Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 253

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important). There's been a bunch of requests for us to do more of this so stay tuned and maybe we can make a more regular thing out of it 😊 ReferencesSponsored by: Guarantee peace of mind from credential stuffing attacks. Learn how at Arkose Labs’ webinar with Troy...

Your Work Email Address is Your Work's Email Address

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley Madison ListRCMP, military email addresses in Canadian Ashley Madison dataSenior CE Industry Executives Exposed In Ashley Maddison Saga As New Data Dumped OnlineGovernment, police, military, and corporate accounts. Now, keep in mind that Ashley Madison's mission statement back then...

Weekly Update 252

Next week first: based on popular demand, at 18:00 on our end Friday 23 (that's 09:00 in London and terrible o'clock everywhere in the US), Charlotte is going to join me to talk about her transition from Mac to PC. Scott Helme will also be here (as in Zoom "here") so it'll be a bit of fun and inevitably go way off topic, but I thought it would be fun to fix it up a bit 🙂 This week is more of the usual with Chrome's push to HTTPS, another gov on HIBP and more travels in IoT land. ReferencesChrome is continuing the push towards defaulting to HTTPS and flagging HTTP as a security risk (I'm yet to hear...

The Internet of Things is a Complete Mess (and how to Fix it)

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. But it also remains a complete mess and I want to demonstrate why based on some recent experiences: Let's say you want an IoT light. You want it connected because you want it to come on at a certain time of the day therefore it requires scheduling. You also want to be able to change the...

Welcoming the Israeli Government to Have I Been Pwned

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board. They join many other governments around the world in having access to data impacting their departments amongst the more than 11 billion records already in HIBP, and inevitably the billions yet to come. I'm really encouraged to see the amount of enthusiasm expressed by national government defenders to gain access to breach data so that it can be used in positive ways, and I look forward to welcoming many more national CERTs in the future....

Weekly Update 251

Between school holidays and a house full of tradies repairing things, there wasn't a lot a free time this week. That said, I've got another gov onto HIBP, snared by 11th MVP award, did a heap of other cyber-things and Charlotte and I even managed to slip in our first COVID shots amongst all that. Next week will start getting back to full steam as the winter holidays end (yeah, it's winter here, I know that's confusing for some people!) and I'm sure there'll be an all new stash of cyber-IoT-other things waiting for me at the end of it 🙂 ReferencesFinally got my first COVID shot! (that's a link to a thread which is mostly only relevant in my part...

MVP 11

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people. All this time later and in a fundamentally different world to one all of us were in back then, I still find people unable to grasp why I and so many of my friends and peers would want to do what we do: "You...

Welcoming the Dutch Government to Have I Been Pwned

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other nations in taking up this service....

Weekly Update 250

This week is a bit of everything again, although the main difference this time was an update on the COVID situation we're facing in Australia. We've been largely virus-free (relative speaking) but as a result, vaccine rollout has been really slow (as in about 5% of the country being covered) and following some outbreaks of the Delta strain this past couple of weeks, everyone is feeling a bit nervous. We'll get there, but it's a bit of on add time for us and it's certainly dominated headlines recently. Other than that, it's more breaches (and non-breaches), more IoT and more general cyber stuff. ReferencesIn response to popular demand, I'm going to do a weekly update vid with Charlotte about the...

Welcoming the Slovak Republic Government to Have I Been Pwned

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come. I look forward to welcoming many more national governments in the future and I'm very excited to see what useful things they can do with the data....