SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

Filed Under: Adobe, Apple, Data loss, Featured, Google, Malware, Microsoft, Oracle, Podcast, Vulnerability

Sophos Security Chet Chat - Episode 139 - March 20, 2014

News, opinion, advice and research!

Here's our latest security podcast, featuring Sophos experts and Naked Security writers Chester Wisniewski and Paul Ducklin.

(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Stories covered in Chet Chat Episode 139

Get this and other Sophos podcasts

Download this episode as an MP3... Sophos podcasts on Soundcloud... RSS feed of Sophos podcasts...

, , , , , , , , , , , , , , , , ,

You might like

2 Responses to SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

  1. Hi Paul & Chet:

    I am a new listener, finding you from references to the Naked Security in a segment titled Security Lite on the Nosillacast podcast. A thought on your discussion about getting caught by mindlessly clicking on a "valid looking" link in an email and accidentally signing into a fraudulent site. I log into all websites via the 1Password browser extension for Chrome and Safari. Thinking about your discussion, in addition to having independent/complex passwords, another benefit of using these password managers is that the browser extensions can serve as a nice safety net for phishing emails. If I were to get one of these and unthinkingly click on the link and need to sign in - my browser extension would not associate the current URL with one of my log in items. Hopefully that clue would wake me from my stupor !!

    Keep the great shows coming.
    -mike p.

    • Paul Ducklin · 524 days ago

      Indeed, software that ties your login to a specific site by URL is very likely to protect you. It will also protect you from typosquatting mistakes, where you enter a URL that's nearly but not quite right, only to find the crooks are hovering:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog