Skip to content
Naked Security Naked Security

S2 Ep1: FaceApp, logic bombs and stranger danger – Naked Security Podcast

We’re finally back with Series 2 of the Naked Security Podcast. Listen now!

We’re finally back with Series 2 of the Naked Security Podcast. While you’ve been missing us, we’ve been working out how to improve the show and kitting out a dedicated studio.

You’ll now find longer episodes with more opportunities to get involved. Send us your general cybersecurity questions and join the discussion via social media or by commenting on our relevant articles.

In this week’s episode, host Anna Brading is joined by Paul Ducklin, Mark Stockley and Matt Boddy.

We investigate whether FaceApp is as dangerous as they say [12’57”], how to keep logic bombs out of your software [24’14”], and how to help youngsters stay safe online [35’06”].

Listen now and share your thoughts with us.


(Audio player above not working? Download MP3, listen on Soundcloud or on Apple Podcasts, or access via Spotify.)

Listen and rate via iTunes... Sophos podcasts on Soundcloud... RSS feed of Sophos podcasts...


Podcast Dead. Not interested in a one hour podcast, the first 12 1/2 minutes was of time waste of time.


TBH, I’m not a fan of long podcasts myself, less is more, etc. So I hear you.

But I’m nevertheless a fully paid-up participant in our new format, just as I was in the old style 20-minute to 30-minute podcasts, and here’s why.

Quite a few people have asked us, over the years, to make our weekly “generalist” podcasts longer. They said they’d be easier to digest that way – for many people, technical discussions can get quite intense and therefore hard to follow, even when techies are making a real effort to keep the jargon out of it. When you’re reading you can just let your eyes flick back if you need to re-read the previous sentence or paragraph, but listening doesn’t work that way.

People also said they’d like a chance to ask questions that emerged as a result of listening to one episode, and have them answered in the next one. Our shorter-form podcasts just didn’t have the time for that.

As for the intro riffage, I’m sure we’ll learn to be a bit more focused – but that section came about because a surprising number of people we met out and about at conferences and so on said, “We love your techie commentary but would like to learn a bit more about you guys and what you get up to when you’re not working on the issues of the day. Do you take your day job home? How do you learn new programming languages? How do you keep interested in scientific stuff in general?”

So, the old-style podcasts were carefully (some might say ruthlessly) edited by me to keep them to about 20′ or 30′ each with a purposefully (some might say intensely) technical focus. The new-style ones are being carefully (but much less ruthlessly :-) edited by Alice so they can evolve into something with less technical intensity but with more personality and more time for our listeners to get involved.

This is only Episode 1, don’t forget, so we hope you’ll keep on listening anyway and give us time to get the technical/personal/question-and-answer balance right…

…in the meantime, don’t forget that we’re careful to put timestamps in the list of core topics so that people who want to skip the intro and get to the meat of it can easily do so. Just click-and-drag your mouse along the soundwaves to fast forward to the techie stuff. Pick the parts you like and skip the rest – we don’t mind at all!


I like Sophos as a company.

Security is probably the most exciting sector of IT. (It’s got big business, crime, mystery, lots of dramatic conflict)

So I clicked on this with more optimism than I usually would.

I was hoping to hear some crime stories. Show me the money!

So, nothing personal, but I was massively disappointed in this Podcast.

Where’s the action? Where are the baddies?

11 minutes in and they are debating whether the Microsoft clip is annoying or not.


We do sometimes discuss cybercrime, cybercrooks, notable busts and so on, but the problem with focusing our stories on “the baddies” is that there’s usually a big gap between the crime itself, say a data breach or a zero-day attack, and any related arrest, trial, conviction or sentencing. (It can take a long time to get together evidence that will satisfy a court.)

So our core stories tend to be about things that not only are fresh in everyone’s minds but also offer some sort of “teachable moment” – something that you, your friends, your family, your colleagues and perhaps even more importantly your boss, can do to improve your security posture right now against the latest threats.

As for the “what have you been up to last week” section, you’re right that the podcast doesn’t *need* it, and indeed not everyone likes it, but [a] quite a few listeners have asked us, over the years, to let them learn a bit more about us and what makes us tick, especially our computer-related opinions and hobbies [b] we make a point of putting time stamps for the core stories into the article so that those who don’t like the jam session chat at the start can just jump over it.

If you drag your mouse along the sound waves you can fast forward the “play head” to any time position you like. HtH.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!