Mon, 29 January 2018
Episode 202 - Evaluating Your Security Program: Awareness & Education
|
Tue, 12 September 2017
Episode 200 - Building A Security Strategy - Part III
|
Wed, 9 August 2017
Episode 199 - Building A Security Strategy - Part II
|
Fri, 23 June 2017
Episode 198 – Building a Security Strategy – Part 1
Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach…
In our next episodes we’ll break down each of the steps and talk more about strategy… |
Wed, 7 June 2017
Episode 197 - After the Penetration Test We've kind of talked about how to choose your vendors, and we’ll get more into services soon, but we wanted to take some time to talk about penetration tests and especially what to do as they wrap up, how they affect the organization, and how you can manage your penetration tests to make sure they're actually effective.
|
Wed, 24 May 2017
SFS Podcast - Episode 196
Wannacry: Woulda, Coulda, Shoulda First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/
|
Wed, 10 May 2017
Episode 195 - Annual Policy Review - Making It Worthwhile
More Notes
|
Wed, 26 April 2017
Evaluating Security Product Vendors
In light of recent news about “Vendors Behaving Badly” we want to talk about how a security professional should evaluate vendors and their products.
Recent News: Tanium exposed hospital’s IT while using its network in sales demos: https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/ Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance: https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/
|
Thu, 13 April 2017
Tonight's episode is all about those learning moments. CISOs and security orgs find new and interesting way to screw up all the time. Leaving that Any-Any rule in place on the new firewall… Disabling the CEOs account by accident… Not realizing that Shadow IT had just installed a new egress point…
|
Wed, 15 March 2017
Today's Topic: Security Waste - Buying new tools without maximizing use of current tool set It’s not just a security problem but we often add to our arsenal without fully (or even mostly) utilizing the tools that we do have. Problems associated with this are:
How do we work through this when you’re not the decision maker?
How do we work with our vendors to ensure that we are leveraging their tools without over dependence on one tool or vendor? |
Mon, 6 June 2016
Guillaume’s last visit to the show: Episode 167 WWDC 2016 Security Rumors and Wishes Wishlist Reduced Annoyances and Increased Security on iOS Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. And if you’ve found our Facebook page, we’re sorry. We’re going to fix that up.
|
Wed, 18 May 2016
This evening, Martin sat down with Patrick Heim from Dropbox. Enjoy the interview, and the gang will be back next episode. |
Mon, 9 May 2016
The 2016 DBIR Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter.
|
Mon, 18 April 2016
This evening, Martin, Steve, and Joseph talk about overhyped vulnerabilities, and how that affects communication with the business. Badlock’s Site Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. And if you’ve found our Facebook page, we’re sorry. We’re going to fix that up. |
Mon, 4 April 2016
Tonight, Martin and Joseph sit down and talk about communicating cautionary tales without turning them into FUD. US-CERT advisory on ransomware Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. And if you’ve found our Facebook page, we’re sorry. We’re going to fix that up. |
Tue, 22 March 2016
InfoSec programs without money are like cereal but no milk, peanut butter but no jelly, Milli but no Vanilli… (Get over it, I’m old - Martin) Martin is doing a talk on “The ABCs of Getting Your InfoSec Program Funded” and we’re going to discuss how this works in the real world at all of the different levels. Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. And if you’ve found our Facebook page, we’re sorry. We’re going to fix that up. |
Mon, 7 March 2016
Episode 175 - RSAC Wrapup and More... Congrats to Risky Business for winning this year’s podcast of the year! RSA: Fear and loathing at RSA: Hacking, security and the limits of protection | TechCrunch Spear Phishing: What Happens When You Dare Expert Hackers to Hack You Backdoors: Transmission Infected with KeRanger Ransomware – MacStories Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 15 February 2016
We’ve been nominated for the 2016 Security Blogger Awards! Topic: Threat Intel Norse Corp disappears shortly after CEO is asked to step down Digital Shadows announces 14 million series B fund raising Mind Over Matter: The Importance of Intelligence in Your Threat Program - “When it comes down to it, you can’t outsource your business risk management strategy.” Threat Intelligence Indicators are not Signatures // InfoSec Zanshin Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 1 February 2016
We’ve been nominated for the 2016 Security Blogger Awards! Topic: Vendor Relationships Trend Micro AV gave any website command-line access to Windows PCs Google security researcher excoriates TrendMicro for critical AV defects Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 18 January 2016
Topic: Security Awareness Some people think it's a waste of time: Why you shouldn’t train employees for security awareness But, that said, it's a requirement for government agencies and regulated industries: HHS Security Awareness and Training Requirements Privacy and Security Training requirements for multiple regulations DISCUSSION & OPINION: Is Security Awareness worth the time? If you have to do it, make it better: Find us on Twitter: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 16 November 2015
Tonight, Martin, Joseph, Steve, and Andy got together and went over how their 2015 predictions went, and laid out what their predictions were for 2016. The gang is on break from now until the new year, happy holidays! |
Mon, 9 November 2015
Check for signs of the apocalypse, everyone was here tonight... Comcast resets nearly 200,000 passwords In the era of GPS, Naval Academy revives celestial navigation How Carders Can Use eBay as a Virtual ATM What Flu Season Can Teach Us About Fighting Cyberattacks Find us on Twitter: |
Mon, 26 October 2015
This week, Andy's back! The FBI's Advice on Ransomware? Just Pay The Ransom Find us on Twitter: |
Mon, 12 October 2015
Tonight, Steve and Joseph talked password managers and consumer reports for cybersecurity. Troy Hunt's article on switching from LastPass Websites, Please Stop Blocking Password Managers. It's 2015 Mudge's Consumer Cyber Reports Find us on Twitter: |
Tue, 29 September 2015
This week, Joseph and Guillaume Ross talked content blockers, phishing consequences, and home network monitoring. Accidental Tech Podcast Episode 136 FireEye: Forbes.com served malicious ads to visitors | CSO Online Ad Blocking, Ad Networks, & Your IP Address DHS infosec chief: We should pull clearance of feds who fail phish test | Ars Technica Cujo Is a Smart-Home Device That Protects Against Hacks | Digital Trends Find us on Twitter: |
Mon, 14 September 2015
This week Martin and Joseph sat down and talked about stress, burnout, and why Martin took a break for a while. |
Mon, 31 August 2015
|
Mon, 17 August 2015
This week's show notes: Vegas: Oracle's CSO makes a questionable publishing decision Where you can find us: |
Mon, 3 August 2015
No full episode this week thanks to Security Summer Camp, but Martin got to sit down and chat with good friend of the podcast Wendy Nather. We'll be back soon! |
Tue, 21 July 2015
Life is Short. For some it may get shorter? Archuleta is out at OPM: Who didn't see that one coming? If you look for breaches, you might find them. Darkode Shutdown: Former FireEye Intern Accused Of Creating $65,000 Android Malware - Forbes BREAKING: UCLA Health breach hits data of 4.5M - Modern Healthcare |
Mon, 6 July 2015
Tonight, Joseph and Steve tackled the Hacking Team breach: why it's interesting, what's happening, and some of the data that's come out so far.
Find us on Twitter:
|
Tue, 23 June 2015
This episode, the gang was joined by Chris Burton (@cyberhiker) to talk about the OPM breach. OPM - The Breach that Keeps on Giving: Second OPM Hack Exposed Information About Military, Intelligence Workers - Defense One Report: Hack of government employee records discovered by product demo | Ars Technica Carnal0wnage Attack Research Blog: Hard to Sprint When You Have Two Broken Legs Data hacked from U.S. government dates back to 1985: U.S. official | Reuters Brief: 4 million federal employees affected by data breach at OPM | CSO Online Find us on Twitter: @SFSPodcast
|
Tue, 9 June 2015
The show notes for this episode have some screenshots, see the website for the full notes: http://www.southernfriedsecurity.com/apple-and-privacy-with-guillaume-ross/ Find us on Twitter:
Direct download: Apple_and_Privacy_with_Guillaume_Ross.mp3
Category:podcasts -- posted at: 12:07pm EDT |
Tue, 2 June 2015
This week Steve and Joseph were joined by a guest from America's hat: Guillaume Ross.
The IRS and PII as verification: Security checks that rely on PII put businesses and consumers at risk | CSO Online http://www.csoonline.com/article/2927652/data-protection/security-checks-that-rely-on-pii-put-businesses-and-consumers-at-risk.html If you're not paying for the service, you're probably the product:
Hola VPN client vulnerabilities put millions of users at risk | CSO Online
Facebook Uses PGP Official announcement: https://threatpost.com/facebook-bolsters-message-security-adds-openpgp/113079
Find us on Twitter: |
Mon, 18 May 2015
Joseph and Steve were joined by a special guest tonight, Mr. Kevin Riggins. They tackled mafia-style shakedowns, vulnerabilities in medical equipment, and “stunt hacking.”
"Breach" Extortion: http://money.cnn.com/2015/05/07/technology/tiversa-labmd-ftc/index.html
ICS-CERT issues advisory for medical equipment for the first time: https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01A http://hextechsecurity.com/?p=123
"Stunt Hacking": http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ http://idoneous-security.blogspot.com/2015/05/lessons-in-grown-up-security.html http://carnal0wnage.attackresearch.com/2015/05/normal-0-false-false-false-en-us-x-none.html
Find us on Twitter:
|
Mon, 4 May 2015
This week, Joseph and Steve talked about what these "six hacker tribes" are, and the recent rise of some accountability in security in both the government and the private sector. "The Six Hacker Tribes" “Accountability in Security” on multiple fronts: And if you have any feedback, questions, or comments, find us at @SFSPodcast on Twitter. |
Wed, 29 April 2015
The gang is back with some cast changes. Martin will be taking a break for a while, so Joseph will be hosting for the next while. This week, we talked Wordpress, Steve's experiences at RSAC, and this year's DBIR: Wordpress: RSAC: RSAC 2015: RSA Conference (Day 2): http://www.csoonline.com/article/2912475/security-awareness/rsac-2015-rsa-conference-day-2.html RSAC 2015: RSA Conference (Day 3): http://www.csoonline.com/article/2912411/data-protection/rsac-2015-rsa-conference-day-3.html Defcon/BH Attendance: http://venturebeat.com/2014/08/12/black-hat-and-defcon-see-record-attendance-and-thats-not-even-counting-the-spies/ The DBIR: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 16 March 2015
Episode 156 - Sad Panda Martin, Steve, and Joseph got on tonight to talk about clickbait-that-wasn't, AV eating itself, and 6 ways the Sony breach didn't actually change everything. A great slideshow article from friend of the podcast Michael Santarcangelo http://www.csoonline.com/article/2895341/security-leadership/8-steps-successful-security-leaders-follow-to-drive-improvement.html A bad, bad day for Panda AV http://www.infosecurity-magazine.com/news/panda-labs-detects-itself-as/ http://redd.it/2yofpo "6 Ways The Sony Hack Changes Everything" http://www.darkreading.com/risk/6-ways-the-sony-hack-changes-everything-/a/d-id/1319415 And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 9 March 2015
The Show Notes
Opening Music
BSides Atlanta
Stories:
It’s hard to find infosec folks… http://www.csoonline.com/article/2894377/infosec-staffing/shortage-of-security-pros-worsens.html
http://www.zdnet.com/article/how-infosec-hiring-lost-its-way-harsh-findings-in-leviathan-report/
The number of things wrong with the editorial are immense… We read it so you don’t have to….
Anthem declines post-breach audit from regulators… https://threatpost.com/anthem-refusing-oig-security-audit-following-breach/111476
www.SouthernFriedSecurity.com |
Mon, 2 March 2015
Martin & Steve get a change to talk to Rob Fuller (@mubix) about his ideas on Open Source Architecture. It's a great conversation where you can see the idea grow in front of your own ears!
The link to the Open Source Architecture group is:
https://groups.google.com/forum/#!forum/ossag
Remember BSidesATL and BSidesLV! |
Mon, 16 February 2015
Episode 153 - Internet Veapon The gang braved the snow to get a show together tonight, here's what they covered: $17 mill-yun dollars scammed from Omaha company… A cautionary tale on business process controls... http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html You get an attribution! And you get an attribution! You all get attributions! https://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080 Feds want more threat info from private companies. Is this the way to go? http://www.wired.com/2015/02/president-obama-signs-order-encourage-sharing-cyber-threat-information/ Join us next week for episode 1784 of the continuing special “Responsible Disclosure!” http://www.infosecurity-magazine.com/news/google-blinks-first-with-project/ PSAs: BSidesATL 2015 CFP is open http://www.securitybsides.com/w/page/92311122/BSidesATL2015 BSidesLV 2015 CFP and Call for Mentors is open as well http://www.bsideslv.org/ And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |
Mon, 9 February 2015
SFS Podcast Run Sheet for 2/9/15 - Episode 152
The Stories
Anthem…. a megabreach if ever we've seen one...
With the end of Microsoft’s Trusted Computing Group has the overall security posture of products taken a hit? Anecdotes say...maybe.
http://www.itproportal.com/2015/02/02/microsofts-new-ios-outlook-app-serious-security-flaws/
BSides Vegas PSA
Security Model is Broken. In other news, water is wet, and if you stop breathing, you may die.
http://www.scmagazine.com/the-security-model-is-broken/article/393033/
A vendor sponsored survey is slanted so that the “biggest problem” is likely fixed by the sponsor? NO WAY!!
|
Mon, 26 January 2015
Episode 151 -
Tonight, the gang dodged the snow for long enough to talk about some of the stories that have come out in the past week or two.
Can we finally quantify risk? http://www.csoonline.com/article/2874171/data-protection/new-framework-helps-companies-quantify-risk.html
Security budgets seem to be on the rise according to Ponemon: http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714?
Filed under "Duh..." http://www.infosecisland.com/blogview/24236-Fear-Hackers-First-Invest-in-an-IT-Security-Culture-Change.html
There are lots of potential changes to the CFAA, what can you do? http://www.csoonline.com/article/2873537/security-industry/post-state-of-the-union-reaction-to-proposed-legislation-remains-mixed.html
https://medium.com/message/we-should-all-step-back-from-security-journalism-e474cd67e2fa
https://community.rapid7.com/community/infosec/blog/2015/01/26/how-do-we-de-criminalize-security-research-aka-what-s-next-for-the-cfaa
Public Service Announcement: BSidesLV's awesome Proving Grounds track is looking for speakers: http://www.securitybsides.com/w/page/89943218/BSidesLV2015 CircleCityCon's CFP is open: https://circlecitycon.com/ BSidesCharm is looking for sponsors: http://www.securitybsides.com/w/page/80637041/BSidesCharm2015
And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |
Mon, 12 January 2015
Episode 150 - Not Quite Explicit The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we're not tackling Sony in this episode, but there was still plenty to discuss. Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels. http://windowsitpro.com/security/microsoft-ends-advanced-patch-notification-service-and-slams-google-early-warning-policy Microsoft and Google are starting up the disclosure discussion all over again. http://blog.erratasec.com/2015/01/a-call-for-better-vulnerability-response.html http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html Surprise surprise, politicians are calling for regulation of technology. http://www.nytimes.com/2015/01/12/us/politics/obama-to-call-for-laws-covering-data-hacking-and-student-privacy.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |
Mon, 10 November 2014
The gang got together for one last show before the end of year hiatus to give talk about the year in review, and their predictions for the year to come. We'll be on hiatus until January, so have a safe holiday season, and we'll be back next year. If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 3 November 2014
It's a longer than normal episode with two great interviews. First Martin talks with Jennifer Minella (@jjx) about the upcoming (ISC)2 elections and her experience being on the board for the past year. Then Martin brings Dave Shackleford (@daveshackleford) on to talk about what it wrong with security cons today. We'll be back next week! |
Mon, 20 October 2014
Tonight Martin, Steve, and Joseph tackled FUD, stolen medical data, and executive orders. Remember, if it says X number of Y, you should probably just move on. http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html Stolen Medical Data is Now Worth Something http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 A great step forward by the government?! http://www.csoonline.com/article/2835476/data-protection/obama-signs-executive-order-to-bolster-federal-credit-card-security.html There are also a lot of upcoming SecurityBSides events that you should check out here: http://www.securitybsides.com/w/page/12194156/FrontPage If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Wed, 15 October 2014
In case of breach, ask reporters for money? http://motherboard.vice.com/read/hacked-snapchat-website-demands-payment-bitcoin-to-talk-about-getting-hacked-snapsaved POODLE explained. Is this really what the future of vulnerability disclosure looks like? http://www.wired.com/2014/10/poodle-explained/ Rethinking the Security “Con” http://daveshackleford.com/?p=1063 If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Tue, 7 October 2014
Sorry for the delay in getting episodes out, folks. Life...it happens. Today's episode is two fantastic interviews. First, Sparkles interviews Dave Kennedy (@hackingdave) at DerbyCon. Next, Martin interviews Ally Miller (@selenakyle) on PCI, Chips, PINs, and other amazing stuff. We'll be back to what passes for a normal schedule shortly. |
Mon, 22 September 2014
Episode 144 - The Ballad of Ricky Joe Tonight marked the return of Yvette back to the podcast, joining Martin, Andy, and Joseph to talk about what else but more Home Depot. http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/ http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ We also managed to fit in a great discussion on chip and pin and it's effectiveness here in the US. http://www.csoonline.com/article/2685514/data-protection/chip-and-pin-no-panacea-but-worth-the-effort-and-the-cost.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 15 September 2014
|
Mon, 8 September 2014
It kind of felt like Groundhog Day on the show this evening as Martin, Steve, and Joseph talked about some of the pressing stories that have come to light over the past week. Steve also gave some insight into discussion of breaches in the media. Home Depot has issued a statement confirming that they have been breached, and have posted a FAQ for the breach. http://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-about-the-home-depot-data-breach.html https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx A simple misconfiguration error led to a development server compromise for Healthcare.gov. http://www.csoonline.com/article/2602964/data-protection/configuration-errors-lead-to-healthcare-gov-breach.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Tue, 2 September 2014
Episode 141 - What's goin' on? Tonight Martin and Joseph tackled some of the breaking news of the week. Breaking news: Home Depot breached? http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ 'Celebgate' is upon us, apparently. http://www.theverge.com/2014/9/2/6098107/apple-denies-icloud-breach-celebrity-nude-photo-hack And according to Kaspersky, if we've done nothing wrong, we have nothing to fear. http://www.theregister.co.uk/2014/08/29/kaspersky_backpedals_on_done_nothing_wrong_nothing_to_fear_company_article/ If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Tue, 19 August 2014
Tonight was an interesting news night for Martin, Steve, and Joseph. This was an episode filled with healthcare discussion. First, CHS Hacked via Heartbleed? https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/ http://www.sec.gov/Archives/edgar/data/1108109/000119312514312504/d776541d8k.htm Second, CMS refuses to reveal details on the security behind Healthcare.gov http://bigstory.ap.org/article/us-wont-reveal-records-health-website-security If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 21 July 2014
Tonight Martin, Steve, and Joseph took the opportunity to get a little ranty. It must be a slow news week in the weeks leading up to Security Summer Camp, so there was some great fodder for the guys tonight.
Elon Musk - Dreamy Hero or Dreamiest Hero? http://news.hitb.org/content/tesla-model-s-hacked-security-contest
It's time to schedule another World Cup final, it seems. http://www.darkreading.com/attacks-breaches/website-hacks-dropped-during-world-cup-final/d/d-id/1297370
Great post by Spencer Hsieh on the realities of targeted attacks. http://www.csoonline.com/article/2456221/security-awareness/misconceptions-about-targeted-attacks.html
"We're like sheep waiting to be slaughtered" apparently. http://www.nytimes.com/2014/07/21/business/a-tough-corporate-job-asks-one-question-can-you-hack-it.html
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Tue, 15 July 2014
Tonight Martin, Yvette, Steve, and Joseph tackled some fun topics, stories are below.
Is this the end of password managers? No. http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/
Bitcoin isn't Money http://www.wired.com/2014/07/silkroad-bitcoin-isnt-money/
What can you do to help your security budget? http://www.csoonline.com/article/2369048/security-leadership/do-these-3-things-to-get-the-security-budget-you-want.html
Clearly we should track all of our special snowflakes. http://www.npr.org/blogs/alltechconsidered/2014/07/10/330406463/a-new-device-lets-you-track-your-preschooler-and-listen-in
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 7 July 2014
Tonight went a little off the rails, but Martin (@armorguy), Steve (@steveD3), and Joseph (@jsokoly) had some fun talking about stories. |
Wed, 2 July 2014
Episode 136 - Let's talk about pri-va-cy
Tonight Joseph, Andy, and Steve continued their theme of talking about themes. Joseph brought up a discussion of privacy and got the guys talking. The stories that they discussed are below.
http://www.macworld.com/article/2366921/why-apple-really-cares-about-your-privacy.html
http://www.wired.com/2014/06/usable-security/
http://www.networkworld.com/article/2393044/security/german-government-to-drop-verizon-because-of-us-spying.html
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Wed, 25 June 2014
onight was a little different of an episode. Joseph, Steve, and Andy talked about how tired they were of the "Breach of the Week," how what is old is new again, and the Code Spaces nightmare scenario.
http://www.csoonline.com/article/2137033/network-security/meetup-struggles-under-the-weight-of-a-massive-ddos-attack.html http://www.csoonline.com/article/2114873/network-security/after-refusing-to-pay-ransom--basecamp-hit-with-ddos.html http://www.csoonline.com/article/2362004/cloud-security/ddos-triggers-massive-evernote-outage.html http://www.csoonline.com/article/2362243/malware-cybercrime/feedly-hit-by-ddos-after-refusing-extortion-demands.html http://www.csoonline.com/article/2365062/disaster-recovery/code-spaces-forced-to-close-its-doors-after-security-incident.html http://www.csoonline.com/article/2365772/cloud-security/how-to-avoid-having-your-cloud-hosted-business-destroyed-by-hackers.html
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 16 June 2014
Tonight Martin, Joseph, Yvette, and Steve managed to pull themselves away from the US vs Ghana World Cup game long enough to talk about some stories tonight. |
Thu, 5 June 2014
Episode 132 - place holder text.
Tonight it was just Joseph and Steve on the podcast, and they had themselves a grand old time.
http://www.wired.com/2014/05/ebay-demonstrates-how-not-to-respond-to-a-huge-data-breach/ http://www.csoonline.com/article/2157782/security-awareness/raising-awareness-quickly-the-ebay-database-compromise.html
http://blog.erratasec.com/2014/05/can-i-drop-pacemaker-0day.html
http://www.darkreading.com/endpoint/the-mystery-of-the-truecrypt-encryption-software-shutdown-/d/d-id/1269323 https://www.grc.com/misc/truecrypt/truecrypt.htm
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 19 May 2014
Martin & Steve handle the 'cast without the rest of the crew tonight...
Here's the stories we comment upon:
Dan Geer blows our mind....again.
https://securityledger.com/2014/05/blade-runner-redux-do-embedded-systems-need-a-time-to-die/
Martin disagrees (kinda) with Michael Santarchangelo for the first time ever..
http://www.csoonline.com/article/2156104/security-leadership/thinking-about-security-beyond-winning-and-losing.html
To redefine winning you gotta get rid of the myths...
http://www.darkreading.com/risk/dispelling-the-myths-of-cyber-security/a/d-id/1251171
Like always the Twitter feed is at @SFSPodcast and the website is www.southernfriedsecurity.com
See you in two weeks! |
Mon, 12 May 2014
Martin, Andy, Steven, and Yvette talk about Nick Selby's high school experiences, the Internet of Things, and why Martin doesn't sleep well at night.
http://www.darkreading.com/threat-intelligence/why-threat-intelligence-is-like-teenage-sex/a/d-id/1235049
https://securityledger.com/2014/05/no-silver-bullet-for-securing-internet-of-things/
http://www.wired.com/2014/04/hospital-equipment-vulnerable/
|
Thu, 8 May 2014
Joseph is in charge this week and that's about all I've got to say about that.
-Martin
:)
|
Mon, 28 April 2014
Episode 128 - $VULN_pocalypse |
Mon, 21 April 2014
Episode Number 127 - Advanced Malware Attack |
Mon, 7 April 2014
It's just Andy and Martin for the first time in years on this episode. The boys talk about the impending demise of Windows XP and then rant/rage/wax philosophic on all things PCI/QSA...
Follow the podcast twitter feed at @SFSPodcast and check out our website at www.southernfriedsecurity.com |
Mon, 17 March 2014
|
Mon, 10 March 2014
This week Yvette, Martin, Andy, and Steve debated the issue of trust when it |
Mon, 3 March 2014
Episode 123 - Outrage Outrage |
Tue, 17 December 2013
Well, we close out 2013 doing a fantastic interview with Mark Horstman of the Manager Tools podcast (www.manager-tools.com). We highly recommend these folks to anyone who wants to learn effective ways of doing what managers are supposed to do. Also - we'll be on hiatus until sometime in February 2014. We wish you and yours a very Merry Christmas and a Blessed New Year. |
Mon, 25 November 2013
Episode 119 - All PCI All The Time |
Mon, 18 November 2013
Martin got the chance to interview Jennifer Minella (@JJX) to talk about her candidacy for the Board of Directors of (ISC)2, the challenges and opportunities that (ISC)2 has, and her drive to get a slate of write-in candidates elected. http://securityuncorked.com/2013/11/jjs-complete-unofficial-isc2-voter-guidebook/ |
Mon, 11 November 2013
Episode 117 – End Times The end is coming when the podcast is put out 2 weeks in a row AND Andy Willingham is on… J Martin, Andy, and Yvette wax philosophic on these stories… Automated Hacking Tools….94% of all web login attempts? http://www.networkworld.com/news/2013/110713-automated-hacking-tools-swarm-web-275723.html Also, as promised, here are the slides Matt Bing of Arbor Networks ASERT used during his talk on Fort Disco at this years University of Michigan SUMIT conference. It was a GREAT talk. http://safecomputing.umich.edu/events/sumit13/docs/Bing_FortDisco_SUMIT2013b.pdf Can the new HIPAA rule cut down on ePHI breaches? Ummmm….no? http://www.networkworld.com/news/2013/110813-can-the-new-hipaa-rule-275790.html And, finally, just realize leadership isn’t about you. It’s about helping people solve their problems.’’ http://www.npr.org/2013/11/11/230841224/lessons-in-leadership-its-not-about-you-its-about-them
|
Mon, 4 November 2013
Episode 116.5 - The NSA Ain't Gonna Stop Us This week, Andy rejoined the gang! Alongside Martin, Joseph, and Yvette, they tackled Blackberry, enterprise defense, and turf battles: http://www.nbcnews.com/business/blackberry-abandons-sale-plan-replaces-ceo-report-says-8C11519748 http://www.tuaw.com/2013/10/22/blackberry-announces-5-million-downloads-of-bbm-for-ios-and-andr/ http://www.csoonline.com/article/742317/the-emerging-turf-battle-between-information-and-physical-security-pros http://www.csoonline.com/article/742486/enterprise-defenses-lag-despite-rising-cybersecurity-awareness As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 7 October 2013
Martin and Yvette discuss "I am the Cavalry" and other interesting ideas with Josh Corman (@joshcorman) and Nick Percoco (@c7five). |
Wed, 2 October 2013
Tonight Martin, Joseph, Yvette, and Steve hit a couple of stories. First, we talked about the shutdown of the Silk Road, and the arrest of the Dread Pirate Roberts: http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf Then, cybersecurity is an occupation, but not a profession? http://www.fiercegovernmentit.com/story/cybersecurity-occupation-not-profession-says-report/2013-09-18 http://www.csoonline.com/article/740456/cybersecurity-should-be-seen-as-an-occupation-not-a-profession-report-says As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 16 September 2013
This evening, Martin turned over the keys to the kingdom and let Joseph run the podcast tonight. So Martin, Steve and Joseph got into the nitty gritty about how useful security awareness training really is: http://www.csoonline.com/article/739753/social-engineering-and-phishing-attacks-are-getting-smarter-but-are-employers- And of course, we had to talk about the new iPhone 5S and its crazy fingerprint sensor: http://www.macworld.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Tue, 3 September 2013
Episode 111 - Summer Blockbusters This evening, Martin, Steve, Yvette, and Joseph discussed some of their blockbusters of the summer. As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter |
Mon, 29 July 2013
This evening, we had a special guest interview: good friend of the podcast Nick Selby. He joined us to talk about a project that he is involved with called Code for America. If you're interested in more about Code for America, you can find more information here: http://codeforamerica.org/ We also briefly discussed the unfortunate passing of Barnaby Jack. Our hearts and prayers go out to the friends and family of Jack. http://techland.time.com/2013/07/29/barnaby-jack-hacker-who-made-atms-spit-out-cash-dies-in-california/?iid=tl-main-lead As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 15 July 2013
Andy, Joseph, and Yvette can't make it this time so Martin and Steve talk about the recent announcement that Feds should stay away from DefCon. Oh, and Steve just joined CSO as a Staff Writer. Here's his first byline: http://www.csoonline.com/article/736383/sony-drops-psn-breach-appeal-after-risk-assessment |
Tue, 25 June 2013
This evening Martin, Andy, Steve, and Joseph had a special guest on board: Nick Selby. Nick joined us to continue our discourse relating to the show last week, the NSA leak and Edward Snowden. Once we beat that horse enough, we switched gears a bit to a discussion of a recent Bloomberg article discussing consultants with loose lips. http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com If you'd like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 17 June 2013
Martin, Steve, and Joseph try hard to find a topic to talk about and settle on the NSA/PRISM issues that have dominated the Echo Chamber for the last several weeks. |
Mon, 3 June 2013
Episode 106 - Shazam!! Tonight, Martin, Andy, and Joseph hit some fun topics and some more serious ones as well. First, could your phone be hacked via lights, sound, or magnets?! http://www.theregister.co.uk/2013/05/28/light_sound_magnetic_malware_hidden_trigger/ Then, the French Police suggest replacing their missing person searches with Facebook: http://www.networkworld.com/news/2013/052313-french-police-end-missing-persons-270071.html On a more serious note, the US Department of Health and Human Services fined Idaho Statue University for a breach: http://www.networkworld.com/news/2013/053013-university-fined-400000-after-disabled-270285.html And finally, are IT pros masochists, suffering from Stockholm Syndrome, or both? http://www.cio.com.au/article/462571/despite_poor_work-life_balance_it_pros_like_their_jobs_survey/ If you're looking for something to do this weekend, make sure you head over to BSides Charlotte, where our own Martin Fisher will be speaking about halos or something. http://bsidesclt.org/ As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 20 May 2013
Martin and Steve discuss the DHS plan to distribute cybersecurity (DRINK!) data through a small set of trusted defense/telecom vendors....who might end up charging users for the data... Here are some story links: http://mobile.reuters.com/article/article/idUSBRE94E11B20130515?irpc=932 And if you are anywhere near Charlotte on June 7 & 8 you need to attend BsidesCLT! |
Mon, 6 May 2013
Tonight Martin, Steve, and Joseph discussed one of Steve's recent experiences with open source products and services in a business environment. As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 22 April 2013
Three stories get the Southern Fried treatment from Martin, Andy, and Yvette. Moving from "checkbox compliance" to "GRC"..... Good idea. http://www.darkreading.com/compliance/can-we-cease-check-box-compliance/240153220 The Washington Post wants government action on all things "cyber"..... Maybe a Good Idea, Maybe a Bad Idea First thing you do when you've been breached? Advise your customers! A very, very Bad Idea. http://www.infosecisland.com/blogview/23092-Into-the-Breach.html Remember you can always follow our feed at @SFSPodcast or see our website at www.southernfriedsecurity.com |
Mon, 8 April 2013
This week was another deep dive topic for Martin, Steve, and Joseph. We chose to tackle some of the opinions on the oft-discussed topic of security awareness. Here are a couple of articles that we used to kind of establish a baseline: http://www.schneier.com/blog/archives/2013/03/security_awaren_1.html http://searchsecurity.techtarget.com/news/2240162630/Data-supports-need-for-awareness-training-despite-naysayers http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness Take a listen, let us know your thoughts! As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 1 April 2013
With Andy, Joseph, and Yvette not able to make it Martin and Steve take a deeper dive into the events around Weev....what does this mean for our community, what can we learn.... |
Thu, 14 March 2013
Here's a quick look behind the scenes here at Southern Fried... Our Episode 100 Run Sheet... SFS Podcast Ep100 Run List Open1 - Jack Daniel Opener Open2 - New Theme Martin Intro & Welcome <Random Discussion> Andy’s Favorite Interview: Jack Daniel Interview Clip of Jack and the 10 Questions Andy’s Favorite Moment: Ep9 – Crossing the Streams Ep9 Clip – Andy’s Favorite Show: Offensive Security: Pros and Cons w/ Paul and John Strand (43) Andy – What has changed most in the industry since the start of the podcast? <COMMERCIAL BREAK> Bumper1 - Liquid Matrix Bumper Bumper2 - Bella Security Justice Bumper Steve’s Favorite Interview: ????? Steve’s Favorite Show: Ep17 – Steve in the Cage Show Clip – Steve in the Cage Steve – What has changed the most on the podcast since we started? Joseph’s Favorite Interview: Joseph’s Favorite Show: Red Firewall… Joseph – What’s the podcast done/meant for you? <COMMERICAL BREAK> Bumper 1 - Becky Exotic Liability Bumper 2 - Dueling Banjo – Short Yvette’s Favorite Interview Yvette’s Favorite Show: Manvirtex (Ep97) Yvette: As the FNG – how’s it been going? Martin’s Favorite Interview – Shrdlu Ep2 Martin’s Favorite Show - ???? Discussion: What’s changed the most in the world of enterprise infosec since we launched in January of 2010? <Random Discussion & Final Thoughts> Close out Clip 1 – Old bumper plus Hoff’s Security Rock Star |
Mon, 25 February 2013
Episode 99: Making a Point or Making a Difference? In our last episode before the big 100, Martin, Andy, and Joseph tackled one of the bigger stories recently, the Mandiant Report on "APT1": http://intelreport.mandiant.com/ That segued nicely into a recent article on Threatpost about "Avoiding Attack Attribution Distraction": http://threatpost.com/en_us/blogs/avoid-attack-attribution-distraction-022113 We wrapped up the night with a discussion of some of the more common failures that risk and security officers make: http://blogs.gartner.com/paul-proctor/2013/02/24/risk-and-security-officer-failures/ Be sure to tune in next time for episode 100! |
Mon, 18 February 2013
Martin, Andy, and Steve get together and, after a brief reflection about ShmooCon, talk about... 13 IT Security Myths and some ranting about Richard Stiennon... http://m.networkworld.com/news/2013/021514-security-myths-266773.html?page=1 Are we investing the the wrong tech....or is this just another vendor survey? http://m.networkworld.com/news/2013/021313-security-pros-say-their-companies-266702.html A new Presidential CyberSecurity Directive....will it change anything? http://www.zdnet.com/obamas-cybersecurity-executive-order-what-you-need-to-know-7000011221/ As always you can follow the podcast as @SFSPodcast! |
Mon, 4 February 2013
Martin, Andy, and Yvette get together and discuss a little bit about these stories: The Three Worst Words in the English Language.... http://www.darkreading.com/identity-and-access-management/blog/240147002/the-three-worst-words-in-the-english-language-can-t-we-just.html Friend Of The Podcast Nick Selby of the Police Led Intelligence podcast rips Symantec a new one regarding how they treated the New York Times following the recent breach of the Times.... http://policeledintelligence.com/2013/02/04/we-dont-got-your-back-we-got-your-money/ And, finally, another Friend Of The Podcast, Wendy Nather, gives us a great training plan for RSA. Yvette and Martin are *so* in on this training plan! http://www.infosecisland.com/blogview/22902-Training-for-RSAC.html |
Tue, 29 January 2013
Andy and Martin get together to riff on Facebook Graph, Change Management, and 2013 predictions. |
Mon, 14 January 2013
Martin, Steve, and Joseph have the pleasure of talking with Gene Kim and Josh Corman about Gene's new book "The Phoenix Project". You Need This Book! http://itrevolution.com/books/phoenix-project-devops-novel/ Stay tuned for the fun announcements coming up for Episode 100! |
Mon, 17 December 2012
Well, if the Mayans got it right this is gonna be the final episode of our three year run....but we're not holding our breath. Andy and Martin talk about the Top 5 Stories of 2012 and share what they think 2013 will be "The Year of"... Be sure to join Martin at Shmoocon in February for his talk on Bringing The Sexy Back to Defense In Depth... |
Mon, 26 November 2012
This evening, Martin, Steve, Andy, and Joseph Tackled some stuff that just makes you say “duh.” Starting off, we talked about the exciting Macy’s Thanksgiving Day Ticker Tape Parade, which unleashed confidential data upon unsuspecting parade watchers: http://www.wpix.com/news/wpix-confidential-confetti-at-thanksgiving-parade,0,4718007.story We went straight from there to a sticky topic that’s been making the rounds lately about AT&T: http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/ To lighten the mood, we talked about some of Facebook’s recent decisions and how it’s affecting the greater Facebook population: http://threatpost.com/en_us/blogs/facebook-proposes-eliminating-user-voting-system-privacy-changes-112112 http://www.wired.com/business/2012/11/facebook-copyright-hoax/ We also talked about good friend of the podcast Wendy Nather’s article on Threat Intelligence Hype: http://www.darkreading.com/security-monitoring/blog/240142229/threat-intelligence-hype.html And as a reference for those of you interested in the incident response report for South Carolina that we discusses a few weeks back, that’s available for public viewing now: https://docs.google.com/viewer?url=http%3A%2F%2Fgovernor.sc.gov%2FDocuments%2FMANDIANT%2520Public%2520IR%2520Report%2520-%2520Department%2520of%2520Revenue%2520-%252011%252020%25202012.pdf As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com |
Mon, 5 November 2012
Martin, Andy, and Steve get together to talk about.... 3 Ways (with 2 of them being decent and one a complete FAIL) To Get Execs to Listen About Risk.... (Summary: There is no ROI for Security....) http://www.darkreading.com/risk-management/167901115/security/news/240012747/3-ways-to-get-executives-to-listen-about-risk.html A typical article on Anon....with some good comments from Steve on OpVendetta http://www.csoonline.com/article/720734/anonymous-protests-planned-over-government-surveillance 3 smart people and one chucklehead talk to George V. Hulme about BCP/DR when you are using The Cloud http://searchcloudsecurity.techtarget.com/news/2240170168/Sandy-put-business-continuity-planning-in-spotlight |
Mon, 29 October 2012
For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories. First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012. Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson: http://www.securitybsides.com/w/page/28563447/BSidesDelaware http://www.securitybsides.com/w/page/40113672/BsidesPDX http://www.securitybsides.com/w/page/53447313/BSidesJackson Then we jumped into our first story for the evening, the recent breach in South Carolina: http://www.cbsnews.com/8301-505245_162-57542255/haley-taxpayer-info-didnt-need-to-be-encrypted/ http://www.reuters.com/article/2012/10/29/us-usa-cybersecurity-southcarolina-idUSBRE89S13T20121029 Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed: http://www.wired.com/threatlevel/2012/10/barnes-and-noble-pos-hack/ From those, we transitioned into a discussion on Incident Response: http://www.infosecisland.com/blogview/22470-Have-You-Added-Personas-to-your-Incident-Response-Program.html As well as Mike Rothman's great article on security tradeoffs: http://www.darkreading.com/blog/240010015/making-security-trade-offs.html After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading: http://www.darkreading.com/identity-and-access-management/167901114/security/news/240009630/7-costly-iam-mistakes.html As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. |
Wed, 24 October 2012
Martin recorded an interview with Matt and Chris talking about an open source project sponsored by SecureState to bring a pragmatic and usable risk framework to "the masses". You can get more information on iRisk at: http://community.securestate.com More MAD Security minutes coming starting next episode! |