After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest. Regardless, it’s mostly good but apologies for the patchy bits all the same.
This week I’ve been dealing with data breaches – lots of data breaches. Since the last update there’s been Bitly, Kickstarter and Disqus (among others), the latter of which was previously undisclosed. Whilst it took Disqus by surprise, they did an absolutely stellar job of communicating their incident and they’re to be commended for that. It was data from 5 years ago too so that brings with it some other issues, namely how we view that by today’s standards and how they’re judged in retrospect. Next week there’ll be multiple new incidents loaded that were also previously undisclosed so I suspect that will chew up a good chunk of my time between now and then. In the meantime, here’s this week’s update:
- Disqus did an awesome job of their disclosure (have we ever seen a breach as large of this disclosed within 24 hours?)
- SHA-1 was really starting to show its age in 2012 (there’s a link to save you searching for me with no clothes)
- Terbium Labs is sponsoring this blog again (big thanks to those guys, their support is awesome!)