The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.
For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories.

First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012. 

Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson: http://www.securitybsides.com/w/page/28563447/BSidesDelaware http://www.securitybsides.com/w/page/40113672/BsidesPDX http://www.securitybsides.com/w/page/53447313/BSidesJackson

Then we jumped into our first story for the evening, the recent breach in South Carolina:

http://www.cbsnews.com/8301-505245_162-57542255/haley-taxpayer-info-didnt-need-to-be-encrypted/
http://www.reuters.com/article/2012/10/29/us-usa-cybersecurity-southcarolina-idUSBRE89S13T20121029

Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed:

http://www.wired.com/threatlevel/2012/10/barnes-and-noble-pos-hack/

From those, we transitioned into a discussion on Incident Response:
http://www.infosecisland.com/blogview/22470-Have-You-Added-Personas-to-your-Incident-Response-Program.html

As well as Mike Rothman's great article on security tradeoffs:

http://www.darkreading.com/blog/240010015/making-security-trade-offs.html

After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading:

http://www.darkreading.com/identity-and-access-management/167901114/security/news/240009630/7-costly-iam-mistakes.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_91.mp3
Category:podcasts -- posted at: 9:26pm EDT

Martin recorded an interview with Matt and Chris talking about an open source project sponsored by SecureState to bring a pragmatic and usable risk framework to "the masses".

You can get more information on iRisk at:

http://community.securestate.com

More MAD Security minutes coming starting next episode!

Direct download: SFS_Podcast_-_Episode_90.mp3
Category:podcasts -- posted at: 5:29pm EDT

This evening we had a special guest, the always lovely @securityintern, along with our regular crowd of misfits.

We wasted no time jumping straight in to our stories tonight, led off by good friend of the podcast, Wendy Nather's story on When Monitoring becomes a liability:

http://www.darkreading.com/security-monitoring/blog/240008609/when-monitoring-becomes-a-liability.html

We followed that up with an interesting article from Microsoft, discussing malware and software piracy:

http://blogs.technet.com/b/mmpc/archive/2012/10/09/sirv13-be-careful-where-you-go-looking-for-software-and-media-files.aspx

And last but not least, we dove into an article the likes of which only comes around every now and then. An article so special and full of wisdom that we had to bring it up:

http://www.csoonline.com/article/718462/top-8-things-csos-wish-they-had-a-solution-for

We close tonight with a brief interview with Martin's co-presenter at HouSecCon, Michelle Klinger.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_89.mp3
Category:podcasts -- posted at: 8:51pm EDT

Martin got invited to speak (with the always fantastic Michelle Klinger) at HouSecCon 2012 (www.houstonseccon.com).  We take a couple of minutes to talk with Michael Farnum (@m1a1vet) about the conference.

Direct download: HouSecCon_2012_MicroCast.mp3
Category:podcasts -- posted at: 2:53pm EDT

Martin, Andy, Steve, and Yvette are together to talk about...

Hakin9 gets trolled...HARD.

http://www.theregister.co.uk/2012/10/05/hakin9_silliness/

City of Tulsa CiO - A Cautionary Tale

http://blogs.csoonline.com/security-leadership/2394/what-happened-tulsas-cio-could-happen-you

Anatomy of A Complete IT Failure and Meltdown

http://www.informationweek.com/security/attacks/exclusive-anatomy-of-a-brokerage-it-melt/240008569

Word of Warcraft....Think Of The Avatars!

http://arstechnica.com/gaming/2012/10/hack-temporarily-turns-wow-towns-into-piles-of-corpses/

Of course we have our MAD Security Minute and information from Jamie Arlen on how you can help Doing It Right Security...

doinginfosecright.com

Ten IT Ops use cases that will make you cringe...because you've probably lived them.

http://www.securityweek.com/security-not-just-external-dont-forget-other-security

Direct download: SFS_Podcast_-_Episode_88.mp3
Category:podcasts -- posted at: 9:19pm EDT