I’m Writing a Book with Rob Conery, and It’s Gonna Be Awesome

I've been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense. It all began when Rob Conery reached out a few years ago and said "dude, we should totally turn a bunch of your blog posts into a book" to which I replied, "why?" I mean they're all up on my blog anyway, why on earth would anyone want to read them just stuffed into a book? But he had my attention, because he's Rob Conery, and he made a good point: Because I know there’s more there...

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There's been huge interest in this incident, and I've seen near-unprecedented traffic to Have I Been Pwned (HIBP) over the last couple of days, let me do my best to explain how I've approached the phone number search feature. Or if you're impatient, you can head over to HIBP right now and search for your number. What's Changed?I'd never planned to make phone numbers searchable and indeed this User Voice idea sat there for over 5 and a half years without action. My position on this was that it didn't make sense for a bunch...

Weekly Update 237

As soon as I started watching this video back, I remembered why I don't do daylight mode in these any more. It's just so... boring. That said, I've got a bunch of stuff in the pipeline to enhance the room design and lighting as I think there's still plenty of room for improvement, stay tuned for that one. For now though, a lot of this week's video is about the Ubiquiti situation and I'm very candid about my feelings on that one. I'm also very happy about what I've done with Coinhive, so enjoy listening to that piece 😎 ReferencesI tweeted about my annual purchase of 1Password and next minute, people are debating the virtues of cloud storage and open source...

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own coinhive.com and am doing something useful with it, read on. You know how people don't like ads? Yeah, me either (at least not the spammy tracky ones that invade both your privacy and your bandwidth), but I also like free content on the web and therein lies the rub; how do content...

Weekly Update 236

This 🤬🤬🤬 DAC! I mean it's a lovely device, but it's just impossible to use it as an audio source in the browser without it killing the camera. I'm very close to being out of ideas right now, only remaining thing I can think of is to set everything up on the laptop and see if it suffers a similar fate to what's happening on my desktop. The last thing I feel like doing now is burning more precious hours, but it's getting to that point. In other news, more breaches and a big argument about SMS based 2FA, enjoy 😊 ReferencesMy Apollo Twin DAC audio problems remain, as of this moment, unresolved (this is such a nice bit of kit, but...

Weekly Update 235

A slow start this week as the camera refused to be recognised by any browser. The problem, of course, was that I'd plugged in a new DAC for the replacement speakers 🤷‍♂️ Despite the slow start, there's a heap in this week's update on all sorts of different things as I find myself continually drawn in different directions. But that's also what I love about this industry, that there's so much variety and always something to scratch every itch 🙂 ReferencesA massive thanks to everyone who has supported Elle's fundraising efforts (helping support the school and plant trees)The new Genelec speakers arrived, and they're amazing 😎 (the DAC and camera also seem to be working together now, I just plugged the DAC...

Weekly Update 234

A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. ReferencesComplying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly)We're rapidly going cashless, but not everybody is happy (there are some valid points in that thread, but also some pretty tenuous arguments IMHO)My friend Tanya Janca has published Alice & Bob Learn Application Security (I really like...

Home Assistant, Pwned Passwords and Security Misconceptions

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something... now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome! Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed....

Weekly Update 233

Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process and Gab because, well, everything about Gab is always weird. The CEO's behaviour is just appalling and that seems to trickle down to many of the users too, including some who joined in the live stream. But hey, it's giving me amazing conference material and some of the stuff from the last couple of days is just so good, I'm going to save it for when I can actually present it...

Gab Has Been Breached

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. But Gab is also different, having grown dramatically in recent months as an alternative to mainstream incumbent platforms such as Twitter and Facebook and drawing a crowd primarily focused on right wing American politics. A couple of days ago, I posted a thread about their alleged breach. I want to go back through that thread here, explain the thinking further and then provide some commentary on the actual data that was exposed. It all began here: So, the @getongab data breach...