S3 Ep149: How many cryptographers does it take to change a light bulb?

By Paul Ducklin — August 24^th 2023 at 18:50

Latest episode - listen now! Full transcript inside...

Naked Security

S3 Ep148: Remembering crypto heroes

By Paul Ducklin — August 17^th 2023 at 19:43

Celebrating the true crypto bros. Listen now (full transcript available).

Naked Security

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

By Paul Ducklin — August 14^th 2023 at 23:18

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

Hacking police radios: 30-year-old crypto flaws in the spotlight

By Paul Ducklin — July 24^th 2023 at 16:59

"Three may keep a secret, if two of them are dead."

Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin — July 6^th 2023 at 19:58

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

Naked Security

Ghostscript bug could allow rogue documents to run system commands

By Paul Ducklin — July 4^th 2023 at 17:57

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

UK hacker busted in Spain gets 5 years over Twitter hack and more

By Naked Security writer — June 26^th 2023 at 18:35

Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...

Naked Security

ASUS warns router customers: Patch now, or block all inbound requests

By Paul Ducklin — June 20^th 2023 at 18:14

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

By Paul Ducklin — May 11^th 2023 at 14:54

Latest episode - listen now! (Full transcript inside.)

Naked Security

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

By Paul Ducklin — April 30^th 2023 at 01:23

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Naked Security

S3 Ep132: Proof-of-concept lets anyone hack at will

By Paul Ducklin — April 27^th 2023 at 16:55

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

Naked Security

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

By Paul Ducklin — April 25^th 2023 at 17:53

If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By Paul Ducklin — April 10^th 2023 at 20:20

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Naked Security

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

By Paul Ducklin — April 9^th 2023 at 00:28

The security error was in the error handling system that was supposed to catch potential security errors...

vm2-1200

Naked Security

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

By Paul Ducklin — April 5^th 2023 at 18:49

Grab a message/Play it back/You've just performed/A big phat hack...

Naked Security

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

By Paul Ducklin — March 24^th 2023 at 19:48

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

woo-1200

Naked Security

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

By Paul Ducklin — March 23^rd 2023 at 17:59

Listen now - latest episode. Full transcript inside.

Naked Security

Bitcoin ATM customers hacked by video upload that was actually an app

By Paul Ducklin — March 20^th 2023 at 19:50

As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that...

Naked Security

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

By Paul Ducklin — March 17^th 2023 at 19:56

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

By Paul Ducklin — March 16^th 2023 at 17:56

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

By Naked Security writer — March 6^th 2023 at 16:16

Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By Paul Ducklin — February 6^th 2023 at 21:53

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Naked Security

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

By Paul Ducklin — January 19^th 2023 at 15:53

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Naked Security

Popular JWT cloud security library patches “remote” code execution hole

By Paul Ducklin — January 10^th 2023 at 19:59

It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

Naked Security

CircleCI – code-building service suffers total credential compromise

By Paul Ducklin — January 9^th 2023 at 14:52

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin — January 5^th 2023 at 17:52

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin — January 4^th 2023 at 19:50

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Naked Security

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

By Naked Security writer — January 3^rd 2023 at 17:03

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Naked Security

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

By Paul Ducklin — January 1^st 2023 at 21:36

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

By Paul Ducklin — December 29^th 2022 at 09:20

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Naked Security

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

By Paul Ducklin — December 22^nd 2022 at 19:56

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

Credit card skimming – the long and winding road of supply chain failure

By Paul Ducklin — December 8^th 2022 at 19:58

Don't keep calling home to a JavaScript server that closed its doors eight years ago!

Naked Security

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

By Naked Security writer — December 6^th 2022 at 17:56

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

By Paul Ducklin — December 1^st 2022 at 19:58

Latest episode - listen now (or read if you prefer)...

Naked Security

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

By Paul Ducklin — November 17^th 2022 at 17:52

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

By Paul Ducklin — September 15^th 2022 at 18:50

Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...

s3-ep100-js-1200

Naked Security

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

By Paul Ducklin — August 11^th 2022 at 14:34

Latest episode - listen now! (Or read the transcript if you prefer.)

Naked Security

Slack admits to leaking hashed passwords for five years

By Paul Ducklin — August 8^th 2022 at 15:14

"When those invitations went out... somehow, your password hash went out with them."

Naked Security

Traffic Light Protocol for cybersecurity responders gets a revamp

By Paul Ducklin — August 5^th 2022 at 18:57

Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.

Naked Security

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

By Paul Ducklin — August 4^th 2022 at 17:52

Latest episode - listen now! (Or read if that's what you prefer.)

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

By Paul Ducklin — May 19^th 2022 at 13:56

Latest episode - listen now!

Naked Security

Pwn2Own hacking schedule released – Windows and Linux are top targets

By Paul Ducklin — May 18^th 2022 at 13:04

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

Naked Security

He sold cracked passwords for a living – now he’s serving 4 years in prison

By Paul Ducklin — May 13^th 2022 at 18:31

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

Naked Security

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

By Paul Ducklin — May 12^th 2022 at 15:46

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

Naked Security

S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

By Paul Ducklin — May 5^th 2022 at 14:16

Latest episode - listen now!

Naked Security

S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]

By Paul Ducklin — April 21^st 2022 at 13:41

Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

By Paul Ducklin — March 30^th 2022 at 20:38

Easy unauthenticated remote code execution - PoC code already out