Toot

Written by Gabriel N on 2025-01-14 at 10:39

Interesting to see @haveibeenpwned / @troyhunt having decided to start offering "Threat Intelligence".

While I understand the thinking, the quote from the article

But even when you get the full dump of the data from the shadiest providers*, it's just been a waste of time.

Sure, there is some value in informing people about problems. But it's important to provide actionable information.

A better approach might be to provide this information to the breached sites to allow them to 1. validate the information. 2. inform the users. 3. force changes.

That approach has it's own problems**, but seems like it more effectively attacks the core of the problem instead of the symptom.

And if that is not possible, then maybe something proactive like identity-protection services which you pay to take actions on your behalf of any data.

Maybe this isn't something Troy wants to do, which is fine. But I felt like I needed to write down my thoughts on why I don't think it's the right approach.

Footnotes:

=> More informations about this toot | View the thread | More toots from gnyman@infosec.exchange

Mentions

=> View haveibeenpwned@infosec.exchange profile | View troyhunt@infosec.exchange profile

Tags

Proxy Information
Original URL
gemini://mastogem.picasoft.net/toot/113826276530533877
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
221.739445 milliseconds
Gemini-to-HTML Time
0.468951 milliseconds

This content has been proxied by September (ba2dc).