Sponsored by:

Weekly update 17 (veranda edition)

This is a somewhat shorter, very tired version of my weekly update. As I say in the video, preparing for the NDC conference in London next week has been extremely taxing with two new talks and a bunch of other activities to organise. I didn't mention it in the vid, but I was also going until the early hours of yesterday morning recording a new Pluralsight course which I'll then be editing while I travel. I didn't realise how tired I look until I edited the clip so I'm going to do my best to use my last day at home to take it easy and soak up some sun. The next update will be from London with a bunch...

A data breach investigation blow-by-blow

Someone has just sent me a data breach. I could go and process the whole thing, attribute it to a source, load it into Have I been pwned (HIBP) then communicate the end result, but I thought it would be more interesting to readers if I took you through the whole process of verifying the legitimacy of the data and pinpointing the source. This is exactly the process I go through, unedited and at the time of writing, with a completely unknown outcome. Warning: This one is allegedly an adult website and you're going to see terms and concepts related to exactly the sort of thing you'd expect from a site like that. I'm not going to censor words or...

Weekly update 16

It's a new year! Which means looking back at the old year and while I'm there, also looking back at how much we didn't know we didn't know. This week I also permanently nuked all remaining remnants of the ad network given the success of the sponsorship model and that has made me very happy. What I didn't mention in the weekly update is that I've had over 70k visitors to this blog over the last 24 hours largely on the basis of that post. It got a lot of traction on Hacker News which obviously helps (but wow, some of those comments...), but it's interesting how much of a hot topic ads always tend to me. iTunes podcast | Google...

I just permanently removed all ad network code from my blog

I don't mind ads on websites as a concept, that is I don't mind the idea of a message appearing somewhere that helps the producer of said content earn a crust. However, there are other things about ads that I do mind enormously and most of them are due to the ad networks themselves. I don't like the overhead of a whole other website being embedded into an iframe. I don't like the total irrelevancy of much of the ad content. It could be tailored to my browsing habits, but then I'm not overly fond of the tracking. Oh - and I definitely don't like being served either malware or really obtrusive behaviours such as ads viewed on iOS redirecting...

2016 retrospective

I never used to do these "year in review" style things, but 2015 was a really foundational year for me in many ways so I wrote a 2015 retrospective. Thinking about it over the last few weeks as we approached the end of 2016, a bunch of stuff really stuck out in my mind and I think it's healthy to look back at what you've done and take a moment to reflect. Here are the things that were highlights for me: I launched a new blog One of the best things I did in 2016 was to re-launch my blog on a brand-new platform with a new theme and wrap Cloudflare around it all. 8 months on, I'm still enormously...

Weekly update 15 (poolside edition)

Last one of the year! And yes, it's summer, it's hot and I'm doing it by the pool. However, as I say in the intro, it's only a fortnight until I'll be back in London which is about as far away as you get in every sense. On a more serious note and harking back to my post on how much effort goes into an international speaking trip, this is well and truly the calm before the storm and things are about to get very, very hard for the better part of a month. But for now, I'm doing my best to enjoy time with family as I hope most of you are at this time of year. Here's the...

10 ways for a conference to upset their speakers

I was preparing for an upcoming event the other day and very nonchalantly fired off a tweet whilst doing so: As a conference speaker, about the most annoying thing you can ask me to do is to use your slide template...— Troy Hunt (@troyhunt) December 16, 2016 Within short order, it somehow received hundreds of likes and retweets with many chiming in about the things that frustrated them about speaking at events. There was a lot shared that resonated with people and it struck me as odd, not least of which because almost every speaker at almost every tech conference contributes their time for free. This is news to many people - they think we're riding the speaker tour...

Weekly update 14

Almost done for the year and I've gone beach-style, if not in location then at least in attire. Xmas in Australia is all about the outdoors, the water and usually generous helpings of cold prawns so a little bit different to many places. But like everywhere else, the cyber things keep happening and there were a bunch of things on the agenda this week ranging from EV certs (largely a physiological discussion IMHO), to the Ethereum forum hack (or more specifically, how well they handled it) to how websites - any website - has something really valuable to attackers: reputation. Thanks for the continued viewership and listenership folks, I hope everyone is getting some good Xmas downtime. iTunes podcast | Google...

All websites have something of value for attackers: reputation

I was shopping around for a new exhaust system for the car the other day and I found exactly what I wanted via a seller on Facebook. I really wanted to get some more specs on it though so I did what any normal person would do and Googled for it, finding a result titled "Boost Logic Nissan R35 GT-R 4" Titanium Exhaust" and linking through to a page on the official Boost Logic website. However... Now this, clearly, isn't a good look. This is the official site and not a spoof or phishing site, yet Google had just put up a massive barrier to entry. It got me thinking about the old adage we hear so many times in...

The Ethereum forum was hacked and they've voluntarily submitted the data to Have I been pwned

The title says it all and the details are on their blog, but there's still a lot to talk about. Self-submission to HIBP is not a new thing (TruckersMP was the first back in April), but it's extremely unusual as here you have an organisation saying "we got hacked, we'd now like you to make that data searchable". This is in an era when most organisations are doing their utmost to downplay the significance of an event like this too. This incident comes at a time when I'm writing up a fairly heft blog post on how organisations should communicate in the wake of a data breach. There's a lot of examples in there from previous incidents - mostly around...