SSCC 109 – Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

Episode #109 of our popular Chet Chat podcast series is out.

Chet and Duck (Chester Wisniewski and Paul Ducklin) are back with their almost entirely reverent opinions on the latest computer security issues.

If this is your first time listening to the Chet Chat: episodes come out every two weeks, and usually last about a quarter of an hour.

That makes the Chet Chat podcast ideal for your daily commute or for a spot of lunchtime listening.

(You can keep up with our podcasts via RSS or iTunes, and catch up on previous Chet Chats and other Sophos podcasts by browsing our podcast archive.)

Chet Chat episode 109 shownotes:

Laptop theft

Duck wrote about a video of a chap in London whose laptop was stolen in under a second, live on CCTV.

Was he using full-disk encryption? Both Chet and Duck sincerely hope so.

Duck poses the question, “Does the modern-day fence [handler of stolen goods] treat the data as valuable as well as the laptop?” Chester advises us to assume that the answer is, “Yes!”

Casher crews

Chet and Duck discuss the recent casher crew busts in New York, and talk about how people end up as money mules [processors of cash payments] for cybercrooks.

LulzSec busts

Chester suggests that the prison sentences dished out to Lulzseccers in the UK were probably long enough to satisfy people who thought the UK was a bit soft on cybercrime, but not so long as to be unreasonable.

He also mentions the interview he recorded back in February with Parmy Olson, who wrote a book about what makes these guys tick. It’s now available on

Patch Tuesday

Chester points out that MS fixed not only its PWN2OWN hole that was discovered a couple of months back, but also the “Dept of Labor” zero-day from just ten days before the update. He thinks that is pretty swift.

Duck agrees, admitting, “These are not words that naturally come billowing out of my mouth, but, ‘Well done, Microsoft!'” breach (and others)

Chet reels off a list of recent breach-ees, of which is a recent example. At least they only lost password hashes.

Duck remarks on the addition of another newspea kword to go with Advanced Persistent Threat: AoC. “Abundance of caution.”

He argues that that’s better than complete denial, but worries that it might mean the cure ends up worse than the disease.

Signing off

Chet and Duck sign off by inviting you to enter for a prize in the latest #sophospuzzle, now live on