The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.

Well, if the Mayans got it right this is gonna be the final episode of our three year run....but we're not holding our breath.

Andy and Martin talk about the Top 5 Stories of 2012 and share what they think 2013 will be "The Year of"...

Be sure to join Martin at Shmoocon in February for his talk on Bringing The Sexy Back to Defense In Depth...

Direct download: SFS_Podcast_-_Episode_94.mp3
Category:podcasts -- posted at: 8:55pm EST

Join Martin, James (@myrcurial) Arlen, and Alex (@alexhutton) Hutton as they record the final microcast from SecZone 2012....

We promise that no hackers or podcasters were injured during the recording of this podcast.

Direct download: Microcast_3_from_SecZone.mp3
Category:microcasts -- posted at: 4:13pm EST

Martin takes a few minutes to talk to Andy Ellis (known better to some as @csoandy), Chief Security Officer for Akamai and James Arlen (@myrcurial) to talk about their presentations coming up at SecZone 2012.  There's also a brief discussion of how the "Cabana Track" is working out here.

Direct download: SFS_Podcast_-_Cali_Microcast_2.mp3
Category:microcasts -- posted at: 7:13pm EST

Welcome to Cali!

Martin is attending and speaking at SecZone 2012 in Cali, Colombia this week.  In this first microcast we talk with Ed Rojas who is the organizer, chief host, and Main Man of SecZone.

The audio quality is not quite what we'd like it to be...we'll try to find quieter locations for future microcasts.

Direct download: SFS_Podcast_-_SecZone_Microcast_1.mp3
Category:microcasts -- posted at: 7:25am EST

This evening, Martin, Steve, Andy, and Joseph Tackled some stuff that just makes you say “duh.”

Starting off, we talked about the exciting Macy’s Thanksgiving Day Ticker Tape Parade, which unleashed confidential data upon unsuspecting parade watchers:

http://www.wpix.com/news/wpix-confidential-confetti-at-thanksgiving-parade,0,4718007.story

We went straight from there to a sticky topic that’s been making the rounds lately about AT&T:

http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/

To lighten the mood, we talked about some of Facebook’s recent decisions and how it’s affecting the greater Facebook population:

http://threatpost.com/en_us/blogs/facebook-proposes-eliminating-user-voting-system-privacy-changes-112112

http://www.wired.com/business/2012/11/facebook-copyright-hoax/

We also talked about good friend of the podcast Wendy Nather’s article on Threat Intelligence Hype:

http://www.darkreading.com/security-monitoring/blog/240142229/threat-intelligence-hype.html

And as a reference for those of you interested in the incident response report for South Carolina that we discusses a few weeks back, that’s available for public viewing now:

https://docs.google.com/viewer?url=http%3A%2F%2Fgovernor.sc.gov%2FDocuments%2FMANDIANT%2520Public%2520IR%2520Report%2520-%2520Department%2520of%2520Revenue%2520-%252011%252020%25202012.pdf

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_93.mp3
Category:podcasts -- posted at: 8:41pm EST

Martin, Andy, and Steve get together to talk about....

3 Ways (with 2 of them being decent and one a complete FAIL) To Get Execs to Listen About Risk....  (Summary: There is no ROI for Security....)

http://www.darkreading.com/risk-management/167901115/security/news/240012747/3-ways-to-get-executives-to-listen-about-risk.html

A typical article on Anon....with some good comments from Steve on OpVendetta

http://www.csoonline.com/article/720734/anonymous-protests-planned-over-government-surveillance

3 smart people and one chucklehead talk to George V. Hulme about BCP/DR when you are using The Cloud

http://searchcloudsecurity.techtarget.com/news/2240170168/Sandy-put-business-continuity-planning-in-spotlight

Direct download: SFS_Podcast_-_Episode_92.mp3
Category:podcasts -- posted at: 8:54pm EST

For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories.

First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012. 

Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson: http://www.securitybsides.com/w/page/28563447/BSidesDelaware http://www.securitybsides.com/w/page/40113672/BsidesPDX http://www.securitybsides.com/w/page/53447313/BSidesJackson

Then we jumped into our first story for the evening, the recent breach in South Carolina:

http://www.cbsnews.com/8301-505245_162-57542255/haley-taxpayer-info-didnt-need-to-be-encrypted/
http://www.reuters.com/article/2012/10/29/us-usa-cybersecurity-southcarolina-idUSBRE89S13T20121029

Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed:

http://www.wired.com/threatlevel/2012/10/barnes-and-noble-pos-hack/

From those, we transitioned into a discussion on Incident Response:
http://www.infosecisland.com/blogview/22470-Have-You-Added-Personas-to-your-Incident-Response-Program.html

As well as Mike Rothman's great article on security tradeoffs:

http://www.darkreading.com/blog/240010015/making-security-trade-offs.html

After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading:

http://www.darkreading.com/identity-and-access-management/167901114/security/news/240009630/7-costly-iam-mistakes.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_91.mp3
Category:podcasts -- posted at: 9:26pm EST

Martin recorded an interview with Matt and Chris talking about an open source project sponsored by SecureState to bring a pragmatic and usable risk framework to "the masses".

You can get more information on iRisk at:

http://community.securestate.com

More MAD Security minutes coming starting next episode!

Direct download: SFS_Podcast_-_Episode_90.mp3
Category:podcasts -- posted at: 5:29pm EST

This evening we had a special guest, the always lovely @securityintern, along with our regular crowd of misfits.

We wasted no time jumping straight in to our stories tonight, led off by good friend of the podcast, Wendy Nather's story on When Monitoring becomes a liability:

http://www.darkreading.com/security-monitoring/blog/240008609/when-monitoring-becomes-a-liability.html

We followed that up with an interesting article from Microsoft, discussing malware and software piracy:

http://blogs.technet.com/b/mmpc/archive/2012/10/09/sirv13-be-careful-where-you-go-looking-for-software-and-media-files.aspx

And last but not least, we dove into an article the likes of which only comes around every now and then. An article so special and full of wisdom that we had to bring it up:

http://www.csoonline.com/article/718462/top-8-things-csos-wish-they-had-a-solution-for

We close tonight with a brief interview with Martin's co-presenter at HouSecCon, Michelle Klinger.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_89.mp3
Category:podcasts -- posted at: 8:51pm EST

Martin got invited to speak (with the always fantastic Michelle Klinger) at HouSecCon 2012 (www.houstonseccon.com).  We take a couple of minutes to talk with Michael Farnum (@m1a1vet) about the conference.

Direct download: HouSecCon_2012_MicroCast.mp3
Category:podcasts -- posted at: 2:53pm EST