Weekly update

I'm fascinated by the unwillingness of organisations to name the "third party" to which they've attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that's very often the way with many other incidents too, which, IMHO, sucks. My view is that when our data is provided to a third party and that party exposes it, we have a very reasonable expectation to know who lost...

How much tech stuff do I have sitting there in progress, literally just within arm's reach? I kick off this week's video going through it, and it's kinda nuts. Doing runeos and house build doesn't help, but it means there's just a constant distraction of "things" commanding my attention. I couldn't even go through writing this very short blog post without feeling the need to see if I could pair that smoke alarm directly to ZHA on Home Assistant without needing the Clipsal hub; I couldn't, so now...

I think the most amusing comment I had during this live stream was one to the effect of expecting me to have all my tech things neat and ordered. As I look around me now, there are Shellys with cables hanging off them all over my desk, the keyboard I'm typing on has become very flakey with the Bluetooth connection, a monitor colour tuning tool I've been meaning to run for years is still sitting there, there are seven boxes of Ubiquiti stuff on the floor waiting to be installed, an IoT smoke alar...

I've listened to a few industry podcasts discussing the Tea app breach since recording, and the thing that really struck me was the lack of discussion around the privacy implications of the service before the breach. Here was a tool where people were non-consensually uploading photos of others and leaving fairly intimate commentary about them. That MO seems to be, at least in part, related to the motive to take a service that presented massive privacy implications for the subject matters and, to...

This will be the title of the blog post: "Court Injunctions are the Thoughts and Prayers of Data Breach Response". It's got a nice ring to it, and it resonates so much with the response to other disasters where the term is offered as a platitude that has absolutely no practical benefit at all. You know, like the Qantas injunction to prevent data from their breach being examined by other parties. So, whilst it means journos won't be poring over it (and we won't be loading it into HIBP), criminals...

The Stripe situation is frustrating: by mandating an email address on all invoices, we're providing a channel that sends customer queries directly through to us rather than via our support portal, which already has the answers many people are raising tickets for. It's frustrating because it slows our customers down (they need to wait for us to respond), and it's also frustrating because we have to respond (and we're swamped as it is). I go into more detail in the video but at this stage, it look...

This week's update is the last remote one for a while as we wind up more than a month of travel. I'm pushing this out just before we jump on the Qantas plane home... right after they've advised just how much of my data was impacted by their breach. That got me thinking in this week's video: what type of "third-party service" would expose those classes of data? My bet is on a party dealing with frequent flyers, perhaps a call centre or other processor responsible for managing their reward program...

New week, different end of the world! After a fleeting stop at home, we're in Japan for a proper holiday (yet somehow I'm still here writing this...) with the first stop in Tokyo. It's like nowhere else here, and this is now probably my 10th trip to Japan over a period of more than three decades. What I think has changed the most in terms of my perceptions of Japan is that back in the 90s, it was just so high tech here because we hadn't seen a lot of the stuff that was on the main streets of Tok...

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page, so if you want to see the highlights, head over there. That's it for this week, it's home for a day then I'l...

Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that's a shotgun style that plugs straight into the iPhone and it's usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don't know if this was connection related or what, but I was in no position to troubleshoot once the stream had started, unfortunately. Moving on, it's been a ridiculously hectic week of bacb-to-back events then to top it off, we've bee d...