I was chatting to some folks at a bank just the other day about a bunch of modern web security standards. Whilst this blog post is about a Pluralsight course I created with Lars Klint [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fplay-by-play-modern-web-security-patterns%2Ftable-of-contents] , it only really hit me during that bank conversation just how much there is to take onboard when it comes to securing things in the browser toda...

I have a vehement dislike of spam. Right there, that's something you and I have in common because I'm yet to meet a person who says "well actually, I find those Viagra emails I receive every day kinda useful". We get bombarded by spam on a daily basis and quite rightly, people get kinda cranky when they have to deal with it; it's an unwanted invasion that takes a little slice of unnecessary mental processing each time we see it. Sure, junk mail filters catch a lot of it, but even the best implem...

I'm in Honolulu! And I apologise in advance for the audio quality - the background noise is air conditioning units in the hotel and I didn't realise quite how much sound they make until I listened to the audio afterwards. Next week I'll be home and back to a quality audio setup. Regardless, I did pump out a shorter update with a bunch of bits and pieces that popped up during the week. Firstly, the obnoxious behaviour that is Twitter thread hijacking (think of everything you hate about spam, jus...

I received a very nice email this week: > Congratulations, your nomination has been accepted to the Microsoft Regional Director program! I am pleased to welcome you back to this worldwide community of technology thought leaders and thank you for being a part of this community. Just over 2 years ago, I first became a Microsoft Regional Director [https://www.troyhunt.com/microsoft-regional-director/]. This is a role that has meant a great deal to me over that time; it's not one you can sit an e...

We're in Hawaii! "We" being Scott Helme and myself and we're here for the Loco Moco Sec conference [https://locomocosec.com/] which has been a heap of fun (the location may have played a part in that...) And what a location: Scott joined me for this week's update and we were fresh out of a great talk from the Google Chrome Security PM so have a bit to share there about changes coming to the browser. And then, T-Mobile - whoa! Just read the thread I link to in the references below (get popcorn...

It's a MASSIVE weekly update! The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. I've been so cautious with the way I've managed the image of HIBP to ensure it's always positioned in the right light and I wanted to delve more into that thinking here. As I say in the video, I'm really happy with the feedback so far and I've "liked" a bunch of the responses so check out my Twitter profil...

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember [https://www.troyhunt.com/only-secure-password-is-one-you-cant/]. In an era well before the birth of Have I Been Pwned [https://haveibeenpwned.com/] (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Of course, we all know that but it's interesting to look back on that post all these years late...

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: > Is it normal for @Telstra [https://twitter.com/Telstra?ref_src=twsrc%5Etfw] to displa...

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: > Should I respond? ? pic.twitter.com/lifCZRcICF [https://t.co/lifCZRcICF] — Troy Hunt (@troyhunt) March 20, 2018 [https://twitter.com/troyhunt/status/9760...

Home again which means more time to blog and per the intro to this week's update, time to catch up on how HIBP is tracking. Here's the 2 tweets with some stats I mention at the start of this week's update: > It's been almost a month since I launched Pwned Passwords V2. In that time, @cloudflare [https://twitter.com/Cloudflare?ref_src=twsrc%5Etfw] has served 156TB from their cache thus keeping the traffic off my origin. Thanks guys, this would have been a hard discussion to have with the wife o...