Weekly update

Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with public workshops. Tickets are still available at those and it'll be your last chance for a long time to do that event in the UK.Then there's Project Svalbard. I think it'll come across in the video below, but putting a project I've poured my heart and soul into over the last 5 and half year up for sale is a massive thing for me. There are so many emotions...

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting:It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved 👏🏼 pic.twitter.com/grN4aALypV— Eleanor Dallaway (@InfosecEditor) June 6, 2019 But that wasn't all, there was also the European Security Blogger awards a couple of days earlier:Thanks folks 😎 pic.twitter.com/GvCnvOL7X3— Troy Hunt (@troyhunt) June 4, 2019 And just a general absolutely jam-packed, non-stop week for both Scott and I. We talk about what we've been up to in...

Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in EV certs and then we head off down a rabbit hole of 2FA and people getting fired for failing simulated phishing tests. Next one from London next week! ReferencesWe've launched a bunch of hotel packages with the Hack Yourself First UK tour! (one price gets you access to the workshop and hotel accommodation in Manchester, London or Glasgow)Check out the mozilla.dev.security.policy forum for commentary on the...

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.For now, I did actually get a post out this week and also found myself in a rather unexpected debate about password managers, biometrics and "fun". I spend quite a bit of time this week talking about that, I'm curious to hear other people's thoughts on...

Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2 and a half years I've been doing them and I'm not going to start now! So with that very short intro done, here's this week's and I'll try and be a little more on the ball for the next one. ReferencesGoogle is having some issues with the U2F keys the recommend for their Advanced Protection Program (but seriously, this is a pretty minor issue)I'm definitely still recommending this approach...

After a mammoth 30-hour door-to-door journey, I'm back in the USA! It's Minnesota this week and I've just wrapped up a couple of days of Hack Yourself First workshop followed by the opening keynote at NDC followed by PubConf. All great events but combined with the burden of travel, all a bit tiring too (plus, it turns out that emails don't stop coming in when you're busy...) There's a real crypto theme to this week's update courtesy of some of the contents in my keynote, a really ridiculous article on PC Mag I came across and a lovely meeting with a few of the folks from Let's Encrypt. There's also a follow-up to the video I promised to include in...

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few weeks time before the AusCERT conference.This week, we're talking about how kids are so good at circumventing things like parental controls and how maybe - just maybe - talking to your kids and using some social techniques is a better (or at least complimentary) approach to hard controls. Partly as a result of that tweet, we're also discussing the rampant negativity we seem to constantly face by a small...

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski 😎 But, of course, there's still a heap of stuff happening that's worthy of discussion, everything from the UK gov's NCSC doing good work to the Reply All podcast I was on this week to new data breaches to the ongoing shenanigans involving kids "smart" watches. And oh boy, the communications strategies of a couple of these in particular is just absolutely woeful. All that and more in this week's update.Oh - and right after I published this, I noticed some crazy static for about...

It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley. There's also the whole TicTokTrack kids watch situation which aligns very well with many of both our prior experience. And just on that, when we recorded the video they were planning on getting the service back up and running that day (Thursday Aus time when we recorded). Turns out that didn't happen and frankly, kudos to them for taking a little more time...

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose. This is really sucking a lot of time right now and frankly, well, I summed it up here earlier in the week:Currently going through the process with 4 breach disclosures. 3 of them I just can’t get a response from and the one I can really doesn’t want to act promptly. This is bloody hard work, and enormously frustrating.— Troy Hunt (@troyhunt) April 11, 2019 But it's the...