Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, on Spotify and on Soundcloud, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (https://www.edithmudge.com).

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!


S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto

Memories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography.

Episode date: Thursday 2022-08-11


S3 Ep94: This sort of crypto, and the other sort of crypto

Queen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. Is $200 million just chump change?

Episode date: Thursday 2022-08-04


S3 Ep93: Office security, data breach costs, and leisurely patches

Geosynchronicity. Office security (on-off-on). A half-billion-dollar data breach cost. And patch that browser!

Episode date: Thursday 2022-07-28


S3 Ep92: Log4Shell4Ever, summer tips, and scammer timing

Integrated circuits and Nobel prizes. Log4Shell – forever? Cybersecurity tips for summmer. Scams and coincidence.

Episode date: Thursday 2022-07-21


S3 Ep91: Code Red, OpenSSL, Java bugs and Office macros

Memories of Code Red. OpenSSL fixes two tiny but troublesome bugs. More trouble in Java-land. Office macros off and back on again. Perils of paying ransomware demands.

Episode date: Thursday 2022-07-14


S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass

Chrome quashes another zero-day browser bug. Two big-time cybercrime stories. A 2FA phishing scam that arrived PDQ. Chester swarmed by bots on Twitter.

Episode date: Thursday 2022-07-07


S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix

Memories of the iPhone 1. Sextortion scams target LGBTQ+ daters. Yet another blockchain blunder. OpenSSL fixes the bug missed in the last bugfix. And what became of Little Bobby Tables?

Episode date: Thursday 2022-06-30


S3 Ep88: Phone scammers, hacking bust, and data breach fines

Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine.

Episode date: Thursday 2022-06-23


S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers

Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. The Law of Big Numbers versus SMS scams.

Episode date: Thursday 2022-06-16


S3 Ep86: The crooks were in our network for HOW long?!

The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job.

Episode date: Thursday 2022-06-09


S3 Ep85: Now THAT’S what I call a Microsoft Office exploit!

Why calling a computer after a famous scientist doesn’t always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why saying what you really mean makes you better at cybersecurity.

Episode date: Thursday 2022-06-02


S3 Ep84: Government demand, Mozilla velocity, and Clearview fine

How network comms caught a murderer back in in 1845. Why the US government said, “Patch, or else!” How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m.

Episode date: Thursday 2022-05-26


S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns

What does the word “non-commensurate” mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn’t this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll?

Episode date: Thursday 2022-05-19


S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again)

Where does the word “radio” come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers?

Episode date: Thursday 2022-05-12


S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms

World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms.

Episode date: Thursday 2022-05-05


S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. Get an full-on firewall at home for free.

Episode date: Thursday 2022-04-28


For a full listing of episodes, including this and all previous series, please visit Naked Security on Soundcloud.