Sophos Naked Security Podcast

We share our technical knowledge and advice in plain English, in a style that is entertaining yet serious, with plenty of expert advice you can use both at work and at home.

Search for the words naked security in your podcast app, find us on Apple Podcasts, Spotify, Soundcloud and Stitcher, or listen to the latest episodes below.

Fun fact: Series 3 intro and outro music by Edith Mudge (

New episode every Thursday, plus bonus splinter podcasts and minisodes as special surprises!

S3 Ep103: Scammers in the Slammer (and other stories)

A fridge-sized calculator. ProxyNotShell situation reviewed. Romance and BEC scammer gets 25 years in the slammer. Is there an answer to nuisance callers? Is the answer voicemail?

Episode date: Thursday 2022-10-06

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks

Chester Wisniewski gives you actionable advice on how to deal with two actively exploited Exchange zero-days that suddenly burst into the news. Learn who’s affected and how, find out what you can do while waiting for Microsoft’s patches, and plan your threat hunting.

Episode date: Saturday 2022-10-01

S3 Ep102: Cutting through cybersecurity news hype

What’s the real deal with LAPSUS$? How did Optus get hacked? Was there really a WhatsApp 0-day? What if “deleted” data comes back from the dead to haunt you?

Episode date: Thursday 2022-09-29

S3 Ep101: Uber and LastPass – is 2FA all it’s cracked up to be?

Security SOS Week 2022 – check it out! The very first Android. Firefox 105 is out. Uber hacked… by LAPSUS$? LastPass talks about its breach. Are two disks better than one?

Episode date: Thursday 2022-09-22

S3 Ep100.5: Uber breach – an expert speaks

Chester Wisniewski explains what we can learn from Uber’s latest cybsecurity crisis: “Just because a big company didn’t have the security they should doesn’t mean you can’t.”

Episode date: Saturday 2022-09-17

S3 Ep100: Browser-in-the-Browser hacking – how to spot an attack

Second Cosmic Rocket (not a band!) Microsoft 0-day. Apple 0-days. Good logging habits. Browser-in-the-browser trickery. DEADBOLT ransomware. Again.

Episode date: Thursday 2022-09-15

S3 Ep99: TikTok “attack” – was there a data breach, or not?

The bug that was a moth. Was there really a TikTok breach? Peter Eckersley: Code In Peace. Chrome and Edge fix a zero-day. Apple updates iOS 12 for the first time in a year. App icons: the difference between sprockets and cogs.

Episode date: Thursday 2022-09-08

S3 Ep98: The LastPass saga – should we stop using password managers?

The Computer Misuse Act of 1990. JavaScript supply-chain bug hunting. Jumping airgaps. “The Sanitizer” comes to Chrome. LastPass breach provokes password manager puzzlement.

Episode date: Thursday 2022-09-01

S3 Ep97: A musical crash, ATM skimming, and was your iPhone pwned?

Start me up. The R&B dance classic that crashed computers. Bitcoin ATM skimming (no malware required). Multiple browser zero-days. Was your iPhone pwned?

Episode date: Thursday 2022-08-25

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, heathcare security

Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn’t EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate.

Episode date: Thursday 2022-08-18

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto

Memories of the Blaster worm. Slack leaked password hashes for FIVE YEARS. Github showered with malware. Traffic lights and cybersecurity. Post-quantum cryptography.

Episode date: Thursday 2022-08-11

S3 Ep94: This sort of crypto, and the other sort of crypto

Queen Victoria goes online. A nasty bug in Samba. Smiles for SysAdmins. A crypto-as-in-cryptography bug. A crypto-as-in-currency disaster. Is $200 million just chump change?

Episode date: Thursday 2022-08-04

S3 Ep93: Office security, data breach costs, and leisurely patches

Geosynchronicity. Office security (on-off-on). A half-billion-dollar data breach cost. And patch that browser!

Episode date: Thursday 2022-07-28

S3 Ep92: Log4Shell4Ever, summer tips, and scammer timing

Integrated circuits and Nobel prizes. Log4Shell – forever? Cybersecurity tips for summmer. Scams and coincidence.

Episode date: Thursday 2022-07-21

S3 Ep91: Code Red, OpenSSL, Java bugs and Office macros

Memories of Code Red. OpenSSL fixes two tiny but troublesome bugs. More trouble in Java-land. Office macros off and back on again. Perils of paying ransomware demands.

Episode date: Thursday 2022-07-14

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass

Chrome quashes another zero-day browser bug. Two big-time cybercrime stories. A 2FA phishing scam that arrived PDQ. Chester swarmed by bots on Twitter.

Episode date: Thursday 2022-07-07

For a full listing of episodes, including this and all previous series,
please visit Naked Security on Soundcloud.