Weekly update

It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it's new enough, legit enough and impactful enough to justify loading and that the value presented to breach victims sufficiently offsets the inevitable chorus of "what am I meant to do with this, tell me exactly what password w...

You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time of writing, I was contacted by someone who received a breach alert from a similar service to HIBP in another part of the world and while it didn't explicitly say "Qantas" (side note: I hate it when other services redact the name), it sure as hell sounded like them ba...

This week's video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the injunction did nothing to stop it. I knew that in advance, and I'm also certain Qantas did too, but that hasn't stopped their messaging from implying the contrary: This wording remains worrying: "we have an ongoing inju...

This probably comes through pretty strongly in this week's video, but I love the vibe at CERN. It's a place so focused on the common good of science that all the other cultural attributes that often put people at odds these days fade into the distance. That hit me more than it did on my last visit in 2019, perhaps because of the world events of late that have become so divisive. So, I'm exceptionally happy to give CERN the same level of access to HIBP data as we have the dozens of other national...

I'm so happy to finally be getting those HIBP demos out! The first couple are simple, but as I say in this week's vid, it's the simple questions we're still dealing with. As if to taunt me (or prove my point), we got this ticket just a couple of hours ago: I’m looking at 10-12k api calls per year. Do you have a custom package that will fit this range? Now, let's see what happens if you drop that exact text into the chatbot on support.haveibeenpwned.com: There's literally a dedicated KB articl...

Imagine jumping on board a class action after your precious datas have been breached, then sticking through it all the way until a settlement is reached. Then, finally, after a long and arduous battle, cashing in and getting... $1. Well, kinda $1, the ParkMobile class action granted up to $1 for successful claimants. But wait - there's more - because you can't spend it all at once, instead you get it in $0.25 whacks. Oh - and you don't actually get any cash either, instead you get credit for you...

So I had this idea around training a text-to-speech engine with my voice, then using that to speak over the Sonos at home to announce AI-driven events, such as people ringing the doorbell. A few hours' worth of video from these weekly updates fed into ElevenLabs and wammo! Here you go: Oh yeah! Now *this* is cool! Or freaky 🤔 Doorbell by @Ubiquiti, voice by @elevenlabsio and orchestration by @home_assistant. It’s an evolution of this post: https://t.co/qwN64UJqWy pic.twitter.com/dMrD9hPT4J...

I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's one of those rare places where the food at every level is just exceptional, and even a basic outing is a treat. As a kid, the most common "fast food" I'd eat was from local "hawker centres", probably what many people would call street food, but never in the...

Using AI to analyse photos and send alerts if I've forgotten to take the bins out isn't going to revolutionise my life, no more so than using it to describe who's at the mailbox when a letter arrives and at the front door when they buzz. But that's really not the point; it's by playing with tech like this that firstly, you come to understand it better and secondly, you find genuinely impactful use cases. I keep scratching my head to try to work out where AI can do something really useful in HIBP...

I'm fascinated by the unwillingness of organisations to name the "third party" to which they've attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that's very often the way with many other incidents too, which, IMHO, sucks. My view is that when our data is provided to a third party and that party exposes it, we have a very reasonable expectation to know who lost...