Weekly Update 249

A bit of a shorter work week this one as we escaped to a little getaway for a few days. That said, it gave me some nice downtime to continue writing the book and speaking of which, after today's video we had a regular catch up with Rob Conery and I think we made a bit of a breakthrough with how I intro it so hopefully we're one step closer again to a finished product now (do sign up to be kept up to date with progress). That, and all the usual stuff this week (except for John McAfee's demise, that's something altogether different). ReferencesWe had some really nice downtime in a very tranquil environment (tweet thread of the holiday...

Welcoming the Jamaican Government to Have I Been Pwned

Recently, I've been providing a lot of additional government access to Have I Been Pwned. Today I'm happy to welcome the Jamaica Cyber Incident Response Team (JaCIRT), the 22nd national CERT on HIBP and 11th in the last 4 months. They now have full and free API level access to query all government domains belonging to the Caribbean nation. I'm encouraged by the enthusiasm I'm seeing from governments to use breach data in positive ways that help protect their departments and I look forward to welcoming many more national CERTs in the future....

Weekly Update 248

Thought I'd do a bit of AMA this week given the rest of the content was a bit lighter. If you like this sort of content then I'll try and be a bit more organised next time, give some notice and make more of an event out of it. Other than that, I'm screwing around with more IoT things, dealing with more breaches, onboarding new governments so yeah, same same 🙂 ReferencesHere's the iFixit kit I bought, it's the "Pro Tech Toolkit" (this is a really nice piece of kit that's going to get a heap of use for many years to come)I've now got 2 Shelly Dimmers installed (I still need momentary switches to make them work then one...

Welcoming the Finnish Government to Have I Been Pwned

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly....

Weekly Update 247

Lots of stuff going on this week, beginning with me losing my mind try to get local control of IoT devices. I'm writing up a much more extensive blog post on this, suffice to say it's a complete mess and all of the suggestions I've had have been well-intentioned, but infeasible for various reasons. But as I say in the video, it has all been worth it and I do get a lot of enjoyment from playing with it all 😊 That and many other cyber things in this week's update. ReferencesTrying to get local control of Tuya lights is an exercise in absolute futility (read the thread to feel my pain 😭)A scammer tried to use the W3C validator to...

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago, then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.) NordLocker has written about the nameless malware that stole 1.2 TB of private data and the first sentence sets the scene: Between 2018 and 2020, a custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 terabytes (TB) of personal informationNordLocker goes into...

Expanding the Have I Been Pwned Volunteer Community

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords? Many people certainly noticed the time because I kept getting asked when it was actually going to happen. With the best of intentions, people wondered why I hadn't just done it already because hey, this was going to make my life easier, right? Uh, no. Along with a heap of other moving parts I needed to get on top of before starting to open up code, one thing that kept me up at night was...

Welcoming the Uruguayan Government to Have I Been Pwned

This week as part of the ongoing initiative to make breach data available to national governments, I'm very happy to welcome the national CERT of Uruguay, CERTuy. They are now the 2nd Latin American country and 20th country worldwide to have free and easy API level access to all their government domains. I'm going to continue onboarding governments as they reach out and ask for access, my hope being that greater visibility to the impact of data breaches helps minimise the disruption they cause to government departments across the globe....

Weekly Update 246

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out. I have an idea around that I'm working on at the moment and hope to be able to talk more about it soon. In the interim, keep the contributions coming and I look forward to seeing all this go out to production in the very near...

Welcoming the Belgian Government to Have I Been Pwned

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments. Extending HIBP's reach to more governments around the world helps amplify the usefulness of the project and I look forward to welcoming many more national CERTs in the future....