SSCC 102 - Probably the best 15 minute security podcast you'll hear today

Filed Under: Adobe, Apple, Cryptography, Featured, Law & order, Malware, Microsoft, Podcast, Privacy, Security threats, Vulnerability

chet-chat-102-170Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Sophos has been recording security-related podcasts since 2006.

One of our most popular shows is the regular "Chet Chat" series where Senior Security Advisor Chester Wisniewski discusses the latest security news with a series of experts, and offers actionable advice on what you and your company should do about it.

The "Chet Chat" can be one of the best way you can catch up with the latest developments in the world of computer security, with a mixture of insight, expertise, scepticism, and advice.

And it's a quick listen too! Typically episodes come in at under 15 minutes - perfect for your lunchtime security fix, or as part of your commute.

The latest "Chet Chat", episode 102, features Chet and Naked Security's own Paul "Duck" Ducklin in a timely conversation that will certainly get you thinking about how better to secure your computers at home and in the office.

Listen now:

(12 February 2013, duration 14:32 minutes, size 8.8 MBytes)

Download now:
Sophos Security Chet Chat #102 (MP3)

Chet Chat episode 102 shownotes:

Network. Image from ShutterstockBamital botnet takedown -

Microsoft and Symantec show that the private sector has an important role to play in helping law enforcement take on organised cybercriminal gangs.

In this case, the Bamital botnet gang was reportedly netting $1 million a year through its attacks.

After control of some of the servers used by the botnet was seized by the authorities, warning messages could be displayed to victims, providing information and tools necessary for victims to disinfect their computers from the Bamital malware.

However, as the podcast discusses, there's a problem. The cybercrime authorities cannot always get sufficient budget to tackle challenges like the Bamital botnet. The reason? Not enough people are either willing or know how to report malware infections - and if the scale of the problem cannot be measured, it's hard for the authorities to procure the funds to fight it properly.

Router. Image from ShutterstockUPnP and your router -

Millions of routers wrongly seem to let outsiders snoop around inside your network, thanks to Universal Plug and Play.

UPnP is actually presented as a feature by many vendors - but is truly "one of the worst ideas ever" from the security point of view.

Vulnerable products include webcams, printers, security cameras, media servers, smart TVs and routers.

The last one is what is scariest. Nearly ever vendor you have ever heard of in the home/SOHO business has routers on the list of vulnerable products.

Many routers do not have an option to disable UPnP and even worse others have an option, but it doesn't do anything.

What can you do about it? Read our article and listen to our podcast to learn more.

FlashFlash patched for Windows and Apple users -

Adobe Flash is patched (again) for Windows and Mac users. And in case anyone still thinks Macs are immune to malware or of no interest to the crooks, here's some evidence to the contrary.

Yes, it's not just Windows users in the firing line.

Adobe said that it is aware of active attacks against Mac users exploiting the latest vulnerability - independent of Windows-based attacks.

Lucky 13Lucky Thirteen -

A pair of UK cryptographers take on web security and have discovered theoretical vulnerability that could be turned into a practical attack.

As the podcast describes, a fix to the problem has been available since 2008 (in TLS 1.2) but it just hasn't been properly adopted yet as only approximately 10% of servers actually support TLS 1.2 properly.

Catch up with the Chet Chat and other Sophos podcasts

(12 February 2013, duration 14:32 minutes, size 8.8 MBytes)

You can download the Sophos Security Chet Chat podcast episode 102 directly in MP3 format.

And why not take a look at the back-catalogue of Sophos Podcasts in our archive? We have loads of interesting stuff for your listening pleasure.

, , , , , , , , , , , , , , ,

You might like

10 Responses to SSCC 102 - Probably the best 15 minute security podcast you'll hear today

  1. TED · 968 days ago

    You guys talk about using WRT Open, why not use your Astaro Home license that is a fully use enterprise router or bridge with all the goodies. You can build an Atom based computer with Intel nics, load the free .ISO ( thanks you) and you have a 25 seat killer enterprise UTM with all the scanning services. Since Sophos owns Astaro, you could get the hardware for nothing anyway.

    Also, can you guys bring us a longer and more frequent Chet Chat. It is WAY to sparse on both. Can you please comment on both, and please be long winded.

    • Paul Ducklin · 968 days ago

      Why not use the free Sophos UTM Home Edition, indeed!

      We did discuss this in the podcast, but I edited it out for two reasons.

      Firstly, IMO, it sounded a bit too commercial in the midst of something that isn't supposed to be a product pitch.

      Secondly, Sophos Free UTM needs bigger hardware that the average SoHo router, which typically has just a few MBbytes of flash and RAM. Sophos UTM is a proper, business-grade firewall, and it needs an x64 CPU. So it's not an alternative for OpenWRT, it's a replacement.

      We tried to explain all this in a 30-second sound bite, but we didn't do it justice (nor did we keep it to 30 seconds) and it just didn't fit as nicely into the podcast as I'd have liked, so it ended up on the cutting floor.

      FYI, the Sophos Free UTM supports *50* devices, not 25 (you'll have iPhones, Androids, iPads and more, as well as that desktop and - they add up quickly these days!) You also get free Sophos Endpoint Protection (anti-virus etc.) for up to 12 Windows PCs, all managed from the Free UTM!

      • TED · 968 days ago

        My 25 seat comment was for the hardware capacity as in my Atom 510 dual core with a dual Intel Server nic could handle 25 plus very easily. ( as you know, every vendor over est. max seat capacity of their UTM hardware, if they say 100 seats, that means 50 seats in real life)

        I know WRT.... can't load ISOs like Astaro and Untangle. I am trying to get Astaro to work because I want GOOD AV and IPS/IDS and Untangle's implementation in bridge mode doesn't work very good in bridge.

        • Paul Ducklin · 967 days ago

          Errr, I'm afraid I don't know that every vendor "overestimates" maximum capacity :-)

          (In the Sophos UTM Home Edition case, the performance capacity depends on the hardware, physical or virtual, you choose to run it on. My mention of 50 devices and 12 Windows endpoints is merely a licensing limit.)

          By the way, if you've still got the Astaro-branded UTM software, you might want to upgrade, as it means you're not on V9, the latest and greatest version. (We switched the branding to Sophos UTM for the 9.x series, so there's technically no "Astaro" version in the V9 flavour.)

          I use it and it "just worked" from the moment the installer finished. (Yes, I would say that, but I would say it 'cos it's true :-)

    • Paul Ducklin · 968 days ago

      Oh. One more thing. Two, in fact.

      1. We're going to try to be both more regular and more frequent.

      Chester and I both have day jobs besides Naked Security and podcasting, which has made it tough to stick to a schedule in the past year :-)

      2. We'll consider making it longer.

      Problem is this: I reckon it's better to leave the people who really like the podcast wanting more than it is to bleat on for the sake of length and leave the people who are happy with X minutes wondering why we carried on for X-plus-delta. There are plenty of podcasts out there with large values of delta...we don't want to end up in that bucket.

      The burning question is, "What is the optimum value of X?"

      Your thoughts?

      • TED · 968 days ago

        Security Now is often 1.5 hours and every week, and most can't get enough. Then there is the so called sweet spot that I have heard is 30 mins for a Podcast. I vote for 30 mins.

        Can you guys have a show with your leading Mac lab guy and talk about Mac trends, where you find the most malware, do you honeypot, country of leading writers, quality of code, quality of social engineering "setup" to payload scenarios, how often Mac malware shows up on PC logs that get sent back to you guys, how often older Mac malware is seen in logs, ect....

        [edited for length]

        • Paul Ducklin · 967 days ago

          The "Mac malware" topic would be a good one - probably not for a Chet Chat (which is really about recent news, and typically covers three to five issues) but for another (irregular) podcast series we have called Techknow.

  2. Norm · 967 days ago

    I read Naked Security regularly and have now taken in one Chet Chat.
    I typically have my rss reader and player configured to download while connected, but I listen in the car or often read would offline.
    Two q's:
    1) any way you could provide the entire text directly within the rss feed or an alternate feed instead of links back to web pages?
    2) do you also have an rss for Chet Chat with the audio file contained within? (I listen to the net sec podcast in this fashion)

    • Paul Ducklin · 967 days ago

      We sometimes do transcripts, but they're an astonishingly large amount of work...and the whole idea of the podcast is that it's made to be listened to, rather than to be read.

      A discussion generally doesn't make very good reading, since if we were going to write it, we'd use a different style, and anyway would be an article, not a discussion :-)

      As for the RSS feed, if you subscribe to the Naked Security feed, you'll find that the Chet Chat is gettable from there as a URL (IIRC it's not embedded, just linked to). Click on the RSS icon at the top right on this page.

      We also have a dedicated podcasts page with a dedicated RSS feed, but it lags behind Naked Security by a day or so. Try here:

  3. wally · 967 days ago

    Delta-X is a variable; whatever the events since last cast requires. Your coverage is good in length and depth, and total time should be a factor of items that needs to be covered.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Follow Naked Security on Twitter at @NakedSecurity, on Facebook or join us on Google Plus.