Description

Episode 0x6A

All about the VZ-DBIR

Ok. Not completely weekly. And sorry Mom that we missed last
week. We'll get it together.

Upcoming this week...

1. Lots of News
2. Breaches
3. SCADA / Cyber, cyber... etc.
4. finishing it off with DERPs/Mailbag (or Deep Dive)
5. And there are weekly Briefs - no arguing or discussion
   allowed

And if you've got commentary, please sent it to
mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may
want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear,
this is the story of 5 opinionated infosec pros who have sufficient
opinions of their own they don't need to speak for anyone except
themselves. Ok? Good.

In this episode:

• News and Commentary
• 1. "http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/insiders/">Verizon's
     2016 Data Breach Investigations Report
  2. "http://arstechnica.com/security/2016/04/how-hacking-team-got-hacked-phineas-phisher/">How
     Hacking Team got hacked "http://pastebin.com/raw/0SNSvyjJ">(with a detailed writeup from
     Phisher himself)
  3. "http://www.dailydot.com/politics/encryption-uk-investigatory-powers-bill-nca-director-backdoors/">U.K.
     official confirms surveillance bill would let cops force companies
     to decrypt data
  4. "https://threatpost.com/the-time-has-come-to-hack-the-planet/117419/">Katie
     Seeks Advice... I mean... #insidejoke Download ISO/IEC 29147
     Vulnerability Disclosure
  5. "https://securosis.com/blog/how-imessage-distributes-security-to-block-phantom-devices">How
     iMessage distributes security to block "phantom devices"
• Breaches
• 1. "https://www.troyhunt.com/when-nation-is-hacked-understanding/">Philipines
     got hacked... yes, a whole country "http://www.rappler.com/nation/politics/elections/2016/130252-suspected-hacker-comelec-website-nabbed">
     ... by a 23 year old student
  2. "http://www.ibtimes.co.uk/mexico-election-hack-political-party-behind-leak-93-4-million-voter-records-1556608">
     ... and Mexico
  3. A
     Bangladeshi bank got popped for (almost) a billion "http://arstechnica.com/security/2016/04/billion-dollar-bangladesh-hack-swift-software-hacked-no-firewalls-10-switches/">
     (more analysis) "http://baesystemsai.blogspot.ca/2016/04/two-bytes-to-951m.html">(technical
     analysis)
• SCADA / Cyber, cyber... etc
• 1. "http://www.reuters.com/article/us-uber-tech-data-idUSKCN0X91R5">UBER
     META DATA US or something like that (Uber says gave U.S. agencies
     data on more than 12 million users)
  2. "http://gizmodo.com/the-us-is-dropping-cyberbombs-on-isis-1772814625">
     US Special Forces Are 'Dropping Cyberbombs' on ISIS
• DERP
• 1. "http://www.theregister.co.uk/2016/04/20/four_hundred_meelion_vulnerable_androids_out_there/">
     Four hundred MILLION vulnerable Androids are out there
  2. "http://www.theverge.com/2016/4/14/11431944/microsoft-sues-justice-department-cloud-gag-orders">
     Microsoft sues US government over 'unconstitutional' cloud data
     searches
  3. "https://www.washingtonpost.com/news/post-nation/wp/2016/04/21/the-fbi-paid-more-than-1-million-to-crack-the-san-bernardino-iphone/">
     The FBI paid more than $1 million to crack the San Bernardino
     iPhone
  4. "http://m.nextgov.com/emerging-tech/emerging-tech-blog/2016/04/because-technology-future-presidents-might-have-be-groomed-birth/127770/">
     Jeff Moss talks about grooming presidents
• Mailbag
• 1. Making security a big "P" Profession
• Briefly -- NO ARGUING OR DISCUSSION ALLOWED
• 1. Sadlock
     Bug
  2. "https://twitter.com/dcept905/status/721047060678455297">Listen to
     Paul @dcept905 when he says interesting things on Twitter
  3. DevOps Days
     Austin
  4. "https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide">Setting
     up a home malware lab
  5. Spy Chief Complains That Edward Snowden Sped Up
     Spread of Encryption by 7 Years
• Upcoming Appearances:  -- more gratuitous
  self-promotion
• 1. Dave: - Interop, RMISC,
     HackMiami, NolaCon, SecurityFest, InfosecurityEU,
     CircleCityCon
  2. James: - Not much until Vegas...
     As far as I know.
  3. Ben: - A Cyber Insurance
     conference. Listening. yes... really
  4. Matt: - DevOps Days Austin, DFIR
     Summit, Vegas
  5. Wil: - CBC Calgary
  6. Other LSD Writers: - Shrug,
     Dunno.
• Liquidmatrix Products and Services - We do some
  stuff. Seriously.
• 1. LSDP-Rawfeed - where
     LSDP stories get posted (except Matt... and Dave... and Ben... and
     Wil)
• Advertising - pay the bills...
• 1. Thinking about SecTor this
     October? Be sure to use the code "liquidmatrix2016" and save 10%
     off the registration fee! Or if you've just got time to cruise the
     SecTor Expo Hall, the code
     "liquidmatrix2016expo" will get you in for $0
• Closing Thoughts
• 1. Seacrest Says: Hey Ergodan - watch this you despotic little
     arsehole "https://www.youtube.com/watch?v=DRcWB2e0ZBk">this

Creative Commons license:
BY-NC-SA