The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.

The gang got together for one last show before the end of year hiatus to give talk about the year in review, and their predictions for the year to come. We'll be on hiatus until January, so have a safe holiday season, and we'll be back next year. If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_149.mp3
Category:podcasts -- posted at: 8:29pm EDT

It's a longer than normal episode with two great interviews.

First Martin talks with Jennifer Minella (@jjx) about the upcoming (ISC)2 elections and her experience being on the board for the past year.

Then Martin brings Dave Shackleford (@daveshackleford) on to talk about what it wrong with security cons today.

We'll be back next week!

Direct download: SFS_Podcast_-_Episode_148.mp3
Category:podcasts -- posted at: 7:11pm EDT

Tonight Martin, Steve, and Joseph tackled FUD, stolen medical data, and executive orders. Remember, if it says X number of Y, you should probably just move on. http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html Stolen Medical Data is Now Worth Something http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 A great step forward by the government?! http://www.csoonline.com/article/2835476/data-protection/obama-signs-executive-order-to-bolster-federal-credit-card-security.html There are also a lot of upcoming SecurityBSides events that you should check out here: http://www.securitybsides.com/w/page/12194156/FrontPage If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_147.mp3
Category:podcasts -- posted at: 8:05pm EDT

In case of breach, ask reporters for money? http://motherboard.vice.com/read/hacked-snapchat-website-demands-payment-bitcoin-to-talk-about-getting-hacked-snapsaved POODLE explained. Is this really what the future of vulnerability disclosure looks like? http://www.wired.com/2014/10/poodle-explained/ Rethinking the Security “Con” http://daveshackleford.com/?p=1063 If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_146.mp3
Category:podcasts -- posted at: 8:04pm EDT

Sorry for the delay in getting episodes out, folks.  Life...it happens.

Today's episode is two fantastic interviews.

First, Sparkles interviews Dave Kennedy (@hackingdave) at DerbyCon.

Next, Martin interviews Ally Miller (@selenakyle) on PCI, Chips, PINs, and other amazing stuff.

We'll be back to what passes for a normal schedule shortly.

Direct download: SFS_Podcast_-_Episode_145.mp3
Category:podcasts -- posted at: 7:34pm EDT

Episode 144 - The Ballad of Ricky Joe Tonight marked the return of Yvette back to the podcast, joining Martin, Andy, and Joseph to talk about what else but more Home Depot. http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/ http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ We also managed to fit in a great discussion on chip and pin and it's effectiveness here in the US. http://www.csoonline.com/article/2685514/data-protection/chip-and-pin-no-panacea-but-worth-the-effort-and-the-cost.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_144.mp3
Category:podcasts -- posted at: 8:28pm EDT


This week Andy made his triumphant return back to the show with Martin, Steve, and Joseph. They dove right back in on some of the recent breaches, as well as a discussion about how CISOs should respond when they find themselves in a "resume-generating event." "C-level security" http://www.businessweek.com/articles/2014-09-12/home-depot-didnt-encrypt-credit-card-data-former-workers-say What are the technical details behind the Home Depot breach? There's a lot of people looking into that. http://sub0day.com/2014/09/pos-hacks/ http://www.darkreading.com/home-depot-breach-may-not-be-related-to-blackpos-target/d/d-id/1315636 "Six stages of data breach denial" http://www.csoonline.com/article/2606174/infosec-careers/caught-in-the-breach-how-a-good-cso-confronts-inevitable-bad-news.html?nsdr=true Minecraft purchased by Microsoft, and Notch is leaving Mojang http://pastebin.com/raw.php?i=n1qTeikM If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Direct download: SFS_Podcast_-_Episode_143.mp3
Category:podcasts -- posted at: 8:37pm EDT

It kind of felt like Groundhog Day on the show this evening as Martin, Steve, and Joseph talked about some of the pressing stories that have come to light over the past week. Steve also gave some insight into discussion of breaches in the media. Home Depot has issued a statement confirming that they have been breached, and have posted a FAQ for the breach. http://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-about-the-home-depot-data-breach.html https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx A simple misconfiguration error led to a development server compromise for Healthcare.gov. http://www.csoonline.com/article/2602964/data-protection/configuration-errors-lead-to-healthcare-gov-breach.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_142.mp3
Category:podcasts -- posted at: 8:27pm EDT

Episode 141 - What's goin' on? Tonight Martin and Joseph tackled some of the breaking news of the week. Breaking news: Home Depot breached? http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ 'Celebgate' is upon us, apparently. http://www.theverge.com/2014/9/2/6098107/apple-denies-icloud-breach-celebrity-nude-photo-hack And according to Kaspersky, if we've done nothing wrong, we have nothing to fear. http://www.theregister.co.uk/2014/08/29/kaspersky_backpedals_on_done_nothing_wrong_nothing_to_fear_company_article/ If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Direct download: SFS_Podcast_-_Episode_141.mp3
Category:podcasts -- posted at: 8:19pm EDT

Tonight was an interesting news night for Martin, Steve, and Joseph. This was an episode filled with healthcare discussion. First, CHS Hacked via Heartbleed? https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/ http://www.sec.gov/Archives/edgar/data/1108109/000119312514312504/d776541d8k.htm Second, CMS refuses to reveal details on the security behind Healthcare.gov http://bigstory.ap.org/article/us-wont-reveal-records-health-website-security If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Direct download: SFS_Podcast_-_Episode_140.mp3
Category:podcasts -- posted at: 8:21pm EDT