serisec

Tag: breach

  • Who Decides Who Doesn’t Deserve Privacy?

    Who Decides Who Doesn’t Deserve Privacy? Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to…

  • Weekly Update 474

    Weekly Update 474 You’re not going to believe this – the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we’re all a bit stunned that making crime illegal hasn’t appeared to stop it, but here we are. Just before the time of writing, I was contacted by someone who…

  • Weekly Update 466

    Weekly Update 466 I’m fascinated by the unwillingness of organisations to name the “third party” to which they’ve attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that’s very often the way with…

  • Weekly Update 463

    Weekly Update 463 I’ve listened to a few industry podcasts discussing the Tea app breach since recording, and the thing that really struck me was the lack of discussion around the privacy implications of the service before the breach. Here was a tool where people were non-consensually uploading photos of others and leaving fairly intimate…

  • Weekly Update 462

    Weekly Update 462 This will be the title of the blog post: “Court Injunctions are the Thoughts and Prayers of Data Breach Response”. It’s got a nice ring to it, and it resonates so much with the response to other disasters where the term is offered as a platitude that has absolutely no practical benefit…

  • Weekly Update 458

    Weekly Update 458 I’m in Austria! Well, I was in Austria, I’m now somewhere over the Aussie desert as I try and end this trip on top of my “to-do” list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of…

  • You Can’t Trust Hackers, and Other Data Breach Verification Tales

    You Can’t Trust Hackers, and Other Data Breach Verification Tales It’s hard to find a good criminal these days. I mean a really trustworthy one you can be confident won’t lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive…

  • Weekly Update 430

    Weekly Update 430 I’m back in Oslo! Writing this the day after recording, it feels like I couldn’t be further from Dubai; the temperature starts with a minus, it’s snowing and there’s not a supercar in sight. Back on business, this week I’m talking about the challenge of loading breaches and managing costs. A breach…

  • Weekly Update 428

    Weekly Update 428 I wouldn’t say this is a list of my favourite breaches from this year as that’s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature…

  • Weekly Update 426

    Weekly Update 426 I have absolutely no problem at all talking about the code I’ve screwed up. Perhaps that’s partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I’m not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries…