Weekly Update 246

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out. I have an idea around that I'm working on at the moment and hope to be able to talk more about it soon. In the interim, keep the contributions coming and I look forward to seeing all this go out to production in the very near...

Welcoming the Belgian Government to Have I Been Pwned

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments. Extending HIBP's reach to more governments around the world helps amplify the usefulness of the project and I look forward to welcoming many more national CERTs in the future....

Welcoming the Dominican Republic Government to Have I Been Pwned

Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and open access to domain inquiries across all of its government assets. Each of these announcements results in a large number of additional government requests. I will continue to welcome new national CERTs on a regular cadence and look forward to seeing many other parts of the world represented in the future....

Weekly Update 245

This week is the culmination of planning that began all the way back in August last year when I announced the intention to start open sourcing the HIBP code base. Today, it's finally happened with Pwned Passwords now completely open to all. That's only been possible with the help of the .NET Foundation because as I've said many times now, this is new territory for me. And just to make things really interesting, we're all going to build some code for the FBI to feed passwords obtained in the process of their various investigations into HIBP. Cool 😎 ReferencesPwned Passwords, the .NET Foundation and the FBI (this is just awesome from top to bottom 😎)The IoT march forward continues, this time...

Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned's Pwned Passwords. 99.6% of those have come direct from @Cloudflare's cache too 😎 pic.twitter.com/zRRbkhT27P — Troy Hunt (@troyhunt) May 27, 2021 That's significant because the sheer volume of requests greatly amplifies the effectiveness of the announcements below. So,...

Welcoming the Trinidad & Tobago Government to Have I Been Pwned

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future....

Weekly Update 244

For a week where I didn't think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there's always a lot to discuss, and that's before questions from the live audience as well. As I allude to at the end of this update, next week I'm going to have something really, really cool to announce that has been a long time in the works so keep an eye out for that one 😎 ReferencesGaps between screens in a multi-monitor setup really bugs me (looks like I'm going the velcro route)Traffic to the Coinhive domain is down 39% on the previous month (I'll keep updating stats...

Welcoming the Swedish Government to Have I Been Pwned

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future....

Weekly Update 243

This one is a real short intro as right now, it hurts to type (copy and paste is earlier 😊): I’m Back at a *REAL* Conference; Dealing with RSI; Shellies and MQTT; My IoT Aircon Hack; Drowning in Data Breaches. ReferencesI've been at a real conference this week, with people and all! (that's a tweet with pics of the environment)I've also been dealing with some pretty unpleasant RSI (link to the blog post on my ergonomic setup, do invest early in this folks)My automated IoT aircon integration is complete! (yes, it's a little mechanical arm pushing a button but it works beautifully 😎)What you see on the HIBP timeline is only a tiny slice of the data breaches...

Weekly Update 242

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much shit breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon! ReferencesI've had a heap of issues with my Shellys on my Ubiquiti network (thought I had it fixed after recording this but now, not so much...)I joined the Phil DeFranco show this week (I really enjoyed this and apparently, heaps of other people did too)My aircon woes are almost over, courtesy of...