Weekly update

This week I'm at Microsoft Ignite "The Tour" in Sydney with Lars Klint. I've spent most of the last couple of days doing the "hallway track" (basically just wandering around and saying "hi" to people) and doing a bunch of meetings with folks here on cyber things. I didn't mention it in the video, but there was also the Azure User Group Wednesday night and a panel here at Ignite last night so definitely keeping busy. Not too busy, mind you, and I did manage to get a couple of blog posts out this week. I'll be home on the Gold Coast from tomorrow beginning what I'm planning to be an extended "quiet period" with a lot less travel and...

Well that's the audio issues fixed - mostly. The Zoom H6 is an awesome recorder, I just can't quite work out the right adaptors for the mic. I've got a couple of Saramonic SR-XLM1 lav mics and the guy at the DJ store I bought the Zoom from was convinced we'd be fine with just with 3.5mm to 6.35mm jack converters which appears to be incorrect. Someone else hen said we'd need a TRRS to TRS adaptor so we grabbed a couple of Rode SC3s which also didn't solve the problem. So, keeping in mind we have no idea what we're doing (and missing), can someone explain the gap here and what's required to fill it? In other...

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I was left with a zero-byte file on my unit which we tried to recover to no avail. It's not just that; the mobile app is clunky AF (Scott was demonstrating how many times he had to mash a button on his just to get it to connect to a mic), firmware updates require an install on the PC (which at least previously, was unsigned code loaded over HTTP via an...

We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov coming onto HIBP, babies in data breaches and the takedown of We Leak Info. We'll do this again together next week from Oslo and then again the following week from NDC London. For now, here's the fireside version in Hafjell: ReferencesBabies in data breaches - yep, babies (there are no limits on who can be breached these days)We Leak Info got taken down by a collection of law enforcement...

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a completely different epic fail, namely Surebet247's handling of a breach impacting their customers. I chose those words carefully as it now seems almost certain the breach was actually of BtoBet and I've linked to the story on that below. Regardless, have a listen to how the Nigerian gambling service handled the incident, holy shit... ReferencesNDC is coming to Melbourne! (also check out the CFP if you're interested in delivering a...

I couldn't get 2 days into the new decade without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that correctly). It somehow seems to just be reflective of how crazy online security is becoming in the modern era. On the plus side, Chrome is making some really positive changes to how it handles cookies so it's not all bad news. Hope you enjoy the first update of 2020 😊 ReferencesTrying to create a password on Tik Tok is... interesting (even their messaging is contradictory, let alone the craziness of the...

Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before). All that plus the Turkish Crime Family aftermath and the Factual data (another data aggregator) in HIBP in this week's update. ReferencesSophos got their messaging wrong on...

Monday: 40C and lapping up the Gold Coast sunshine. Wednesday: -8C and lapping up... Juicy IPA! I'm back in Oslo and catching up with the locals including running a roundtable discussion for CSOs at Microsoft, visiting the Norwegian National Cyber Security Centre (recently onboarded to HIBP) and chatting with Forbrukerrådet, the Norwegian Consumer Counsel. Plus, there's an all new blog post on the long-overdue update to Scott Helme's and my little Why no HTTPS? Project. ReferencesForbrukerrådet does some excellent work identifying risks to consumers (link to their findings from a couple of year ago around kids tracking watches)Still why no HTTPS? There's still a heap of websites that need to lift their HTTPS game (see if you can lean...

I recorded this right before heading out for my final conference talk of the year at YOW! Melbourne where I was due to do the closing keynote of the event. That's now done, questions answered and beers drunk and I left the event feeling great. One of the things I get the most pleasure out of at conferences is hanging around talking to people so a big thanks to everyone who made the time today to stay back on a Friday evening and cap a very busy year of conferences off in this fashion. I'm going to leave that intro here, push this week's update then do it all again (hopefully also on time!) a week from now. ReferencesWhy No...

I'm presently on the YOW! conference tour which means doing the same keynote three times over in Sydney, Brisbane and Melbourne. It's my first time back at YOW! since 2015 and it's always a nice way to wrap up the year, especially the Brisbane leg I'm on at the moment in my home state. That's kept me busy, but it's some tweets last week that have kept me entertained so I'm talking about those as well as some reflections on what is now 6 years of running HIBP. Next update I'll try and push out a little earlier to align with YOW! in Melbourne and hopefully give myself a bit more downtime come the weekend. ReferencesIt's not just Let's Encrypt...