Naked Security Podcast

Miss Manners confronts copy-and-paste. WinRAR patches bugs. When Airplane mode isn't. How many cryptographers to change a light bulb? https://nakedsecurity.sophos.com/using-winrar-be-sure-to-patch https://nakedsecurity.sophos.com/snakes-in-airplane-mode https://nakedsecurity.sophos.com/smart-light-bulbs-could-give-away-your-password With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com

Navajo Code Talkers Day. Beta bogosities. Skimming shenanigans. Hooligan hosting. A cybercrime conundrum. https://nakedsecurity.sophos.com/fbi-warns-about-scams-that-lure-you-in-as-a-mobile-beta-tester https://nakedsecurity.sophos.com/grab-hold-and-give-it-a-wiggle-atm-card-skimming https://nakedsecurity.sophos.com/crimeware-server-used-by-netwalker-ransomware-seized With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com

An amazing Art Deco computer. Yet more performance-versus-security trouble. Is sound alone enough to sniff out your password? A rap song (of sorts) with a cybersecurity connection. https://nakedsecurity.sophos.com/2023/08/08/serious-security-why-learning-to-touch-type-could-protect-you-from-audio-snooping/ https://nakedsecurity.sophos.com/2023/08/04/crocodile-of-wall-street-and-her-husband-plead-guilty-to-giant-sized-cryptocrimes/ With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com

Firefox fixes flaws. The exciting vulnerability that you don't need to be afraid of. Breach reporting rules with lots of leeway. https://nakedsecurity.sophos.com/firefox-fixes-a-flurry-of-flaws https://nakedsecurity.sophos.com/performance-and-security-clash-yet-again https://nakedsecurity.sophos.com/sec-demands-four-day-disclosure-limit With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com

Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. https://nakedsecurity.sophos.com/apple-ships-that-recent-rapid-response https://nakedsecurity.sophos.com/hacking-police-radios-30-year-old-crypto-flaws https://nakedsecurity.sophos.com/zenbleed-how-the-quest-for-cpu-performance With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Email questions and suggestions to: tips@sophos.com

Why your Mac's calendar app says it's JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. https://nakedsecurity.sophos.com/zimbra-collaboration-suite-warning https://nakedsecurity.sophos.com/google-virus-total-leaks-list https://nakedsecurity.sophos.com/microsoft-hit-by-storm-season With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple's rapid patch that needed a rapid patch. User-Agent considered harmful. https://nakedsecurity.sophos.com/microsoft-patches-four-zero-days-finally-takes-action https://nakedsecurity.sophos.com/serious-security-rowhammer-returns https://nakedsecurity.sophos.com/ghostscript-bug-could-allow-rogue-documents-to-run-system https://nakedsecurity.sophos.com/urgent-apple-fixes-critical-zero-day-hole https://nakedsecurity.sophos.com/apple-silently-pulls-its-latest-zero-day-update With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light. With Paul Ducklin and Matt Holdcroft. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

PONG for one player. Apple pushes out anti-spyware patch. Beware bad passwords on Linux servers. "Twitter hacker" gets 5 years. When mobile phones and dental hygiene collide. https://nakedsecurity.sophos.com/apple-patch-fixes-zero-day-kernel-hole https://nakedsecurity.sophos.com/beware-bad-passwords-as-attackers-co-opt-linux-servers https://nakedsecurity.sophos.com/uk-hacker-busted-in-spain-gets-5-years https://nakedsecurity.sophos.com/aussie-pm-says-shut-down-your-phone-every-24-hours With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. https://nakedsecurity.sophos.com/the-ransomware-documentary-brand-new-video-series https://nakedsecurity.sophos.com/megaupload-duo-will-go-to-prison https://nakedsecurity.sophos.com/asus-warns-router-customers-patch-now https://nakedsecurity.sophos.com/moveit-mayhem-3 With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? https://nakedsecurity.sophos.com/patch-tuesday-fixes-4-critical-rce-bugs https://nakedsecurity.sophos.com/more-moveit-mitigations-new-patches https://nakedsecurity.sophos.com/history-revisited-us-doj-unseals-mt-gox-cybercrime-charges https://nakedsecurity.sophos.com/gozi-banking-malware-it-chief-finally-jailed https://nakedsecurity.sophos.com/thoughts-on-scheduled-password-changes With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Calling all modems. KeePass gets an update. MOVEit gets pwned. Chromium zero-day. The backdoor that wasn't really. WPBT explained. https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack https://nakedsecurity.sophos.com/moveit-zero-day-exploit-used-by-data-breach-gangs https://nakedsecurity.sophos.com/chrome-zero-day-this-exploit-is-in-the-wild https://nakedsecurity.sophos.com/researchers-claim-windows-backdoor With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

How to say "GIF". A Blackmailer-in-the-Middle attack. Knitting your own crypto. KeePass master password shenanigans. Binge listening. https://nakedsecurity.sophos.com/ransomware-tales-the-mitm-attack https://nakedsecurity.sophos.com/serious-security-verification-is-vital https://nakedsecurity.sophos.com/serious-security-that-keepass-master-password-crack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Luminiferous aether. A $10m cybercrime reward. Bank scam kingpin gets 13 years. Three Apple 0-days. A Python malware maelstrom. https://nakedsecurity.sophos.com/us-offers-10m-bounty-for-russian-ransomware-suspect https://nakedsecurity.sophos.com/phone-scamming-kingpin-gets-13-years https://nakedsecurity.sophos.com/apples-secret-is-out-3-zero-days-fixed https://nakedsecurity.sophos.com/pypi-open-source-code-repository-deals-with-manic-malware-maelstrom With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

An Apple product that flopped (and was not the Newton). Two-faced sysadmin jailed for 6 years. The smart plug with the unsmart security hole. Clearview AI again, once more, again. https://nakedsecurity.sophos.com/whodunnit-cybercrook-gets-6-years https://nakedsecurity.sophos.com/belkin-wemo-smart-plug-v2-the-buffer-overflow https://nakedsecurity.sophos.com/zut-alors-raclage-crapuleux-clearview-ai With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The world-changing Visible Calculator. How not to get a job. Private keys - the hint is in the name. Microsoft's complicated bootkit patch. Taming Bluetooth trackers. https://nakedsecurity.sophos.com/php-packagist-supply-chain-poisoned-by-hacker https://nakedsecurity.sophos.com/low-level-motherboard-security-keys-leaked https://nakedsecurity.sophos.com/bootkit-zero-day-fix-is-this-microsofts-most-cautious https://nakedsecurity.sophos.com/tracked-by-hidden-tags-apple-and-google-unite With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

New England gets BASIC. Google hits back at CryptBot crooks. Apple seals its lips on security. Mac malware-as-a-service. World Password Day. PaperCut: disclose or don't disclose? https://nakedsecurity.sophos.com/google-wins-court-order-to-force-isps-to-filter https://nakedsecurity.sophos.com/apple-delivers-first-ever-rapid-security-response https://nakedsecurity.sophos.com/mac-malware-for-hire-steals-passwords-and-cryptocoins https://nakedsecurity.sophos.com/world-password-day-2-2-4 https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

The CIH or SpaceFiller virus revisited. Google's 2FA security shortcut. Server vulns under active attack. Two Chrome zero-days, but was it one attack? https://nakedsecurity.sophos.com/20-years-ago-today-what-we-can-learn-from-the-cih-virus https://nakedsecurity.sophos.com/google-leaking-2fa-secrets https://nakedsecurity.sophos.com/papercut-security-vulnerabilities-under-active-attack https://nakedsecurity.sophos.com/double-zero-day-in-chrome-and-edge-check-your-versions With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

Fun with FORTRAN?! An extreme data breach and its consequences. Rogue 2FA apps live in action. Juicejacking revisited. https://nakedsecurity.sophos.com/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence https://nakedsecurity.sophos.com/beware-rogue-2fa-apps-in-app-store-and-google-play https://nakedsecurity.sophos.com/fbi-and-fcc-warn-about-juicejacking With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)

A common business-oriented language. Patch Tuesday. Secure Boot (without the "Secure" part). Apple zero-days. World-readable garage doors. Motherboard malware threats. https://nakedsecurity.sophos.com/microsoft-fixes-a-zero-day-and-two-curious-bugs https://nakedsecurity.sophos.com/apple-issues-emergency-patches-for-spyware https://nakedsecurity.sophos.com/apple-zero-day-spyware-patches-extended https://nakedsecurity.sophos.com/us-government-warning-what-if-anyone-could-open https://nakedsecurity.sophos.com/attention-gamers-motherboard-maker-msi-admits-to-breach With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity)