Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, on Spotify and on Soundcloud, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis

Russia busts Revil. Romance scammer sent to prison. Wormable Windows hole patched. Memories of the HAPPY99 virus. Linux disk encryption trouble. Apple browsers leak personal data. And how (not) to paint a computer.

Episode date: Thursday 2022-01-20

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle

A JavaScript coder sabotages his own projects. Routers with critical holes. Honda cars party like it’s 2002. The FTC warns everyone to patch. A Log4Shell-like bug in another Java library.

Episode date: Thursday 2022-01-13

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug

Log4Shell – the gift that keeps on taking. Scammers threatening your social media accounts. Apple Home has a pecuu[…]uuliar bug. And why 2FA is easier than you think.

Episode date: Thursday 2022-01-06

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs

Understanding Log4Shell. Fixing Log4Shell. What criminals are up to with Log4Shell. Apple’s latest security fixes. And what (not to) do when your mouse gets stuck.

Episode date: Thursday 2021-12-16

S3 Ep62: The S in IoT stands for security (and much more)

Mozilla’s “BigSig” buffer overflow hole. UK to put IoT vendors on notice. The Mother of All Demos. Cryptocurrency company catastrophe. Firefox gets an extra sandbox. And an access point from outer space (OK, from home).

Episode date: Thursday 2021-12-09

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness

Call scammers and cryptocoin treachery. Cloud insecurity and yet more cryptocoin treachery. Facial recognition creepiness. And the wannabe wizard that went to school with a trainee Sith.

Episode date: Thursday 2021-12-02

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public

Cybersecurity tips for the holiday season and beyond. Exchange at risk from public exploit. GoDaddy loses passwords for 1.2m users. Longest-lived Windows version ever. Don’t make your cookies public. And the day that umbrellas became an anti-DDoS tool.

Episode date: Thursday 2021-11-25

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase

The infamous Emotet malware makes a comeback. Crooks smirk at the world with a fake FBI warning. Why tubes are also valves. Samba fixes an intriguing bug. The suitcase that needs no handle. And a virtual-versus-real monitor mixup.

Episode date: Thursday 2021-11-18

S3 Ep58: Faces on Facebook, scams that are complaints, and a Kaseya bust

We enjoy the Sophos 2022 Threat Report. Facebook folds up its Face Recognition feature. Crooks combine a new social engineering scam with a new way of packaging malware. Kaseya ransomware suspect busted in Poland. And how to block radio comms in a land with no hills.

Episode date: Thursday 2021-11-11

S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser wars

Norbert (huzzah for Norbert!) does tech support. Europol digs into the ransomware scene. Microsoft finds a wacky bug in Apple’s shell. The Morris worm turns 33. Edge on Linux phans the phlames. Ola! Gibberish peculiarity textual solvage.

Episode date: Thursday 2021-11-04

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish

Bliss is a hill in wine country. Lessons from a cryptotrading hamster. Ransomware gang hacked back. Docusign phishers go after 2FA codes. Sleep mode considered harmful.

Episode date: Thursday 2021-10-28

S3 Ep55: Live malware, global encryption, dating scams, and secret emanations

Hook up with our forthcoming Live Malware Demo presentation. Why we think you should celebrate Global Encryption Day. A whole new twist on bogus online “friendships”. How to stop your network cables giving you away. And why superglue is NOT a cybersecurity tool!

Episode date: Thursday 2021-10-21

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish

Apple (you guessed it!) fixes yet another iPhone 0-day. Apache patches an embarrassing bug and then has to patch the patch. It’s Fight The Phish week. And the user who got punched right in the nose by a recalctrant computer.

Episode date: Thursday 2021-10-14

S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts

Apple Pay gets hacked (sort of). DOJ busts gift card scamming suspects. Our top tips for #Cybermonth. Ukrainian Cybercops v. ransomware crooks. A user who volunteered to RTFM!?

Episode date: Thursday 2021-10-07

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit

Let’s Encrypt brings HTTPS to everyone. Researchers rediscover an Outlook data leakage issue. VMware keeps it real. And when the mouse is away, the cat will play.

Episode date: Thursday 2021-09-30

S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked

A scarily exploitable hole in Microsoft open source code. A simpler take on delivery scams. A Face ID bypass hack, patched for the initial release of iOS 15. And how not to get locked in a cabling closet.

Episode date: Thursday 2021-09-23

S3 Ep50: Two 0-days plus another 0-day plus a fast food bug

Apple patches two zero-day bugs. Microsoft patches one zero-day bug. A security researcher finds a fast-food bug (non-insect sort). And a touchpad user turns right into left, and vice versa.

Episode date: Thursday 2021-09-16

S3 Ep49: Poison PACs, pointless alarms and phunky bugs

Overlooked security flaw leaves web code vulnerable. A home alarm system that almost anyone can turn off. Some fascinating Firefox bugs fixed. And when you grab your laptop… but it’s not yours.

Episode date: Thursday 2021-09-09

S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing

Security code flushes out security bugs. Recursion: see recursion. Phishing (and lots of it). And the Windows desktop that got so big it imploded.

Episode date: Thursday 2021-09-02

S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers

More money troubles in cryptotown. Trouble with plastic spaghetti. The mouse that conquered Windows. And the embarrassment when you report one of your very own emails as a phish.

Episode date: Thursday 2021-08-26

S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto

Copyright infringement scams that beg you to call. An IoT bug that could be exploited for video snooping and more. A hacker steals $600m and then makes a song and dance out of giving it back.

Episode date: Thursday 2021-08-19

S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed

Home and small business routers under attack. A hacking tool favoured by crooks gets hacked. The Navajo Nation’s selfless cryptographic contribution to America. A cybercrook gets aggrieved at being ripped off by cybercrooks.

Episode date: Thursday 2021-08-12

S3 Ep44: Unreported holes, retro computing, and tech support for malware

The latent 0-day that didn’t get reported until it was too late. Retro computing: reliving the TRS-80. Crooks that help you install their malware. And a 5-minute billionaire (who ended up with $400).

Episode date: Thursday 2021-08-05

S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust

Apple’s emergency 0-day fix. Two sorts of Windows nightmare, neither involving printers. Twitter hacker busted. And our very own Doug ruins a brand new TV.

Episode date: Thursday 2021-07-29

S3 Ep42: Viruses, Nightmares, patches, rewards and scammers

Learning from computer virus history. The PrintNightmare saga continues. Apple puts out a patch, but doesn’t say why. Snitch on a crook and earn $10 million. Scammers do grammar. And the Business Email Compromise that wasn’t.

Episode date: Thursday 2021-07-22

S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories

We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really. We look back at the 20-year-old Code Red virus. We look at what cybercriminals spend money on (hint: more cybercrime).

Episode date: Thursday 2021-07-15

S3 Ep40: Kaseya breach, PrintNightmare 0-day, and hacking versus the law

The “Independence Day Weekend” ransomware drama. The PrintNightmare nightmare continues. An email hacker gets his conviction overturned.

Episode date: Thursday 2021-07-08

For a full listing of episodes, including this and all previous series, please visit Naked Security on Soundcloud.