Episode 0x1B -- Happy New Year, Start Yer Complaining NOW!
That's audio episode 28 out of us - not too bad to start off the new year.
PITHY COMMENTARY
Upcoming this week...
Lots of News Breaches The SCADAs/ICS and Cyber DERPs!!! and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it)And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
News Privacy czar tries to find web surveillance bill solution Los Alamos nuclear weapons lab removes Chinese tech over spying concerns Facebook bug: Reset anybody's password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your "friends" Rails Fail Whale (Sail, Mail, Hail) ..and boom Software maker faces jail for other people using his software malware author on sploit buying spree Another "WE HACKED YOUR FULL DISC ENCRYPTION" by having physical access to the device. No shit. Really? Same as in 2005 people - never sleep a FDE machine, always hibernate or poweroff. From NYTimes - "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt" Really? No shit. Hmmm. I hadn't thought of that. (h/t Securosis) Breaches - The never ending never ending story... Raj Musicals - 12000 SCMagazine (@SCMagazine) 2012-12-23 9:25 Here's a list of the top 8 breaches that took place in 2012. wiki.debian.org security breach Hacker at public works goes unnoticed Army says hacker got Fort Monmouth personal info The SCADAs/ICS and Cyber Industrial Control Systems Faced Nearly 200 Attacks: DHS Building a 21st Century Cyber Workforce Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs Secret Plan Aims to Defend Power Grid (Perfect Citizen) PDF LINK - Canada's National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond) CMaaS - Continuous Monitoring as a Service. WTF. ProfiNet fuzzer developed 29C3: SCADA Strangelove - an ICS talk with the wrong name on it. Good nonetheless Mailbag / Bizarro Land Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? - Mike, SC Briefly - NO ARGUING OR DISCUSSION ALLOWED 20+ best FREE security tools Yahoo DOM XSS Top 10 web hacking technique vote - 2012 Honeydrive! An off premise browser NTLM Challenge Response is completely broken A couple of University of Washington courses on Coursera - If I was carrying fewer courses this semester, I'd be on these two.If you're a grandfathered CRISC, you might want to take these to fulfill your CPE's for 2013! Information Security and Risk Management in Context and Building an Information Risk Management Toolkit From BSI - PAS555: Cyber Security Risk - Governance and Management Specification OSINT Tools - Recommendations from Subliminal Hacking Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don't know how I missed this on kickstarter. MIght just order one anyways. The Slow Data Movement The Process Myth And lastly... WTF. Eugene is #8 on Wired's list of the most dangerous people in the world? Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing Movie Review not a movie, but go read Wool and it's prequels Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And big news for next week, but it's still a secret. Seacrest Says: "INSERT SEACREST COMMENT HERE"Creative Commons license: BY-NC-SA