A Decade of Microsoft Most Valuable Professional

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions, the recognition is particularly significant this year. Thank you to everyone who reads what I write, listens to what I have to say and engages with me on social media. Without an audience, I simply wouldn't be here....

Weekly Update 198

Well, no surprises here: this week's update is dominated by Thursday's blog post about sustaining performance under extreme stress. The feedback on that post has been absolutely phenomenal; tweets, comments, DMs, emails, phone calls, all enormously supportive. Many of them also shared people's own personal struggles, ones which I think we all know are out there but it's a very different thing to actually hear it from someone personally. Thank you everyone who chimed in on this discussion and offered their support and kind words, it's genuinely appreciated and it's made a big difference to how I feel about the last 18 months. ReferencesExtreme stress (this is pretty much the entire weekly update...)Barclays bank is using archive.org as...

Sustaining Performance Under Extreme Stress

I started writing this blog post alone in a hotel room in Budapest last September. It was at the absolute zenith of stress; a time when I had never been under as much pressure as I was right at that moment. Project Svalbard (the sale of HIBP which ultimately turned out to be a no-sale) was a huge part of that and it was all happening whilst still being solely responsible for running the project. That much was very broadly known publicly, but what I haven't spoken about until now is that earlier that year, my wife and I had decided to separate and later divorce. As part of attempting to rebuild my life, I was also in the midst...

Weekly Update 197

I'm literally surrounded by broken pieces of half finished repairs. My office is usually a pretty organised place so it's kinda frustrating, but then I'm replacing equipment that's seen up to a decade or more of solid use so that's not a bad run. Amidst all that, I've well and truly gone down the IoT rabbit hole with all sorts of bits now connected through Home Assistant (just understanding the basics of this is actually one of those draft blog posts I mentioned). All that, the usual data breach stuff and more in this week's update. ReferencesCatch me on Redgate's "Streamed APAC Edition" next week (I'll be doing a bunch of Q&A)Then catch me presenting on credential...

Weekly Update 196

All my things are breaking 😭 Mic broke, PC broke, boat shed handle broke, fridges (both of them) broke, fireplace broke, roof broke... and that's just the stuff I could remember in the live stream. But in happier news, listening back to that video now I'm really happy with the audio quality of the new mic and I reckon that once the pop filter is installed the sound will be spot on. Hopefully that'll be in place for next week's update, along with replacements for the other broken things! Let's see what else fails between now and then... ReferencesI've got a build thread going for the LEGO Lambo (did the same thing with the Bugatti a couple of years back and...

Pwned Passwords, Version 6

Today, almost one year after the release of version 5, I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964‬ (just over 3%). As with previous releases, I've made the call to push the data now simply because there were enough new records to justify the overhead in doing so. Also as with previous releases, version 6 not only introduces a heap of new records but also updates the prevalence count on the existing ones. For example, the old favourite "P@55w0rd" has gone from 2,929 occurrences to 3,069 so still a terrible password,...

Weekly Update 195

This week's update had a bunch of people drop by and discussion tended to jump around a bit, but frankly it's kinda nice to have some interaction in an era where we're not really doing as much of that any more. The IoT topic got some good engagement as did the fact that we "magically" dropped over a hundred active cases of COVID-19 in Australia today (sounds like the gov just reclassifying what's still considered to be an active case). That puts us at 143 remaining active cases in a country of 25M people which is very much heading in just the right direction. Oh - and I finally managed to buy my lift tickets for the snow too so...

Microsoft Regional Director (Trifecta)

The photo up the top of this blog post was taken 259 days ago, 15 and a half thousand kilometres away in Budapest and with 1.3 billion records less in Have I Been Pwned. It was also taken in an environment that unbeknownst to all of us at the time, would be inconceivable just 6 months later; a packed conference room. Last week I received my third biennial Microsoft Regional Director recognition for doing precisely the sort of thing I was up to in that photo. In thinking about what I'd write to share the news (as I've done for every RD title and every MVP title for almost a decade now), the obvious conclusion was how much the...

Weekly Update 194

It's a total mixed bag this week with a couple of new blog posts thrown in to boot. An award at an event nobody could attend, a SQL injection pattern in an HIBP email that wiped an entire DB, a disinformation campaign by "Anonymous" amidst a tumultuous time in the US and another freaking massive breach (with me in it) that I simply can't attribute. So yeah, life remains pretty unpredictable then 🙂 ReferencesI won the "Best Cybersecurity Video OR Cybersecurity Video Blog" at the European Cybersecurity Blogger Awards! (shame I couldn't be in London for it this year, but totally stoked to get an award!)Without knowing it, I also wiped an entire ticketing system with a SQL injection pattern...

The Unattributable "Lead Hunter" Data Breach

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve. My hope is that this blog post helps myself and the 69 million other people in this one work out who collected and then exposed their personal information. So, data first, here's what they have on me: Similar deal to last time in that it was an exposed Elasticsearch instance and it was sent over to me by Dehashed. Turns out it's...