Road trips again prove no barrier to the Chet Chat, with Chester Wisniewski calling home to the studio from the exotic wilderness of the Air Canada lounge at Toronto Airport. As usual, Chester and Paul Ducklin turn their insightful and entertaining gaze on the security lessons we can learn from the past few days. There's the difference between "Important" and "Critical" on Patch Tuesday; Apple's possible return from the security wildnerness; Bitly's underwhelming breach notification; and Snapcha...
May 15, 2014•16 min
Sophos security experts Chester Wisniewski and Paul Ducklin look at what we can learn from the week's security news. Target, Dropbox, Microsoft, the mysterious Webdriver Torso and Sophos Naked Security itself feature in this episode of our weekly podcast.
May 07, 2014•15 min
A zero-day in IE to contend with, followed by a zero-day in Flash; two approaches to fixing OpenSSL after the Heartbleed bug; how to get a free pass to the Infosec Europe 2014 event in London; and why security happens by design and not by accident! Chet and Duck turn their attention on the lessons we can learn from the latest security news.
Apr 29, 2014•14 min
Computer security experts Chester Wisnieski and Paul Ducklin of Sophos turn their attention on the week's news. Mixing wit, insight and advice, the duo look at: the risk from iOS malware, the state of play in fingerprint security, whether to trust mobile apps, why it's a bad idea to hack the taxman, and what to do if Brian Krebs calls to warn you've been pwned.
Apr 24, 2014•14 min
From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week. Be entertained as you learn from the news, all in our regular quarter-hour podcast format.
Apr 16, 2014•15 min
Sophos experts Chester Wisniewski and Paul Ducklin help you to understand - and explain what you can do about - the big ticket security news items of the past week. The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.
Apr 10, 2014•17 min
Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity. There's Adobe's password breach revisited (in poetic form, no less), why there are 42 days left in Windows XP, how Snapchat dissed the US legislature, and what World Backup Day really ought to mean to you...
Apr 02, 2014•15 min
On 01 April 2014, we decided not to do an April Fool's but to have some April Fun instead! So we turned three recent computer security stories into poems. OK, rhyming verse. Doggerel, in fact. Here, then, with apologies to Mr Robert William Service, are the stories of Mt Gox, Snapchat and the End of XP, as you've never heard them before.
Apr 01, 2014•3 min
How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too? Chet and Duck add their opinion and advice to the good and the bad in the past weeks' news.
Mar 26, 2014•15 min
Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store? Chester and Duck dissect these issues in their entertaining and informative style in this week's Sophos Security Chet Chat podcast...
Mar 20, 2014•14 min
Chet and Duck turn the week's news into useful lessons once again. There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about just how many people have been hit by the CryptoLocker ransomware. Join the dynamic duo for another entertaining quarter-hour on computer security.
Mar 13, 2014•13 min
What about support for OS X Lion and Mountain Lion? Are they, or aren't they? Why can't Apple just say? Could the addition of a rootkit to the Gameover malware be a blessing in disguise? If you want to hack your way to better results at University, is jumping from an F to an A a wise maneouvre? And will proposed federal data breach laws in the US make things better or worse? Chester and Duck once again aim their entertaining expertise at the security news of the week...
Mar 05, 2014•14 min
Paul Ducklin hooks up "live at RSA" with Naked Security writers Chester Wisniewski and John Shier for a Conference Special podcast. This half-length Chet Chat packs in one-quarter humour, five-eighths news and two-thirds insight - find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!
Feb 28, 2014•8 min
Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat. From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.
Feb 27, 2014•12 min
Chet and Duck again turn the week's security news into advice you can use and share with your friends. What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?
Feb 19, 2014•15 min
Chet and Duck cast their expert eyes over the week's security news. The pair bring some infectious enthusiam to Sophos's recently-announced acquisition of Cyberoam; they look at Patch Tuesday plus Adobe's out-of-band update to Flash; urge aginst the trend for big brands to bundle "foistware downloads" of complete new applications into what are supposed to be security updates; and plenty more besides. Join this dynamic duo as they turn the latest news into a quarter-hour podcast that is informati...
Feb 12, 2014•15 min
Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target. Oh, and Sophos Naked Security is up for "Blog that Best Represents the Security Industry" in the forthcoming Security Bloggers Awards 2014, so...please vote for us if you are elgibile to do so.
Feb 04, 2014•15 min
This week's Chet Chat starts out with credit card breaches, as yet more big PII leaks hit the news; then covers the issue of whether you really need good passwords everywhere; before going into an upbeat and encouraging conclusion - we like to finish on a positive note! - discussing Data Privacy Day. You did know it was Data Privacy Day, didn't you? (You do now.)
Jan 28, 2014•16 min
Chet and Duck turn a week's worth of lost data, malware attacks, misleading apologies and shabby security into actions you can take to steer a safer course inside your own organisation. From digitally signed Mac malware, through plaintext password storage, all the way to the South Korean credit agency that lost personal information on close to half of the country's population, here's our weekly "podcast with a purpose."
Jan 22, 2014•15 min
In early 2014, a contractor at credit-scoring company Korea Credit Bureau was arrested for loading up a USB key with personally identifiable information for some 20,000,000 people, about 40% of South Korea's population. Shades of the Bradley/Chelsea Manning "Wikileaks" saga of three years earlier, in which decades of confidential US State Department cables were siphoned off. Here's a sadly-still-relevant podcast from the Wikileaks incident, looking at the question, "How could this have happened?...
Jan 21, 2014•9 min
Chester Wisniweski and Paul Ducklin dig into the lessons we can learn from the security issues of the past week. What's the best way to deal with bots and botnets? If you use your financial institution's official mobile banking app, are you more or less secure that just using your browser? What's going on with data security in the US retail sector? What are the must-have and must-do patches from this Patch Tuesday? And do you really *have* to update your Mac to Mavericks if you want security fix...
Jan 14, 2014•15 min
Botnets, short for "robot networks", are more than just malware: they're the money making machinery of modern cybercriminals. Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic. The result is an entertaining and educational podcast that's suitable for everyone from sysadmins to home surfers.
Jan 09, 2014•18 min
Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.
Jan 07, 2014•16 min
From Cryptolocker, through PRISM, Target and Adobe, to tainted randomness: Chet and Duck review the security lessons of 2013, and advise how to make 2014 safer and more secure!
Jan 01, 2014•15 min
Chet and Duck analyse the latest security news to help you keep ahead of the bad guys. Find out about the recent and massive Target breach; get to grips with Microsoft's and Apple's latest updates; and learn how to respond to Google's recent changes to image rendering for Gmail users.
Dec 24, 2013•16 min
Sophos Security Threat Report 2014 by Sophos
Dec 10, 2013•18 min
Chet and Duck tell you what you need to know about the latest security stories. Turn bad news into good with "what you can do better" advice on the back of an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
Dec 02, 2013•15 min
Chet and Duck dig into the good and bad of the week's computer security news, from the amusing "Happy Hour Virus", through Twitter's implementation of "forward secrecy" to discourage government-type surveillance, to LG's data-grabbing TVs and the company's unamusingly casual attitude to what amounts to business-type surveillance.
Nov 26, 2013•15 min
Avoiding fake support calls by Sophos
Nov 22, 2013•6 min
Chester and John Shier take time out of the IANS Information Security Forum in Atlanta, Georgia, to talk about the key issues of the past week. There's the US police department that paid the CryptoLocker ransom; the company Loyaltybuild that took two weeks to tell its loyal customers that it hadn't even bothered to encrypt their PII that was stolen; and, to finish with some good news, high praise for Microsoft's public push for cryptographic progress.
Nov 21, 2013•15 min
