Weekly update

Data breach verification: that seems like a good place to start given the discussion in this week's video about Accor. Watch the vid for the whole thing but in summary, data allegedly taken from Accor was published to a popular hacking forum and the headlines inevitably followed. However, per that story: Cybernews couldn’t confirm the authenticity of the data. We reached out to Accor for clarification and are awaiting a response. I couldn't confirm the authenticity of the data either and I wro...

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around. As much as it's hard for the victim...

A serious but not sombre intro this week: I mentioned at the start of the vid that I had the classic visor hat on as I'd had a mole removed from my forehead during the week, along with another on the back of my hand. Here in Australia, we have one of the highest rates of skin cancer in the world with apparently about two-thirds of us being diagnosed with it before turning 70. At present, the bits they cut off me were entirely unremarkable (small dot about an inch over my left eye if you're reall...

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email". Mind you, that example allows a pipe wh...

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now...?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here. And when you see the pics in the thread below, you'll understand why: Tokyo time! 🍣 pic.twitter.com/dG0...

How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious will make it all go away. It's the ease of debunking the "no breach here" claim that I find particularly fascinating; the truth is always sitting there in the data and it doesn't take much to bring it to the surface. Ah well, as I always end up lamenting, with behaviour like this it's a good time to be in...

It's just been a joy to watch the material produced by the NCA and friends following the LockBit takedown this week. So much good stuff from the agencies themselves, not just content but high quality trolling too. Then there's the whole ecosystem of memes that have since emerged and provided endless hours of entertainment 😊 I'm sure we'll see a lot more come out of this yet and inevitably there's seized material that will still be providing value to further investigations years from now. Good j...

It's a short video this week after a few days in Sydney doing both NDC and the Azure user group. For the most part, I spoke about the same things as I did at NDC Security in Oslo last month... except that since then we've had the Spoutibe incident. It was fascinating to talk about this in front of a live audience and see everyone's reactions first hand, let's just say there were a lot of "oh wow!" responses 😲 References 1. Sponsored by: Unpatched devices keeping you up at night? Kolide...

Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year. Phew! No wonder so much time went on this! (and if you want to just jump directly t...

I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne, wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all. https://t.co/DM7udeUcRk — Troy Hunt (@troyhunt) January 22, 2024 What I didn...