S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode - listen now! Full transcript inside...

S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

S3 Ep146: Tell us about that breach! (If you want to.)

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

S3 Ep145: Bugs With Impressive Names!

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

S3 Ep144: When threat hunting goes down a rabbit hole

Latest episode - check it out now!

S3 Ep143: Supercookie surveillance shenanigans

Latest episode - listen now! (Full transcript inside.)

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

S3 Ep142: Putting the X in X-Ops

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

S3 Ep140: So you think you know ransomware?

Lots to learn this week - listen now! (Full transcript inside.)

Beware bad passwords as attackers co-opt Linux servers into cybercrime

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

ASUS warns router customers: Patch now, or block all inbound requests

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

S3 Ep139: Are password rules like running through rain?

Latest episode - listen now! (Full transcript inside.)

Thoughts on scheduled password changes (don’t call them rotations!)

Does swapping your password regularly make it a better password?

S3 Ep138: I like to MOVEit, MOVEit

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

S3 Ep137: 16th century crypto skullduggery

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

Serious Security: That KeePass “master password crack”, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

S3 Ep135: Sysadmin by day, extortionist by night

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

Latest episode - listen now! (Full transcript inside.)

S3 Ep133: Apple takes “tight-lipped” to a whole new level

Entertaining, educational, and all in plain English 🎧📖

World Password Day: 2 + 2 = 4

We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!

S3 Ep132: Proof-of-concept lets anyone hack at will

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

S3 Ep129: When spyware arrives from someone you trust

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]

Latest episode - listen now!

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Listen now - latest episode. Full transcript inside.

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

S3 Ep125: When security hardware has security holes [Audio + Text]

Lastest episode - listen now! (Full transcript inside.)

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

LastPass: Keylogger on home PC led to cracked corporate password vault

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Coinbase breached by social engineers, employee data stolen

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Latest epsiode. Listen now!

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Finnish psychotherapy extortion suspect arrested in France

Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Latest episode - listen now!

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Hive ransomware servers shut down at last, says FBI

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

Lastest episode - listen now! (Or read the transcript.)

GoTo admits: Customer cloud backups stolen together with decryption key

We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Serious Security: Unravelling the LifeLock “hacked passwords” story

Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

The crooks now know who you are, where you live, which computers are yours, where you go online... and they got those password vaults, too.

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

LastPass admits to customer data breach caused by previous breach

Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)...

Serious Security: MD5 considered harmful – to the tune of $600,000

It's not just the hashing, by the way. It's the salting and the stretching, too!

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]

Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us