Mon, 16 November 2015
Tonight, Martin, Joseph, Steve, and Andy got together and went over how their 2015 predictions went, and laid out what their predictions were for 2016. The gang is on break from now until the new year, happy holidays! |
Mon, 9 November 2015
Check for signs of the apocalypse, everyone was here tonight... Comcast resets nearly 200,000 passwords In the era of GPS, Naval Academy revives celestial navigation How Carders Can Use eBay as a Virtual ATM What Flu Season Can Teach Us About Fighting Cyberattacks Find us on Twitter: |
Mon, 26 October 2015
This week, Andy's back! The FBI's Advice on Ransomware? Just Pay The Ransom Find us on Twitter: |
Tue, 20 October 2015
Direct download: SFS_Microcast_-_Interview_With_1Password.mp3
Category:microcasts -- posted at: 8:55pm EDT |
Mon, 12 October 2015
Tonight, Steve and Joseph talked password managers and consumer reports for cybersecurity. Troy Hunt's article on switching from LastPass Websites, Please Stop Blocking Password Managers. It's 2015 Mudge's Consumer Cyber Reports Find us on Twitter: |
Tue, 29 September 2015
This week, Joseph and Guillaume Ross talked content blockers, phishing consequences, and home network monitoring. Accidental Tech Podcast Episode 136 FireEye: Forbes.com served malicious ads to visitors | CSO Online Ad Blocking, Ad Networks, & Your IP Address DHS infosec chief: We should pull clearance of feds who fail phish test | Ars Technica Cujo Is a Smart-Home Device That Protects Against Hacks | Digital Trends Find us on Twitter: |
Mon, 14 September 2015
This week Martin and Joseph sat down and talked about stress, burnout, and why Martin took a break for a while. |
Mon, 31 August 2015
|
Mon, 17 August 2015
This week's show notes: Vegas: Oracle's CSO makes a questionable publishing decision Where you can find us: |
Mon, 3 August 2015
No full episode this week thanks to Security Summer Camp, but Martin got to sit down and chat with good friend of the podcast Wendy Nather. We'll be back soon! |
Tue, 21 July 2015
Life is Short. For some it may get shorter? Archuleta is out at OPM: Who didn't see that one coming? If you look for breaches, you might find them. Darkode Shutdown: Former FireEye Intern Accused Of Creating $65,000 Android Malware - Forbes BREAKING: UCLA Health breach hits data of 4.5M - Modern Healthcare |
Mon, 6 July 2015
Tonight, Joseph and Steve tackled the Hacking Team breach: why it's interesting, what's happening, and some of the data that's come out so far.
Find us on Twitter:
|
Tue, 23 June 2015
This episode, the gang was joined by Chris Burton (@cyberhiker) to talk about the OPM breach. OPM - The Breach that Keeps on Giving: Second OPM Hack Exposed Information About Military, Intelligence Workers - Defense One Report: Hack of government employee records discovered by product demo | Ars Technica Carnal0wnage Attack Research Blog: Hard to Sprint When You Have Two Broken Legs Data hacked from U.S. government dates back to 1985: U.S. official | Reuters Brief: 4 million federal employees affected by data breach at OPM | CSO Online Find us on Twitter: @SFSPodcast
|
Tue, 9 June 2015
The show notes for this episode have some screenshots, see the website for the full notes: http://www.southernfriedsecurity.com/apple-and-privacy-with-guillaume-ross/ Find us on Twitter:
Direct download: Apple_and_Privacy_with_Guillaume_Ross.mp3
Category:podcasts -- posted at: 12:07pm EDT |
Tue, 2 June 2015
This week Steve and Joseph were joined by a guest from America's hat: Guillaume Ross.
The IRS and PII as verification: Security checks that rely on PII put businesses and consumers at risk | CSO Online http://www.csoonline.com/article/2927652/data-protection/security-checks-that-rely-on-pii-put-businesses-and-consumers-at-risk.html If you're not paying for the service, you're probably the product:
Hola VPN client vulnerabilities put millions of users at risk | CSO Online
Facebook Uses PGP Official announcement: https://threatpost.com/facebook-bolsters-message-security-adds-openpgp/113079
Find us on Twitter: |
Mon, 18 May 2015
Joseph and Steve were joined by a special guest tonight, Mr. Kevin Riggins. They tackled mafia-style shakedowns, vulnerabilities in medical equipment, and “stunt hacking.”
"Breach" Extortion: http://money.cnn.com/2015/05/07/technology/tiversa-labmd-ftc/index.html
ICS-CERT issues advisory for medical equipment for the first time: https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01A http://hextechsecurity.com/?p=123
"Stunt Hacking": http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ http://idoneous-security.blogspot.com/2015/05/lessons-in-grown-up-security.html http://carnal0wnage.attackresearch.com/2015/05/normal-0-false-false-false-en-us-x-none.html
Find us on Twitter:
|
Mon, 4 May 2015
This week, Joseph and Steve talked about what these "six hacker tribes" are, and the recent rise of some accountability in security in both the government and the private sector. "The Six Hacker Tribes" “Accountability in Security” on multiple fronts: And if you have any feedback, questions, or comments, find us at @SFSPodcast on Twitter. |
Wed, 29 April 2015
The gang is back with some cast changes. Martin will be taking a break for a while, so Joseph will be hosting for the next while. This week, we talked Wordpress, Steve's experiences at RSAC, and this year's DBIR: Wordpress: RSAC: RSAC 2015: RSA Conference (Day 2): http://www.csoonline.com/article/2912475/security-awareness/rsac-2015-rsa-conference-day-2.html RSAC 2015: RSA Conference (Day 3): http://www.csoonline.com/article/2912411/data-protection/rsac-2015-rsa-conference-day-3.html Defcon/BH Attendance: http://venturebeat.com/2014/08/12/black-hat-and-defcon-see-record-attendance-and-thats-not-even-counting-the-spies/ The DBIR: And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Wed, 8 April 2015
It's going to be a little bit before the next episode of the podcast as we work out some changes. Until then take a listen to some news about BSides Las Vegas Proving Grounds! See you in Vegas! |
Mon, 16 March 2015
Episode 156 - Sad Panda Martin, Steve, and Joseph got on tonight to talk about clickbait-that-wasn't, AV eating itself, and 6 ways the Sony breach didn't actually change everything. A great slideshow article from friend of the podcast Michael Santarcangelo http://www.csoonline.com/article/2895341/security-leadership/8-steps-successful-security-leaders-follow-to-drive-improvement.html A bad, bad day for Panda AV http://www.infosecurity-magazine.com/news/panda-labs-detects-itself-as/ http://redd.it/2yofpo "6 Ways The Sony Hack Changes Everything" http://www.darkreading.com/risk/6-ways-the-sony-hack-changes-everything-/a/d-id/1319415 And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. |
Mon, 9 March 2015
The Show Notes
Opening Music
BSides Atlanta
Stories:
It’s hard to find infosec folks… http://www.csoonline.com/article/2894377/infosec-staffing/shortage-of-security-pros-worsens.html
http://www.zdnet.com/article/how-infosec-hiring-lost-its-way-harsh-findings-in-leviathan-report/
The number of things wrong with the editorial are immense… We read it so you don’t have to….
Anthem declines post-breach audit from regulators… https://threatpost.com/anthem-refusing-oig-security-audit-following-breach/111476
www.SouthernFriedSecurity.com |
Mon, 2 March 2015
Martin & Steve get a change to talk to Rob Fuller (@mubix) about his ideas on Open Source Architecture. It's a great conversation where you can see the idea grow in front of your own ears!
The link to the Open Source Architecture group is:
https://groups.google.com/forum/#!forum/ossag
Remember BSidesATL and BSidesLV! |
Mon, 16 February 2015
Episode 153 - Internet Veapon The gang braved the snow to get a show together tonight, here's what they covered: $17 mill-yun dollars scammed from Omaha company… A cautionary tale on business process controls... http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html You get an attribution! And you get an attribution! You all get attributions! https://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080 Feds want more threat info from private companies. Is this the way to go? http://www.wired.com/2015/02/president-obama-signs-order-encourage-sharing-cyber-threat-information/ Join us next week for episode 1784 of the continuing special “Responsible Disclosure!” http://www.infosecurity-magazine.com/news/google-blinks-first-with-project/ PSAs: BSidesATL 2015 CFP is open http://www.securitybsides.com/w/page/92311122/BSidesATL2015 BSidesLV 2015 CFP and Call for Mentors is open as well http://www.bsideslv.org/ And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |
Mon, 9 February 2015
SFS Podcast Run Sheet for 2/9/15 - Episode 152
The Stories
Anthem…. a megabreach if ever we've seen one...
With the end of Microsoft’s Trusted Computing Group has the overall security posture of products taken a hit? Anecdotes say...maybe.
http://www.itproportal.com/2015/02/02/microsofts-new-ios-outlook-app-serious-security-flaws/
BSides Vegas PSA
Security Model is Broken. In other news, water is wet, and if you stop breathing, you may die.
http://www.scmagazine.com/the-security-model-is-broken/article/393033/
A vendor sponsored survey is slanted so that the “biggest problem” is likely fixed by the sponsor? NO WAY!!
|
Mon, 26 January 2015
Episode 151 -
Tonight, the gang dodged the snow for long enough to talk about some of the stories that have come out in the past week or two.
Can we finally quantify risk? http://www.csoonline.com/article/2874171/data-protection/new-framework-helps-companies-quantify-risk.html
Security budgets seem to be on the rise according to Ponemon: http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714?
Filed under "Duh..." http://www.infosecisland.com/blogview/24236-Fear-Hackers-First-Invest-in-an-IT-Security-Culture-Change.html
There are lots of potential changes to the CFAA, what can you do? http://www.csoonline.com/article/2873537/security-industry/post-state-of-the-union-reaction-to-proposed-legislation-remains-mixed.html
https://medium.com/message/we-should-all-step-back-from-security-journalism-e474cd67e2fa
https://community.rapid7.com/community/infosec/blog/2015/01/26/how-do-we-de-criminalize-security-research-aka-what-s-next-for-the-cfaa
Public Service Announcement: BSidesLV's awesome Proving Grounds track is looking for speakers: http://www.securitybsides.com/w/page/89943218/BSidesLV2015 CircleCityCon's CFP is open: https://circlecitycon.com/ BSidesCharm is looking for sponsors: http://www.securitybsides.com/w/page/80637041/BSidesCharm2015
And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |
Mon, 12 January 2015
Episode 150 - Not Quite Explicit The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we're not tackling Sony in this episode, but there was still plenty to discuss. Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels. http://windowsitpro.com/security/microsoft-ends-advanced-patch-notification-service-and-slams-google-early-warning-policy Microsoft and Google are starting up the disclosure discussion all over again. http://blog.erratasec.com/2015/01/a-call-for-better-vulnerability-response.html http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html Surprise surprise, politicians are calling for regulation of technology. http://www.nytimes.com/2015/01/12/us/politics/obama-to-call-for-laws-covering-data-hacking-and-student-privacy.html If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes. And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter. |