In light of… current events occuring south of Canada, I felt it was prudent to start doing more work on things like wireless mesh networking. As such, I wanted to work on getting my first Meshtastic (or meshcore, but we’ll do meshtastic for now) node setup to get some coverage for my neighbourhood.

It’s been a while! I got busy with a bunch of other work, so I haven’t been posting here lately. Going into the new year I hope to improve that, and try to do some streaming and video content as well. We’ll see how that goes; start the new year with a good cadence and make something happen.

I had a discussion yesterday with an acquaintance about some new infostealer leaks; I was talking about verifying whether the credentials are new or not (which was a silly thing to do, I should have known they weren’t in HIBP — for different reasons though) and I went to check if some of the passwords were contained in the HIBP corpus. The acquiantance asked something to the effect of, “why would you put the password into a web form, isn’t that leaking it further?”. This naturally reveals a common misconception regarding how breached password lookups typically work; both in HIBP itself, and competing commercial breached corpuses.

Breachforums, the infamous darkweb hacking and stolen data marketplace recently had another setback when its remaining primary administrators were arrested in France, shutting down yet another iteration of the marketplace. This closes another chapter in a site that has caused immeasurable damage to consumer and enterprise systems alike, facilitating the sale and trade of initial access, credentials, and leaked data.

Last week, a number of news outlets and organizations posted a story (which was then followed by ~ a retraction) of a darkweb password leak comprising 16B records. This immediately triggered a fervor around whether this was really a single leak, where it came from, who and how was exposed and so on – as always occurs around these things.

Not a deep one this week, just a funny story about something that happened to me on Tuesday, July 17. It’ll unfortunately be a short one; one that should probably be turned into a youtube short talking about it, but moving pictures scare me.