Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year. Phew! No wonder so much time went on this! (and if you want to just jump directly to the Spoutible bits, that's at the 8:50 mark)
References
- Sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo.
- I'll be speaking at NDC in Sydney next week (it's all about "How I Met Your Data")
- I'll also be at the Azure Sydney User Group (this one is "Cloud-Enhanced Cybersecurity Tales from the Dark Web")
- Spoutible's spurted deluge of personal data (how much data does it need to be before it's a deluge? 🤔)
- There are a lot more nuances to hashing algorithms than what many people seem to realise (perhaps most notably is that the strength of the password itself plays an enormous part in how likely a hash is to be cracked)