Weekly Update 259

I'm  back from the most epic of holidays! How epic? Just have a scroll through the thread: I’m back! Went offline for most of the last week, pics and stories to follow 🐊 pic.twitter.com/hRUcKMwgGU — Troy Hunt (@troyhunt) September 2, 2021 Which the Twitter client on my iPad somehow decided to break into 2 threads: At times this felt like navigating through a scene from Jurassic Park, just with wallabies rather than velociraptors 🦖 pic.twitter.com/VHa4kJw6kb — Troy Hunt (@troyhunt) September 3, 2021 Holiday snaps aside, there was a heap of other stuff this week ranging from me actually reading a book to the impact of the Gun Trader breach to my personal favourite, Pwned Passwords...

Weekly Update 258

A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 ReferencesYou probably should have an OnlyFans account (no, not in the way it sounds like you should...)Is the silver lining of Brexit an end to inane cookie warnings? (queue arguing about whether this is a GDPR thing or not)Spammy thread hijacking - ugh! (looks like the offender's account is no longer public)Pwned Passwords is almost about to roll over past the 1B...

Weekly Update 257

It all feels a bit "business as usual" this week; data breaches, IoT and 3D printing. But what I'm most excited about is what I probably spent the least amount of time talking about, that being the work 1Password and I have been doing on our "Hello CISO" series. I love it because it's broadly relevant, easily consumable and totally, properly free. Feedback so far has been awesome, I hope you enjoy it too 🙂 ReferencesThe Fab365 3D models are amazing (this one is a SpaceX Falcon 9)My 11th MVP kit arrived this week (I'm at the point where I think I need to stop putting these up on a wall...)T-Mobile got seriously breached (a good Krebs write-up on...

Hello CISO - Brought to You in Collaboration with 1Password

Today I'm really excited to announce a big piece of work 1Password and I have been focusing on this year, a totally free video series called "Hello CISO". This is a multi-part series that launched with part 1 and when I say "free", I don't mean "give us your personal data so we can market to you", I mean here it is, properly free: This is intended to be a very practical, broadly accessible series and whilst it has "CISO" in the title, we expect it'll be relevant well beyond the pointy end of the infosec ladder. Part 1 on the downfall of on-prem security is a perfect example of that; all of us in the industry have heard the...

Weekly Update 256

Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically? I argue the latter, but also acknowledge the views of both camps at either end of the argument. I think they're wrong (the extremes almost always are), but discuss them anyway 🙂 ReferencesApple will start looking for known Child Sexual Abuse Material...

Why No HTTPS? The 2021 Version

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path. That's the good news, the bad news is that there are still some really wacky, unexplainable anti-HTTPS views out there, but those voices are increasingly less relevant as the browsers march forward: Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS and display a full-page warning before loading sites that don’t...

Welcoming the Turkish Government to Have I Been Pwned

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks. I'm looking forward to welcoming more national governments onto HIBP in the future....

Weekly Update 255

I'm back in the office this week and back to decent audio and video quality. There's loads of bits and pieces happening as evidence by almost an entire hour disappearing in this week's vid, ranging from problems with tradies (tradespeople), more lockdown, stats on some projects and then this week's blog post, 3D printing with my 9-year old daughter Elle. Enjoy 😊 ReferencesHere's that Harlem Shake script I used (the bigger picture here is that sites that allow this to run have no - or insufficient - content security policy)Pwned Passwords is up over 960M requests a month now (getting closer and closer to the 1B mark!)Finally got the Shellies Discovery script working in Home Assistant (all Shellies are...

3D Printing with Kids on Lenovo Yoga 7i

The greatest gift I can give my kids is a love of technology. I mean after all the usual Maslow's hierarchy of needs stuff, of course, the thing that I (and many of my readers) can instil in our kids is a deep passion for this life-altering and possibly career-defining thing that increasingly defines our everyday being. And without doubt, the best educational technology thing I've ever brought home is my Prusa 3D printer. Here's where it all started: Looking at a mate’s Prusa i3 printer and getting a bit tempted, what are folks using out there for hobby projects? The Dremel 3D45 looks good in reviews, what do the masses think? pic.twitter.com/iQcIMplt4s — Troy Hunt...

Weekly Update 254

The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good - the sound quality on those Air Pods is absolute rubbish. I don't if that's a general truism or there's just something amiss with mine, but the constant fading out is extremely frustrating and I apologise for the sound quality not being up to expectations. Next week I'll be back in my office, I hope this week's video is still watchable and you find something useful in it 🙂 ReferencesSponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more....