S3 Ep149: How many cryptographers does it take to change a light bulb?

By Paul Ducklin — August 24^th 2023 at 18:50

Latest episode - listen now! Full transcript inside...

Naked Security

Using WinRAR? Be sure to patch against these code execution bugs…

By Paul Ducklin — August 23^rd 2023 at 19:55

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

Naked Security

S3 Ep148: Remembering crypto heroes

By Paul Ducklin — August 17^th 2023 at 19:43

Celebrating the true crypto bros. Listen now (full transcript available).

Naked Security

FBI warns about scams that lure you in as a mobile beta-tester

By Paul Ducklin — August 16^th 2023 at 18:57

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin — August 3^rd 2023 at 17:56

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Naked Security

S3 Ep145: Bugs With Impressive Names!

By Paul Ducklin — July 27^th 2023 at 18:47

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

Microsoft hit by Storm season – a tale of two semi-zero days

By Paul Ducklin — July 18^th 2023 at 20:59

The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...

Naked Security

S3 Ep143: Supercookie surveillance shenanigans

By Paul Ducklin — July 13^th 2023 at 16:48

Latest episode - listen now! (Full transcript inside.)

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By Paul Ducklin — July 10^th 2023 at 23:12

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin — July 6^th 2023 at 19:58

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep138: I like to MOVEit, MOVEit

By Paul Ducklin — June 8^th 2023 at 16:56

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

s3-ep138-1200

Naked Security

S3 Ep137: 16th century crypto skullduggery

By Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

Ransomware tales: The MitM attack that really had a Man in the Middle

By Paul Ducklin — May 24^th 2023 at 17:59

Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Naked Security

Phone scamming kingpin gets 13 years for running “iSpoof” service

By Naked Security writer — May 22^nd 2023 at 16:58

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

ispoof-1200

Naked Security

S3 Ep135: Sysadmin by day, extortionist by night

By Paul Ducklin — May 18^th 2023 at 18:48

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...

Naked Security

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

By Paul Ducklin — May 11^th 2023 at 14:54

Latest episode - listen now! (Full transcript inside.)

Naked Security

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

By Paul Ducklin — May 10^th 2023 at 11:50

When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Google wins court order to force ISPs to filter botnet traffic

By Naked Security writer — April 28^th 2023 at 19:59

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Naked Security

S3 Ep132: Proof-of-concept lets anyone hack at will

By Paul Ducklin — April 27^th 2023 at 16:55

When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)

Naked Security

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

By Paul Ducklin — April 26^th 2023 at 17:59

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

S3 Ep129: When spyware arrives from someone you trust

By Paul Ducklin — April 6^th 2023 at 14:57

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security

Einstein tilings – the amazing “Hat” shape that never repeats!

By Paul Ducklin — April 4^th 2023 at 18:59

Imagine tiling a whole football field using a single shape... yet not being able to produce a repeating pattern, even if you wanted to.

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By Paul Ducklin — March 30^th 2023 at 19:43

Latest episode - listen now!

Naked Security

Cops use fake DDoS services to take aim at wannabe cybercriminals

By Naked Security writer — March 28^th 2023 at 16:58

Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!

Naked Security

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

By Paul Ducklin — March 23^rd 2023 at 17:59

Listen now - latest episode. Full transcript inside.

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

By Paul Ducklin — March 16^th 2023 at 17:56

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin — February 27^th 2023 at 02:10

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin — February 22^nd 2023 at 20:59

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

Naked Security

Twitter tells users: Pay up if you want to keep using insecure 2FA

By Paul Ducklin — February 20^th 2023 at 17:58

Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By Paul Ducklin — February 6^th 2023 at 21:53

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin — February 2^nd 2023 at 17:50

Latest episode - listen now!

Naked Security

GitHub code-signing certificates stolen (but will be revoked this week)

By Paul Ducklin — January 31^st 2023 at 11:35

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Naked Security

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

By Paul Ducklin — January 26^th 2023 at 19:57

Lastest episode - listen now! (Or read the transcript.)

Naked Security

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

By Paul Ducklin — January 19^th 2023 at 15:53

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Naked Security

Multi-million investment scammers busted in four-country Europol raid

By Paul Ducklin — January 16^th 2023 at 16:10

216 questioned, 15 arrested, 4 fake call centres searched, millions seized...

Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By Paul Ducklin — January 12^th 2023 at 17:59

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin — January 5^th 2023 at 17:52

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin — January 4^th 2023 at 19:50

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Naked Security

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

By Naked Security writer — January 3^rd 2023 at 17:03

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Naked Security

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

By Paul Ducklin — December 29^th 2022 at 19:59

Is there a special meaning of "don't" that means "go right ahead"?

Naked Security

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

By Paul Ducklin — December 29^th 2022 at 09:20

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Naked Security

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

By Paul Ducklin — December 27^th 2022 at 19:35

It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".

Naked Security

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

By Paul Ducklin — December 22^nd 2022 at 19:56

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

Naked Security

“Suspicious login” scammers up their game – take care at Christmas

By Paul Ducklin — December 21^st 2022 at 17:59

A picture is worth 1024 words - we clicked through so you don't have to.

Naked Security

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

By Paul Ducklin — December 19^th 2022 at 19:50

The Cryptoqueen herself is still missing, but her co-conspirator, who is said to have pocketed over $20m a month, has been convicted.