Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly update 53 (Salt Lake City edition)

What a week! Epic hardly describes the experience I've just had at Pluralsight Live in Utah, not least of which was this stage: No new writing this week but I did want to comment on the Equifax CSO degree story (and my poorly worded tweet about it) as well as the ongoing concern I keep hearing from people about biometric auth, especially in the US. So that's just a quick intro, I'm rushing this one out a bit as it seems that the one place in the world with worse connectivity than my home in Australia is US airports... iTunes podcast | Google Play Music podcast | RSS podcast References Here's the story on the Equifax CSO and her music degree (I'll...

Weekly update 52

Hey, it's weekly update 52! That's almost a year's worth of weekly videos, next week will actually be that anniversary (ok, it's a day short, but close) and by that time I'll be over in Utah doing the Pluralsight Live thing. I'm especially looking forward to this event, there's a huge amount of organisation gone into it and I think it'll be a really slick show. This week - Equifax. Wow. It's such a mess on so many levels and as I say in the Security Sense column, trust is now a massive problem not just because of the breach itself, but because of how they've subsequently handled it. Apple's new toys and Face ID is another really interesting topic...

Face ID, Touch ID, No ID, PINs and Pragmatic Security

I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox: "less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature": https://t.co/AdbYwWGb7t— Troy Hunt (@troyhunt) June 3, 2016 Less than 1%. That's alarming. It's alarming not just because the number is so low, but because Dropbox holds such valuable information for so many people. Not only...

Weekly update 51 (Melbourne edition)

Really quick intro as I rush between events today: I'm in Melbourne and have just finished a "Hack Yourself First" workshop then it's OWASP conference time tomorrow. It's been a mostly fun week with a couple of oddball experiences thrown in, but leave you to watch the video or listen to the podcast to enjoy those :) iTunes podcast | Google Play Music podcast | RSS podcast References CynoSure Prime did some cool work cracking the 320m Pwned Passwords (somehow, some press outlets misinterpretted the significance of this) I copped a pretty unhinged rant from the reincarnated SEO lady (I'm starting to wonder if she's actually serious...) I rolled out AmpliFi at my parent's house (this is actually really neat as...

How I Finally Fixed My Parents Dodgy Wifi With AmpliFi

I have no idea who it was that first modified Maslow's hierarchy of needs in this fashion, but I do know that's it's never been truer than now: More wifi things used by more people in more corners of the house. Many people do now consider connectivity to be a pretty essential need in their life yet as our wifi demands have increased, many people are still attempting to make do with the networking gear of yesteryear. I was one of those people, at least I was until late last year when I finally lost my mind and installed Ubiquiti's UniFi devices all through the house. Ubiquiti is actually the world's largest producer of wireless access points and their UniFi...

Weekly update 50

Yep, hit right in the face with a dodgeball. There was blood. But retribution was swiftly mine as I hunted down the kids on the other team. Oh - and I also loaded 711 million records into HIBP. That's the real story this week and I wanted to speak in depth about everything from where the data came from to why you can't get your password out of it to frankly, some of the kinda disappointing comments some people left. This is a very multifaceted issue and I hope I do it justice in the audio here. iTunes podcast | Google Play Music podcast | RSS podcast References Last call for my Melbourne workshop! (in fact, it's the last public workshop of...

Inside the Massive 711 Million Record Onliner Spambot Dump

Last week I was contacted by someone alerting me to the presence of a spam list. A big one. That's a bit of a relative term though because whilst I've loaded "big" spam lists into Have I been pwned (HIBP) before, the largest to date has been a mere 393m records and belonged to River City Media. The one I'm writing about today is 711m records which makes it the largest single set of data I've ever loaded into HIBP. Just for a sense of scale, that's almost one address for every single man, woman and child in all of Europe. This blog posts explains everything I know about it. Firstly, the guy who contacted me is Benkow...

Weekly update 49 (snow edition)

I'm at the snow! Yes, Australia has snow. No, it's not like the big mountain riding of Europe or North America, but the warmer weather means you can regularly sit outside in the sun during the day with a cold beer which is pretty awesome. I've got a couple of Security Sense columns to talk about this week which I hope will get people pondering this whole security thing a bit more. Also, as you may have noticed, I've pushed this out a day early. Friday will be a half-and-a-bit day on the snow before a 5-hour drive to Sydney, a good rest then a 9 hour drive back to the Gold Coast the next day. It's just easier to...

Weekly update 48 (windy Sydney edition)

I've been in Sydney all week for the NDC conference here so it's been a pretty non-stop time. A 2 day workshop, 2 new Pluralsight courses, 2 talks and all the usual social things that go along with these. But regardless, I got that Ubiquiti UniFi course out and a blog post to go along with it. I'm keeping things brief here now as I prepare for (the always epicly fun) Pubcon, more next week from snowy Australia. Yes - snow! iTunes podcast | Google Play Music podcast | RSS podcast References Everything you need to know about Ubiquiti UniFi to get started (this is such awesome gear and I love hearing about how happy people are with it) Terbium is sponsoring...

Free Course: Here's What This Ubiquiti UniFi Stuff Is All About

Last year, I got fed up with my wifi. The coverage was patchy, the devices were unstable (my speed would regularly drop to less than 2Mbps until I restarted the router) and even though it was new gear, it felt just like the gear I'd had a decade ago. Same basic principle of an all-in-one device, same basic web interface and almost certainly, the same update cycle - I wasn't going to be seeing firmware updates or new management features any time soon, if at all. All of this wasn't just frustrating, it was costing me money as productivity went out the window. So I fixed it. In the post linked to above, I talk through how I built out...