Liquidmatrix Security Digest Podcast - Episode 12

Episode 12 -- These are the Daves I know I know

He claims it's not his fault he missed an episode...

Yes, we're still doing a podcast. Lots of you listen. It's kinda awesome. We promise to be more awesome in the future.

And tonight, let us regale you with tales of:

Lots of News Breaches SCADAs DERPs!!! …and then our discussion topic - IDS IS DEAD

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

News Capital One targeted in CYBERATTACKS HTML5 Full Screen API Attack Firefox 16 gets pulled (just like the goalie) - exploit follows in 24 hours Lone packet takes out SS7 networks FX beats up on Huawei at HITB Myrcurial Complains: These Kids Today High Court in the Philippines Suspends Contentious Internet Law Panetta Warns of Dire Threat of Cyberattack on US Breaches Northwest Florida State College - 300,000 Facebook - everyone on the internet!!!!!!! TD Bank (US - a subsidiary of TD Bank Canada) loses a tape IN MARCH!!!! - 260,000 records Nationwide Address book Android app - 760,000 via @WeldPond The SCADAs LittleBlackBox is a collection of thousands of private SSL and SSH keys extracted from various embedded devices. Thanks @lmacvittie What is Critical Infrastructure? A long twitter conversation on 2012-10-12 about the REAL rule-of-thumb criteria for what makes something critical infrastructure or not. Errata DERP of the week award: Samer Bishay said. “Network security lies ultimately with the service provider. So, if you can control your network well, then I don't see how any outside force could really override these controls.” (h/t @taosecurity) Commentary Foot In The Door - IDS IS DEAD I can't even come up with notes. Just listen. Hardcore - EXCEPT IT ISN'T See above. Mailbag / Bizarro Land In Closing Matt reviews “Trouble with the Curve” - was there any infosec in it, nope, ok then We do research too - Ben's running a survey and will publish results. Check it out! The Security Conference Library -- is a copy of the conferences amassed by @helpmerob and we’re adding more. If you’ve got pix/pdfs/slides/code/video of a security conference and you want to add to an attempt at the largest/bestest/least dickish security conference library -- send us a note (mailbag) and we’ll take your bits and file them. (NOTE: much is stored at http://myrcurial.com/conferences but you can totally trust that guy) If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca A moment of silence for Amanda Todd, sadly a victim to online bullying Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. Upcoming Appearances: James at COUNTERMEASURE 2012 in Ottawa, Matt at AppSecUSA in TEXAS, Ben and Dave at HackFest in Quebec City, James at SecurityZone in Cali, Colombia The Seacrest says “Oh My G-d, I’m falllllling, why won’t this parachute open!?!?"

Creative Commons license: BY-NC-SA