Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before). All that plus the Turkish Crime Family aftermath and the Factual data (another data aggregator) in HIBP in this week's update.
References
- Sophos got their messaging wrong on padlocks and HTTPS, but fixed it immediately once people spoke up (good on them for that effort!)
- GoGetSSL got their messaging wrong on SSL over and over and over and over... (more to follow on this, I'll put it in a dedicated blog post)
- "The Turkish Crime Family" ringleader plead guilty to blackmailing Apple (time and time again, this turns out to be kids full of bravado)
- Back in 2017 I wrote about how the Turkish Crime Family data was pretty suspect (basically all came from another data breach)
- Sponsored by Varonis, check out their free video course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell