Search Results for “@s7nsins”

No need for Russia to hack the House of Representatives if the House keeps leaving its doors open.

Posted on November 5, 2018 by Dissent

In early August, “Flash Gordon” (@s7nsins on Twitter) contacted me to say that he discovered a leak involving the House of Representatives. In light of all the talk about Russia trying to hack our elections, I decided that we probably should notify the House right away in case there was any kind of sensitive files…

What NOT to do when researchers notify you of a breach

Posted on October 8, 2018 by Lee J

This story is going to be straight up, forward and simple. What not to do when a researcher like myself contacts you about a security incident. Every day all around the world researchers are being ignored by those who they attempt to help out. Recently another researcher discovered a open s3 bucket that belong to…

Homeland Security subpoenas Twitter for an independent researcher’s information

Posted on July 2, 2018 by Dissent

Homeland Security has subpoenaed Twitter for the account information of an independent researcher who has been the source of a number of this site’s reports. Is this just another chapter in the war on independent researchers to try to chill speech? Or is there more to the story that we do not yet know? Zack…

Source of massive South African data leak found – Report

Posted on October 18, 2017 by Dissent

Bill Cooke reports: With the help of self-professed “data and crypto addict” Flash Gordon, iAfrikan CEO Tefo Mohapi connected the leak to GoVault. GoVault is a platform operated by Dracore, and is billed as a “goldmine of information” which offers access to the contact details of South African consumers and homeowners. Read more on GearsofBiz. @s7nsins (aka…

The messy, messy month of May

Posted on June 19, 2017 by Dissent

Compiling data for Protenus, Inc.’s breach barometer should be relatively routine and straight-forward. In May, however, it wasn’t. Here’s a rundown on the factors that complicated our analyses: Investigating patient data put up for sale on the dark web. Determining whether the breaches were legitimate or fake turned out to be headache-inducing, as the following scenarios…

Calling time of death on HHS’s “breach tool”

Posted on May 24, 2017 by Dissent

I was excited back in 2010 when HHS started posting breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches involving HIPAA-covered entities, but at least we were finally starting to get some actual data. Now, more than 6 years later, it’s become clear to me that it’s probably best to just call time of death…