The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at

Tonight, Martin, Joseph, Steve, and Andy got together and went over how their 2015 predictions went, and laid out what their predictions were for 2016.

The gang is on break from now until the new year, happy holidays!

Direct download: SFS_Podcast_Ep_-_171.mp3
Category:podcasts -- posted at: 9:45pm EDT

Check for signs of the apocalypse, everyone was here tonight...

Comcast resets nearly 200,000 passwords

In the era of GPS, Naval Academy revives celestial navigation

How Carders Can Use eBay as a Virtual ATM

What Flu Season Can Teach Us About Fighting Cyberattacks

Find us on Twitter:

Direct download: SFS_Podcast_Ep_-_170.mp3
Category:podcasts -- posted at: 10:59pm EDT

This week, Andy's back!

The FitBit "hack"

The FBI's Advice on Ransomware? Just Pay The Ransom

Find us on Twitter:

Direct download: SFS_Podcast_Ep_-_169.mp3
Category:podcasts -- posted at: 9:27pm EDT

Dale Myers - 1Password Leaks Your Data

AgileBits - When a Leak Isn't a Leak

Jessy on Twitter
Joseph on Twitter
Steve on Twitter

Direct download: SFS_Microcast_-_Interview_With_1Password.mp3
Category:microcasts -- posted at: 8:55pm EDT

Tonight, Steve and Joseph talked password managers and consumer reports for cybersecurity.

LogMeIn now owns LastPass

Troy Hunt's article on switching from LastPass

Websites, Please Stop Blocking Password Managers. It's 2015

Mudge's Consumer Cyber Reports

Find us on Twitter:

Direct download: SFS_Podcast_Ep_-_168.mp3
Category:podcasts -- posted at: 10:27pm EDT

This week, Joseph and Guillaume Ross talked content blockers, phishing consequences, and home network monitoring.

Back to Work Episode 239

Accidental Tech Podcast Episode 136

FireEye: served malicious ads to visitors | CSO Online

Ad Blocking, Ad Networks, & Your IP Address

DHS infosec chief: We should pull clearance of feds who fail phish test | Ars Technica

Cujo Is a Smart-Home Device That Protects Against Hacks | Digital Trends

Find us on Twitter:

Direct download: SFS_Podcast_Ep_-_167.mp3
Category:podcasts -- posted at: 10:52am EDT

This week Martin and Joseph sat down and talked about stress, burnout, and why Martin took a break for a while. 

Direct download: SFS_Podcast_Ep_-_166.mp3
Category:podcasts -- posted at: 10:40pm EDT

Tweet from Ed Willson

Chrome and Firefox dump Flash

Netflix dumps antivirus

Windows 10:
Even When Told Not To, Windows 10 Can't Stop Talking to Microsoft
Even the pirates are nervous about Windows 10
Timcast - Windows 10 is spying on you and it's super creepy

Where you can find us:

Direct download: SFS_Podcast_-_Ep_165.mp3
Category:podcasts -- posted at: 9:48pm EDT

This week's show notes:

BlackHat Day 1
Car Hacking
BlackHat Day 2
Defcon Roundup
@sawaba's BSides Talk
Washington Post's Article on l0pht

Oracle's CSO makes a questionable publishing decision

Where you can find us:

Direct download: SFS_Podcast_-_Ep_164.mp3
Category:podcasts -- posted at: 9:51pm EDT

No full episode this week thanks to Security Summer Camp, but Martin got to sit down and chat with good friend of the podcast Wendy Nather. 

We'll be back soon!

Direct download: SFS_Podcast_Interview_With_Wendy.mp3
Category:podcasts -- posted at: 10:47pm EDT

Life is Short. For some it may get shorter?

Archuleta is out at OPM: Who didn't see that one coming?

If you look for breaches, you might find them.

Darkode Shutdown: Former FireEye Intern Accused Of Creating $65,000 Android Malware - Forbes 

BREAKING: UCLA Health breach hits data of 4.5M - Modern Healthcare

Direct download: SFS_Podcast_-_Ep_163.mp3
Category:podcasts -- posted at: 12:38am EDT

Tonight, Joseph and Steve tackled the Hacking Team breach: why it's interesting, what's happening, and some of the data that's come out so far. 


Find us on Twitter:
Direct download: SFS_Podcast_-_Ep_162.mp3
Category:podcasts -- posted at: 9:56pm EDT

This episode, the gang was joined by Chris Burton (@cyberhiker) to talk about the OPM breach.

OPM - The Breach that Keeps on Giving:

Second OPM Hack Exposed Information About Military, Intelligence Workers - Defense One

Report: Hack of government employee records discovered by product demo | Ars Technica

Carnal0wnage Attack Research Blog: Hard to Sprint When You Have Two Broken Legs

Data hacked from U.S. government dates back to 1985: U.S. official | Reuters

Brief: 4 million federal employees affected by data breach at OPM | CSO Online

Find us on Twitter:



Direct download: SFS_Podcast_-_Ep_161.mp3
Category:podcasts -- posted at: 8:54am EDT

The show notes for this episode have some screenshots, see the website for the full notes: 

Find us on Twitter: 

Direct download: Apple_and_Privacy_with_Guillaume_Ross.mp3
Category:podcasts -- posted at: 12:07pm EDT

This week Steve and Joseph were joined by a guest from America's hat: Guillaume Ross. 


The IRS and PII as verification:

Security checks that rely on PII put businesses and consumers at risk | CSO Online

If you're not paying for the service, you're probably the product:
Adios, Hola! - Why you should immediately uninstall Hola


Hola VPN client vulnerabilities put millions of users at risk | CSO Online


Facebook Uses PGP

Official announcement:


Find us on Twitter:




Direct download: SFS_Podcast_-_Ep_160.mp3
Category:podcasts -- posted at: 7:00am EDT

Joseph and Steve were joined by a special guest tonight, Mr. Kevin Riggins. They tackled mafia-style shakedowns, vulnerabilities in medical equipment, and “stunt hacking.”


"Breach" Extortion:


ICS-CERT issues advisory for medical equipment for the first time:


"Stunt Hacking":


Find us on Twitter:





Direct download: SFS_Podcast_-_Ep_159.mp3
Category:podcasts -- posted at: 9:14pm EDT

This week, Joseph and Steve talked about what these "six hacker tribes" are, and the recent rise of some accountability in security in both the government and the private sector.

"The Six Hacker Tribes"

“Accountability in Security” on multiple fronts:

And if you have any feedback, questions, or comments, find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Ep_158.mp3
Category:podcasts -- posted at: 9:32pm EDT

The gang is back with some cast changes. Martin will be taking a break for a while, so Joseph will be hosting for the next while.

This week, we talked Wordpress, Steve's experiences at RSAC, and this year's DBIR:


RSAC 2015: RSA Conference (Day 1):

RSAC 2015: RSA Conference (Day 2): 

RSAC 2015: RSA Conference (Day 3):

Defcon/BH Attendance:


And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Ep_157.mp3
Category:podcasts -- posted at: 9:51am EDT

It's going to be a little bit before the next episode of the podcast as we work out some changes.  Until then take a listen to some news about BSides Las Vegas Proving Grounds!  See you in Vegas!

Direct download: SFS_Podcast_-_Proving_Grounds.mp3
Category:microcasts -- posted at: 7:01pm EDT

Episode 156 - Sad Panda Martin, Steve, and Joseph got on tonight to talk about clickbait-that-wasn't, AV eating itself, and 6 ways the Sony breach didn't actually change everything. A great slideshow article from friend of the podcast Michael Santarcangelo A bad, bad day for Panda AV "6 Ways The Sony Hack Changes Everything" And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_156.mp3
Category:podcasts -- posted at: 8:28pm EDT

The Show Notes


Opening Music


BSides Atlanta

  • SFS Podcast is a sponsor

  • Martin is presenting “The Art of Speaking with Muggles”

  • Sold out but sponsors have tix they are handing out. Also Eventbrite courtesy.




It’s hard to find infosec folks…


The number of things wrong with the editorial are immense…  We read it so you don’t have to….


Anthem declines post-breach audit from regulators…

Twitter: @SFSPodcast

Direct download: SFS_Podcast_-_Episode_155.mp3
Category:podcasts -- posted at: 8:48pm EDT

 Martin & Steve get a change to talk to Rob Fuller (@mubix) about his ideas on Open Source Architecture.  It's a great conversation where you can see the idea grow in front of your own ears!


The link to the Open Source Architecture group is:!forum/ossag


Remember BSidesATL and BSidesLV!

Direct download: SFS_Podcast_-_Episode_154.mp3
Category:podcasts -- posted at: 7:39pm EDT

Episode 153 - Internet Veapon The gang braved the snow to get a show together tonight, here's what they covered: $17 mill-yun dollars scammed from Omaha company… A cautionary tale on business process controls... You get an attribution! And you get an attribution! You all get attributions! Feds want more threat info from private companies. Is this the way to go? Join us next week for episode 1784 of the continuing special “Responsible Disclosure!” PSAs: BSidesATL 2015 CFP is open BSidesLV 2015 CFP and Call for Mentors is open as well And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_153.mp3
Category:podcasts -- posted at: 8:22pm EDT

SFS Podcast

Run Sheet for 2/9/15 - Episode 152


The Stories


Anthem…. a megabreach if ever we've seen one...


With the end of Microsoft’s Trusted Computing Group has the overall security posture of products taken a hit?  Anecdotes say...maybe.


BSides Vegas PSA


Security Model is Broken. In other news, water is wet, and if you stop breathing, you may die.


A vendor sponsored survey is slanted so that the “biggest problem” is likely fixed by the sponsor?  NO WAY!!



Direct download: SFS_Podcast_-_Episode_152.mp3
Category:podcasts -- posted at: 8:31pm EDT

Episode 151 -  


Tonight, the gang dodged the snow for long enough to talk about some of the stories that have come out in the past week or two.


Can we finally quantify risk?


Security budgets seem to be on the rise according to Ponemon:


Filed under "Duh..."


There are lots of potential changes to the CFAA, what can you do?


Public Service Announcement:

BSidesLV's awesome Proving Grounds track is looking for speakers:

CircleCityCon's CFP is open:

BSidesCharm is looking for sponsors:


And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_151.mp3
Category:podcasts -- posted at: 8:35pm EDT

Episode 150 - Not Quite Explicit The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we're not tackling Sony in this episode, but there was still plenty to discuss. Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels. Microsoft and Google are starting up the disclosure discussion all over again. Surprise surprise, politicians are calling for regulation of technology. If you’d like to subscribe, you can find the RSS feed here: or on iTunes. And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_150.mp3
Category:podcasts -- posted at: 8:21pm EDT