Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Questions about the Massive South African "Master Deeds" Data Breach Answered

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know. Who Am I and Why Do I Have This Data? Some background context is important as I appreciate there's a lot of folks out there who haven't heard of me or what I do before. I'm an independent Australian (I have a Microsoft Regional Director title but RDs don't actually work for Microsoft) and I specialise in security training folks who build online systems. For...

The 6-Step "Happy Path" to HTTPS

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone, but don't worry, it's coming very soon even if it hasn't yet arrived for you personally and it's going to take many people by surprise. It shouldn't though because we've known it's coming for quite a while now starting with Google's announcement back in April. That was then covered pretty extensively by the tech press...

New Pluralsight Course: Emerging Threats in IoT

It's another Pluralsight course! I actually recorded Emerging Threats in IoT with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: The collection of never-before digitised data (adult toys are a perfect example) Vulnerabilities in the cloud services behind IoT (they're just websites, after all) Risks in the devices themselves that expose data (such as Bluetooth PINs) Risks which expose the network (LIFX leaked the wifi password) Risks which result in...

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack, the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad... then totally screwing up the security. Anyway, I read a piece today about VTech asking the court to drop an ongoing lawsuit that came about after the hack. In that story, the writer recalled how VTech has updated their terms and conditions after the attack in an attempt...

Weekly update 56 (island edition)

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest. Regardless, it's mostly good but apologies for the patchy bits all the same. This week I've been dealing with data breaches - lots of data breaches. Since the last update there's been...

Disqus Demonstrates How to Do Breach Disclosure Right

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me. Breaches I'd never seen before. Some of them were known by the companies who'd previously made public disclosures; ReverbNation, Bitly and Kickstarter. One of them, however, showed no previous evidence of disclosure - Disqus. I first saw the Disqus data first thing Friday morning my time in Australia. Verification wasn't difficult because my own record was in there...

Weekly update 55

Lots of writing and lots of other stuff too this week. A claim that HIBP is bogus, new breaches appearing (and oh boy, wait until you see all of these ones...), some new bits from Ubiquiti and then the actual writing of things. I've got a lot of material on the backlog too, including a really neat technical one I'm looking forward to pumping out this month. Today though, I wanted to talk about how I handle endorsements without selling my soul, the challenge of a very long digital paper trail (and purging it) plus I just announced that I'm now running remote workshops too so I'm pretty excited about that. With that, I've got a couple of sizable data...

I'm Now Running Remote Workshops

Almost 2 and a half years ago to the day, I left the corporate world. It's funny looking back on it because on the one hand, 2 and a half years isn't that long but on the other hand, it was a lifetime ago; my life is totally different today and in entirely positive ways. When I got that independence, suddenly I had a world of opportunities to choose from. I could do anything I wanted - and it was awesome! More Pluralsight courses, more conferences, more blogging, more Have I been pwned (HIBP) and drawing on everything I was learning from those activities (and a couple of decades of building software), I started running workshops. I've found workshops to...

Here's How I Decide What I Endorse and How I Ensure Transparency

One of the by-products of an increasingly public profile is that companies want you to promote their things. You see this all the time in all walks of life whether it be product placement in movies, celebs sponsored by car companies or indeed the sponsor banner you see at the top of this blog. These companies benefit from the exposure granted to them by individuals with influence. The flip side is that the allure or money or free goods can taint the impartiality of said individual. For example, in the wake of the Sony Pictures hack we learned that Kevin Hart was paid a couple of million bucks to tweet Sony's messages. More recently, there was news that the Kardashian...

Weekly update 54

Ah, home! It's nice at home, I think I'll stay here. When I got back from Utah on Sunday I checked my TripIt and noticed I'd been away bang on 40% of the year but fortunately, that's it for the 2017 overseas stuff. That said, I've got a bunch of events lined up in Aus for the rest of the year and I'll talk more about those soon. This week, I've actually had some time to catch up on writing and pumped out a couple of blog posts that have been on my mind for some time. It's stuff I'm passionate about (both for different reasons) and I really hope people find it interesting if not even thought-provoking. Enjoy! iTunes...