Weekly Update 392
Troy Hunt
by Troy Hunt
4d ago
Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email". Mind you, that example allows a pipe when not quoted. And the more you read, the more contradictory things seem; try this Stack Overflow quest ..read more
Visit website
Inside the Massive Alleged AT&T Data Breach
Troy Hunt
by Troy Hunt
1w ago
I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise. But I have proven, with sufficient confidence, that the data is real and the impact is significant. Let me explain: Firstly, just as a primer if you'r ..read more
Visit website
Weekly Update 391
Troy Hunt
by Troy Hunt
1w ago
I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much ? It was literally just last night at dinner the penny dropped - "don't I normally do something around now...?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here. And when you see the pics in the thread below, you'll understand why: Tokyo time! ? pic.twitter.com/dG0Ja60eQb — Troy Hunt (@troyhunt) March 13, 2024 Regardless, this week has a bunch of content primarily o ..read more
Visit website
Welcoming the Liechtenstein Government to Have I Been Pwned
Troy Hunt
by Troy Hunt
2w ago
Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned, free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breaches, and we look forward to welcoming many more national infosec teams in the future ..read more
Visit website
Welcoming the German Government to Have I Been Pwned
Troy Hunt
by Troy Hunt
2w ago
Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches. With the unabated flood of data breaches, we're happy to provide this support to governments in the hope it better enables them to protect their national interests and w ..read more
Visit website
Weekly Update 389
Troy Hunt
by Troy Hunt
3w ago
How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious will make it all go away. It's the ease of debunking the "no breach here" claim that I find particularly fascinating; the truth is always sitting there in the data and it doesn't take much to bring it to the surface. Ah well, as I always end up lamenting, with behaviour like this it's a good time to be in the industry ?‍♂️ References Sponsored by: Report URI: Guarding you from rogue JavaScri ..read more
Visit website
Weekly Update 388
Troy Hunt
by Troy Hunt
1M ago
It's just been a joy to watch the material produced by the NCA and friends following the LockBit takedown this week. So much good stuff from the agencies themselves, not just content but high quality trolling too. Then there's the whole ecosystem of memes that have since emerged and provided endless hours of entertainment ? I'm sure we'll see a lot more come out of this yet and inevitably there's seized material that will still be providing value to further investigations years from now. Good job folks! References Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t ..read more
Visit website
Thanks FedEx, This is Why we Keep Getting Phished
Troy Hunt
by Troy Hunt
1M ago
I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this: These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any parcel delivery service I know of. They have a pretty rough go of convincing me they're from Australia Post by putting "auspo ..read more
Visit website
Weekly Update 387
Troy Hunt
by Troy Hunt
1M ago
It's a short video this week after a few days in Sydney doing both NDC and the Azure user group. For the most part, I spoke about the same things as I did at NDC Security in Oslo last month... except that since then we've had the Spoutibe incident. It was fascinating to talk about this in front of a live audience and see everyone's reactions first hand, let's just say there were a lot of "oh wow!" responses ? References Sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo! That's anoth ..read more
Visit website
Weekly Update 385
Troy Hunt
by Troy Hunt
1M ago
I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne, wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all. https://t.co/DM7udeUcRk — Troy Hunt (@troyhunt) January 22, 2024 What I didn't know at the time was the hilarity of how similar this service would be to those that had come before i ..read more
Visit website

Follow Troy Hunt on FeedSpot

Continue with Google
Continue with Apple
OR