serisec

Tag: data

  • 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

    1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering…

  • Who Decides Who Doesnโ€™t Deserve Privacy?

    Who Decides Who Doesnโ€™t Deserve Privacy? Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to…

  • 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned

    2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned I hate hyperbolic news headlines about data breaches, but for the “2 Billion Email Addresses” headline to be hyperbolic, it’d need to be exaggerated or overstated – and it isn’t. It’s rounded up from the more precise number of…

  • Weekly Update 475

    Weekly Update 475 It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it’s new enough,…

  • Inside the Synthient Threat Data

    Inside the Synthient Threat Data Where is your data on the internet? I mean, outside the places you’ve consciously provided it, where has it now flowed to and is being used and abused in ways you’ve never expected? The truth is that once the bad guys have your data, it often replicates over and over…

  • Weekly Update 473

    Weekly Update 473 This week’s video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the injunction did nothing to…

  • Court Injunctions are the Thoughts and Prayers of Data Breach Response

    Court Injunctions are the Thoughts and Prayers of Data Breach Response You see it all the time after a tragedy occurs somewhere, and people flock to offer their sympathies via the “thoughts and prayers” line. Sympathy is great, and we should all express that sentiment appropriately. The criticism, however, is that the line is often…

  • Weekly Update 470

    Weekly Update 470 Imagine jumping on board a class action after your precious datas have been breached, then sticking through it all the way until a settlement is reached. Then, finally, after a long and arduous battle, cashing in and getting… $1. Well, kinda $1, the ParkMobile class action granted up to $1 for successful…

  • That 16 Billion Password Story (AKA “Data Troll”)

    That 16 Billion Password Story (AKA “Data Troll”) Spoiler: I have data from the story in the title of this post, it’s mostly what I expected it to be, I’ve just added it to HIBP where I’ve called it “Data Troll”, and I’m going to give everyone a lot more context below. Here goes: Headlines…

  • Weekly Update 462

    Weekly Update 462 This will be the title of the blog post: “Court Injunctions are the Thoughts and Prayers of Data Breach Response”. It’s got a nice ring to it, and it resonates so much with the response to other disasters where the term is offered as a platitude that has absolutely no practical benefit…

  • Weekly Update 441

    Weekly Update 441 Processing data breaches (especially big ones), can be extremely laborious. And, of course, everyone commenting on them is an expert, so there’s a heap of opinions out there. And so it was with the latest stealer logs, a corpus of data that took the better part of a month to process. And…

  • You Can’t Trust Hackers, and Other Data Breach Verification Tales

    You Can’t Trust Hackers, and Other Data Breach Verification Tales It’s hard to find a good criminal these days. I mean a really trustworthy one you can be confident won’t lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive…

  • Weekly Update 431

    Weekly Update 431 I fell waaay behind the normal video cadence this week, and I couldn’t care less ๐Ÿ˜Š I mean c’mon, would you rather be working or sitting here looking at this view after snowboarding through Christmas?! Christmas Day awesomeness in Norway ๐Ÿ‡ณ๐Ÿ‡ด Have a great one friends, wherever you are ๐Ÿง‘โ€๐ŸŽ„ pic.twitter.com/F2FtcJYzRC โ€”…

  • Weekly Update 428

    Weekly Update 428 I wouldn’t say this is a list of my favourite breaches from this year as that’s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature…

  • Inside the DemandScience by Pure Incubation Data Breach

    Inside the DemandScience by Pure Incubation Data Breach Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I’d seen a metric about this sometime recently, so I went looking for “7,000”, which perfectly illustrates how unaware we are of the extent of…