Sponsored by:

Weekly update

A 74-post collection

Weekly Update 74

I had plans this week. Monday was going to be full of coding work around Pwned Passwords V2 (and a few other HIBP things) then Texthelp went and got themselves pwned and there went my day writing about the ramifications of that. This is a genuinely important issue and the whole concept of the JavaScript supply chain needs much better thought. We've got the technology, it's just that most people don't know it exists! I did then later get around to posting my "dark web" piece too. It's a scary read because it has dark stuff, hoodies and green screens and we know that's scary because that's the message we keep getting fed! Actually, not so scary and...

Weekly Update 73

I'm not entirely sure how I've gotten to the end of the week feeling completely wrung out whilst having only written the one thing, but here we are. In fairness though, I've put a heap of work into Pwned Passwords version 2 and finally completed the data set. There's some coding work and other logistics to complete before it goes live, but the plan for now is week after next so I'm looking forward to that. This week, it's all about minimum password lengths. In isolation, that sounds a little mundane but in the context of the broader picture of how authentication has evolved, I think it makes for an interesting discussion. By pure coincidence, I was very happy to...

Weekly Update 72

I'm home! It's nice being home 😀 This week I start by getting a couple of things off my chest, namely some pretty wacky reactions to my suggesting that we're never going to see a coders' hippocratic oath and how I feel when media outlets say "the dark web". Plus, I've got news around running workshops in Europe with Scott Helme and me finally getting a content security policy on this blog. That last one in particular makes me very happy because it really shouldn't have been this hard, but it was (for reasons I explain in the video) and it's now working fantastically! All that and more in this week's update. iTunes podcast | Google Play Music podcast | RSS...

Weekly Update 71 (Denmark Edition)

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow. Plus, of course, the actual infosec stuff from the week namely my new Pluralsight course on creating a security-centric culture. iTunes podcast | Google Play Music podcast | RSS podcast References This is the first of a brand new Pluralsight series...

Weekly Update 70 (NDC London Edition)

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast References I'm at NDC London! (my talks are done and they'll be online in the coming weeks so until then, here's a bunch of previous ones) Here's how I'm handling breach disclosures (this is a really important part of...

Weekly Update 69 (Boat Edition)

It's my last day in the sun ☹️ Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking motion, the occasional wind noise (I lost the fluffy bit off my smartLav mic) and the gratuitous amount of sunshine and beach. This week is all about heading off on travels again and the Indian Aadhaar system which is making big headlines over that way lately. Plus, I show you a little of what it's like down my way on yet another glorious summer day 😎 (And yes, I'm aware I...

Weekly Update 68

It's 2018! All new year and already someone has gone and broken our computer things courtesy of the Meltdown and Spectre bugs. I only touch briefly on them in this week's update and I refer people to my Twitter timeline for good coverage I've shared. However, there's one resource which stands out above the others and it's this thread from Graham Sutherland. If you want to get a good overview quickly, start there. In other news, I talk about all the NDC events I have coming up: Just been planning my @NDC_Conferences events for 2018, talks and workshops at:London, 15 Jan: https://t.co/Sx8JuWouUyOslo, 22 Jan: https://t.co/XTA8ItnRKTGold Coast, 25 Apr: https://t.co/xIyzZcd6a9Oslo,...

Weekly Update 67

It's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But I did eventually record a full update and in an otherwise slow news week, I thought I'd talk a little bit about Xmas down under in Australia. About 93% of visitors to my blog this year have been from other parts of the world (most notably the US and UK) so the idea of a sunny Xmas is foreign to most. I share a bit about what it's like down...

Weekly Update 66

This week, it's all about fixing data breaches. Following on from my Congressional testimony last month, I committed to writing about how we can address the root causes which has led to the 5-part epic that was this week's posts. These posts consumed a huge amount of time this week which is why the weekly update is going up a day late, but it's here now and it's a whopper! iTunes podcast | Google Play Music podcast | RSS podcast References Fixing Data Breaches Part 1: Education (let's do a better job of not having these incidents in the first place) Fixing Data Breaches Part 2: Data Ownership and Minimisation (give people control of their data and try to collect less of...

Weekly Update 65

I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this week, there's a bunch of stuff around a new Pluralsight course, my dismay with Face ID and a bit of taking a UK bank to task. That last one actually had a good end result too so I'm pretty happy about that 😀 iTunes podcast | Google Play Music podcast | RSS podcast References It's (another) new Pluralsight course! (more HTTPS because let's face it, we need more HTTPS) I really, really wanted...