Weekly Update 289

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of people asking product questions. It'll be interesting to see how this whole thing eventually plays out... ReferencesI bought Ari a biometric padlock for his locker as other kids were successfully guessing the...

Welcoming the Bulgarian Government to Have I Been Pwned

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs. Today, I'm very happy to welcome the 30th participant of this service, Bulgaria! This is just one of many initiatives I'm pursuing to help those impacted by data breaches and I look forward to welcoming many more national governments in the future....

Weekly Update 288

Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place. And such a wonderful woman in @charlottelyng 😊 🚁 💍 pic.twitter.com/NEgDxZxNeR — Troy Hunt (@troyhunt) March 24, 2022 I talked a bunch about Okta today and shortly after, jumped in the car and turned on the latest Risky Business podcast. Have a good listen to Patrick and Adam's...

Welcoming the Italian Government to Have I Been Pwned

For the last 4 years, I've been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned. Today, I'm very happy to welcome the 29th government to join the service, Italy! Via CSIRT-Italia within their National Cybersecurity Agency (ACN), they now have free access to breach data I hope will further empower them to protect their people in the wake of data breaches. I expect to continue onboarding eligible governments and look forward to welcoming many more in the future....

Weekly Update 287

So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 ReferencesAsking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as soon as you touch actual plumbing in a bathroom)Seeing a psych and getting help is just fine (after recording this vid, I was watching Toto Wolff on Drive to Survive and the enormous amount of pressure on him)CafePress got slapped...

Setting the Bar for Government Access to Have I Been Pwned

Over the last 4 years, I've onboarded 28 national government CERTs onto Have I Been Pwned (HIBP) and given them free and open access to APIs that enable them to query and monitor their gov domains. This doesn't give them access to any information they can't already access via the free public domain search feature, but it makes their lives easier. Much easier. As interest from govs has grown, it's caused me to ponder: who am I willing to give access to? Who am I unwilling to give access to? Those questions prompted a tweet earlier today: If I was to define metrics for which governments I accepted onto @haveibeenpwned, what should they look like? Human rights? Other? And as...

Weekly Update 286

Somehow this week ended up being all about Russia and Cloudflare. Mostly as 2 completely separate topics, but also a little bit around Cloudflare's ongoing presence in Russia (with a very neutral view on that, TBH). Looking back on this video a few hours later, the thing that strikes me is the discussion around what appears to be a phishing page seeking donations for Ukraine. Just listen to me try to figure this out and as I say in the vid, if I have trouble discerning phish from legit resource, how do people who don't live in this world work it out?! Easy answer - they don't, that's why phishing remains so lucrative. ReferenceThe idea of Tesla remotely killing cars...

Building Password Purgatory with Cloudflare Pages and Workers

I have lots of little ideas for various pet projects, most of which go nowhere (Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running. Last month as part of my blog post on How Everything We're Told About Website Identity Assurance is Wrong, I spun up a Cloudflare Pages website for the first time and hosted digicert-secured.com there (the page has a seal on it so you know you can trust it). Instantly, I fell in love with this method of building websites so when I came up with an idea just yesterday, I knew exactly how I wanted to build it. Here's the idea: I've been...

Weekly Update 285

With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses. At that and more in this week's update. ReferencesThe weather here got a bit crazy, check out how much dirt got dumped into the waterways (drone footage courtesy of Heather Downing)So much water the kids were literally kayaking out of our...

Weekly Update 284

A little late this week as the tail end of travel bites into my time, but it's nice to be home again (albeit amidst a period of record rainfall). I'll get back on a normal schedule next week but for now, here's all the usual stuff in number 284, complete with a super cool "ransomwear" hoodie from this week's sponsor, Varonis 😎 ReferencesThe Messaging Malware Mobile Anti-Abuse Working Group Mary Litynski Award (seeing industry recognition for HIBP is enormously fulfilling)Hacktivist action against Russia might be well-intentioned, but is fraught with problems (a kid in their bedroom on the other side of the world is a very different story to someone on the ground defending their livelihood)The documentary I was...