Episode 8 of the Naked Security Podcast is now live!
This week I stepped in to host the show with Paul Ducklin, Ben Jones and special guest Peter Mackenzie.
Peter fights complex and advanced malware here at Sophos and joined us to share the latest ransomware trends [0’37”]. Ben discusses a recent leak of Facebook data that led to the exposure of more than 100 million phone numbers [15’50”] and Duck explains why not everyone is happy about Mozilla’s move towards DNS over HTTPS [31’36”].
Do you want us to answer your question next week? Simply comment below.
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast.
Audio player above not working? Download MP3, listen on Soundcloud or on Apple Podcasts, or access via Spotify.
By the way – here’s our latest fun animation based on last week’s episode. Watch now and see if you can beat Duck’s limerick – comment below with your own verse! (For bonus points, try starting with the same first line: There was a young lady called Prue…)
![]() |
![]() |
![]() |
I recently received notifications that my passwords for four sites had been compromised. Only on one did I have an account, so I have no way to change a password on the others. The ones I never heard of are “verifications.io,” Apollo” and “Modern Business Solutions.” Does this mean passwords from other sites have been compromised as a result of these three and how can I find out which sites?
Fake notifications are surprisingly common as a phishing technique – ‘to prevent your account being shut down click here’, or something like that. Sometimes the crooks get lucky and the spam mentions a site where you do have an account and suddenly it feels much more believable. Just make sure you don’t click any login links in the warning emails themselves… for sites where you do have an account, make your own way there without relying on handy link that was emailed to you.
This was not a phish and it didn’t come via email. I had just signed up with “1Password,” having just decided that it was time for a password manager, since I have a bulging Ziploc full of stickies with passwords. In the process of the signup, they did a scan and turned up four sites with compromised passwords. From what I’ve read of three of these sites, they may contain other passwords of mine from other sites. And don’t worry, I don’t click on strange links. I use a program named “Mailwasher” with which I can examine the entire header on the server, including the originating domain, etc. I’m much more careful than average…
My comment was more by way of a general warning to everyone, BTW.
As for ‘what interpretation to put on the warnings from 1Password’, you’d need to check with them for how they decide your account’s showed up elsewhere and what that is supposed to imply. If you know you don’t have accounts on those sites, I’d suggest you can simply ignore the warnings. If someone else had created an account using your email address, you’d expect to have seen emails to that effect (and the person signing up wouldn’t)…
Quack Quack
💅