Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, Spotify, Soundcloud and Stitcher, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (https://www.edithmudge.com).

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!


S3 Ep110: Spotlight on cyberthreats – an expert speaks

Security specialist John Shier tells you the “news you can really use” – how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report.

Episode date: Thursday 2022-11-24


S3 Ep109: How one leaked email password could drain your business dry

Microsoft’s tilt at the MP3 marketplace. Apple’s not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it.

Episode date: Thursday 2022-11-17


S3 Ep108: What would YOU do if you found $3 billion in a popcorn tin?

Were there six 0-days or only four? The cops that found $3b in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file.

Episode date: Thursday 2022-11-10


S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD?

The man who put Boole in Boolean. OpenSSL’s bated-breath update. Apple’s zero-day finally settled. New Chrome zero-day. SHA-3 code gets a patch. Extreme extortion via stolen medical data. Data breach response the nonchalant way.

Episode date: Thursday 2022-11-03


S3 Ep106: Facial recognition without consent: should it be banned?

Windows XP (fondly?!) remembered. Clearview AI courts controversy again. DEADBOLT ransomware crooks get counterhacked. Women cryptologists commemorated in US. How to measure randomness. Deconstructing Apple’s latest security bulletins.

Episode date: Thursday 2022-10-27


S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw”

Coolest videogame ever. Zoom thinks everyone’s a coder. Patch Tuesday that wasn’t. A data breach coverup. Log4Shell all over again. The Office cryptofail that Microsoft won’t fix.

Episode date: Thursday 2022-10-20


S3 Ep104: Should hospital ransomware attackers be locked up for life?

What goes up… must come down. Ransomware criminal avoids a life sentence. Former CSO convicted over Uber megabreach coverup. WhatsApp fights rip-off rogue apps. The Countess of Computer Science. Could a weird email brick your iPhone

Episode date: Thursday 2022-10-13


S3 Ep103.5: OAuth 2 and why Microsoft is forcing you into it

We dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it “Modern Auth”, though it’s more than a decade old, and is forcing Exchange Online customers onto it.

Episode date: Sunday 2022-10-09


S3 Ep103: Scammers in the Slammer (and other stories)

A fridge-sized calculator. ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 years in the slammer. Is there an answer to nuisance callers? Is the answer voicemail?

Episode date: Thursday 2022-10-06


S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who’s affected and how, find out what you can do while waiting for Microsoft’s patches, and plan your threat hunting.

Episode date: Saturday 2022-10-01


S3 Ep102: Cutting through cybersecurity news hype

What’s the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if “deleted” data comes back from the dead to haunt you?

Episode date: Thursday 2022-09-29


S3 Ep101: Uber and LastPass – is 2FA all it’s cracked up to be?

Security SOS Week 2022 – check it out! The very first Android. Firefox 105 is out. Uber hacked… by LAPSUS$? LastPass talks about its breach. Are two disks better than one?

Episode date: Thursday 2022-09-22


S3 Ep100.5: Uber breach – an expert speaks

Chester Wisniewski explains what we can learn from Uber’s latest cybsecurity crisis: “Just because a big company didn’t have the security they should doesn’t mean you can’t.”

Episode date: Saturday 2022-09-17


S3 Ep100: Browser-in-the-Browser hacking – how to spot an attack

Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again.

Episode date: Thursday 2022-09-15


For a full list of episodes, including this and all previous series,
please visit Naked Security on Soundcloud.