Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, on Spotify and on Soundcloud, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!

S3 Ep88: Phone scammers, hacking bust, and data breach fines

Duck gets behind the Ducks. 2000 phone scammers arrested in Interpol action. A three-year-old hacking case ends in conviction. And a Canadian financial company picks up an enormous data breach fine.

Episode date: Thursday 2022-06-23

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers

Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. The Law of Big Numbers versus SMS scams.

Episode date: Thursday 2022-06-16

S3 Ep86: The crooks were in our network for HOW long?!

The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job.

Episode date: Thursday 2022-06-09

S3 Ep85: Now THAT’S what I call a Microsoft Office exploit!

Why calling a computer after a famous scientist doesn’t always help. The wacky but dangerous 0-day hole in Windows. Supply chain attacks and the crooks who orchestrate them. Smishing revisited. And why saying what you really mean makes you better at cybersecurity.

Episode date: Thursday 2022-06-02

S3 Ep84: Government demand, Mozilla velocity, and Clearview fine

How network comms caught a murderer back in in 1845. Why the US government said, “Patch, or else!” How Mozilla got a double code-execution bug fixed in 48 hours. And why controversial face-matching company Clearview AI got fined $10m.

Episode date: Thursday 2022-05-26

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns

What does the word “non-commensurate” mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn’t this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll?

Episode date: Thursday 2022-05-19

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again)

Where does the word “radio” come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers?

Episode date: Thursday 2022-05-12

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms

World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms.

Episode date: Thursday 2022-05-05

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. Get an full-on firewall at home for free.

Episode date: Thursday 2022-04-28

S3 Ep79: Chrome hole, a bad-choice holiday, and cryptododginess

Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osbo[u]rne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostek 6502.

Episode date: Thursday 2022-04-21

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution

Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won’t die.

Episode date: Thursday 2022-04-14

S3 Ep77: Bugs, busts and old-school PDP-11 hacking

Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style.

Episode date: Thursday 2022-04-07

S3 Ep76: Deadbolt, LAPSUS$, Zlib and a Chrome 0-day

The DEADBOLT ransomware. LAPSUS$ members bust – or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we’re not sure why.

Episode date: Thursday 2022-03-31

S3 Ep75: Okta, CryptoRom, OpenSSL and CafePress

LAPSUS$ hackers break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach.

Episode date: Thursday 2022-03-24

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects

Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet?

Episode date: Thursday 2022-03-17

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and more

What do ransomware blackmailers ask for when they don’t want money? Why did Firefox get two updates in three days? How did Adafruit get hoist by the petard of “shadow IT”? And what’s with those dirty Linux pipes?

Episode date: Thursday 2022-03-10

S3 Ep72: AirTag stalking, web server coding woes and Instascams

How good is Apple’s AirTag stalker detection? Why are web coders still making Y2K-like blunders? And how many Instagram scams can you get in one weekend?

Episode date: Thursday 2022-03-03

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams

VMware guest VM escapes could put your host servers at risk. PHP fixes an input validation bug in input validation code. A WordPress plugin maker shows you how to write a decent security report. And French scammers remind us that sextortion is sadly still a thing.

Episode date: Thursday 2022-02-24

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day

Alleged Bitcoin fraudsters busted, power company in trillion-dollar payout blunder, how a blizzard led to a telecomms revolution, and 0-day after 0-day after 0-day.

Episode date: Thursday 2022-02-17

For a full listing of episodes, including this and all previous series, please visit Naked Security on Soundcloud.