The tech news recently has seen quite a lot of chatter about an alleged haul of Apple credentials [http://www.zdnet.com/article/apple-icloud-ransom-what-you-need-to-know/], apparently about 250 million of them in all. Allegedly. Maybe. Or was it 300 million? [https://www.macrumors.com/2017/03/22/apple-ransom-300m-icloud-accounts-claim/]. No - wait - it might have only been 200 million [http://mashable.com/2017/03/21/hackers-icloud-accounts-ransom/#VyYFdlgLMkqN]. The number itself has been the so...

I went to Helsinki a couple of years ago. I was there running a security workshop for a local company and whilst in town, I caught up with Mikko Hypponen [https://twitter.com/mikko]: > Troy Hunt (@troyhunt [https://twitter.com/troyhunt]) in Helsinki today. Troy's http://t.co/zOiZnkMpNo service is highly recommended! Use it. pic.twitter.com/lf59Hz7zvI [http://t.co/lf59Hz7zvI] — Mikko Hypponen (@mikko) May 28, 2015 [https://twitter.com/mikko/status/603890257814278144] Now Mikko is a very inter...

LastPass had an issue the other day [https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/] , a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants an RCE vuln in their software - but as is prone to happen with these incidents, some people went about promptly...

So the plan this week was to record the update whilst driving from Melbourne to Sydney with Lars Klint [https://larsklint.com/] in the new car. And I did - record it that is - but due to some screwyness with Lars' GoPro, it turns out that "recording" is not the same as "actually saving it to the SD card". Fortunately, I successfully capture a review we did on the car and I'll look at editing that up later on, but for now there's a short clip on Twitter [https://twitter.com/troyhunt/status/847255...

I've been watching the cyber-news pretty closely lately and one of the biggest challenges we seem to have is attribution. I mean, stuff is getting hacked left right and centre but who's actually responsible?? I started paying closer attention and I reckon I've worked it out - it's mostly this guy: He fits the profile to a tee - hoodie, obfuscated face and an apparent love of binary, all calling cards of the modern day cyber-hacker. As you can clearly see from the image, he's suspected of perp...

Another week down and looking back, I'm not sure precisely what I did. I mean I know I was busy, but you ever have one of those weeks where you just wonder where the time went? Although in fairness, a big chunk of it went to finishing off my latest Pluralsight course on "What Every Developer Must Know About HTTPS". Whilst my work there is done, there's still review and processes and other things that have to happen on Pluralsight's end (they put a lot of effort into quality control), so I suspec...

Organisations don't plan to fail. Probably the closest we get to that in the security space is password hashing, which for all intents and purposes is an acknowledgement that one day, you may well lose them. But organisations rarely plan for how they should handle data breaches and when an incident does happen (and that seems to be a near certainty these days), they're left unprepared; they're in unfamiliar territory, there's enormous stress and pressures on them and frankly, they usually react...

There's a seemingly endless flood of data breaches these days. Pretty much every day I get sent dumps from somewhere or other, usually websites I've never heard of and often dating back to compromises from years ago. They vary in size from thousands of accounts to many millions - and this is just the ones I've looked at. In short, there's way more data than I have time to process. Occasionally though, an incident floats to the top of the others which is what's happened over the last few days. T...

Y'know, for all the talk of jet skis, I'd never actually done a weekly update on it. Until today. It's autumn here and the weather is still beautiful so I went for a quick blast and recorded this one. This week, there's my Security Sense column on the futility of aiming for absolute security, a lot of talk on the whole Dun & Bradstreet spam list (let's just call it what it is) and also the Wishbone breach, among other things. Incidentally, checkout the underwater bit at the end, especially that...

Earlier this week, I read a really interesting piece on 3 things that need to be done to save the web [https://www.theguardian.com/technology/2017/mar/11/tim-berners-lee-web-inventor-save-internet] . The first observation was that "we’ve lost control of our personal data" and the author went on to observe the following: > As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with...