SSCC 104 – Probably (be fair, definitely!) the best 15-minute podcast you’ll hear today

Have you joined thousands of others and become a loyal listener to the “Chet Chat” yet?

Sophos has been recording security-related podcasts since 2006.

One of our most popular shows is the regular “Chet Chat” series where Senior Security Advisor Chester Wisniewski discusses the latest security news with a series of experts, and offers actionable advice on what you and your company should do about it.

And it’s a quick listen too! Typically episodes come in at under 15 minutes – perfect for your lunchtime security fix, or as part of your commute.

In episode 104, Chester and regular guest Duck (Paul Ducklin) turn their unique blend of insight, expertise and scepticism on recent events in the computer security scene.

Chet Chat episode 104 shownotes:

• Conference roundup

Chester talks about three back-to-back security events he’s just attended: RSA 2013 in San Francisco, B-Sides in Vancouver and CanSecWest in Vancouver.

RSA was all about “Big Data,” making use of those months’ or years’ worth of logs you went to all that trouble to collect.

CanSecWest is probably well-known more for the PWN2OWN contest than for the conference itself.


Chester was with the Mozilla guys at the moment their Firefox browser was owned, and gives us a blow-by-blow of how the Mozilla team was able to come up with a fix within a few hours.

• Viruses and blaming viruses

A recent XKCD cartoon showed a Venn diagram of the set of occasions when a virus caused trouble, and the set of occasions users blamed viruses.

The diagram jokingly showed two disjoint (non-intersecting) sets.

The reality isn’t quite that bad, but sometimes it’s easier to blame some external factor instead of looking in the mirror and facing up to what really caused the problem.

• The cPanel break-in and cloud security

A recent compromise of customers’ root passwords (!) stored by web admin company cPanel raises all the usual questions of security and safety in the cloud.

The company has now taken on a less risky way of carrying out remote administration, albeit with very slightly less convenience all round, but you have to wonder how convenience ever trumped security in this case.

• And the best corporate security blog is…

Chester and Duck remembered just at the last minute…Naked Security won the Best Corporate Security Blog for the second year running (and an award for the third consecutive year) at this year’s Security Bloggers’ Awards.

Thanks to everyone who proposed us for the prize list, and then voted for us!

Catch up with Chet Chats and other podcasts

(12 March 2013, duration 14:32 minutes, size 8.8 MBytes)

You can download the Sophos Security Chet Chat podcast episode 104 directly in MP3 format.

And why not take a look at the back-catalogue of Sophos Podcasts in our archive? We have loads of interesting stuff for your listening pleasure.