I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting:It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved 👏🏼 pic.twitter.com/grN4aALypV— Eleanor Dallaway (@InfosecEditor) June 6, 2019 But that wasn't all, there was also the European Security Blogger awards a couple of days earlier:Thanks folks 😎 pic.twitter.com/GvCnvOL7X3— Troy Hunt (@troyhunt) June 4, 2019 And just a general absolutely jam-packed, non-stop week for both Scott and I. We talk about what we've been up to in...

Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in EV certs and then we head off down a rabbit hole of 2FA and people getting fired for failing simulated phishing tests. Next one from London next week! ReferencesWe've launched a bunch of hotel packages with the Hack Yourself First UK tour! (one price gets you access to the workshop and hotel accommodation in Manchester, London or Glasgow)Check out the mozilla.dev.security.policy forum for commentary on the...

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.For now, I did actually get a post out this week and also found myself in a rather unexpected debate about password managers, biometrics and "fun". I spend quite a bit of time this week talking about that, I'm curious to hear other people's thoughts on...

Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September that I proposed EV certificates are already dead for all sorts of good reasons that have only been reinforced since that time. Yet somehow, the discussion does seem to come up time and again as it did following this recent tweet of mine:Always find comments like this amusing: “The main concern about SSL certificates is that all of them are losing their intrinsic trust”Yet an excluded purpose for certs is: “That it is safe to do business with the Subject named in the EV Cert”https://t.co/slZVzqGLfN https://t.co/7FSbBHjj1l— Troy Hunt...

Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2 and a half years I've been doing them and I'm not going to start now! So with that very short intro done, here's this week's and I'll try and be a little more on the ball for the next one. ReferencesGoogle is having some issues with the U2F keys the recommend for their Advanced Protection Program (but seriously, this is a pretty minor issue)I'm definitely still recommending this approach...

After a mammoth 30-hour door-to-door journey, I'm back in the USA! It's Minnesota this week and I've just wrapped up a couple of days of Hack Yourself First workshop followed by the opening keynote at NDC followed by PubConf. All great events but combined with the burden of travel, all a bit tiring too (plus, it turns out that emails don't stop coming in when you're busy...) There's a real crypto theme to this week's update courtesy of some of the contents in my keynote, a really ridiculous article on PC Mag I came across and a lovely meeting with a few of the folks from Let's Encrypt. There's also a follow-up to the video I promised to include in...

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few weeks time before the AusCERT conference.This week, we're talking about how kids are so good at circumventing things like parental controls and how maybe - just maybe - talking to your kids and using some social techniques is a better (or at least complimentary) approach to hard controls. Partly as a result of that tweet, we're also discussing the rampant negativity we seem to constantly face by a small...

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski 😎 But, of course, there's still a heap of stuff happening that's worthy of discussion, everything from the UK gov's NCSC doing good work to the Reply All podcast I was on this week to new data breaches to the ongoing shenanigans involving kids "smart" watches. And oh boy, the communications strategies of a couple of these in particular is just absolutely woeful. All that and more in this week's update.Oh - and right after I published this, I noticed some crazy static for about...

It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley. There's also the whole TicTokTrack kids watch situation which aligns very well with many of both our prior experience. And just on that, when we recorded the video they were planning on getting the service back up and running that day (Thursday Aus time when we recorded). Turns out that didn't happen and frankly, kudos to them for taking a little more time...

Do you ever hear those stories from your parents along the lines of "when I was young..." and then there's a tale of how risky life was back then compared to today. You know, stuff like having to walk themselves to school without adult supervision, crazy stuff like that which we somehow seem to worry much more about today than what we did then. Never mind that far less kids go missing today than 20 years ago and there's much less chance of them being hit by a car, circumstances are such today that parents are more paranoid than ever.The solution? Track your kids' movements, which brings us to TicTocTrack and the best way to understand their value proposition...