S3 Ep149: How many cryptographers does it take to change a light bulb?

By Paul Ducklin — August 24^th 2023 at 18:50

Latest episode - listen now! Full transcript inside...

Naked Security

S3 Ep148: Remembering crypto heroes

By Paul Ducklin — August 17^th 2023 at 19:43

Celebrating the true crypto bros. Listen now (full transcript available).

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin — August 8^th 2023 at 18:51

Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin — August 3^rd 2023 at 17:56

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Naked Security

Firefox fixes a flurry of flaws in the first of two releases this month

By Paul Ducklin — August 1^st 2023 at 19:28

No zero-days, but some interesting patches with their very own "teachable moments".

Firefox

Naked Security

SEC demands four-day disclosure limit for cybersecurity breaches

By Paul Ducklin — July 31^st 2023 at 18:57

When is a ransomware attack a reportable matter? And how long have you got to decide?

Naked Security

S3 Ep145: Bugs With Impressive Names!

By Paul Ducklin — July 27^th 2023 at 18:47

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

Naked Security

S3 Ep144: When threat hunting goes down a rabbit hole

By Paul Ducklin — July 20^th 2023 at 14:58

Latest episode - check it out now!

Naked Security

S3 Ep143: Supercookie surveillance shenanigans

By Paul Ducklin — July 13^th 2023 at 16:48

Latest episode - listen now! (Full transcript inside.)

Naked Security

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

By Paul Ducklin — July 12^th 2023 at 18:57

Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...

Naked Security

Apple silently pulls its latest zero-day update – what now?

By Paul Ducklin — July 11^th 2023 at 15:21

Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

Naked Security

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin — July 10^th 2023 at 21:22

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Naked Security

S3 Ep142: Putting the X in X-Ops

By Paul Ducklin — July 6^th 2023 at 19:58

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

s3-ep100-js-1200

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

By Paul Ducklin — June 23^rd 2023 at 16:10

Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

Naked Security

S3 Ep140: So you think you know ransomware?

By Paul Ducklin — June 22^nd 2023 at 16:48

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security

S3 Ep139: Are password rules like running through rain?

By Paul Ducklin — June 15^th 2023 at 18:43

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep138: I like to MOVEit, MOVEit

By Paul Ducklin — June 8^th 2023 at 16:56

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)

s3-ep138-1200

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By Paul Ducklin — May 31^st 2023 at 19:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25^th 2023 at 16:50

Latest episode - listen now. Full transcript inside...

Naked Security

S3 Ep135: Sysadmin by day, extortionist by night

By Paul Ducklin — May 18^th 2023 at 18:48

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...

Naked Security

S3 Ep134: It’s a PRIVATE key – the hint is in the name!

By Paul Ducklin — May 11^th 2023 at 14:54

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

By Paul Ducklin — April 12^th 2023 at 18:57

Is Secure Boot without the Secure just "Boot"?

Naked Security

S3 Ep129: When spyware arrives from someone you trust

By Paul Ducklin — April 6^th 2023 at 14:57

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By Paul Ducklin — March 30^th 2023 at 19:43

Latest episode - listen now!

Naked Security

Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store

By Paul Ducklin — March 27^th 2023 at 19:59

Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.

Naked Security

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

By Paul Ducklin — March 23^rd 2023 at 17:59

Listen now - latest episode. Full transcript inside.

Naked Security

Windows 11 also vulnerable to “aCropalypse” image data leakage

By Paul Ducklin — March 22^nd 2023 at 17:59

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Naked Security

Google Pixel phones had a serious data leakage bug – here’s what to do!

By Paul Ducklin — March 21^st 2023 at 17:58

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Naked Security

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

By Paul Ducklin — March 16^th 2023 at 17:56

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin — March 9^th 2023 at 18:58

Lastest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin — March 2^nd 2023 at 19:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

By Paul Ducklin — February 23^rd 2023 at 19:58

Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.

Naked Security

Coinbase breached by social engineers, employee data stolen

By Paul Ducklin — February 21^st 2023 at 17:58

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

By Paul Ducklin — February 9^th 2023 at 19:41

Latest epsiode. Listen now!

Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin — February 2^nd 2023 at 17:50

Latest episode - listen now!

Naked Security

GitHub code-signing certificates stolen (but will be revoked this week)

By Paul Ducklin — January 31^st 2023 at 11:35

There was a breach, so the bad news isn't great, but the good news isn't too bad...

Naked Security

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

By Paul Ducklin — January 20^th 2023 at 17:59

Once more, it's time for Shakespeare's words: Once more unto the breach...

Naked Security

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

By Paul Ducklin — January 19^th 2023 at 15:53

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By Paul Ducklin — January 12^th 2023 at 17:59

Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin — January 5^th 2023 at 17:52

Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin — January 4^th 2023 at 19:50

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Naked Security

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

By Paul Ducklin — December 30^th 2022 at 19:59

The problem with anniversaries is that there's an almost infinite number of them every day...

hny-1200

Naked Security

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

By Paul Ducklin — December 29^th 2022 at 09:20

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Naked Security

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

By Paul Ducklin — December 22^nd 2022 at 19:56

Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

By Paul Ducklin — December 12^th 2022 at 19:58

That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

Apple pushes out iOS security update that’s more tight-lipped than ever

By Paul Ducklin — December 2^nd 2022 at 21:02

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

Naked Security

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

By Paul Ducklin — December 1^st 2022 at 19:58

Latest episode - listen now (or read if you prefer)...

Naked Security

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

By Naked Security writer — November 25^th 2022 at 19:17

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING

Naked Security

S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]

By Paul Ducklin — November 24^th 2022 at 16:52

Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us

Naked Security

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

By Paul Ducklin — November 17^th 2022 at 17:52

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Naked Security

“Gucci Master” business email scammer Hushpuppi gets 11 years

By Naked Security writer — November 14^th 2022 at 19:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200