Ian Oliver

@troyhunt Good write-up, Troy. I appreciate that you take the time to carefully think about these 'frontier' and nuanced grey areas, make the best call you can, then follow-up with your reasoning. This is why you're able to operate in this space with a trusted service and work w/ law enf.

Occasionally, someone takes issue with me flagging a data breach as "sensitive" such that the email addresses can't be publicly searched because they want to dox the users. That's a *really* bad idea, for many reasons: troyhunt.com/who-decides-wh…

@troyhunt Re ideas for the HIBP challenge coin, you might be interested in what Pi-hole did for their coin a few years back. On one side, it has the ID of their first git commit. Thinking the HIBP coin could have the SHA-1 hash of 'password' or similar? reddit.com/r/pihole/comme…

@troyhunt If you know enough about the emails (e.g. common sender/URL etc.) you could create a simple Transport Rule, which can then set the Spam Confidence Level to -1 (bypasses Microsoft's flagging), skip Quarantine or whatever you want to do. admin.exchange.microsoft.com/#/transportrul…

Alright, this is driving me nuts: Office 365 falsely flagged a few emails as containing malicious URLs. I get an email alert and the Microsoft Defender web portal lists them, but how do I trust them and have them delivered to my inbox? Flagging as false positive isn't enough.

@SCsupport Bearing in mind SoundCloud is the only place I've ever used this *extremely* unique email alias (it contains 10+ random characters), would you like to explain exactly what you mean by "another service". Alias made April 2018. Breach we should be aware of? cc @troyhunt

@timhortonsuk Just had a couple of guys dropping your leaflets in Essex on our estate. Only they took a photo of the front of our house. When challenged, they said the photo was to prove they're dropping leaflets. Is this legit? That seems shifty to me. I can provide video.

@LastPassHelp Not to worry, I'm switching to a new password manager after your latest breach, anyway. As a bonus, I won't be bllinded by white every time I use it.

@ian_oliver I'm sorry, Ian. I don't have an exact ETA on this development yet. ^AC

@LastPassHelp Hi guys. Long time Premium user here. Love the service, but I keep getting blinded in the evenings. Are you able to provide a dark mode version/preference for your chrome extension please? Pretty please? 😊

@LastPassHelp Any news on a dark mode for the extension yet?

@ian_oliver Sorry Ian, no news to share about that currently. ^GD

@Yay_dot_com If I DM you the IP address in question, would you mind taking a look into it please?

@Yay_dot_com Hi guys. I believe you may be either inadvertently blocking my IP or your site has a really bizarre issue. I can access your site fine from several different UK IP addresses, but with one of them, your site returns a 500 Internal Server Error.

@SGgrc Making unphishable 2FA phishable [WebAuthn]: mjg59.dreamwidth.org/62175.html

@stebets @troyhunt Am trying other random hashes to try and recreate. From my *very* rough testing, seems like 60% don't have the line break and 40% do. These have the line break: 42A9A, 4D618, DAB68, C56ED, 64224, 97135, 152B4, C1EFE, 4791D.

@stebets @troyhunt Can confirm an ending line break is added to api.pwnedpasswords.com/range/28E3F when padding is not enabled. Am comparing to api.pwnedpasswords.com/range/AFCD8, which does not have a line break.

@troyhunt Hey Troy. Not sure if you're aware - the Pwned Passwords API seems to be including some blank lines in the response. Happened to cause some parsing errors at my end (which I've now resolved). So far, have only noticed it on passwords (hashes) that are not pwned.

On deeper inspection, I believe it may be when Add-Padding header is set to true. A blank line is inserted between the 'real' lines and the padding lines.

@troyhunt From when I first heard of the issue, it seemed to begin occurring somewhere around 12:00 GMT / 13:00 BST (very approx).

@LastPassHelp Hi there. I don't suppose there are any developments on dark mode for the extension?

@ian_oliver Hi Ian, thanks for reaching out. We do hope to release Dark Mode for the LastPass extension in the future, but don't currently have a release date. We hope to have more news soon! ^RO

@lifeformed Hey Terrence, I do marketing work for a company in England and would love to licence Cobalt Blue for use in online advertising videos. Is this something you'd be interested in and able to do?

Happy 22/2/22!

@LastPassHelp Good to hear, thanks. If you need any testing/feedback before release, feel free to include me.