• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Will Angley

Just another WordPress site

  • About
  • Photos
  • Words
  • Resume
  • Contact

(In)security

⌨️ ¯\_(ツ)_/¯. mostly breach notifications; I don't do much security stuff any more.

And no, these aren't all of them.

Incident of the day: Bonobos

January 22, 2021 by Will Angley

✉️ Important update about your Bonobos account security

From: ninjas@bonobos.com

Dear William, 

We believe an unauthorized third party may have been able to view some of your account details, including your contact information and encrypted password. Your encrypted password was protected so your actual password was not visible. Payment card information was not affected by this issue.

To protect the security of your account, we are resetting your password and have logged you out of your account. To log back in, you just need to set a new, unique password through the link below:

…

Walmart acquired Bonobos three plus years ago, and runs it as a separate business. I’m generally glad they did this; Bonobos is as much about its software as its clothing, and I like their storefront much better than Walmart’s.

But it sounds like they could use a Security Ninja.

Filed Under: Words Tagged With: (In)security

Incident of the day: Blackbaud

August 19, 2020 by Will Angley

Blackbaud Data Security Incident

From: blackbaudincident@wm.edu

Dear Friend of William & Mary,

We take your privacy seriously at William & Mary and value the trust you place in us when you share your personal information. We wanted to make you aware of a data security incident involving Blackbaud, Inc., a vendor of William & Mary and the William & Mary Business School Foundation that provides data processing and hosting services for advancement-related activities. Blackbaud also provides similar services to thousands of universities and nonprofits worldwide.   

Blackbaud recently notified us that it was the victim of a ransomware attack in which a bad actor removed a copy of certain backup files maintained by Blackbaud. The files contained some limited personal information of a subset of our alumni and donor population, including your personal information. 

…

It’s between the lines in this email, but Blackbaud paid the ransom. ?

Filed Under: Words Tagged With: (In)security

Incident of the day: Twitter

May 4, 2018 by Will Angley

✉️ An update on your account security

From: info@twitter.com

Hi @willangley,

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

…

This is a surprisingly common bug; GitHub also did this, although my password wasn’t one of the ones logged.

How did this happen? I’m not sure of the specifics. But if you’re used to working without exceptions, you can get in the rhythm of checking and logging errors after every function call that can fail:

int ret;
if (ret = bcrypt_hashpw(passwd, salt, hash)) {
  syslog(LOG_ERR, "bcrypt_hashpw: got error: %d while hashing: %s \n", ret, passwd);
  return ret;
}Code language: JavaScript (javascript)

And sometimes you should skip the logging 😛

Filed Under: Words Tagged With: (In)security

Primary Sidebar

About the Author

Will Angley likes to take photos, and pays the bills by writing code for a big company.

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Follow me

  • GitHub
  • Instagram
  • LinkedIn
  • RSS
  • Twitter

Top Posts

  • How I set up Tailscale on my WiFi router
  • Ask Will: what WiFi router do you use?

Recent Posts

  • ✅ Visual glitches should be fixed now!
  • 🐞 Visual glitches on older posts
  • Make Logitech G PRO X TKL macros ready sooner
  • Returning the Logitech G PRO X TKL to wired mode
  • 🗽Statue of Liberty

Categories

  • Photos
  • Words

Copyright © 2014–2025 Will Angley · Privacy Policy · Made with ❤️ and WordPress in NYC