Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents..."...

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: > Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog. No, no it wouldn't and there are all sorts of reasons why not. First among them is that if I was to add a link to your...

I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so... it's just all becoming a blur. But be that as it may, life marches on and this week like every other one before it was full of interesting cyber-things. I find the situation with Zoom in particular quite fascinating, particularly the willingness - even eagerness - that so many seem to have to throw the very tool that's bringing so many peop...

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach [https://www.troyhunt.com/we-take-security-seriously-otherwise/]. It seems that not much has changed since then: > “At...

This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ? This week's update covers those events plus the onboarding of the USA government onto HIBP, an announcement I...

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA). CISA now has the ability to query US government domains via API and receive not...

Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit, but for all the other kids out there who are in the same home-bound predicament he now finds himself in. So, this week we're going to do an hour of coding each morning and live stream it via YouTube. We'll take questions during the...

Geez, where do I even begin? I honestly wasn't sure, then I could hear the kids playing in the background whilst I was setting up and per the video thought "yeah, stuff it, I'll leave that in" because as messed up as a bunch of stuff is, life goes on. And that's where I really wanted to start this week - what life looks like today. As I say in the video, it's paradoxical because it's all (mostly) very normal here, but it's painful to watch what's happening to friends around the world. It's also...

Subject: Data Breach of [your service] Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: https://haveibeenpwned.com People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection of data allegedly taken from the [your service] was sent to me and I believe there’s a high likelihood your site was indeed hacked. The data consists of an extensive number of recor...

We're live! Video embedded below: Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk. > It's like Top gear for nerds. @troyhunt [https://twitter.com/troyhunt?ref_src=twsrc%5Etfw] #NDCLondon [https://twitter.com/hashtag/NDCLondon?src=hash&ref_src=twsrc%5Etfw] pic.twitter.com/wxzhM6uOCG [https://t.co/wxzhM6uOCG] — HarryMiller (@HarryMillerr) January 31, 2019 [https://twitter.com/HarryMillerr/s...