Presently sponsored by: MEGA – The world’s largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy – try MEGA for free.

It’s a new year! With lots of breaches to discuss already ☹ Ok, so these may not be 2021 breaches but I betcha that by next week’s update there’ll be brand new ones from the new year to discuss. I managed to get enough connectivity in the middle of the Australian outback in front of Uluru to do the live stream this week, plus talk a bunch more about what we’ve been doing on our epic Australian journey. It looks like I’ll be back home for next week’s update after needing to cut things a little short due to a COVID uptick in areas I was meant to be visiting. I’ll talk more about the last past of the trip then as well as those all new fresh 2021 data breaches I’m sure we’ll have by Friday.

References

1. NZBGeek reported a data breach (the sire is offline now and the Twitter thread suggests that it perhaps on the shadier side of copyright law)
2. Thousands of Aussies have been targeted by Coronavirus scams (no surprises there really, and it certainly goes well beyond just Aussies)
3. CafePress has copped a $ 2M settlement related to their 2019 breach (I still feel like these suits are very close to “ambulance chasing”)
4. India’s IndiGo airline also reported a breach (although it feels like the reporting was more of a regulatory necessity than a desire to do the right thing)
5. Red Gate was breached too (although it sounds like they’re still working out what the extent of the incident is)
6. Always check your website hasn’t been hacked (but Long & McQuade’s probably has been…)
7. Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Troy Hunt’s Blog

Presently sponsored by: MEGA – The world’s largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy – try MEGA for free.

And we’re finally home. After 8,441km of driving finished off by a comfy flight home whilst the car catches a ride on a carrier, we’re done. I talk about why we didn’t finish the drive in the latter part of this week’s video (basically boiled down to border uncertainties due to COVID outbreaks), but we still did all the big things we’d hoped for on this holiday. And now that we’re firmly home again, it’s back to business as usual with more breaches, more IoT and despite it being an all-new year, more of all the same stuff. Enjoy 🙂

References

1. I ordered a LaMetric as soon as I wrapped up this video (should be a cool little IoT addition to my office)
2. I’m getting pretty excited about the Prusa 3D printer that’s on its way (this is a great vid if you’re unfamiliar with their story)
3. A bunch of really sensitive info has been breached relating to Tasmanian ambulance callouts (“the private details of every Tasmanian who has called an ambulance since November last year have been published online”)
4. Ho Mobile in Italy had 2.5M customer records breached (the data is up for sale for the express purpose of hijacking victims’ phone numbers via SIM swapping)
5. I’m still doing guitar lessons (I hate this obnoxious behaviour, but I love the way people responded in the live stream 😊)
6. Sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.me

Troy Hunt’s Blog

Presently sponsored by: MEGA – The world’s largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy – try MEGA for free.

A little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people and even entire platforms from the internet. These are significant events in history, regardless of your political persuasion, and they’re likely to have a very long-lasting impact on the way we communicate online. It also raises some fascinating engineering challenges; could Parler have survived by building out their own physical infrastructure? Will Gab survive having done just that? Or is the whole house of cards ultimately dependent on Cloudflare’s, a company that may well be the death knell for Gab as have been for other sites in the past? Time will tell on that one.

This was the highest-attended live stream I’ve done and there’s some really interesting comments in the chat so it’s well clicking the YouTube icon and popping it out into a new window to read them.

References

1. Free speech is not absolute – anywhere – and in the US there are numerous exceptions where free speech is not protected (and nor should it be)
2. The more mainstream tech platforms have a history of banning all sorts of accounts for violating their terms of service, for example Twitter deleted hundreds of thousands of ISIS accounts in 2015/2016
3. Tech platforms have also banned individuals spouting dangerous rhetoric around topics like COVID-19, for example booting Pete Evans of Facebook in December
4. On the more white supremacists end of the scale, the Daily Stormer was booted off the internet in 2017 with the final blow coming when Cloudflare dropped support
5. Cloudflare also killed off 8chan in 2019 after several mass shootings which featured prominently on the platform (including the El Paso shooter posting a manifesto there just before the massacre)
6. The Okta CEO described Parler as “not even trying to suppress the threats of terrorism and incitement of violence” before cancelling their service
7. I’ve got a whole thread running on the history of Gab bans although oddly, Gab has deleted a couple of the embedded tweets (they also disallow responses to their tweets which says something interesting about their views on the free speech of others 🤷‍♂️)
8. Jack Dorsey from Twitter has an interesting thread on the removal of content and platforms from the web, with his most poignant observation being “companies came to their own conclusions or were emboldened by the actions of others”
9. There is still content on the mainstream platforms that for the life of me, I cannot understand why they have not been deleted, namely a whole bunch of outrageous comments about Israel from Iran’s Ayatollah Khamenei
10. Sponsored by 1Password, the secure password manager and digital wallet that keeps you safe online

Troy Hunt’s Blog

Presently sponsored by: MEGA – The world’s largest provider of zero-knowledge E2EE cloud storage plus chat. Join 200m others who enjoy privacy – try MEGA for free.

I’m back into a normal home routine and it’s business as usual again. You know, stuff like data breaches, new tech toys and having your genitalia locked in an vulnerable IoT device and held for ransom. Just normal stuff like that 😳

References

1. Turing Tumble is a really neat game for kids (it’s a “marble powered computer”)
2. I bought a LaMetric display (I’ll probably plug that into an API to track HIBP subscriber signups)
3. Imagine an IoT chastity belt… with a security vulnerability… that locks your equipment in place and demands a ransom… (and it’s not the weirdest thing to happen so far in 2021…)
4. Ubiquiti had a data breach that looks like it’s impacted a lot of customers (their messaging around the incident hasn’t been great, and it’s something I’ve pushed them on)
5. Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Troy Hunt’s Blog