Weekly Update 386

3 months ago AndyC

09 February 2024

Somehow, an hour and a half went by in the blink of an eye this week.

Weekly Update 386

09 February 2024

Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year. Phew! No wonder so much time went on this! (and if you want to just jump directly to the Spoutible bits, that’s at the 8:50 mark)

Listen on Apple Podcasts
Get it on Google Play
Download via RSS

References

  1. Sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo.
  2. I’ll be speaking at NDC in Sydney next week (it’s all about “How I Met Your Data”)
  3. I’ll also be at the Azure Sydney User Group (this one is “Cloud-Enhanced Cybersecurity Tales from the Dark Web”)
  4. Spoutible’s spurted deluge of personal data (how much data does it need to be before it’s a deluge? 🤔)
  5. There are a lot more nuances to hashing algorithms than what many people seem to realise (perhaps most notably is that the strength of the password itself plays an enormous part in how likely a hash is to be cracked)
Weekly update
Tweet
Post
Update
Email
RSS

Hi, I’m Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals


About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , ,

More Stories

Ezlo A Review of Their Smart Home Solutions (2024)

5 hours ago AndyC
VMware fixed zero-day flaws demonstrated at Pwn2Own2024

VMware fixed zero-day flaws demonstrated at Pwn2Own2024

5 hours ago AndyC
MITRE released EMB3D Threat Model for embedded devices

MITRE released EMB3D Threat Model for embedded devices

5 hours ago AndyC

Upcoming Speaking Engagements – Schneier on Security

5 hours ago AndyC
Google fixes sixth actively exploited Chrome zero-day this year

Google fixes sixth actively exploited Chrome zero-day this year

11 hours ago AndyC
Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack

Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack

11 hours ago AndyC

You may have missed

Meta to shut Workplace app

Meta to shut Workplace app

2 hours ago AndyC
APRA, ASIC to upgrade cyber security and data capability

APRA, ASIC to upgrade cyber security and data capability

2 hours ago AndyC
Exclusive: How Entrust is protecting digital identities

Exclusive: How Entrust is protecting digital identities

2 hours ago AndyC
Certis Australia appoints Darryl Prince as senior VP

Certis Australia appoints Darryl Prince as senior VP

2 hours ago AndyC
NASA appoints first chief AI officer as the technology’s importance rises

NASA appoints first chief AI officer as the technology’s importance rises

2 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.