Root Account Breaches Github responsible disclosure haveibeenpwned - NSA edition (a written message from the Shadow Brokers) SCADA / Cyber, cyber... etc White hat Marai UK gov investing mucho Brexit dollars in cyber security DERP Don't do illegal searches of CPIC (especially if you're a police officer) Mailbag What's with google disclosing vulns without patches? (thanks to Ed) Briefly -- NO ARGUING OR DISCUSSION ALLOWED Macbook Pro review Ten Securosis Years Let's Encrypt Crowdfunding campaign Upcoming Appearances:  -- more gratuitous self-promotion Dave: - invading Sweden James: - VACATION! Ben: - still work Matt: - beard Wil: - hipster Other LSD Writers: - whaaaaaaa? Closing Thoughts Seacrest Says: Dave loves swedish meatballs Creative Commons license: BY-NC-SA

(Ben didn't do show notes)

MS16-137 - https://g-laurent.blogspot.ca/2016/11/ms16-137-lsass-remote-memory-corruption.html?m=1

Tesco was breached - https://www.google.ca/amp/www.bbc.co.uk/news/amp/37907441 The grugq on Security, Cyber, and Elections - https://medium.com/@thegrugq/security-cyber-and-elections-part-1-cd04de8ed125#.9dtgkxkut

http://www.mprnews.org/story/2016/11/07/npr-how-hostile-nation-could-disrupt-election  

Nobody knew what CSIS was up to - http://www.cbc.ca/beta/news/politics/what-you-need-to-know-about-csis-metadata-1.3837104

Matthew Keys is in jail for not giving up a source - http://arstechnica.com/tech-policy/2016/11/speaking-from-prison-incarcerated-reporter-maintains-innocence/ Go Secure botnet analysis - https://gosecure.net/2016/11/02/exposing-the-ego-market-the-cybercrime-performed-by-the-linux-moose-botnet/ Blackhat EU talks - https://www.blackhat.com/eu-16/ getting root on wemos - https://www.invincealabs.com/blog/tag/wemo/  

Quebec police spied on multiple journalists - https://www.engadget.com/2016/11/03/quebec-canada-cops-monitor-journalists/ Canadian intelligence agency gets hands slapped - http://www.cbc.ca/news/politics/csis-metadata-ruling-1.3835472 EMET EOL announced - https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/