Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, on Spotify and on Soundcloud, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns

What does the word “non-commensurate” mean? When is cracking passwords legal? Why did Firefox get patched? Which computer needed dropping onto the desk? Why wasn’t this 0-day listed in every Apple update? Did Duck get spammed, or was it actually a troll?

Episode date: Thursday 2022-05-19

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again)

Where does the word “radio” come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers?

Episode date: Thursday 2022-05-12

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms

World Password Day (we still need it), Github authentication tokens, Firefox hits a ton, and a look back at network worms.

Episode date: Thursday 2022-05-05

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java

The biggest mountain in tne solar system. New ransomware statistics. Trouble with phishing. Bugs in NAS boxes. A giant security hole in Java. Get an full-on firewall at home for free.

Episode date: Thursday 2022-04-28

S3 Ep79: Chrome hole, a bad-choice holiday, and cryptododginess

Adam Osborne or John Osbourne? Another 0-day in Chrome. How not to choose a cybersecurity holiday destination. The Osbo[u]rne Effect. Cryptododginess that might actually be legal. And the Zilog Z80 versus the Mostek 6502.

Episode date: Thursday 2022-04-21

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution

Hydra darkweb market decapitated. Ruby module supply chain hole. Quantum computing sidestepped. A robot revolution that could result in ransomware. And the Zuckerberg scam that just won’t die.

Episode date: Thursday 2022-04-14

S3 Ep77: Bugs, busts and old-school PDP-11 hacking

Hacking 2022-style. Some Apple bugs. Some Android bugs. Some Firefox bugs. The SATAN network scanner. Some VMware Spring bugs. And hacking PDP-11 style.

Episode date: Thursday 2022-04-07

S3 Ep76: Deadbolt, LAPSUS$, Zlib and a Chrome 0-day

The DEADBOLT ransomware. LAPSUS$ members bust – or were they? Zlib patches a 17-year-old bug. Chrome experiences another weird 0-day. And Clippy. Yes, THAT Clippy. No, we’re not sure why.

Episode date: Thursday 2022-03-31

S3 Ep75: Okta, CryptoRom, OpenSSL and CafePress

LAPSUS$ hackers break into Okta. The CryptoRom money-scamming malware is back on phones. OpenSSL gets into an infinite loop. CafePress fined for covering up a data breach.

Episode date: Thursday 2022-03-24

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects

Two ransomware suspects extradited for trial. Apple patches 87 known security holes. Happy Pi Day. What happens if a whole country exits the global internet?

Episode date: Thursday 2022-03-17

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and more

What do ransomware blackmailers ask for when they don’t want money? Why did Firefox get two updates in three days? How did Adafruit get hoist by the petard of “shadow IT”? And what’s with those dirty Linux pipes?

Episode date: Thursday 2022-03-10

S3 Ep72: AirTag stalking, web server coding woes and Instascams

How good is Apple’s AirTag stalker detection? Why are web coders still making Y2K-like blunders? And how many Instagram scams can you get in one weekend?

Episode date: Thursday 2022-03-03

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams

VMware guest VM escapes could put your host servers at risk. PHP fixes an input validation bug in input validation code. A WordPress plugin maker shows you how to write a decent security report. And French scammers remind us that sextortion is sadly still a thing.

Episode date: Thursday 2022-02-24

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day

Alleged Bitcoin fraudsters busted, power company in trillion-dollar payout blunder, how a blizzard led to a telecomms revolution, and 0-day after 0-day after 0-day.

Episode date: Thursday 2022-02-17

S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart

Problems with plugins. A Wormhole wormhole. Can machines think? Microsoft has a change of heart. And then another one. Why screen cleaning cloths are cool.

Episode date: Thursday 2022-02-10

S3 Ep68: Bugs, scams, privacy… and fonts?!

Stealing root on Linux. Snooping on RAM with a video driver bug. Apple patches a zero-day hole. SMS scams promise home PCR machines. German court freaks out over fonts. How to be private. And a paint robot that went wild.

Episode date: Thursday 2022-02-03

S3 Ep67: Tax scams, carder busts and crypto capers

Watch out for tax scams. Crooks with the motto “In Fraud We Trust“. How not to write a data breach notification. Where to find the “10” key on your telephone.

Episode date: Thursday 2022-01-27

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis

Russia busts Revil. Romance scammer sent to prison. Wormable Windows hole patched. Memories of the HAPPY99 virus. Linux disk encryption trouble. Apple browsers leak personal data. And how (not) to paint a computer.

Episode date: Thursday 2022-01-20

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle

A JavaScript coder sabotages his own projects. Routers with critical holes. Honda cars party like it’s 2002. The FTC warns everyone to patch. A Log4Shell-like bug in another Java library.

Episode date: Thursday 2022-01-13

For a full listing of episodes, including this and all previous series, please visit Naked Security on Soundcloud.