Weekly Update 252

Next week first: based on popular demand, at 18:00 on our end Friday 23 (that's 09:00 in London and terrible o'clock everywhere in the US), Charlotte is going to join me to talk about her transition from Mac to PC. Scott Helme will also be here (as in Zoom "here") so it'll be a bit of fun and inevitably go way off topic, but I thought it would be fun to fix it up a bit 🙂 This week is more of the usual with Chrome's push to HTTPS, another gov on HIBP and more travels in IoT land. ReferencesChrome is continuing the push towards defaulting to HTTPS and flagging HTTP as a security risk (I'm yet to hear...

The Internet of Things is a Complete Mess (and how to Fix it)

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. But it also remains a complete mess and I want to demonstrate why based on some recent experiences: Let's say you want an IoT light. You want it connected because you want it to come on at a certain time of the day therefore it requires scheduling. You also want to be able to change the...

Welcoming the Israeli Government to Have I Been Pwned

Marking the 25th national CERT to have full and free API level access to in HIBP, I'm very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board. They join many other governments around the world in having access to data impacting their departments amongst the more than 11 billion records already in HIBP, and inevitably the billions yet to come. I'm really encouraged to see the amount of enthusiasm expressed by national government defenders to gain access to breach data so that it can be used in positive ways, and I look forward to welcoming many more national CERTs in the future....

Weekly Update 251

Between school holidays and a house full of tradies repairing things, there wasn't a lot a free time this week. That said, I've got another gov onto HIBP, snared by 11th MVP award, did a heap of other cyber-things and Charlotte and I even managed to slip in our first COVID shots amongst all that. Next week will start getting back to full steam as the winter holidays end (yeah, it's winter here, I know that's confusing for some people!) and I'm sure there'll be an all new stash of cyber-IoT-other things waiting for me at the end of it 🙂 ReferencesFinally got my first COVID shot! (that's a link to a thread which is mostly only relevant in my part...

MVP 11

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people. All this time later and in a fundamentally different world to one all of us were in back then, I still find people unable to grasp why I and so many of my friends and peers would want to do what we do: "You...

Welcoming the Dutch Government to Have I Been Pwned

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches. The Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) now has access to monitor the exposure of government departments across all the data breaches that make their way into HIBP. Visibility into the impact of data breaches helps defenders protect national assets and I'm very pleased to see the Netherlands join so many other nations in taking up this service....

Weekly Update 250

This week is a bit of everything again, although the main difference this time was an update on the COVID situation we're facing in Australia. We've been largely virus-free (relative speaking) but as a result, vaccine rollout has been really slow (as in about 5% of the country being covered) and following some outbreaks of the Delta strain this past couple of weeks, everyone is feeling a bit nervous. We'll get there, but it's a bit of on add time for us and it's certainly dominated headlines recently. Other than that, it's more breaches (and non-breaches), more IoT and more general cyber stuff. ReferencesIn response to popular demand, I'm going to do a weekly update vid with Charlotte about the...

Welcoming the Slovak Republic Government to Have I Been Pwned

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come. I look forward to welcoming many more national governments in the future and I'm very excited to see what useful things they can do with the data....

Weekly Update 249

A bit of a shorter work week this one as we escaped to a little getaway for a few days. That said, it gave me some nice downtime to continue writing the book and speaking of which, after today's video we had a regular catch up with Rob Conery and I think we made a bit of a breakthrough with how I intro it so hopefully we're one step closer again to a finished product now (do sign up to be kept up to date with progress). That, and all the usual stuff this week (except for John McAfee's demise, that's something altogether different). ReferencesWe had some really nice downtime in a very tranquil environment (tweet thread of the holiday...

Welcoming the Jamaican Government to Have I Been Pwned

Recently, I've been providing a lot of additional government access to Have I Been Pwned. Today I'm happy to welcome the Jamaica Cyber Incident Response Team (JaCIRT), the 22nd national CERT on HIBP and 11th in the last 4 months. They now have full and free API level access to query all government domains belonging to the Caribbean nation. I'm encouraged by the enthusiasm I'm seeing from governments to use breach data in positive ways that help protect their departments and I look forward to welcoming many more national CERTs in the future....