Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before). All that plus the Turkish Crime Family aftermath and the Factual data (another data aggregator) in HIBP in this week's update.
- Sophos got their messaging wrong on padlocks and HTTPS, but fixed it immediately once people spoke up (good on them for that effort!)
- GoGetSSL got their messaging wrong on SSL over and over and over and over... (more to follow on this, I'll put it in a dedicated blog post)
- "The Turkish Crime Family" ringleader plead guilty to blackmailing Apple (time and time again, this turns out to be kids full of bravado)
- Back in 2017 I wrote about how the Turkish Crime Family data was pretty suspect (basically all came from another data breach)
- Sponsored by Varonis, check out their free video course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell