We share our technical knowledge and advice in plain English without stripping out the interesting bits, with lots of laughs along the way.

The Naked Security podcast is available on all good podcast apps, or you can listen to the episodes in the current series below.

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!

Fun fact: Series 3 intro and outro music by Edith Mudge (https://www.edithmudge.com).

S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs

How a bug hunter snuck into the internal networks of 35 megacorporations. Why romance scams are going stronger than ever (and how to avoid them). What to do about those tempting but treacherous “tax refund” messages. And a listener tells us how he got a bit carried away while he was gardening…

Episode date: Thursday 2021-02-18

S3 Ep19.5: How NOT to be a bug bounty hunter

How does bug bounty hunting work? What should you do if you get a bug report that doesn’t follow established protocol? We tell you how to deal with so-called “beg bounties“, where self-styled “experts” beg you for money or even threaten you with ill-defined “problems” they claim to have found.

Episode date: Friday 2021-02-12

S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolen

We delve into Google’s tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain.

Episode date: Thursday 2021-02-11

S3 Ep18: Apple emergency, crypto blunder and botnet takedown

Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability. And Europol reported on a successful takedown operation against the notorious Emotet malware.

Episode date: Thursday 2021-02-04

S3 Ep17: Facemasks, hidden ads and paranormal hacking

What’s the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And who would you call if you spotted a deceased former colleague hanging out on your network?

Episode date: Thursday 2021-01-28

S3 Ep16: Darkweb bust, security at home, and browser snoopage

Anonymous and private, yet busted – we explain how darkweb sites sometimes keep your secrets… and sometimes don’t. We help you improve your cybersecurity at home. And we tell you the tale of a company with a cool name but allegedly with creepy habits coded into its browser extensions.

Episode date: Thursday 2021-01-21

S3 Ep15.5: Home schooling – how to stay secure

Thanks to coronavirus lockdown rules in the UK, and the temporary closure of all schools, Sally Adam suddenly found herself responsible for cybersecurity where it mattered more than ever: on a home network that jointly served for home, work and school.

Paul Ducklin talks to Sally about how she did it, and how to keep your own family’s digital life safe.

Episode date: Tuesday 2021-01-19

S3 Ep15: Titan keys, Mimecast certs and Solarwinds

We explain how two French researchers hacked the Google Titan security key product (but why you don’t need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it.

Episode date: Thursday 2021-01-14

S3 Ep14: Money scams, HTTPS by default, and hardcoded passwords

We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software.

Episode date: Thursday 2021-01-07

S3 Ep13: A chat with hacker Keren Elazari

How did the movie “Hackers” inspire a girl to grow up to become a hacker herself? Find out from security analyst, friendly hacker and TED Talk speaker Keren Elazari.

Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career.

Episode date: Thursday 2020-12-31

S3 Ep12: A chat with social engineering hacker Rachel Tobac

How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac.

Join us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along the way.

Episode date: Thursday 2020-12-24

S3 Ep11: DIY phishes, sandwich scams and vaccine hacking

We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after.

Episode date: Thursday 2020-12-17

S3 Ep10.5: 20 years of cyberthreats that shaped infosec

We interview Sophos expert John Shier about his recently published paper, “20 years of cyberthreats that shaped information security“.

Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack.

Episode date: Sunday 2020-12-13

S3 Ep10: Hacking iPhones, sunken Enigmas and double scams

We dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk to phone scammers.

Episode date: Thursday 2020-12-10

S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips

We look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home.

Episode date: Thursday 2020-12-03

S3 Ep8: A conversation with Katie Moussouris

How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris, CEO of Luta Security.

Join us for a fascinating interview with Katie (@k8em0) about her journey, the bugs in bug bounty programs, and the people who inspired her along the way.

Episode date: Thursday 2020-11-26

S3 Ep7: When ransomware crooks get a big fat zero!

We say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris.

Episode date: Thursday 2020-11-19

S3 Ep6: How not to get scammed

When payments go astray, why “just in case” cybersecurity warnings do more harm than good, how to shop safely on Black Friday and beyond, and (oh! no!) what to do when all your emails disappear.

Episode date: Thursday 2020-11-12

S3 Ep5: Chrome, Flash and malware for sale

A zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair.

Episode date: Thursday 2020-11-05

S3 Ep4.5: FBI “ransomware warning” for healthcare is a warning for everyone

Two days before we recorded this minisode, the FBI, CISA and HHS released an unprecedented warning of “an increased and imminent cybercrime threat to US hospitals and healthcare providers.” Chester Wisniewski, Principal Research Scientist at Sophos, discusses what the threat is, what this advisory means, and why this warning is a warning for everyone.

Episode date: Friday 2020-10-30

S3 Ep4: Now THAT’S what I call a fire alarm!

Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and (oh! no!) the best/worst IT helpdesk call ever.

Episode date: Thursday 2020-10-29

S3 Ep3: Breaking crypto, busting hackers and pwning Chrome

The DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”.

Episode date: Thursday 2020-10-22

S3 Ep2: Creepy smartwatches, botnets and Pings of Death

We investigate a creepy smartwatch for kids, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find the source of mysterious beeping from every computer in the office.

Episode date: Thursday 2020-10-15

S3 Ep1: Ransomware – is it really OK to pay?

We wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of “linkless phishing“, ask if it’s ever OK to pay a ransomware demand, and advise what to do when the CEO won’t stop looking at naughty sites.

Episode date: Thursday 2020-10-08

S3 Trailer: We’re back!

Get ready. A brand new series arrives Thursday, 8 October 2020.

Trailer date: Tuesday 2020-10-06