serisec

Category: troyhunttroyhunt

  • Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand

    Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand Designing the first logo for Have I Been Pwned was easy: I took a SQL injection pattern, wrote “have i been pwned?” after it and then, just to give it a touch of class, put a rectangle with rounded corners around it: Job done! I…

  • Weekly Update 442

    Weekly Update 442 We survived the cyclone! That was a seriously weird week with lots of build-up to an event that last occurred before I was born. It’d been 50 years since a cyclone came this far south, and the media was full of alarming predictions of destruction. In the end, we maxed out at…

  • We’re Backfilling and Cleaning Stealer Logs in Have I Been Pwned

    We’re Backfilling and Cleaning Stealer Logs in Have I Been Pwned I think I’ve finally caught my breath after dealing with those 23 billion rows of stealer logs last week. That was a bit intense, as is usually the way after any large incident goes into HIBP. But the confusing nature of stealer logs coupled…

  • Weekly Update 441

    Weekly Update 441 Processing data breaches (especially big ones), can be extremely laborious. And, of course, everyone commenting on them is an expert, so there’s a heap of opinions out there. And so it was with the latest stealer logs, a corpus of data that took the better part of a month to process. And…

  • Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

    Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs I like to start long blog posts with a tl;dr, so here it is: We’ve ingested a corpus of 1.5TB worth of stealer logs known as “ALIEN TXTBASE” into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address…

  • Weekly Update 440

    Weekly Update 440 Wait – it’s Tuesday already?! When you listen to this week’s (ok, last week’s) video, you’ll probably get the sense I was a bit overloaded. Yeah, so that didn’t stop, and the stealer log processing and new feature building just absolutely swamped me. Plus, I spent from then until now in Sydney…

  • Weekly Update 439

    Weekly Update 439 We’re now eyeball-deep into the HIBP rebrand and UX work, totally overhauling the image of the service as we know it. That said, a guiding principle has been to ensure the new looks is immediately recognisable and over months of work, I think we’ve achieved that. I’m holding off sharing anything until…

  • Weekly Update 438

    Weekly Update 438 I think what’s really scratching an itch for me with the home theatre thing is that it’s this whole geeky world of stuff that I always knew was out there, but I’d just never really understood. For example, I mentioned waveforming in the video, and I’d never even heard of that let…

  • Weekly Update 437

    Weekly Update 437 It’s IoT time! We’re embarking on a very major home project (more detail of which is in the video), and some pretty big decisions need to be made about a very simple device: the light switch. I love having just about every light in our connected… when it works. The house has…

  • Weekly Update 436

    Weekly Update 436 We’re heading back to London! And making a trip to Reykjavik. And Dublin. I talked about us considering this in the video yesterday, and just before publishing this post, we pulled the trigger and booked the tickets. The plan is to pretty much repeat the US and Canada trip we did in…

  • You Can’t Trust Hackers, and Other Data Breach Verification Tales

    You Can’t Trust Hackers, and Other Data Breach Verification Tales It’s hard to find a good criminal these days. I mean a really trustworthy one you can be confident won’t lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive…

  • Weekly Update 435

    Weekly Update 435 If I’m honest, I was in two minds about adding additional stealer logs to HIBP. Even with the new feature to include the domains an email address appears against in the logs, my concern was that I’d get a barrage of “that’s useless information” messages like I normally do when I load…

  • Experimenting with Stealer Logs in Have I Been Pwned

    Experimenting with Stealer Logs in Have I Been Pwned TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they’ve had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API.…

  • Weekly Update 434

    Weekly Update 434 This week I’m giving a little teaser as to what’s coming with stealer logs in HIBP and in about 24 hours from the time of writing, you’ll be able to see the whole thing in action. This has been a huge amount of work trawling through vast volumes of data and trying…

  • Weekly Update 433

    Weekly Update 433 It sounds easy – “just verify people’s age before they access the service” – but whether we’re talking about porn in the US or Australia’s incoming social media laws, the reality is way more complex than that. There’s no unified approach across jurisdictions and even within a single country like Australia, the…

  • Weekly Update 432

    Weekly Update 432 There’s a certain irony to the Bluesky situation where people are pushing back when I include links to X. Now, where have we seen this sort of behaviour before? 🤔 When I’m relying on content that only appears on that platform to add context to a data breach in HIBP and that…

  • Weekly Update 431

    Weekly Update 431 I fell waaay behind the normal video cadence this week, and I couldn’t care less 😊 I mean c’mon, would you rather be working or sitting here looking at this view after snowboarding through Christmas?! Christmas Day awesomeness in Norway 🇳🇴 Have a great one friends, wherever you are 🧑‍🎄 pic.twitter.com/F2FtcJYzRC —…

  • Weekly Update 430

    Weekly Update 430 I’m back in Oslo! Writing this the day after recording, it feels like I couldn’t be further from Dubai; the temperature starts with a minus, it’s snowing and there’s not a supercar in sight. Back on business, this week I’m talking about the challenge of loading breaches and managing costs. A breach…

  • Weekly Update 429

    Weekly Update 429 A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to…

  • “Pwned”, The Book, Is Now Available for Free

    “Pwned”, The Book, Is Now Available for Free Nearly four years ago now, I set out to write a book with Charlotte and RobIt was the stories behind the stories, the things that drove me to write my most important blog posts, and then the things that happened afterwards. It’s almost like a collection of…

  • Welcoming the Armenian Government to Have I Been Pwned

    Welcoming the Armenian Government to Have I Been Pwned Today, we’re happy to welcome the 37th government to have full and free access to domain searches of their gov domains in Have I Been Pwned, Armenia. Armenia’s National Computer Incident Response Team AM-CERT now joins three dozen other national counterparts in gaining visibility into how…

  • Weekly Update 428

    Weekly Update 428 I wouldn’t say this is a list of my favourite breaches from this year as that’s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature…

  • Weekly Update 427

    Weekly Update 427 I was going to write about how much I’ve enjoyed “tinkering” with the HIBP API, but somehow, that term doesn’t really seem appropriate any more for a service of this scale. On the contrary, we’re putting in huge amounts of effort to get this thing fast, stable, and sustainable. We could do…

  • Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching

    Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly…

  • Weekly Update 426

    Weekly Update 426 I have absolutely no problem at all talking about the code I’ve screwed up. Perhaps that’s partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I’m not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries…

  • Inside the DemandScience by Pure Incubation Data Breach

    Inside the DemandScience by Pure Incubation Data Breach Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I’d seen a metric about this sometime recently, so I went looking for “7,000”, which perfectly illustrates how unaware we are of the extent of…

  • Weekly Update 425

    Weekly Update 425 This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the…