The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.

Episode 151 -  

 

Tonight, the gang dodged the snow for long enough to talk about some of the stories that have come out in the past week or two.

 

Can we finally quantify risk?

http://www.csoonline.com/article/2874171/data-protection/new-framework-helps-companies-quantify-risk.html

 

Security budgets seem to be on the rise according to Ponemon:

http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714?

 

Filed under "Duh..."

http://www.infosecisland.com/blogview/24236-Fear-Hackers-First-Invest-in-an-IT-Security-Culture-Change.html

 

There are lots of potential changes to the CFAA, what can you do?

http://www.csoonline.com/article/2873537/security-industry/post-state-of-the-union-reaction-to-proposed-legislation-remains-mixed.html

 

https://medium.com/message/we-should-all-step-back-from-security-journalism-e474cd67e2fa

 

https://community.rapid7.com/community/infosec/blog/2015/01/26/how-do-we-de-criminalize-security-research-aka-what-s-next-for-the-cfaa

 

Public Service Announcement:

BSidesLV's awesome Proving Grounds track is looking for speakers: http://www.securitybsides.com/w/page/89943218/BSidesLV2015

CircleCityCon's CFP is open: https://circlecitycon.com/

BSidesCharm is looking for sponsors: http://www.securitybsides.com/w/page/80637041/BSidesCharm2015

 

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_151.mp3
Category:podcasts -- posted at: 8:35pm EST

Episode 150 - Not Quite Explicit The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we're not tackling Sony in this episode, but there was still plenty to discuss. Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels. http://windowsitpro.com/security/microsoft-ends-advanced-patch-notification-service-and-slams-google-early-warning-policy Microsoft and Google are starting up the disclosure discussion all over again. http://blog.erratasec.com/2015/01/a-call-for-better-vulnerability-response.html http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html Surprise surprise, politicians are calling for regulation of technology. http://www.nytimes.com/2015/01/12/us/politics/obama-to-call-for-laws-covering-data-hacking-and-student-privacy.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_150.mp3
Category:podcasts -- posted at: 8:21pm EST