PHPnews.io

Weekly Update 298

Written by Troy Hunt / Original link on Jun. 4, 2022

Splash-Template.jpg

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable. I think the whole discussion is actually really interesting when looked at through the lens of how on balance, a digitised license compares to a physical one. As you'll see, I think the reporting on this is overblown however... the weak encryption keys do seem like an oversight and the response of Service NSW to criticism has been lacklustre at best. Let's see how it goes in other states, I'll be first in line when they roll out in Queensland so I can finally start leaving my wallet at home!

Listen-on-Apple-Podcasts.svg
Get-it-on-Google-Play.svg
spotify.svg
Download-via-RSS.svg

References

  1. I'm doing a meetup in Tassie on July 7 (in a brewery!!!)
  2. I got pwned in the MGM Resorts data breach (I didn't even know until I checked my old Hotmail address)
  3. The CTARS / NDIS data breach is really nasty (just really super sensitive medical data)
  4. The controversary around the ability to forge New South Wales digital driver's feels overblown (let's stop asking whether it's a perfect security construct and instead ask how it differs to the old physical plastic licenses)
  5. Sponsored by: Kolide enables cross-platform fleet visibility for your Linux, Mac, and Windows devices. Start your free 14-day trial today!

troyhunt troyhunt

« Welcoming the Indonesian Government to Have I Been Pwned - Weekly Update 297 »