Home Assistant, Pwned Passwords and Security Misconceptions

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something... now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome! Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed....

Weekly Update 233

Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process and Gab because, well, everything about Gab is always weird. The CEO's behaviour is just appalling and that seems to trickle down to many of the users too, including some who joined in the live stream. But hey, it's giving me amazing conference material and some of the stuff from the last couple of days is just so good, I'm going to save it for when I can actually present it...

Gab Has Been Breached

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. But Gab is also different, having grown dramatically in recent months as an alternative to mainstream incumbent platforms such as Twitter and Facebook and drawing a crowd primarily focused on right wing American politics. A couple of days ago, I posted a thread about their alleged breach. I want to go back through that thread here, explain the thinking further and then provide some commentary on the actual data that was exposed. It all began here: So, the @getongab data breach...

Welcoming the Portuguese Government to Have I Been Pwned

I'm pleased to welcome the first new government onto Have I Been Pwned for 2021, Portugal. The Portuguese CSIRT, CERT.PT, now has full and free access to query their government domains across the entire scope of data in HIBP. This is now the 12th government onboarded to HIBP and I'm very happy to see the Portuguese join their counterparts in other corners of the world....

Weekly Update 232

I honestly don't know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone. There's probably some hints in the range of different things I'm speaking about this week and the book is certainly now consuming a heap of time, but at least I'm doing what I love. Also, at about the 29 minute mark, I started getting a little static in the audio. Quarter hour later and a few people have raised it, certainly doesn't look like it was bandwidth related as the video was solid, I'm not sure what it was so I'll do the one thing all IT professionals do to fix...

Weekly Update 231

I seem to have spread myself across a whole heap of different things this week which is fine (it's all stuff I love doing), but it has made for rather a "varied" video. I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing. All that and more in this week's update. ReferencesThe Prusa 3D printer is awesome (I posted that tweet shortly after recording the video, that one is going to...

Controlling Smart Lights Using Dumb Switches with Shelly and Home Assistant

As I progressively make my house smarter and smarter, I find I keep butting against the intersection of where smart stuff meets dumb stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine... until now. Here's what I kept seeing with my "smart" light bulbs: So, why is this happening? Why do my smart lights keep going offline? This tweet from Adam Fowler that I embedded in the IoT blog series linked above perfectly explains the problem: I was looking at doing exactly this with my downlights, but the idea of...

Weekly Update 230

This week has seen a lot of my time go on an all-new project. One I'm really excited about and is completely different to everything I've done before; I expect I'll be able to talk about that in the coming weeks and it shouldn't be too much longer before it's something you can actually see firsthand. Stay tuned on that one 🙂 In the meantime, I'm throwing a heap more IP addresses into the house and building out my Prusa 3D printer at the same time which I'm really enjoying. More on that hopefully next week and with any luck, I'll be able to share some stuff I've actually printed too. ReferencesI've got a heap more IoT going into the house...

Weekly Update 229

This week's update comes to you amongst the noisy backdrop of the garden being literally chopped up by high pressure hose (which I think my beautiful Rhode Broadcaster mic successfully excluded). As I say in the intro, it appears the horticulture industry is a little like the software one where you get cowboys who in this case, put in plants that were way too big and whose roots now threaten to break through the tiles and the house itself, Little Shop of Horrors style. But I digress; this week's update consists of some brief discussion around data breaches and yesterday's blog post on how I like to meet, followed by a lot of audience engagement on the topic of IoT....

Here's How I Meet

For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones. Initially this was in my previous life at Pfizer due to the regional nature of my role and over the last six years, it's been as an independent either talking to people remotely or travelling to different places. Since I began dropping content into this post, pretty much everyone now finds themselves in the same position - conducting most of their meetings online courtesy of COVID-19. Juggling meeting logistics in a globally remote environment can be... painful. I've eventually picked this blog post up again (it's another one that's been in draft for a while) whilst finding...