Weekly Update 163

It's been a pretty full week this one with a couple of talks in Sydney followed by another in Melbourne. Then, to top it all off, getting sick hasn't helped and oh boy did this one hurt. Good news is that even just a few hours after recording this video I'm feeling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon. That'll come, but not for a while yet. Oh - I forgot to mention it in the vid but I'm also now publishing this podcast via Spotify. Check out the link below if that's your preferred means of consuming podcasts. ReferencesCatch Scott Helme running...

Weekly Update 162

Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means... it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time. On the infosec side of things, there's a a bunch of HTTPS related content this week plus a couple of (really) sensitive data breaches. I do give a warning at the beginning of this week's update that one of them...

Weekly Update 161

It's my first conference back in Australia since probably about May and I'm experiencing a rare luxury - not flying! I'm sticking to driving some big distances just to get a break from the tyranny that is check-in, security and airport lounges. Seriously, it was beginning to do my head in so now it's cruise control and podcasts for me in the foreseeable future. This week's travel has brought me to Sydney where the new iPhone got a good workout: Night Mode on the iPhone 11 Pro is rather amazing. This shot last night was just point and shoot well after dark - no filters or touch up! pic.twitter.com/zcklC3VxML — Troy Hunt (@troyhunt) October 17, 2019 Beyond...

Weekly Update 160

Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers. But hey, at least the discussion keeps in providing entertaining material! ReferencesI tweeted about not liking having content blocked when I'm in Europe (no, it doesn't mean I don't like privacy, it means I don't like the choice being...

Weekly Update 159

Well, this will be the last weekly update done overseas for some time as I count down the return to beaches, sunshine and fantastic coffee (yes, I'm confident saying that even whilst in Italy!) It's been a non-stop trip with an attempt of a bit of downtime at the end of it, albeit with limited success. Regardless, this week I'm covering off the last few days travels, reflecting on 10 years of blogging and looking at a really cool use of HIBP related to net neutrality comments lodged at the FCC. Next week... who knows, but at least I'll be home. ReferencesI went to CERN - it was amazing! (that's a bunch of thoughts and pics from the trip, just...

Weekly Update 158

It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you think. Given the coming schedule (and a deep, deep desire for a few days of downtime), the next one might be more of the same so I hope it resonates! ReferencesBecause this week is predominantly about noteworthy tweets, I'm going to do the references a little differently. Firstly, with a sponsor shout-out: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure...

Weekly Update 157

Hungary! And that's about as much intro as I'm going to do on that because this is going out super later and I'm writing this at the end of a very long day. Only other thing I'll mention is the audio - the Instamic failed to record again so it's now going firmly into the e-waste bin. Anyway, on a more positive note, enjoy the beautiful sights of the Hungarian parliament before you jump into this week's update: Budapest! 🇭🇺 pic.twitter.com/RBgc2ssfiR — Troy Hunt (@troyhunt) September 23, 2019 Dark mode 🇭🇺 pic.twitter.com/KX7WzAstwz — Troy Hunt (@troyhunt) September 23, 2019 References2FA is far from a perfect beast (read back up through the thread, how do normal everyday...

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against. But firstly, let's just establish what's happening: People are Upset About Arbitrary RestrictionsThis is actually one of those long-in-draft blog posts I finally decided to finish after seeing this tweet earlier on in the week: My bank tells me that their exactly-5-digit password policy...

Weekly Update 156

Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip. I'm talking a little about those events (all listed on my events page), this week's changes to EV, more data breaches and a somewhat semantic argument about the definition of "theft". ReferencesEntrust are convinced you should still pay them for EV certs (even though the primary value proposition they're still promoting is now gone...)Scott killed a million bucks worth of EV certs (it turns out that extended validation isn't always so... extended)The Void.to hacking forum got breached and is now...

Weekly Update 155

From the emerging spring to the impending autumn, I'm back in Oslo at the beginning of another series of European events that'll take me across Norway, Denmark, Hungary and Switzerland. This week's update comes from under the glow of a warm outdoor heater at ridiculous o'clock as my sleep cycle keeps me making early starts. But it's all transient and by this time next month I'll be back to a very warm, very familiar Aussie landscape. For now, here's what's new on my side: ReferencesThere's 419M Facebook users' phone numbers floating around (looks like abuse of a now deprecated feature and no, it's not going into HIBP)Chrome 77 is about to hit and finally kill off EV for good...