I'm pushing this out a day late so firstly, apologies for the break in what's otherwise a pretty steady cadence. But having said that, as I say at the start of this video I've really been struggling with work / life balance lately. As such, I recorded this Thursday evening then spent most of Friday on the jet ski with my son. We balanced out a lot of work on this trip 😎But check out the scenery! Just stunning. Saw hundreds of turtles, dugongs, mantas and star fish. Just an amazing place. pic.twitter.com/kgWBhK8nrD— Troy Hunt (@troyhunt) November 30, 2018 Getting back to business as usual, I was in Sydney for a day trip during the week, I'm...

It's a no-blog week, but that doesn't mean any less is happening! This week, I've finally wrapped up the Lego Bugatti, got myself into the new iPad, connected my washing machine (I know, I know, I didn't plan it this way!) and then isolated it on a separate IoT network. What a time we live in... Oh - and speaking of times we live in, our data is getting thrown around the place like never before thanks to data aggregators and their constant breaches and frankly, I'm a bit fed up with it. All that and more in this week's update. ReferencesGet yourself some real cheap Pluralsight! (that's $100 off an annual subscription right there - one third!)My new...

Bit of a change of scenery this week; I've gone to the other end of the house whilst invasive palm tree roots are water blasted out from beneath my office window as part of our garden renos. But hey, that's a nice place to be on a day like this 😎Other than the location, it's business as usual. There's been some interesting discussion on biometric this morning, I'm appealing to developers of extensions and add-ons to whitelist themselves when a CSP is present and I'm talking about Google's U2F implementation. That last one in particular has had a heap of traction so appears to have struck a bit of a chord. Checking out Google Analytics, it looks it made it...

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly.This week, I wanted to focus on going beyond passwords and talk about 2FA. Per the title, not just any old 2FA...

You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don't like? Logging on to Report URI and being greeted with something like this:This blog post is about how add-ons and extensions in browsers cause CSP violations like the ones above and how they should be dealt with. Some brief background first as I'll be sharing this post with a bunch of folks for which this may be new: A CSP is a response header or meta tag that allows you to declare a policy for your website declaring what sorts of content can be loaded...

Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never going to die, people are using bad ones, people should be able to use bad ones, developers are at fault and my personal favourite in the "how on earth did you reach that conclusion" category, I should actually do something to educate people about passwords rather than blaming them for using bad ones. I've gotta stop laying around doing nothing with my days...But seriously, both posts on passwords this week garnered a heap of input from people agreeing with me, disagreeing with me and arguing with each other. For the most part, this was just fine but what I didn't mention in...

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed. The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this:The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. This is when hackers try usernames and password combos leaked in data breaches at other companies, hoping that some users might have reused usernames and passwords across services.The second story was about a number of verified Twitter accounts having been...

A lot has changed in the Microsoft technology world in the last 7 years since I launched ASafaWeb in September 2011. Windows XP is no longer the dominant operating system (Win 7 actually caught up the month I launched ASafaWeb). Internet Explorer is no longer the dominant browser (Chrome was in 3rd place back then). Windows Server has gone from 2008 R2 to 2012 to 2012 R2 to 2016 to 2019. And lastly, .NET has gone through a heap of different versions (as has Visual Studio) from 4.x to Core 1 and now Core 2 (and minor versions within them).My own personal focus has also changed moving from corporate life to independence. From development and architecture to security....

These days, I get a lot of messages from people on security related things. Often it's related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, I get an email from someone which effectively boils down to this:Hey, have you seen [insert thing here]? It's totally going to kill passwords!No, it's not and to save myself from repeating the same message over and over again, I want to articulate precisely why passwords have a lot of life left in them yet. But firstly, let me provide a high-level overview of the sort of product...

On my first attempt at recording this, I decided the framing was crooked after a couple of minutes so I started again. On my second attempt, the PC BSOD'd after 42 mins and I thought I'd lost all the audio. I hadn't, so on the third attempt I completed the last of it. Then I waited nearly an hour for it to render before realising there was unedited material at the beginning so I had to re-render the whole thing again. This is on top of one of my screens refusing to go beyond 480p today and a week filled with various other frustrating tech support issues.But despite that, I persevered and got through much more content than I...