In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair.
Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin.
Intro and outro music: Edith Mudge.
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
WHERE TO FIND THE PODCAST ONLINE
You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.
Or just drop the URL of our RSS feed into your favourite podcatcher software.
If you have any questions that you’d like us to answer on the podcast, you can contact us at tips@sophos.com, or simply leave us a comment below.
Eddie
Ref: Series 3 episode 5 – I turned this on to listen to a podcast about computer security, which interests me. After the childish comments about a presenter’s haircut and who is virtually on the left or right, the irrelevant comments about the English language and poetry, the silly noises which would have embarrassed a ten year old and laughing at your own jokes, I admit the rest might have been interesting but I didn’t stay to find out.
Either this is a podcast about computer security or it isn’t. I’m not against a bit of fun but the childishness went on far too long at the beginning.
Paul Ducklin
I hear you, and I sympathise a bit… but I also sympathise with the alternative view of those listeners who say, “I enjoy hearing a bit of fun along with the serious stuff, because I already read the articles to get the specifics. I don’t listen the same way I read, so I don’t want to hear exactly the same content again. In fact, I like a few laughs along the way, given that I know there will be plenty of expertise in there, too.”
As it happens, I’ve been on the Naked Security Podcast for 100s of episodes, back from before it was even called the Naked Security Podcast, and for several years it was edited very precisely (by me, in fact :-) to 20 minutes or less – about half its current length. A lot of people liked that – we presented with a huge intensity and a very high signal to noise ratio.
However, many listeners regularly asked us to let the podcast evolve into a longer and more free-flowing form, saying that we should allow a bit more personality and banter into the show. That’s because they were generally listening under what you might call free-flowing conditions, such as during their commute or during their tea break, which is not the way they consumed our written content. Simply put, they enjoyed hearing us enjoying ourselves while discussing cybersecurity, a topic about which it is surprisingly easy to be boring.
To be fair to us, in this episode we covered the Chrome bug starting at the 2-minute mark, which is pretty early on, and from about the 7-minute mark the majority of the content was about Flash insecurity, malware-as-a-service developments, and image exploits. So although I take your point that we could have edited this episode more ruthlessly, and perhaps shortened some of the side-show material, IMO there was nevertheless a decent proportion of security content in there.
Perhaps it would help if we put timecodes in the shownotes to denote the exact point at which the pure-play cybersecurity sections start, to make it easy for you to skip over the bits you don’t need or want? (You can FFWD by just dragging the audio cursor ahead to the desired spot.)
George
Bet you’re fun at Parties
Alessandro
I remember a website that require flash player: VMware vCenter, since the older version have only limited functionalities with the HTML5 versions.
Older version (before 6) does not support anything except flash.
And yes I know it’s a version in EOL but that does not make it disappear from customare enviroments :(
Paul Ducklin
As far as I can see, even the most recent vCenter versions before 6 were last updated more than two years ago… sounds a bit risky to keep running them even if they did support HTML5.