Happy birthday Naked Security!

Today is a very exciting day in the Sophos office – Naked Security is celebrating its fifth birthday!

Naked Security made its way into the world on 28 October 2010. The brainchild of Carole Theriault and Graham Cluley, the site brought all our security experts and blogs under one big Naked Security roof and aimed to be the voice of reason in a world gone mad.

Five years on and we think we’re still doing that, and the many awards we’ve won in that time hopefully back that up. Just this year we’ve won three, including our first ever award for our Chet Chat podcast.

I’ve been Editor-in-Chief for the last two and a bit years, and today we publish around 100 articles a month and send our daily newsletter to over 40,000 people.

From our regular contributors, Paul “Duck” Ducklin, Chet Wisniewski, John “JZ” Zorabedian, Mark Stockley, Lisa Vaas and Lee Munson, to our occasional contributors, John Hawes, John Shier, Ross McKerchar and the SophosLabs guys and girls, our subeditor Marcus Sanigar and our social media queen Kimberly Truong, the Naked Security team are a fantastic bunch of people.

(Note: Please email me if I’ve forgotten anyone, and I’ll edit this and we’ll pretend it never happened.)

So how have things changed in five years? I asked some of our writers to look at five big topics that have featured on Naked Security in that time.

It seems only right that we start with our longest serving team member and one of our most prolific writers, Paul Ducklin.

Paul Ducklin on Java

Remember Java? Nor do I. Actually, now I mention it, it’s all coming back.

It was called Oak, after a tree outside the inventor’s office. It was going to be the programming language that ran washing machines, that sort of stuff.

Anyway, Oak ended up embedded in your browser instead of your laundry – and Oak was too stolid a name, so it ended up as “Java”, because coffee makes the internet go round. And the crooks fell in love with it, because it had a few security holes, and then a few more, and so on and so on.

Eventually, Oracle bought Java and, one day, the company simply stopped Java working in your browser unless you really asked nicely.

And that was pretty much that for Java malware.

Five years ago it was everywhere, now you hardly see it. And that’s a nice fifth birthday present for all our readers, wouldn’t you say?

Mark Stockley on Talking Angela

WARNING FOR ALL PARENTS OR IF U OWN A TABLET OR IPHONE OR OTHER PHONE OR LAPTOP MAKE SURE U R SITTING DOWN WHEN YOU READ THIS COS THERE IS AN APP CALLED FACEBOOK THIS APP IS BEING USED TO SPREAD A HOAX ABOUT A KIDS GAME CALLED TALKING ANGELA!!!!!! THEY SAY THINGS LIKE : IT’S KIDNAPPING PEOPLE !! AND IT’S GOT A REALLY TINY PAEDOPHILE SAT IN ITS EYE AND HE’S LOOKING AT YOUR CHILDREN AND ASKING THEM WHERE THEY GO TO SCHOOL BUT IT HASNT ZOMG!!! A WEEK AGO NOBODY HAD HEARD OF IT APART FROM THE MILLIONS OF PEOPLE WHO USED IT AND NOW EVERYONE IS TAKING THEIR TECHNICAL ADVICE FROM STRANGERS WHO CANT EVEN FIND THEIR CAPS LOCK KEY LOL AND IM SCARED BECAUSE THE INTERNET IS GOING TO RUN OUT CAPITAL LETTERS IF WE DON’T STOP. ITS THE END OF DAYS PLEASE PASS THIS MESSAGE TO YOUR FRIENDS AND FAMILY AND TELL THEM TO READ NAKED SECURITY AND IT WILL ALL BE OK THX!!!!

John Zorabedian on the Snowden effect

Edward Snowden exposing the NSA’s sweeping surveillance programs was a major event in privacy and security, but over two years later, is there a long-lasting “Snowden effect”?

When comedian/muckraker John Oliver asked average Americans what they thought of Snowden, many of them couldn’t even identify who he is, and those who could had a poor understanding about what Snowden’s leaks revealed.

A March 2015 survey found that nearly half (46%) of Americans said they were “not very concerned” or “not at all concerned” about NSA surveillance.

Now, you’re likely to find different results in, say, Germany, where Snowden is revered.

But if Americans aren’t concerned enough about NSA surveillance to push for reforms, the Snowden effect could amount to very little change at the NSA.

And yet, I’d argue that Snowden did bring about a sea change in how big technology companies like Google, Apple, Microsoft and Facebook treat our privacy and security.

People may not realize it, but the next time they lock their shiny new iPhone or Android smartphone, automatically turning on device encryption – or send an encrypted message over iMessage, WhatsApp or Facebook Messenger – they have benefitted from the Snowden effect.

Lisa Vaas on selfies and oversharing

Image oversharing has been undeterred by the deluge of nudes that rained down on us in breaches over the past few years, be it Celebgate or the Snappening, et al.

Take the Snappening, for example.

A study found that 75% of college undergraduates said the spillage of 100,000 private images wouldn’t change how they would use the service.

People like sharing photos, epic breaches or no.

Research shows that only face-to-face encounters top Snapchat when it comes to making users happy.

Like parent, like child, or vice versa: the average parent will upload an eyeball-popping 973 photos of their child onto social media by the time they reach the age of 5, and 17% of them ignore privacy settings.

Is it any wonder that police have recently begun to beg parents to stop shredding kids’ privacy by oversharing their images?

No, with the exception of George Clooney passing out burner phones for his wedding, our oversharing hasn’t changed much in the past 5 years. In fact, it’s probably got a lot worse.

At least Celebgate prodded Apple into turning on two-step verification (2SV) for iCloud: a silver lining on the scummy cloud of stolen photos!

Lee Munson on data breaches

Five years ago Target’s tills weren’t on speaking terms with its air conditioning system, men around the world were happily chatting with Ashley Madison bots, and we weren’t hearing about a new data breach every day.

But then something happened.

Hacktivists, bored teenagers, cyber jihadis and all manner of other miscreants suddenly found the wherewithal to deface the capitalist web into oblivion.

Cybercriminals discovered modern websites were still prone to SQL injection, and PCI DSS checklists ticked into submissive compliance, as if both were something new.

CEOs became CISOs, despite lacking both information and security.

How lucky we are then, the innocent non-victims of the latest breach.

But surely our time will come, for it is clear that record levels of investment in information security are being undone by a skills shortage never before seen in Earth’s history.

Or so the media would have us believe.

The last word is left for you

Naked Security wouldn’t be the same site without the feedback we receive from you, our readers. So please, keep commenting on the site, keep posting on our Facebook page, keep sending us emails and keep tweeting us. We love hearing from you.

And if there’s anything you’d like to see more of on Naked Security, please leave a comment below. We’re always looking for ways to make this site even better!