Tonight Martin, Steve, and Joseph discussed one of Steve’s recent experiences with open source products and services in a business environment.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Three stories get the Southern Fried treatment from Martin, Andy, and Yvette.

Moving from “checkbox compliance” to “GRC”….. Good idea.

http://www.darkreading.com/compliance/can-we-cease-check-box-compliance/240153220

The Washington Post wants government action on all things “cyber”…..  Maybe a Good Idea, Maybe a Bad Idea

http://www.washingtonpost.com/opinions/government-private-sector-must-team-up-to-fight-cyberthreats/2013/04/21/0b3b80fc-a913-11e2-a8e2-5b98cb59187f_story.html#

First thing you do when you’ve been breached?  Advise your customers!  A very, very Bad Idea.

http://www.infosecisland.com/blogview/23092-Into-the-Breach.html

Remember you can always follow our feed at @SFSPodcast or see our website at www.southernfriedsecurity.com

This week was another deep dive topic for Martin, Steve, and Joseph. We chose to tackle some of the opinions on the oft-discussed topic of security awareness. Here are a couple of articles that we used to kind of establish a baseline:

http://www.schneier.com/blog/archives/2013/03/security_awaren_1.html

http://searchsecurity.techtarget.com/news/2240162630/Data-supports-need-for-awareness-training-despite-naysayers

http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness

Take a listen, let us know your thoughts!

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

To try and summarize this episode would be a monumental task. Instead, you guys are going to get a look into the behind the scenes of the Southern Fried Security Podcast. This episode runs a little long, but it’s absolutely worth it.

SFS Podcast Ep100 Run List

Open1            -           Jack Daniel Opener

Open2                        -           New Theme

Martin Intro & Welcome

<Random Discussion>

Andy’s Favorite Interview:  Jack Daniel

Interview Clip of Jack and the 10 Questions

Andy’s Favorite Moment:  Ep9 – Crossing the Streams

Ep9 Clip –

Andy’s Favorite Show: Offensive Security: Pros and Cons w/ Paul and John Strand (43)

Andy – What has changed most in the industry since the start of the podcast?

<COMMERCIAL BREAK>

Bumper1        -           Liquid Matrix Bumper

Bumper2        -           Bella Security Justice Bumper

Steve’s Favorite Interview: ?????

Steve’s Favorite Show:   Ep17 – Steve in the Cage

Show Clip – Steve in the Cage

Steve – What has changed the most on the podcast since we started?

Joseph’s Favorite Interview:

Joseph’s Favorite Show:   Red Firewall…

Joseph – What’s the podcast done/meant for you?

<COMMERICAL BREAK>

Bumper 1       -           Becky Exotic Liability

Bumper 2       -           Dueling Banjo – Short

Yvette’s Favorite Interview

Yvette’s Favorite Show:  Manvirtex (Ep97)

Yvette:  As the FNG – how’s it been going?

Martin’s Favorite Interview – Shrdlu Ep2

Martin’s Favorite Show – ????

Discussion:  What’s changed the most in the world of enterprise infosec since we launched in January of 2010?

<Random Discussion & Final Thoughts>

Close out

Clip 1 – Old bumper plus Hoff’s Security Rock Star

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

In our last episode before the big 100, Martin, Andy, and Joseph tackled one of the bigger stories recently, the Mandiant Report on “APT1″:

http://intelreport.mandiant.com/

That segued nicely into a recent article on Threatpost about “Avoiding Attack Attribution Distraction”:

http://threatpost.com/en_us/blogs/avoid-attack-attribution-distraction-022113

We wrapped up the night with a discussion of some of the more common failures that risk and security officers make:

http://blogs.gartner.com/paul-proctor/2013/02/24/risk-and-security-officer-failures/

Be sure to tune in next time for episode 100!

This evening, Martin, Steve, Andy, and Joseph Tackled some stuff that just makes you say “duh.”

Starting off, we talked about the exciting Macy’s Thanksgiving Day Ticker Tape Parade, which unleashed confidential data upon unsuspecting parade watchers:

http://www.wpix.com/news/wpix-confidential-confetti-at-thanksgiving-parade,0,4718007.story

We went straight from there to a sticky topic that’s been making the rounds lately about AT&T:

http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/

To lighten the mood, we talked about some of Facebook’s recent decisions and how it’s affecting the greater Facebook population:

http://threatpost.com/en_us/blogs/facebook-proposes-eliminating-user-voting-system-privacy-changes-112112

http://www.wired.com/business/2012/11/facebook-copyright-hoax/

We also talked about good friend of the podcast Wendy Nather’s article on Threat Intelligence Hype:

http://www.darkreading.com/security-monitoring/blog/240142229/threat-intelligence-hype.html

And as a reference for those of you interested in the incident response report for South Carolina that we discusses a few weeks back, that’s available for public viewing now:

https://docs.google.com/viewer?url=http%3A%2F%2Fgovernor.sc.gov%2FDocuments%2FMANDIANT%2520Public%2520IR%2520Report%2520-%2520Department%2520of%2520Revenue%2520-%252011%252020%25202012.pdf

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories.

First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012

Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson: http://www.securitybsides.com/w/page/28563447/BSidesDelaware http://www.securitybsides.com/w/page/40113672/BsidesPDX http://www.securitybsides.com/w/page/53447313/BSidesJackson

Then we jumped into our first story for the evening, the recent breach in South Carolina:

http://www.cbsnews.com/8301-505245_162-57542255/haley-taxpayer-info-didnt-need-to-be-encrypted/

http://www.reuters.com/article/2012/10/29/us-usa-cybersecurity-southcarolina-idUSBRE89S13T20121029

Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed:

http://www.wired.com/threatlevel/2012/10/barnes-and-noble-pos-hack/

From those, we transitioned into a discussion on Incident Response:

http://www.infosecisland.com/blogview/22470-Have-You-Added-Personas-to-your-Incident-Response-Program.html

As well as Mike Rothman’s great article on security tradeoffs:

http://www.darkreading.com/blog/240010015/making-security-trade-offs.html

After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading:

http://www.darkreading.com/identity-and-access-management/167901114/security/news/240009630/7-costly-iam-mistakes.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

This evening we had a special guest, the always lovely @securityintern, along with our regular crowd of misfits.

We wasted no time jumping straight in to our stories tonight, led off by good friend of the podcast, Wendy Nather’s story on When Monitoring becomes a liability:

http://www.darkreading.com/security-monitoring/blog/240008609/when-monitoring-becomes-a-liability.html

We followed that up with an interesting article from Microsoft, discussing malware and software piracy:

http://blogs.technet.com/b/mmpc/archive/2012/10/09/sirv13-be-careful-where-you-go-looking-for-software-and-media-files.aspx

And last but not least, we dove into an article the likes of which only comes around every now and then. An article so special and full of wisdom that we had to bring it up:

http://www.csoonline.com/article/718462/top-8-things-csos-wish-they-had-a-solution-for

We close tonight with a brief interview with Martin’s co-presenter at HouSecCon, Michelle Klinger.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Brought to by MAD Security and the support of viewers like you…

This week, we started with our quick Moment of Shill, where we discussed the plethora of upcoming conferences:

DerbyCon – Sept 28-30

https://www.derbycon.com/

BruCon – Sept 26-27

http://2012.brucon.org/

HouSecCon – Oct 11

http://houstonseccon.com/

BSidesDFW – Nov 3

http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012

BSidesATL – Oct 19

http://www.securitybsides.com/w/page/58266249/BSidesATL-2012

BSides – Jackson – Nov 10

http://www.securitybsides.com/w/page/53447313/BSidesJackson

SecZone – Cali, Colombia – Dec 3-7

http://www.securityzone.co/indexeng.html

For our stories this evening, we dove straight in to the hullabaloo surrounding this most recent Internet Explorer patch:

http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/240007691/multiple-targeted-ie-attacks-underway-microsoft-to-release-patch-tomorrow.html

We also tackled Sophos’ joining of the big boys and their recent challenges with false positive signatures:

http://www.csoonline.com/article/716892/sophos-admits-bad-update-slamming-its-anti-virus-software-customers

And, finally, some great career building advice from Javvad and SpaceRogue

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

This week, we have an exciting new announcement: MAD Security has come on as our first official sponsor, and we’re glad to work with them. We’re really excited about all the work that they do with the community, and you’ll hear more content from them with us in the coming weeks.

For our stories tonight, Martin, Yvette, and Joseph reminisced a bit about their experiences in Vegas, then got right down to Dave Shackleford’s article in response to Dave Aitel’s article about security awareness:

http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness?page=1

http://www.infosecisland.com/blogview/22057-No-Infosec-Sacred-Cows.html

Then, to close things out, talked a bit about Iran and their recent announcement that they will be separating themselves away from the rest of the Internet:

http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9453905/Iranian-state-goes-offline-to-dodge-cyber-attacks.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.