2026-03-02 15:51:14
The Odido breach leaks were towards the beginning during this week's update. I recorded it the day after the second dump of data had hit, with a third dump coming a few hours later, and a final dump of everything the day after that. From what I hear, it dominated the news in the Netherlands, and we sure saw that through the traffic stats. Clearly, the leak cadence was designed for maximum news impact, and it seems to have achieved that. It may not have put any cash in the extortionist's pockets, but it's set a very visible precedent and, I suspect, put a massive law enforcement target on them. It's hard to image leaks of this impact continuing for much longer...
2026-02-24 08:38:59
The recurring theme this week seems to be around the gap between breaches happening and individual victims finding out about them. It's tempting to blame this on the corporate victim of the breach (the hacked company), but they're simultaneously dealing with a criminal intrusion, a ransom demand, and class-action lawyers knocking down their doors. They're in a lose-lose position: pay the ransom and fuel the criminals whilst still failing to escape regulatory disclosure obligations. Disclose early and transparently to individuals, which then provides fuel to the lawyers. Try to sweep the whole thing under the rug and risk attracting the ire of customers and regulators alike. It's a very big mess, and it doesn't seem to be getting any better.
2026-02-17 13:09:12
Well, the ESP32 Bluetooth bridge experiment was a complete failure. Not the radios themselves, they're actually pretty cool, but there's just no way I could get the Yale locks to be reliably operated by them. At a guess, BLE is a bit too passive to detect state changes, and unless it was awake and communicating, it just had no idea what was happening with the locks. So, I've now silenced all lock-related alerts and am focusing on making the wifi network as reliable as possible in the hope the locks actually become responsive. If that doesn't work, those Aqara U400s look really sweet...
2026-02-09 12:19:39
A big "thank you" to everyone who helped me troubleshoot the problem with my "Print Screen" button on the new PC. Try as we all might, none of us could figure out why it refused to bind to SnagIt and instead insisted on dumping the entire collection of screens to a file on the desktop. But an especailly big thanks to the follower who later emailed me with an idea that didn't work, and followed up with an idea that finally did!
So, yeah, thanks Logitech for making this a real pain in the arse 🤦♂️
2026-02-04 10:31:18
This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with me after watching other speakers: the effort agencies are putting into cybercrime prevention. It's very easy for folks to judge law enforcement solely on what they see from the outside, and that's mostly going after offenders and taking down criminal infrastructure. But the bit I'm increasingly seeing behind the scenes is a push to help kids (the sorts of hackers I usually interact with are teenagers or young adults at most) make better choices when they're faced with a pathway into cybercrime. The transition from minor offences (game cheats and DDoS'ing) to full-on cybercriminals (hacking and extortion) is very well-known, and intervening at the right time can not only make a difference to the impact of data breaches on all of us, but it can also make a massive difference to these kids' lives. These agencies are underfunded and understaffed compared to the scale of the problem, so making the time to come visit and find some ways to help in our little corner of the data breach world is a no-brainer 😊
2026-01-27 17:50:05
It's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most noteably was the hand-waving around "the gov is just trying to siphon up all our IDs" and "this means everyone will have to show ID, not just under 16s". If only there was another precedent somewhere in the world where precisely this model was rolled... oh - wait! 🐨 The way the ban (sorry - "delay") has been done in Australia isn't perfect, but it also doesn't have to be. There are still plenty of under 16s with access so socials, but I do not know of a single adult who had had to show any form of ID or do any age verification whatsoever. So, relax, wait until we know more about how thye're planning to do it (and the UK gov will be closely looking at the Aussie precedent), and then lose your minds if it's done totally differently at the expense of everyone's privacy.
