Weekly Update 197

I'm literally surrounded by broken pieces of half finished repairs. My office is usually a pretty organised place so it's kinda frustrating, but then I'm replacing equipment that's seen up to a decade or more of solid use so that's not a bad run. Amidst all that, I've well and truly gone down the IoT rabbit hole with all sorts of bits now connected through Home Assistant (just understanding the basics of this is actually one of those draft blog posts I mentioned). All that, the usual data breach stuff and more in this week's update. ReferencesCatch me on Redgate's "Streamed APAC Edition" next week (I'll be doing a bunch of Q&A)Then catch me presenting on credential...

Weekly Update 196

All my things are breaking 😭 Mic broke, PC broke, boat shed handle broke, fridges (both of them) broke, fireplace broke, roof broke... and that's just the stuff I could remember in the live stream. But in happier news, listening back to that video now I'm really happy with the audio quality of the new mic and I reckon that once the pop filter is installed the sound will be spot on. Hopefully that'll be in place for next week's update, along with replacements for the other broken things! Let's see what else fails between now and then... ReferencesI've got a build thread going for the LEGO Lambo (did the same thing with the Bugatti a couple of years back and...

Pwned Passwords, Version 6

Today, almost one year after the release of version 5, I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964‬ (just over 3%). As with previous releases, I've made the call to push the data now simply because there were enough new records to justify the overhead in doing so. Also as with previous releases, version 6 not only introduces a heap of new records but also updates the prevalence count on the existing ones. For example, the old favourite "P@55w0rd" has gone from 2,929 occurrences to 3,069 so still a terrible password,...

Weekly Update 195

This week's update had a bunch of people drop by and discussion tended to jump around a bit, but frankly it's kinda nice to have some interaction in an era where we're not really doing as much of that any more. The IoT topic got some good engagement as did the fact that we "magically" dropped over a hundred active cases of COVID-19 in Australia today (sounds like the gov just reclassifying what's still considered to be an active case). That puts us at 143 remaining active cases in a country of 25M people which is very much heading in just the right direction. Oh - and I finally managed to buy my lift tickets for the snow too so...

Microsoft Regional Director (Trifecta)

The photo up the top of this blog post was taken 259 days ago, 15 and a half thousand kilometres away in Budapest and with 1.3 billion records less in Have I Been Pwned. It was also taken in an environment that unbeknownst to all of us at the time, would be inconceivable just 6 months later; a packed conference room. Last week I received my third biennial Microsoft Regional Director recognition for doing precisely the sort of thing I was up to in that photo. In thinking about what I'd write to share the news (as I've done for every RD title and every MVP title for almost a decade now), the obvious conclusion was how much the...

Weekly Update 194

It's a total mixed bag this week with a couple of new blog posts thrown in to boot. An award at an event nobody could attend, a SQL injection pattern in an HIBP email that wiped an entire DB, a disinformation campaign by "Anonymous" amidst a tumultuous time in the US and another freaking massive breach (with me in it) that I simply can't attribute. So yeah, life remains pretty unpredictable then 🙂 ReferencesI won the "Best Cybersecurity Video OR Cybersecurity Video Blog" at the European Cybersecurity Blogger Awards! (shame I couldn't be in London for it this year, but totally stoked to get an award!)Without knowing it, I also wiped an entire ticketing system with a SQL injection pattern...

The Unattributable "Lead Hunter" Data Breach

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve. My hope is that this blog post helps myself and the 69 million other people in this one work out who collected and then exposed their personal information. So, data first, here's what they have on me: Similar deal to last time in that it was an exposed Elasticsearch instance and it was sent over to me by Dehashed. Turns out it's...

Analysing the (Alleged) Minneapolis Police Department "Hack"

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted me to tweet this out earlier today: I'm seeing a bunch of tweets along the lines of "Anonymous leaked the email addresses and passwords of the Minneapolis police" with links and screen caps of pastes as "evidence". This is almost certainly fake for several reasons: — Troy Hunt (@troyhunt) May 31, 2020 I was CC'd into a bunch of threads that were redistributing the...

Weekly Update 193

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you have to do is leave some contact info in case someone else in the restaurant tests positive at a later date. Fair enough too, yet somehow - still beyond my comprehension - there was a bunch of outrage expressed at the necessity to provide personal information. Talk of data breaches, stalking and government control ensued which all started to get a little "tinfoil hat", to my mind. My (more candid!...

Weekly Update 192

Hey, check out that haircut! And shirt! It's almost like I'm a professional again 😊 Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level I don't think I've seen since Feb and I've gotta say, it's actually kind of nice. If only I had somewhere I could actually go out to... In other news, the “db8151dd” breach consumed a bunch of time this week, but at least publishing that ultimately led to the community identifying the source. I delve into that this week, as well as how we're dealing with the whole pandemic thing...