S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode - listen now! Full transcript inside...

Smart light bulbs could give away your password secrets

Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

FBI warns about scams that lure you in as a mobile beta-tester

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

S3 Ep146: Tell us about that breach! (If you want to.)

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Performance and security clash yet again in “Collide+Power” attack

It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

SEC demands four-day disclosure limit for cybersecurity breaches

When is a ransomware attack a reportable matter? And how long have you got to decide?

S3 Ep145: Bugs With Impressive Names!

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

Hacking police radios: 30-year-old crypto flaws in the spotlight

"Three may keep a secret, if two of them are dead."

S3 Ep142: Putting the X in X-Ops

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

Ghostscript bug could allow rogue documents to run system commands

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

Beware bad passwords as attackers co-opt Linux servers into cybercrime

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

Twice more unto the breach... third patch tested and released, shut down web access until you've applied it

S3 Ep139: Are password rules like running through rain?

Latest episode - listen now! (Full transcript inside.)

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

No zero-days this month, if you ignore the Edge RCE hole patched last week

History revisited: US DOJ unseals Mt. Gox cybercrime charges

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...

Serious Security: That KeePass “master password crack”, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

PyPI open-source code repository deals with manic malware maelstrom

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

Yes, it's a buffer overflow bug. No, it's not going get fixed.

PHP Packagist supply chain poisoned by hacker “looking for a job”

I pwned you! Gizza job! You know it makes sense!

Tracked by hidden tags? Apple and Google unite to propose safety and security standards…

To bleat, or not to bleat, that is the question.

Google wins court order to force ISPs to filter botnet traffic

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Apple issues emergency patches for spyware-style 0-day exploits – update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

S3 Ep129: When spyware arrives from someone you trust

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

Grab a message/Play it back/You've just performed/A big phat hack...

Researchers claim they can bypass Wi-Fi encryption (briefly, at least)

They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.

Supply chain blunder puts 3CX telephone app users at risk

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Microsoft fixes two 0-days on Patch Tuesday – update now!

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Linux gets double-quick double-update to fix kernel Oops!

Linux doesn't BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

Security bugs in the very code you've been told you must have to improve the security of your computer...

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

NPM JavaScript packages abused to create scambait links in bulk

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

Coinbase breached by social engineers, employee data stolen

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

Latest episode - listen now! (Full transcript inside.)

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

Conditional code considered cryptographically counterproductive.

OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security

It's a really cool and super-simple trick. The question is, "Will it help?"

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Once more, it's time for Shakespeare's words: Once more unto the breach...

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)