Naked Security
Detajet e Kanalit
Naked Security
We take an expert look at the latest cybersecurity incidents, how they happened, and why. Tune in weekly to learn what you can do to stop bad things from happening to you! Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: @NakedSecurity Instagram: @NakedSecurity
Episode të Fundit
515 episodeS3 Ep149: How many cryptographers does it take to change a light bulb?
Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb?
Intro and...
S3 Ep148: Remembering crypto heroes
Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum.
Intro and outro music by Edith Mudge (...
S3 Ep147: What if you type in your password during a meeting?
An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) wi...
S3 Ep146: Tell us about that breach! (If you want to.)
Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway.
Intro and outro...
S3 Ep145: Bugs With Impressive Names!
Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering th...
S3 Ep144: When threat hunting goes down a rabbit hole
Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When ty...
S3 Ep143: Supercookie surveillance shenanigans
Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid...
S3 Ep142: Putting the X in X-Ops
First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how...
S3 Ep141: What was Steve Jobs's first job?
PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and...
S3 Ep140: So you think you know ransomware?
Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III.
Twit...
S3 Ep139: Are password rules like running through rain?
Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at l...
S3 Ep138: I like to MOVEit, MOVEit
Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained.
Twitter @Nake...
S3 Ep137: 16th century crypto skullduggery
How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening.
Email tips...
S3 Ep136: Navigating a manic malware maelstrom
Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom.
Email tips@sopho...
S3 Ep135: Sysadmin by day, extortionist by night
An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearvie...
S3 Ep134: It's a PRIVATE key - the hint is in the name!
The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Blu...
S3 Ep133: Apple takes "tight-lipped" to a whole new level
New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut:...
S3 Ep132: Proof-of-concept lets anyone hack at will
The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack?...
S3 Ep131: Can you really have fun with FORTRAN?
Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited.
With Doug A...
S3 Ep130: Open the garage bay doors, HAL
A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard...
S3 Ep129: When spyware arrives from someone you trust
A supply chain attack that foisted spyware on trusting users. Wi-Fi encryption bypass via left-over data. Surely there should be TWO World Backup Days...
S3 Ep128: So you want to be a cybercriminal?
RIP Gordon Moore, the more in Moore's Law. Photo cropping bugfix. DDoS honeypot. E-commerce patches. Apple 0-day and lots more.
Email tips@sopho...
S3 Ep127: When you chop someone out of a photo, but there they are anyway...
The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life.
E...
S3 Ep126: The price of fast fashion (and feature creep)
The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday updates.
Original music by Edith Mudge
Got questio...
S3 Ep125: When security hardware has security holes
Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice.
S3 Ep124: When so-called security apps go rogue
How Woz nearly gave away the Apple I. Rogue software packages. Rogue network "administrators". Rogue keyloggers. Rogue authenticators.
Or...
S3 Ep123: Crypto company compromise kerfuffle
The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The cost of success.
Original music by Edit...
S3 Ep122: Stop calling every breach "sophisticated"!
The birth of ENIAC. A "sophisticated attack" (someone got phished). A cryptographic hack enabled by a security warning. Valentine's Day Patch Tuesday....
S3 Ep121: When cybercrime victims are culprits, too
Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature?
Original music...
S3 Special: Tracers in the Dark with Andy Greenberg
Do we really need a "war against cryptography" - codes and ciphers that the government can easily crack if it thinks there's an emergency - to cement...
S3 Ep120: When dud crypto simply won't let go
The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. S...
S3 Ep119: Breaches, patches, leaks and tweaks!
The programming language almost called Oak. GoTo admits to more breach woes. T-Mobile spills 37 million records. Apple patches everything, even iOS 12...
S3 Ep118: Guess your password? No need if it's stolen already!
The HAPPY99 virus reminds us that less is more. Trouble with JSON Web Tokens. Investment scammers busted in Europe. The LifeLock "breach" that wasn't....
S3 Ep117: The crypto crisis that wasn't (and farewell forever to Win 7)
Two stories from the underground. Bank scammers busted. The crypto-crack that wasn't. And the end of two Windows eras at the same time.
Original...
S3 Ep116: Last straw for LastPass? Is crypto doomed?
The ground-breaking HP-35 digital calculator. Last straw for LastPass? Congress takes on quantum computing. 33 1/3-year-old cybersecurity lessons. Mac...
S3 Ep115: True crime stories - A day in the life of a cybercrime fighter
Once more unto the breach, dear friends, once more!
Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybers...
S3 Ep114: Preventing cyberthreats - stop them before they stop you!
Join world-renowned Sophos expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode, recorded during our recent Security...
S3 Ep113: Pwning the Windows kernel: the crooks who hoodwinked Microsoft
The irony of the CAN-SPAM law. When genuine kernel drivers go rogue. Apple patches everything. Stealing data via secret radio waves. E-commerce supply...
S3 Ep112: Beware! Data breaches can haunt you more than once...
The worm that wasn't a Goner. LastPass suffers a sting in the data breach tail. Apple's secretive update. The Ping o' Death. SIM swapping explained. A...
S3 Ep111: The business risk of a sleazy "nudity unfilter"
Christmas-themed wormage. Prurient malware. Cryptorom busts. Voice call spoofing.
Original music by Edith Mudge
Got questions/suggestions/...