Liquidmatrix Security Digest Podcast - Episode 3A

Episode 0x3A

We Can Do Better

Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along...

Upcoming this week...

Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

News and Commentary Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets. Mandiant gets bought by FireEye Infographic: New ISO 27001:2013 - What Has Changed? Find security flaw, go to jail? Breaches Former TIAA-CREF Worker Gets 6 Years for Selling IDs OpenSSL Defacement - Not a Hypervisor Thing Riverside Health System 4-year-long HIPAA Breach Thank Goodness for the NSA! - a fable Yahoo infects people with Malware and makes the bitcoin SCADA / Cyber, cyber... etc Several European manufacturers spawn NSA-proof Android “cryptophones” NSA denials DERP UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services Mailbag We receive some of the most batcrap crazy emails here at LSD. What's the right response to people who don't just have a tinfoil hat, but are opting for the full ensemble? Dear Mailbag

I'm thinking about not speaking at RSA because of the NSAs, what do you think?

Hugs

Mikko H. (not the other Mikko guy) Briefly -- NO ARGUING OR DISCUSSION ALLOWED Crypto Hardening guide for Sysadmins Penetration Testing Lab Contents Mindmap sigcheck now with Virus total Wordpress plugin exploit data Skipfish Scanner Used In Financial Sector Attacks Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances:  -- more gratuitous self-promotion Dave: - Shmoocon, SOURCE, Infosec EU, BSides London, HITB EU, Secure360, FIRST... James: - At Shmoocon (with a cool surprise), then RSA (sad trombone) Ben: - N/A Matt: - behind the beard Wil: - Gave up, is a car dealer now Other LSD Writers: - huh? Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with "Liquidmatrix_5" Closing Thoughts Seacrest Says: My Voice Is My Passport, Verify Me

Creative Commons license: BY-NC-SA