Login
Geez it's nice to be back in Oslo! This city has such a special place in my heart for so many reasons, not least of which by virtue of being Charlotte's home town we have so many friends and family here. Add in NDC Security this week with so many more mutual connections, beautiful snowy weather, snowboarding, sledging and even curling, it's just an awesome time. Awesome enough to still be here for the next weekly update so until then, I'll leave you with the pics I promised at the end of this week's vid. Enjoy 😊
Perfect Oslo - fresh snow, cool temps and sunshine 🇳🇴 pic.twitter.com/yPtnCkKIwo
— Troy Hunt (@troyhunt) January 15, 2024
It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent trying to disclose this to Capelli and getting absolutely nowhere. I'll give them a shout-out this week and see if I have any more luck but when it's this hard to report egregiously bad security issues, is it any wonder we have so many data breaches. As I keep lamenting, it's a great time to be in this industry...
We're in Paris! And feeling proper relaxed after several days of wine and cheese too, I might add. This was a very impromptu end of 2023 weekly update as we balanced family time with doing the final video for the year. On the cyber side, the constant theme over the last week has been ransomware; big firms, little firms, Aussie firms, American firms - it's just completely indiscriminate. Anecdotally, this seems to have really ramped up over 2023 so on that basis, 2024 will bring... well, let's wait and see, this industry is nothing if not full of surprises. Happy New Year friends 😊
It's that time of the year again, time to head from the heat to the cold as we jump on the big plane(s) back to Europe. The next 4 weekly updates will all be from places of varying degrees colder than home, most of them done with Scott Helme too so they'll be a little different to usual. For now, here's a pretty casual Christmas edition, see you next week from the other side 🙂
I'd say the balloon fetish segment was the highlight of this week's video. No, seriously, it's a moment of levity in an otherwise often serious industry. It's still a bunch of personal info exposed publicly and that suchs regardless of the nature of the site, but let's be honest, the subject matter did make for some humorous comments 🤣
10 years later... 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with absolutely no expectations of anything, and now it's, well, massive! I'm a bit lost for words if I'm honest, I hope the chat with Charlotte adds some candour to this week's update, she's seen this thing grow since before its first birthday, through the hardest times and the best times and now lives and breathes HIBP day in day out with me. I hope you enjoy this video, and we'd both love to hear those swag ideas from you too 😊
I'm irrationally excited about the new Prusa 3D printer on order, and I think that's mostly to do with planning for the NDC Oslo talk I plan to do with Elle, my 11-year old daughter. I'm all for getting the kids exposure not just to tech, but also to being able to talk to others about tech and involving them in conference talks since a young age has been a big part of that. But what I'm especially excited about is that this won't just be an "aw, isn't it cute seeing kids talk at a conference" kinda thing; she genuinely knows enough about this technology that together, we can make a talk that adults will learn something from. That's cool 😎
For a weekly update with no real agenda, we sure did spend a lot of time talking about the ridiculous approach Harvey Norman took to dealing with heavy traffic on Black Friday. It was just... unfathomable. A bunch of people chimed into the tweet thread and suggested it may have been by design, but they certainly wouldn't have set out to achieve the sorts of headlines that adorned the news afterwards. Who knows, but it made for entertaining content this week 🙂
Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices. We were outraged at the premise of a government mandating the implementation of a model that could, at their bequest, allow them to intercept traffic without any transparency or accountability. The EFF said the following at the time:
If the country's ruling regime were to successfully implement this plan, it would be able to snoop on, impersonate, and alter the online communications of anyone within their borders—effectively performing a Man in the Middle attack on its entire population.
Now watch the video, listen to Scott and ask yourself how different the technical capacity he discusses is from the Kazakhstan situation. Not from a policy perspective or the intentions of the respective government bodies, but rather it terms of the capabilities and lack of transparency it results in. It's nuts. But hey, it's a good time to be in this industry!
Most of this week's video went on the scraped (and faked) LinkedIn data, but it's the ransomware discussion that keeps coming back to mind. Even just this morning, 2 days after recording this live stream, I ended up on nation TV talking about the DP World security incident and whilst we don't have any confirmation yet, it has all the hallmarks of another ransomware case. In advance of that interview, I was trawling through various ransomware Tor sites and the volume of big names appearing there is just staggering. It does get me thinking: how many other individuals and corporations alike are being exposed through these and are never told about it? I wonder...
FreshRSS 