Troy Hunt, creator of the useful Have I Been Pwned site, wanted to exact revenge on spammers who waste his time, so he created a form that wastes their time. When a spammer emails him, he replies by saying:
— Read the rest
This is exciting and might empower a cutting-edge partnership!
Security expert Alon Gal reports that the personal data of 533m Facebook users was dropped on the Internet. Some will loathe the fact that the phone numbers associated with their accounts were released for all to see, for the low, low price of free. — Read the rest
A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records — of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before.
Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." — Read the rest
This weekend, we learned that Discus — the commenting system we once used here on Boing Boing — suffered a breach in 2012 in which 17.5m user accounts (email addresses, signup names, account activity dates and some unsalted, weakly encrypted passwords) were stolen.
Troy Hunt, proprietor of the Have I Been Pwned? service, has made 306,000,000 known-cracked passwords available as a download — you can grab the set and make sure that yours isn't among them, as these cracked passwords are the ones that are likely being used by hackers when they do brute-force attacks against encrypted password files.
Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common — and serious — security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers' data; undersecured it; and then failed to warn their customers that they were at risk.
Spiral Toys — a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 — makes a line of toys called "Cloudpets," that use an app to allow parents and children to exchange voice-messages with one another. — Read the rest
I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. — Read the rest
Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) — which is why the Australian government's decision to collect and retain — for 10 years — personally identifying information on census participants is such a big deal.
Rosebuttboard.com is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users.
Vtech is a ubiquitous Hong Kong-based electronic toy company whose kiddy tablets and other devices are designed to work with its cloud service, which requires parents to set up accounts for their kids. 4.8 million of those accounts just breached, leaking a huge amount of potentially compromising information, from kids' birthdays and home addresses to parents passwords and password hints.
Jamie King sez, "The Emergents Podcast, a new show from the creator of STEAL THIS FILM, considers the development of a new form of power inside our networked society. In this pilot episode (MP3), Peter Sunde (The Pirate Bay), Troy Hunt (Have I Been Been Pwned) and network security consultant Ella Saitta consider the Ashley Madison hack, strange 'network collectives' like Impact Team and the 'volatile, unstable, complex and arbitrary' world they're bringing into being."