The gang got together for one last show before the end of year hiatus to give talk about the year in review, and their predictions for the year to come. We'll be on hiatus until January, so have a safe holiday season, and we'll be back next year. If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

It's a longer than normal episode with two great interviews.

First Martin talks with Jennifer Minella (@jjx) about the upcoming (ISC)2 elections and her experience being on the board for the past year.

Then Martin brings Dave Shackleford (@daveshackleford) on to talk about what it wrong with security cons today.

We'll be back next week!

Tonight Martin, Steve, and Joseph tackled FUD, stolen medical data, and executive orders. Remember, if it says X number of Y, you should probably just move on. http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html Stolen Medical Data is Now Worth Something http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 A great step forward by the government?! http://www.csoonline.com/article/2835476/data-protection/obama-signs-executive-order-to-bolster-federal-credit-card-security.html There are also a lot of upcoming SecurityBSides events that you should check out here: http://www.securitybsides.com/w/page/12194156/FrontPage If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

In case of breach, ask reporters for money? http://motherboard.vice.com/read/hacked-snapchat-website-demands-payment-bitcoin-to-talk-about-getting-hacked-snapsaved POODLE explained. Is this really what the future of vulnerability disclosure looks like? http://www.wired.com/2014/10/poodle-explained/ Rethinking the Security “Con” http://daveshackleford.com/?p=1063 If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Sorry for the delay in getting episodes out, folks.  Life...it happens.

Today's episode is two fantastic interviews.

First, Sparkles interviews Dave Kennedy (@hackingdave) at DerbyCon.

Next, Martin interviews Ally Miller (@selenakyle) on PCI, Chips, PINs, and other amazing stuff.

We'll be back to what passes for a normal schedule shortly.

Episode 144 - The Ballad of Ricky Joe Tonight marked the return of Yvette back to the podcast, joining Martin, Andy, and Joseph to talk about what else but more Home Depot. http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/ http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/ We also managed to fit in a great discussion on chip and pin and it's effectiveness here in the US. http://www.csoonline.com/article/2685514/data-protection/chip-and-pin-no-panacea-but-worth-the-effort-and-the-cost.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

This week Andy made his triumphant return back to the show with Martin, Steve, and Joseph. They dove right back in on some of the recent breaches, as well as a discussion about how CISOs should respond when they find themselves in a "resume-generating event." "C-level security" http://www.businessweek.com/articles/2014-09-12/home-depot-didnt-encrypt-credit-card-data-former-workers-say What are the technical details behind the Home Depot breach? There's a lot of people looking into that. http://sub0day.com/2014/09/pos-hacks/ http://www.darkreading.com/home-depot-breach-may-not-be-related-to-blackpos-target/d/d-id/1315636 "Six stages of data breach denial" http://www.csoonline.com/article/2606174/infosec-careers/caught-in-the-breach-how-a-good-cso-confronts-inevitable-bad-news.html?nsdr=true Minecraft purchased by Microsoft, and Notch is leaving Mojang http://pastebin.com/raw.php?i=n1qTeikM If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

It kind of felt like Groundhog Day on the show this evening as Martin, Steve, and Joseph talked about some of the pressing stories that have come to light over the past week. Steve also gave some insight into discussion of breaches in the media. Home Depot has issued a statement confirming that they have been breached, and have posted a FAQ for the breach. http://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-about-the-home-depot-data-breach.html https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx A simple misconfiguration error led to a development server compromise for Healthcare.gov. http://www.csoonline.com/article/2602964/data-protection/configuration-errors-lead-to-healthcare-gov-breach.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 141 - What's goin' on? Tonight Martin and Joseph tackled some of the breaking news of the week. Breaking news: Home Depot breached? http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ 'Celebgate' is upon us, apparently. http://www.theverge.com/2014/9/2/6098107/apple-denies-icloud-breach-celebrity-nude-photo-hack And according to Kaspersky, if we've done nothing wrong, we have nothing to fear. http://www.theregister.co.uk/2014/08/29/kaspersky_backpedals_on_done_nothing_wrong_nothing_to_fear_company_article/ If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Tonight was an interesting news night for Martin, Steve, and Joseph. This was an episode filled with healthcare discussion. First, CHS Hacked via Heartbleed? https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/ http://www.sec.gov/Archives/edgar/data/1108109/000119312514312504/d776541d8k.htm Second, CMS refuses to reveal details on the security behind Healthcare.gov http://bigstory.ap.org/article/us-wont-reveal-records-health-website-security If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

We talk with Adam Shostack, author of the recently released Threat Modeling masterpiece, about his keynote at BSidesLV...

Let's chat with Michelle Klinger about BSidesLV and the Security BSides organization...

It's Security Summer Camp time!

Join Martin and Jack Daniel over some breakfast and listen in.

Tonight Martin, Steve, and Joseph took the opportunity to get a little ranty. It must be a slow news week in the weeks leading up to Security Summer Camp, so there was some great fodder for the guys tonight.

Elon Musk - Dreamy Hero or Dreamiest Hero?

http://news.hitb.org/content/tesla-model-s-hacked-security-contest

It's time to schedule another World Cup final, it seems.

http://www.darkreading.com/attacks-breaches/website-hacks-dropped-during-world-cup-final/d/d-id/1297370

Great post by Spencer Hsieh on the realities of targeted attacks.

http://www.csoonline.com/article/2456221/security-awareness/misconceptions-about-targeted-attacks.html

"We're like sheep waiting to be slaughtered" apparently.

http://www.nytimes.com/2014/07/21/business/a-tough-corporate-job-asks-one-question-can-you-hack-it.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Tonight Martin, Yvette, Steve, and Joseph tackled some fun topics, stories are below.

Is this the end of password managers? No.

http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/

Bitcoin isn't Money

http://www.wired.com/2014/07/silkroad-bitcoin-isnt-money/

What can you do to help your security budget?

http://www.csoonline.com/article/2369048/security-leadership/do-these-3-things-to-get-the-security-budget-you-want.html

Clearly we should track all of our special snowflakes. 

http://www.npr.org/blogs/alltechconsidered/2014/07/10/330406463/a-new-device-lets-you-track-your-preschooler-and-listen-in

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Tonight went a little off the rails, but Martin (@armorguy), Steve (@steveD3), and Joseph (@jsokoly) had some fun talking about stories.

DNS is important
http://www.darkreading.com/microsofts-seizure-of-no-ip-domains-disrupted-criminals-and-innocents-alike/d/d-id/1279079

Are CISOs too confident?
http://net-security.org/secworld.php?id=17047

Has the Internet of Things gone "mainstream"?
http://www.npr.org/2014/07/05/328888392/from-thermostats-to-prison-security-more-things-going-online

Can we finally kill Comic Sans?
http://theuniversaltypeface.com/home

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode 136 - Let's talk about pri-va-cy

Tonight Joseph, Andy, and Steve continued their theme of talking about themes. Joseph brought up a discussion of privacy and got the guys talking. The stories that they discussed are below.

http://www.macworld.com/article/2366921/why-apple-really-cares-about-your-privacy.html

http://www.wired.com/2014/06/usable-security/

http://www.networkworld.com/article/2393044/security/german-government-to-drop-verizon-because-of-us-spying.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

onight was a little different of an episode. Joseph, Steve, and Andy talked about how tired they were of the "Breach of the Week," how what is old is new again, and the Code Spaces nightmare scenario.

http://www.csoonline.com/article/2137033/network-security/meetup-struggles-under-the-weight-of-a-massive-ddos-attack.html

http://www.csoonline.com/article/2114873/network-security/after-refusing-to-pay-ransom--basecamp-hit-with-ddos.html

http://www.csoonline.com/article/2362004/cloud-security/ddos-triggers-massive-evernote-outage.html

http://www.csoonline.com/article/2362243/malware-cybercrime/feedly-hit-by-ddos-after-refusing-extortion-demands.html

http://www.csoonline.com/article/2365062/disaster-recovery/code-spaces-forced-to-close-its-doors-after-security-incident.html

http://www.csoonline.com/article/2365772/cloud-security/how-to-avoid-having-your-cloud-hosted-business-destroyed-by-hackers.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Tonight Martin, Joseph, Yvette, and Steve managed to pull themselves away from the US vs Ghana World Cup game long enough to talk about some stories tonight. 

When was the last time we saw someone resort to carbon copy?
http://www.darkreading.com/pf-changs-confirms-security-breach/d/d-id/1278577

Is Target's New CISO doomed from the start? 
http://www.csoonline.com/article/2363210/data-protection/target-top-security-officer-reporting-to-cio-seen-as-a-mistake.html

http://www.csoonline.com/article/2360984/security-leadership/the-cso-s-failure-to-lead.html

TweetDeck was "hacked", but they sure handled it well.
http://www.wired.com/2014/06/tweetdeck-hacked/

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode 133 - The Doctor is In

Martin, Joseph, and Steve talk about health care and your phone...

https://www.apple.com/ios/ios8/health/
http://www.zdnet.com/new-ios-7-lock-screen-flaw-opens-up-iphones-ipads-in-seconds-7000030335/

http://recode.net/2014/06/02/the-doctor-will-see-you-on-your-iphone-now

http://www.theverge.com/2014/6/5/5765732/talkspace-smartphone-therapy-apps

Episode 132 - place holder text.

Tonight it was just Joseph and Steve on the podcast, and they had themselves a grand old time. 

http://www.wired.com/2014/05/ebay-demonstrates-how-not-to-respond-to-a-huge-data-breach/

http://www.csoonline.com/article/2157782/security-awareness/raising-awareness-quickly-the-ebay-database-compromise.html

http://blog.erratasec.com/2014/05/can-i-drop-pacemaker-0day.html

http://www.darkreading.com/endpoint/the-mystery-of-the-truecrypt-encryption-software-shutdown-/d/d-id/1269323

https://www.grc.com/misc/truecrypt/truecrypt.htm

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Martin & Steve handle the 'cast without the rest of the crew tonight...

Here's the stories we comment upon:

Dan Geer blows our mind....again.

https://securityledger.com/2014/05/blade-runner-redux-do-embedded-systems-need-a-time-to-die/

Martin disagrees (kinda) with Michael Santarchangelo for the first time ever..

http://www.csoonline.com/article/2156104/security-leadership/thinking-about-security-beyond-winning-and-losing.html

To redefine winning you gotta get rid of the myths...

http://www.darkreading.com/risk/dispelling-the-myths-of-cyber-security/a/d-id/1251171

Like always the Twitter feed is at @SFSPodcast and the website is www.southernfriedsecurity.com

See you in two weeks!

Martin, Andy, Steven, and Yvette talk about Nick Selby's high school experiences, the Internet of Things, and why Martin doesn't sleep well at night.

http://www.darkreading.com/threat-intelligence/why-threat-intelligence-is-like-teenage-sex/a/d-id/1235049

https://securityledger.com/2014/05/no-silver-bullet-for-securing-internet-of-things/

http://www.wired.com/2014/04/hospital-equipment-vulnerable/

Joseph is in charge this week and that's about all I've got to say about that.

-Martin

:)

http://online.wsj.com/news/articles/SB10001424052702303417104579542140235850578?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702303417104579542140235850578.html

http://www.forbes.com/sites/lauraheller/2014/05/05/targets-ceo-departure-isnt-just-about-the-data-breach/

http://www.csoonline.com/article/2150205/browser-security/microsoft-fixes-internet-explorer-flaw-with-out-of-band-patch-xp-included.html

As always, you can find the direct link to the podcast here:
http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the
RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode 128 - $VULN_pocalypse

Tonight, Martin and Joseph sat down and talked about $vuln of the week, as well as this year's Verizon DBIR:

http://www.pcworld.com/article/2148368/new-internet-explorer-zero-day-puts-web-at-risk-and-xp-isnt-getting-a-fix.html

http://www.pcworld.com/article/2148921/dhs-warns-against-using-internet-explorer-until-bug-is-patched.html

http://www.verizonenterprise.com/DBIR/2014/

As always, you can find the direct link to the podcast here:
http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the
RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode Number 127 - Advanced Malware Attack

Tonight, the whole gang actually got together for the first time in who knows how long. So of course, we tackled some fun stuff:

http://www.csoonline.com/article/2145541/michaels-says-breach-at-its-stores-affected-nearly-3m-payment-cards.html

http://heartbleed.com/

http://www.csoonline.com/article/2142626/security-leadership/how-you-need-to-respond-to-heartbleed-and-how-you-can-explain-it-to-others.html

http://www.csoonline.com/article/2142700/vulnerabilities/heartbleed-cve-2014-0160-an-overview-of-the-problem-and-the-resources-needed-to.html 

http://www.wired.com/2014/04/att-hacker-conviction-vacated/

As always, you can find the direct link to the podcast here:
http://sfspodcast.libsyn.com If you’d like to subscribe, you can find the
RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

It's just Andy and Martin for the first time in years on this episode.  The boys talk about the impending demise of Windows XP and then rant/rage/wax philosophic on all things PCI/QSA...

Follow the podcast twitter feed at @SFSPodcast and check out our website at www.southernfriedsecurity.com

Martin, Steve, Yvette, and Joseph sat down on this St. Patrick's Day to have a little discussion on breaches, consequences, and SEEMs. Also, it seems that Yvette may be out of a job, as we found out that "Compliance is not Hard."

http://www.csoonline.com/article/749758/how-to-avoid-becoming-a-victim-like-target

http://www.securityweek.com/what-happens-stolen-data-after-breach

http://www.darkreading.com/compliance/compliance-is-not-hard/240166352
http://www.darkreading.com/authors/Glenn-Phillips

This week Yvette, Martin, Andy, and Steve debated the issue of trust when it
comes to security vendors, off-shoring security management, and the latest
trend of Security by Obscurity as a Service - because you can't hack what
you can't see.

http://www.csoonline.com/article/749173/the-risk-of-offshoring-security

http://www.darkreading.com/privacy/security-firms-face-crisis-of-trust/24016
6454

http://www.unisys.com/unisys/landingPages/index.jsp?id=1120000970027210173

As always, you can find the direct link to the podcast here:
http://sfspodcast.libsyn.com
If you'd like to subscribe, you can find the RSS feed here:
http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on
Twitter

Episode 123 - Outrage Outrage

Tonight, Martin, Andy and Joseph sat down and talked about passwords, old operating systems, and outrage.

http://blogs.csoonline.com/security-leadership/3020/we-abandon-passwords-these-3-critical-elements-authentication-need-be-fixed

http://www.csoonline.com/article/749074/china-s-windows-xp-users-to-still-get-security-support
http://www.csoonline.com/article/748815/apple-retires-snow-leopard-from-support-leaves-1-in-5-macs-vulnerable-to-attacks

http://www.darkreading.com/risk/juniper-security-chief-takes-swipe-at-se/240166326

As always, you can find the direct link to the podcast here: http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

It feels good to be back in the saddle again, and the gang hit some fun articles tonight:

http://www.csoonline.com/article/748462/pulling-the-reins-on-data-breach-costs

http://www.darkreading.com/management/solving-the-security-workforce-shortage/240166247

http://www.businessinsider.com/mtgox-resigns-from-bitcoin-foundation-2014-2

As always, you can find the direct link to the podcast here: http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

This week, Martin, Andy, and Steve - in an attempt to capture the golden
days of SFS (not really, Yvette was working, and Sparkles was on a plane to
somewhere) - came back from hiatus to gab about Target, effective
leadership, and the drama that is the RSA / NSA debate.

http://www.npr.org/programs/ted-radio-hour/261084166/disruptive-leadership?s
howDate=2014-01-17

http://www.csoonline.com/article/748236/experts-question-security-used-in-ta
rget-breach

http://news.cnet.com/8301-1009_3-57617388-83/counter-confab-trustycon-to-hos
t-speakers-boycotting-rsa-conference

As always, you can find the direct link to the podcast here:
http://sfspodcast.libsyn.com

If you'd like to subscribe, you can find the RSS feed here:
http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on
Twitter.