I’m Paul Ducklin, but everyone calls me Duck. I'm a programmer, reverser, researcher and presenter with more 30 years of experience in cybersecurity, and not just the same year 30 times over!

To hire me to write, speak, present or podcast for you, please get in touch.

15 episodes of the Smashing Security podcast:

• 437: Salesforce's trusted domain of doom · Oct 1, 2025
• 370: The closed loop conundrum, default passwords, and Baby Reindeer · May 1, 2024
• 361: Wireless charging woe, AI romance apps, and ransomware revisited · Feb 28, 2024
• 352: For research purposes only · Dec 13, 2023
• 341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security · Sep 27, 2023
• 285: Uber's hidden hack, tips for travel, and AI accent fixes · Jul 27, 2022
• 238: Fashion captain, fraud family, and DEF CON. D'oh! · Jul 28, 2021
• 120: Silk Road with Deliveroo · Mar 20, 2019
• 092: Hacky sack hack hack · Aug 22, 2018
• 061: Fallout over Hawaii missile false alarm · Jan 17, 2018
• 022: Walk this way... to defeat biometrics · May 24, 2017
• 020: Phishing for Donald Trump · May 10, 2017
• 017: Data breaches, zero day exploits, and toenail clippings · Apr 20, 2017
• 014: Protecting webmail - a Smashing Security splinter · Mar 30, 2017
• 011: WikiLeaks and the CIA · Mar 9, 2017