Weekly Update 156
Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip. I'm talking a little about those events (all listed on my events page), this week's changes to EV, more data breaches and a somewhat semantic argument about the definition of "theft".
- Entrust are convinced you should still pay them for EV certs (even though the primary value proposition they're still promoting is now gone...)
- Scott killed a million bucks worth of EV certs (it turns out that extended validation isn't always so... extended)
- The Void.to hacking forum got breached and is now in HIBP (a lot of private messages in there people really wouldn't want being traced back to them)
- Garmin in South Africa had a whole bunch of credit cards siphoned off (looks like a classic Magecart attack)
- Does a data breach actually constitute "theft" given the original owner isn't deprived of it? (that's a link to the Twitter thread on it, I think the term is a bit overloaded TBH)
- Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.