Episode 150 – Not Quite Explicit

The gang is back after their holiday break, and it sure was nice that nothing big happened between episodes, right? Right? Now, we’re not tackling Sony in this episode, but there was still plenty to discuss.

Microsoft is ending Advanced Patch Notification Service for everyone except for certain support levels.

http://windowsitpro.com/security/microsoft-ends-advanced-patch-notification-service-and-slams-google-early-warning-policy

Microsoft and Google are starting up the disclosure discussion all over again.

http://blog.erratasec.com/2015/01/a-call-for-better-vulnerability-response.html

http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx

http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html

Surprise surprise, politicians are calling for regulation of technology.

http://www.nytimes.com/2015/01/12/us/politics/obama-to-call-for-laws-covering-data-hacking-and-student-privacy.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, questions, or comments, drop us a comment here or find us at @SFSPodcast on Twitter.

Episode 149 – Rumors

The gang got together for one last show before the end of year hiatus to give talk about the year in review, and their predictions for the year to come.

We’ll be on hiatus until January, so have a safe holiday season, and we’ll be back next year.

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 148 – 2 Interviews, 1 Episode

It’s a longer than normal episode with two great interviews.

First Martin talks with Jennifer Minella (@jjx) about the upcoming (ISC)2 elections and her experience being on the board for the past year.

Then Martin brings Dave Shackleford (@daveshackleford) on to talk about what it wrong with security cons today.

We’ll be back next week!

Episode 147 – 15 Things

Tonight Martin, Steve, and Joseph tackled FUD, stolen medical data, and executive orders.

Remember, if it says X number of Y, you should probably just move on.

http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html

Stolen Medical Data is Now Worth Something

http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

A great step forward by the government?!

http://www.csoonline.com/article/2835476/data-protection/obama-signs-executive-order-to-bolster-federal-credit-card-security.html

There are also a lot of upcoming SecurityBSides events that you should check out here: http://www.securitybsides.com/w/page/12194156/FrontPage

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 146 – Mitzie

In case of breach, ask reporters for money?

http://motherboard.vice.com/read/hacked-snapchat-website-demands-payment-bitcoin-to-talk-about-getting-hacked-snapsaved

POODLE explained. Is this really what the future of vulnerability disclosure looks like?

http://www.wired.com/2014/10/poodle-explained/

Rethinking the Security “Con”

http://daveshackleford.com/?p=1063

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 144 – The Ballad of Ricky Joe

Tonight marked the return of Yvette back to the podcast, joining Martin, Andy, and Joseph to talk about what else but more Home Depot.

http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/

http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/

We also managed to fit in a great discussion on chip and pin and it’s effectiveness here in the US.

http://www.csoonline.com/article/2685514/data-protection/chip-and-pin-no-panacea-but-worth-the-effort-and-the-cost.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 143 – Menudo

This week Andy made his triumphant return back to the show with Martin, Steve, and Joseph. They dove right back in on some of the recent breaches, as well as a discussion about how CISOs should respond when they find themselves in a “resume-generating event.”

“C-level security”

http://www.businessweek.com/articles/2014-09-12/home-depot-didnt-encrypt-credit-card-data-former-workers-say

What are the technical details behind the Home Depot breach? There’s a lot of people looking into that.

http://sub0day.com/2014/09/pos-hacks/

http://www.darkreading.com/home-depot-breach-may-not-be-related-to-blackpos-target/d/d-id/1315636

“Six stages of data breach denial”

http://www.csoonline.com/article/2606174/infosec-careers/caught-in-the-breach-how-a-good-cso-confronts-inevitable-bad-news.html?nsdr=true

Minecraft purchased by Microsoft, and Notch is leaving Mojang

http://pastebin.com/raw.php?i=n1qTeikM

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode 142 – Orange Aprons

It kind of felt like Groundhog Day on the show this evening as Martin, Steve, and Joseph talked about some of the pressing stories that have come to light over the past week. Steve also gave some insight into discussion of breaches in the media.

Home Depot has issued a statement confirming that they have been breached, and have posted a FAQ for the breach.

http://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-about-the-home-depot-data-breach.html

https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx

A simple misconfiguration error led to a development server compromise for Healthcare.gov.

http://www.csoonline.com/article/2602964/data-protection/configuration-errors-lead-to-healthcare-gov-breach.html

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Episode 141 – What’s goin’ on?

Tonight Martin and Joseph tackled some of the breaking news of the week.

Breaking news: Home Depot breached?

http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/

‘Celebgate’ is upon us, apparently.

http://www.theverge.com/2014/9/2/6098107/apple-denies-icloud-breach-celebrity-nude-photo-hack

And according to Kaspersky, if we’ve done nothing wrong, we have nothing to fear.

http://www.theregister.co.uk/2014/08/29/kaspersky_backpedals_on_done_nothing_wrong_nothing_to_fear_company_article/

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter

Episode 140 – Dave Kennedy Fan Club

Tonight was an interesting news night for Martin, Steve, and Joseph. This was an episode filled with healthcare discussion.

First, CHS Hacked via Heartbleed?

https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/

http://www.sec.gov/Archives/edgar/data/1108109/000119312514312504/d776541d8k.htm

Second, CMS refuses to reveal details on the security behind Healthcare.gov

http://bigstory.ap.org/article/us-wont-reveal-records-health-website-security

If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter