Sophos Podcasts

Chet and Duck turn the week's news into useful lessons once again. There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about just how many people have been hit by the CryptoLocker ransomware. Join the dynamic duo for another entertaining quarter-hour on computer security.

What about support for OS X Lion and Mountain Lion? Are they, or aren't they? Why can't Apple just say? Could the addition of a rootkit to the Gameover malware be a blessing in disguise? If you want to hack your way to better results at University, is jumping from an F to an A a wise maneouvre? And will proposed federal data breach laws in the US make things better or worse? Chester and Duck once again aim their entertaining expertise at the security news of the week...

Paul Ducklin hooks up "live at RSA" with Naked Security writers Chester Wisniewski and John Shier for a Conference Special podcast. This half-length Chet Chat packs in one-quarter humour, five-eighths news and two-thirds insight - find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!

Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat. From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.

Chet and Duck again turn the week's security news into advice you can use and share with your friends. What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Chet and Duck cast their expert eyes over the week's security news. The pair bring some infectious enthusiam to Sophos's recently-announced acquisition of Cyberoam; they look at Patch Tuesday plus Adobe's out-of-band update to Flash; urge aginst the trend for big brands to bundle "foistware downloads" of complete new applications into what are supposed to be security updates; and plenty more besides. Join this dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target. Oh, and Sophos Naked Security is up for "Blog that Best Represents the Security Industry" in the forthcoming Security Bloggers Awards 2014, so...please vote for us if you are elgibile to do so.

This week's Chet Chat starts out with credit card breaches, as yet more big PII leaks hit the news; then covers the issue of whether you really need good passwords everywhere; before going into an upbeat and encouraging conclusion - we like to finish on a positive note! - discussing Data Privacy Day. You did know it was Data Privacy Day, didn't you? (You do now.)

Chet and Duck turn a week's worth of lost data, malware attacks, misleading apologies and shabby security into actions you can take to steer a safer course inside your own organisation. From digitally signed Mac malware, through plaintext password storage, all the way to the South Korean credit agency that lost personal information on close to half of the country's population, here's our weekly "podcast with a purpose."

In early 2014, a contractor at credit-scoring company Korea Credit Bureau was arrested for loading up a USB key with personally identifiable information for some 20,000,000 people, about 40% of South Korea's population. Shades of the Bradley/Chelsea Manning "Wikileaks" saga of three years earlier, in which decades of confidential US State Department cables were siphoned off. Here's a sadly-still-relevant podcast from the Wikileaks incident, looking at the question, "How could this have happened?"

Chester Wisniweski and Paul Ducklin dig into the lessons we can learn from the security issues of the past week. What's the best way to deal with bots and botnets? If you use your financial institution's official mobile banking app, are you more or less secure that just using your browser? What's going on with data security in the US retail sector? What are the must-have and must-do patches from this Patch Tuesday? And do you really *have* to update your Mac to Mavericks if you want security fixes?

Botnets, short for "robot networks", are more than just malware: they're the money making machinery of modern cybercriminals. Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic. The result is an entertaining and educational podcast that's suitable for everyone from sysadmins to home surfers.

Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.

From Cryptolocker, through PRISM, Target and Adobe, to tainted randomness: Chet and Duck review the security lessons of 2013, and advise how to make 2014 safer and more secure!

Chet and Duck analyse the latest security news to help you keep ahead of the bad guys. Find out about the recent and massive Target breach; get to grips with Microsoft's and Apple's latest updates; and learn how to respond to Google's recent changes to image rendering for Gmail users.

Sophos Security Threat Report 2014 by Sophos

Chet and Duck tell you what you need to know about the latest security stories. Turn bad news into good with "what you can do better" advice on the back of an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.

Chet and Duck dig into the good and bad of the week's computer security news, from the amusing "Happy Hour Virus", through Twitter's implementation of "forward secrecy" to discourage government-type surveillance, to LG's data-grabbing TVs and the company's unamusingly casual attitude to what amounts to business-type surveillance.

Avoiding fake support calls by Sophos

Chester and John Shier take time out of the IANS Information Security Forum in Atlanta, Georgia, to talk about the key issues of the past week. There's the US police department that paid the CryptoLocker ransom; the company Loyaltybuild that took two weeks to tell its loyal customers that it hadn't even bothered to encrypt their PII that was stolen; and, to finish with some good news, high praise for Microsoft's public push for cryptographic progress.