Friends Don't Let Friends Use Dodgy WiFi: Introducing Ubiquiti's Dream Machine and FlexHD

I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. I went overboard and I don't regret it one bit! Since that time, Ubiquiti has occasionally sent me new bits to play around with. I fixed the poor Wifi on my jet ski with their UniFi Mesh bits (I know, the most first world of problems). I wired my brother's house...

Weekly Update 181

This is the big one. It's all HIBP and Project Svalbard top to bottom this week and I've chosen to exclude everything else in its favour. This is just such an essential part of not just the HIBP narrative, but indeed the narrative of my career and what gets me up each day. So here it is, the video insights version to the announcement post from a few days ago. Here's the 11-month journey to HIBP remaining independent: ReferencesHave I Been Pwned is remaining independent (this is the project Svalbard wrap-up)Duo Security. The Essential Guide to Securing Remote Access. Download the to explore how to ensure user, device and application trust....

Enhancing Pwned Passwords Privacy with Padding

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk. For example, this just a couple of days ago: This is cool: @identityauto is integrating @haveibeenpwned's Pwned Passwords into their RapidIdentity product. Very slick! pic.twitter.com/64d9p8hQq6 — Troy Hunt (@troyhunt) March 3, 2020 The anonymity implementation means consumers of the service can hit the API without disclosing what password is actually...

Project Svalbard, Have I Been Pwned and its Ongoing Independence

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at: Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of a very intensive process culminating in many months of exclusivity with a party I believed would ultimately be the purchaser of the service, unexpected changes to their business model made the deal infeasible. It wasn't something I could have seen coming nor was it anything to do with HIBP itself, but it introduced a range of new and insurmountable barriers. So that's the tl;dr, let me now share as much as I can about...

Weekly Update 180

If last week was the week where I felt like I was drowning in data that was still being processed, this week was the week where it came to light. Not all of it, mind you, I've still got ginormous volumes I'm disclosing but it certainly was a whole heap of it. There are some real zingers in there too in terms of how the breaches went down and were handled, have a listen to that and more in this week's update (oh - and hear how happy I am about the way HIBP handled this week's massive traffic spike 😊). ReferencesThe Slickwraps breach got really messy (who ever knew the world of consumer device wraps was so brutal!)Straffic takes...

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Back in 2016, I wrote a blog post about the Martin Lewis Money Show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program has a habit of doing: I Just wanted to get in contact to let you know we're featuring 'have I been pwned?' on the programme next week (Monday 28 Nov, 8pm, ITV) saying it's a good way to check if your data has been compromised. I thought it best to let you know in case you need to put extra resources onto it, we do have a tendency to...

Weekly Update 179

On reflection, I feel this week's update was dominated by having a laugh at an IoT candle 😂 And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't hold your breath, but it could be really, uh, "interesting" once it lands. Stay tuned for that one but until then, here's this week's update: ReferencesIf you're not pwned, you may be an anomaly (I'd actually like to write this up in more detail one day, there's some really interesting insights in there)A connected candle - serious, an IoT candle (what sort of idiot would buy one of these?...

Weekly Update 178

This week I'm at Microsoft Ignite "The Tour" in Sydney with Lars Klint. I've spent most of the last couple of days doing the "hallway track" (basically just wandering around and saying "hi" to people) and doing a bunch of meetings with folks here on cyber things. I didn't mention it in the video, but there was also the Azure User Group Wednesday night and a panel here at Ignite last night so definitely keeping busy. Not too busy, mind you, and I did manage to get a couple of blog posts out this week. I'll be home on the Gold Coast from tomorrow beginning what I'm planning to be an extended "quiet period" with a lot less travel and...

Donating BAT to Have I Been Pwned with Brave Browser

I don't know exactly why the recent uptick, but lately I've had a bunch of people ask me if I've tried the Brave web browser. Why they'd ask me that is much more obvious: Brave is a privacy-focused browser that nukes ads and trackers. It also has some cool built-in stuff like the ability to create a new private browsing window in Tor rather than just your classic incognito window that might ditch all your cookies and browsing history but still connect to the internet directly from your own IP address. But the thing that's really caught the attention of the people I've been speaking to is Brave Rewards which is an innovative way of simultaneously eschewing traditional ads whilst...

Sharenting, BYOD and Kids Online: 10 Digital Tips for Modern Day Parents

Today is Safer Internet Day which marks the annual occurrence of parents thinking about their kids' online presence (before we go back to thinking very little about it tomorrow!) It's also the day the Courier-Mail here in my home state of Queensland published a piece on sharenting or as Wikipedia more accurately describes it, the practice of "sharing too much information" about your kids online. That's a worthy discussion to have on this day, although the opening paragraph started out, well... just read it: Reported in today’s Courier-Mail here in Queensland: should parents “ask their toddlers for permission before taking a photo”? What say you, internet? pic.twitter.com/65m4gj9mZB — Troy Hunt (@troyhunt) February 11, 2020 I was...