Information Management Today

The Effectiveness of Publicly Shaming Bad Security

Troy Hunt

SEPTEMBER 11, 2018

Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Shame, those opposed to it will say, is not the way. See the theme? So I wrote a blog post.

Security

Security Passwords IT Communications

No, Spotify Wasn't Hacked

Troy Hunt

JANUARY 8, 2019

The attack is simple but effective due to the prevalence of password reuse. When an HIBP subscriber's address appears in one of these incidents, they get an automated notification and often, it seems, they then reach out to me. Clearly a Spotify breach, right? No, and the passwords are the very first thing that starts to give it all away.

Passwords

Passwords Data breaches Security IT

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

What follows below is an edited version of the debate in the House of Lords of the Second Reading of the Data Protection Bill, held on 10 October. New technologies have started innumerable economic revolutions, and the pace of change continues to accelerate. Data is not just a resource for better marketing, better service and delivery.

GDPR

GDPR Personal data Government IT

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen, someone who was at Codenomicon at the time of its discovery and is now a senior security specialist at the University of Oulu in Finland, about how new security tools are still needed to find the next big zero day. Apple Podcasts.

Encryption

Encryption Artificial Intelligence Marketing Security

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen, someone who was at Codenomicon at the time of its discovery and is now a senior security specialist at the University of Oulu in Finland, about how new security tools are still needed to find the next big zero day. Apple Podcasts.

Encryption

Encryption Artificial Intelligence Marketing Security

Using ASAN as a protection

Scary Beasts Security

SEPTEMBER 25, 2014

It is now a productionized option in both the clang and gcc compilers, and has assisted in uncovering literally thousands of security bugs. But the slow down is not so bad that a particularly paranoid user wouldn't be able to easily accept it on a fast machine. It is primarily a detection tool. These bugs can be extremely powerful.

Libraries

Libraries IT Risk Security

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen, someone who was at Codenomicon at the time of its discovery and is now a senior security specialist at the University of Oulu in Finland, about how new security tools are still needed to find the next big zero day. Apple Podcasts.

Encryption

Encryption Artificial Intelligence Marketing Security

The Hacker Mind Podcast: Tales From A Ransomware Negotiator

ForAllSecure

MAY 30, 2023

Mark Lance, the VP of DFIR and Threat intelligence for GuidePoint Security, provides The Hacker Mind with stories of ransomware cases he’s handled. One other thing: the Conti source code was also leaked, allowing security companies to create their own decryption services for anyone infected with the Conti ransomware.

Ransomware

Ransomware Encryption Authentication Communications

Game Theory: Why System Security Is Like Poker, Not Chess

ForAllSecure

MAY 18, 2020

The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process. The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process.

Energy and Utilities

Energy and Utilities Security Risk Paper

Game Theory: Why System Security Is Like Poker, Not Chess

ForAllSecure

MAY 18, 2020

The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process. The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process.

Energy and Utilities

Energy and Utilities Security Risk Paper

GAME THEORY: WHY SYSTEM SECURITY IS LIKE POKER, NOT CHESS

ForAllSecure

MAY 18, 2020

The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process. The National Security Agency has said it typically discloses about 91% of vulnerabilities its researchers uncover discover after evaluation through the VEP process.

Energy and Utilities

Energy and Utilities Security Risk Paper

Information Management Today

The Effectiveness of Publicly Shaming Bad Security

No, Spotify Wasn't Hacked

Trending Sources

The debate on the Data Protection Bill in the House of Lords

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

Using ASAN as a protection

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Tales From A Ransomware Negotiator

Game Theory: Why System Security Is Like Poker, Not Chess

Game Theory: Why System Security Is Like Poker, Not Chess

GAME THEORY: WHY SYSTEM SECURITY IS LIKE POKER, NOT CHESS

Stay Connected