Episode 153 – Internet Veapon

The gang braved the snow to get a show together tonight, here’s what they covered:

$17 mill-yun dollars scammed from Omaha company… A cautionary tale on business process controls…
http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html

You get an attribution! And you get an attribution! You all get attributions!
https://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080

Feds want more threat info from private companies. Is this the way to go?
http://www.wired.com/2015/02/president-obama-signs-order-encourage-sharing-cyber-threat-information/

Join us next week for episode 1784 of the continuing special “Responsible Disclosure!”
http://www.infosecurity-magazine.com/news/google-blinks-first-with-project/

PSAs:
BSidesATL 2015 CFP is open
http://www.securitybsides.com/w/page/92311122/BSidesATL2015

BSidesLV 2015 CFP and Call for Mentors is open as well
http://www.bsideslv.org/

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Episode 152 – Stats & Booth Babes

Anthem…. a megabreach if ever we’ve seen one…
http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html

With the end of Microsoft’s Trusted Computing Group has the overall security posture of products taken a hit?  Anecdotes say…maybe.
http://www.itproportal.com/2015/02/02/microsofts-new-ios-outlook-app-serious-security-flaws/

BSides Vegas PSA

Security Model is Broken. In other news, water is wet, and if you stop breathing, you may die.
http://www.scmagazine.com/the-security-model-is-broken/article/393033/

 A vendor sponsored survey is slanted so that the “biggest problem” is likely fixed by the sponsor?  NO WAY!!
http://www.csoonline.com/article/2879117/data-protection/vendor-math-doesnt-add-up-on-federal-security-priorities.html

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Episode 151 – Spleen

Tonight, the gang dodged the snow for long enough to talk about some of the stories that have come out in the past week or two.

Can we finally quantify risk?
http://www.csoonline.com/article/2874171/data-protection/new-framework-helps-companies-quantify-risk.html

Security budgets seem to be on the rise according to Ponemon:
http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714?

Filed under “Duh…”
http://www.infosecisland.com/blogview/24236-Fear-Hackers-First-Invest-in-an-IT-Security-Culture-Change.html

There are lots of potential changes to the CFAA, what can you do?
http://www.csoonline.com/article/2873537/security-industry/post-state-of-the-union-reaction-to-proposed-legislation-remains-mixed.html

https://medium.com/message/we-should-all-step-back-from-security-journalism-e474cd67e2fa

https://community.rapid7.com/community/infosec/blog/2015/01/26/how-do-we-de-criminalize-security-research-aka-what-s-next-for-the-cfaa

Public Service Announcement:
BSidesLV’s awesome Proving Grounds track is looking for speakers: http://www.securitybsides.com/w/page/89943218/BSidesLV2015
CircleCityCon’s CFP is open: https://circlecitycon.com/
BSidesCharm is looking for sponsors: http://www.securitybsides.com/w/page/80637041/BSidesCharm2015

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Episode 150 – Not Quite Explicit

The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we’re not tackling Sony in this episode, but there was still plenty to discuss.

Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels.

http://windowsitpro.com/security/microsoft-ends-advanced-patch-notification-service-and-slams-google-early-warning-policy

Microsoft and Google are starting up the disclosure discussion all over again.

http://blog.erratasec.com/2015/01/a-call-for-better-vulnerability-response.html

http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx

http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html

Surprise surprise, politicians are calling for regulation of technology.

http://www.nytimes.com/2015/01/12/us/politics/obama-to-call-for-laws-covering-data-hacking-and-student-privacy.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Episode 149 – Rumors

The gang got together for one last show before the end of year hiatus to give talk about the year in review, and their predictions for the year to come.

We’ll be on hiatus until January, so have a safe holiday season, and we’ll be back next year.

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 148 – 2 Interviews, 1 Episode

It’s a longer than normal episode with two great interviews.

First Martin talks with Jennifer Minella (@jjx) about the upcoming (ISC)2 elections and her experience being on the board for the past year.

Then Martin brings Dave Shackleford (@daveshackleford) on to talk about what it wrong with security cons today.

We’ll be back next week!

Episode 147 – 15 Things

Tonight Martin, Steve, and Joseph tackled FUD, stolen medical data, and executive orders.

Remember, if it says X number of Y, you should probably just move on.

http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html

Stolen Medical Data is Now Worth Something

http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

A great step forward by the government?!

http://www.csoonline.com/article/2835476/data-protection/obama-signs-executive-order-to-bolster-federal-credit-card-security.html

There are also a lot of upcoming SecurityBSides events that you should check out here: http://www.securitybsides.com/w/page/12194156/FrontPage

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 146 – Mitzie

In case of breach, ask reporters for money?

http://motherboard.vice.com/read/hacked-snapchat-website-demands-payment-bitcoin-to-talk-about-getting-hacked-snapsaved

POODLE explained. Is this really what the future of vulnerability disclosure looks like?

http://www.wired.com/2014/10/poodle-explained/

Rethinking the Security “Con”

http://daveshackleford.com/?p=1063

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 144 – The Ballad of Ricky Joe

Tonight marked the return of Yvette back to the podcast, joining Martin, Andy, and Joseph to talk about what else but more Home Depot.

http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/

http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/

We also managed to fit in a great discussion on chip and pin and it’s effectiveness here in the US.

http://www.csoonline.com/article/2685514/data-protection/chip-and-pin-no-panacea-but-worth-the-effort-and-the-cost.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 143 – Menudo

This week Andy made his triumphant return back to the show with Martin, Steve, and Joseph. They dove right back in on some of the recent breaches, as well as a discussion about how CISOs should respond when they find themselves in a “resume-generating event.”

“C-level security”

http://www.businessweek.com/articles/2014-09-12/home-depot-didnt-encrypt-credit-card-data-former-workers-say

What are the technical details behind the Home Depot breach? There’s a lot of people looking into that.

http://sub0day.com/2014/09/pos-hacks/

http://www.darkreading.com/home-depot-breach-may-not-be-related-to-blackpos-target/d/d-id/1315636

“Six stages of data breach denial”

http://www.csoonline.com/article/2606174/infosec-careers/caught-in-the-breach-how-a-good-cso-confronts-inevitable-bad-news.html?nsdr=true

Minecraft purchased by Microsoft, and Notch is leaving Mojang

http://pastebin.com/raw.php?i=n1qTeikM

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter