serisec

Tag: about

  • Weekly Update 476

    Weekly Update 476 The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It’s been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I’ve written about why in the draft blog post, but once you get…

  • Weekly Update 452

    Weekly Update 452 Funny how excited people can get about something as simple as a sticker. They’re always in hot demand and occupy an increasingly large portion of my luggage as we travel around. Charlotte reckoned it would be the same for other merch too, so, while I’ve been beavering away playing code monkey on…

  • Weekly Update 435

    Weekly Update 435 If I’m honest, I was in two minds about adding additional stealer logs to HIBP. Even with the new feature to include the domains an email address appears against in the logs, my concern was that I’d get a barrage of “that’s useless information” messages like I normally do when I load…

  • Experimenting with Stealer Logs in Have I Been Pwned

    Experimenting with Stealer Logs in Have I Been Pwned TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they’ve had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API.…

  • Weekly Update 426

    Weekly Update 426 I have absolutely no problem at all talking about the code I’ve screwed up. Perhaps that’s partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I’m not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries…