Troy Hunt

It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here. We've fared exceptionally well in Australi...

Spiders! Ok, not your normal start to a weekly update but yeah, we had a bit of an infestation this week which did take the mind of other current events for a while. Much of what's happened beyond that this week has resulted in various tweet storms; the Zoom credential stuffing situation, the Coronavirus tracking app (holy cow that has some "robust" debate around it) and the (seemingly endless) thread of progress as I build up my Ubiquiti network. All that and more in the vid below ? [https://i...

Hot on the heels of onboarding the USA government to Have I Been Pwned last month [https://www.troyhunt.com/welcoming-the-usa-government-to-have-i-been-pwned/], I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team (CERT-IS [https://www.cert.is/]), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding...

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling [https://www.4cabling.com.au/]. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool. I've tweaked the levels a bit at that point to try and compensate, still not quite sure what happened but hopefull...

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents..."...

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: > Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog. No, no it wouldn't and there are all sorts of reasons why not. First among them is that if I was to add a link to your...

I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so... it's just all becoming a blur. But be that as it may, life marches on and this week like every other one before it was full of interesting cyber-things. I find the situation with Zoom in particular quite fascinating, particularly the willingness - even eagerness - that so many seem to have to throw the very tool that's bringing so many peop...

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach [https://www.troyhunt.com/we-take-security-seriously-otherwise/]. It seems that not much has changed since then: > “At...

This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ? This week's update covers those events plus the onboarding of the USA government onto HIBP, an announcement I...

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA). CISA now has the ability to query US government domains via API and receive not...