Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 214

It's a very tired weekly update as I struggle a little bit after only a few hours' sleep but hey, at least I've got a nice haircut! In more topical news, I'm pretty happy about the experience installing Ubiquiti's AmpliFi ALIEN gear into a neighbour's house, it's Trump on top of Trump with his password commentary and then his actual password and finally, questions from the audience on AmpliFi versus UniFi which some people might find interesting. Next week, I'm hoping I'll be able to talk about the Ubiquiti doorbell as well so tune back in for that one. ReferencesI put an AmpliFi ALIEN unit into a friend's house (this is some really cool kit!)Trump had some, uh, "interesting"...

Weekly Update 213

The week's update comes on the back of a very long week for me, but it's good to be "out there" speaking at events even if they are just from the comfort of my own home. There's also more adventures in IoT, Chrome's experiment with URL paths in their omnibox and Apple messing around with MAC addresses on my phone and watch. Oh - and I did manage to track down what my favourite Norwegian beer is following a question from the audience: I was asked about my favourite Norwegian beer during my live stream today and couldn’t recall the name. Because it’s my fav, @charlottelyng kindly took a pic for me back in Oslo 😊 Juicy Stuff Klokk...

Customised Ubiquiti Clients and Randomised MAC Addresses on Apple Devices

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices. Each one has been meticulously customised by both name and icon so that it's immediately recognisable on the map. For example, the Nanoleaf in my daughter's room has the correct image associated to it and her name alongside it so I can easily differentiate it...

Weekly Update 212

It's a bit of a mega one this week running over the 1-hour mark, but there's been an awful lot happen during the last week that I reckon is of interest. There's a decidedly adult theme running across the topics not by design, but just by pure coincidence between the Grindr incident, a query I got regarding erasing one's adult website browsing history and the IoT male chastity device full of security holes and potential requiring a grinder (not Grindr!) to remove. We live in interesting times... ReferencesIt's NDC Sydney next week! (I won't "be" there this year, but the show is still going on)I'm super impressed with the quality on the new GoPro HERO9 Black (more of that...

Welcoming the Canadian Government to Have I Been Pwned

Following in the footsteps of many other national governments before them, I'm very happy to welcome the Canadian Centre for Cyber Security to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Australia. I hope to include more parts of the world in the coming months....

Weekly Update 211

This week there's a lot of connected things: connected shoes, connected garage camera and connected GoPro. And then there's Scott's Grindr account. Awkward. Actually, since recording this weekly update the details of the issue have now been released so I'll talk about that in more detail next week. This week there's all the above and, on a more personal note, my relationship with Charlotte. Enjoy. ReferencesMy shoes are connected! (that's the tweet thread of how to update the firmware in them - yep, updating the firmware in my shoes)My Ubiquiti G3 Micro is up and integrated with Home Assistant to raise motion events (this is super simple and I'll use it to trigger external lights once more Shellys go...

Hacking Grindr Accounts with Copy and Paste

Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which for many people, makes it particularly sensitive. It's sensitive not just because by using the site it implies one's sexual orientation, but because of the sometimes severe ramifications of fitting within Grindr's target demographic. For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. Another demonstration of how valuable...

Weekly Update 210

Wow, 4 years already. Regardless of where I've been in the world or the stresses that have been going on in my personal life, every single week without exception there's been a video. This makes 210 of them now, and these days they're live from a much more professional setup in a location that has absolutely no chance of changing for the foreseeable future. Not exactly the way I saw things panning out 4 years ago, but I guess we've all been a bit blindsided on that front. Anyway, on with the show and there's not a lot on the professional front this week due to downtime with the kids over their holidays, but some good audience questions I hope...

Weekly Update 209

More IoT, more cyber and more Q&A so yeah, business as usual this week. More specifically, a lot of this week's update talks about VPNs and where they still make sense with so much HTTPS all over the place these days. As I say in the vid, blog posts like the VPN one I did this week are often done to help me get my thoughts on a topic straight and a lot of things became a lot clearer for me in doing that. The headline figure out of that post IMHO is that only 2.3% of websites are forcing all connections to be secure courtesy of HSTS preload and the fact that browsers still default to...

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. I'm a massive proponent of Let's Encrypt's and Cloudflare's missions to secure the web and of browser paradigms such as HSTS and upgrade-insecure-requests via content security policies to help make it a reality. Yet I also find myself constantly using VPNs for a variety of security and privacy related reasons and it got me thinking - why? I mean what's the remaining gap? Last month I announced I've partnered with NordVPN as a strategic adviser and as part of that effort, I...