โŒ

Normal view

Before yesterdayMain stream

Weekly Update 438

โœ‡Troy Hunt
By:Troy Hunt
9 February 2025 at 01:04
Weekly Update 438

I think what's really scratching an itch for me with the home theatre thing is that it's this whole geeky world of stuff that I always knew was out there, but I'd just never really understood. For example, I mentioned waveforming in the video, and I'd never even heard of that let alone understood that there may be science where sound waves are smashed into each other in opposing directions in order to cancel each other out. And I'm sure I've got that completely wrong, but that's what's so fun about this! Anyway, that's all just part of the next adventure, and I hope you enjoy hearing about it and sending over your thoughts because I'm pretty sure there's a gazillion things I don't know yet ๐Ÿ™‚

Weekly Update 438
Weekly Update 438
Weekly Update 438
Weekly Update 438

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We're going down the home theatre rabbit hole! (check out some of the work these guys have done, just amazing)
  3. We're seriously considering booting resellers off HIBP altogether (0.86% of our customers who come through them are consuming the same amount of support time as the entire remaining 99.14% ๐Ÿ˜ฒ)

Weekly Update 434

โœ‡Troy Hunt
By:Troy Hunt
12 January 2025 at 16:59
Weekly Update 434

This week I'm giving a little teaser as to what's coming with stealer logs in HIBP and in about 24 hours from the time of writing, you'll be able to see the whole thing in action. This has been a huge amount of work trawling through vast volumes of data and trying to make it usable by the masses, but I think what we're launchung tomorrow will be awesome. Along with a new feature around these stealer logs, we've also added a huge number of new passwords to Pwned Passwords not previously seen before. Now, for the first time ever, "fuckkangaroos" will be flagged by any websites using the service ๐Ÿ˜ฎ More awesome examples coming in tomorrow's blog post, stay tuned!

Weekly Update 434
Weekly Update 434
Weekly Update 434
Weekly Update 434

References

  1. Sponsored by:ย Report URI: Guarding you from rogue JavaScript! Donโ€™t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Publicly asking for a security contact ios really not something I want to be doing (it tends to be a last resort after not being able to raise the company via various other channels)
  3. Massive kudos to Synology for making the DiskStation rollover process entirely seamless (little bit of work restoring Plex, but at least there was zero data loss)

Weekly Update 429

โœ‡Troy Hunt
By:Troy Hunt
7 December 2024 at 22:09
Weekly Update 429

A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to my Facebook account, and if none of that is interesting, here's this week's video on more infosec-related topics:

Weekly Update 429
Weekly Update 429
Weekly Update 429
Weekly Update 429

References

  1. Sponsored by:ย Cyberattacks are guaranteed. Is your recovery? Protect your data in the cloud. Join Rubrikโ€™s Cloud Resilience Summit.
  2. The Armenian Government is now the 37th to have free and open access to their domains on HIBP (this gives them API-level domain searches to their gov TLD)
  3. After two and a bit years on sale, we're now giving away "Pwned" the book, for free (go grab it in PDF or EPUB format)

Weekly Update 428

โœ‡Troy Hunt
By:Troy Hunt
30 November 2024 at 21:19
Weekly Update 428

I wouldn't say this is a list of my favourite breaches from this year as that's a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature of the service, but some of them this year were absolute zingers. This week, I'm talking about the ones that really stuck out to me for one reason or another, here's the top 5:

Weekly Update 428
Weekly Update 428
Weekly Update 428
Weekly Update 428

References

  1. Sponsored by:ย 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. The Spoutible breach was one of the most bizarre instances of returning unnecessary data via an API I've ever seen (passwords, 2FA secrets and the code used in "magic links" to reset passwords)
  3. It's one thing for spyware to be used for stalking partners against their terms and conditions, it was quite another for pcTattletale to explicitly refer to marital infidelity as a use case for the product (this data breach actually killed the company)
  4. The "Combolists Posted to Telegram" breach was more significant for the stealer logs than it was the combolists aggregated from other sources (that really brought this class of breach into the spotlight for me)
  5. The National Public Data breach was much more significant for the exposure of hundreds of millions of social security numbers than it was for the email addresses that went into HIBP (that's another company that folded as a result of their breach)
  6. The Muah.AI breach exposed a trove of requests by users to create CSAM images (the linked thread is a mind-boggling series of tweets about both the content and the justifications offered for not having controls on the images created)
โŒ
โŒ