Weekly update

A 117-post collection

Weekly Update 107

It's another "business as usual" week; past events, upcoming events, major security news, someone forgetting to renew a certificate and a new Pluralsight course. Actually, thinking about it more, this is possibly the most normal week I can remember, which is kinda disconcerting considering the (potential) impact of some of that news.Next week I'll be back in the US and in Texas so the schedule may be a little erratic, but I'll do what I can to pump out another update on time and with more of the usual craziness this industry is full of. ##ReferencesOne of the kids blogs I referred to was Eve Cogan's (this is a great example of a kid carving out a great social...

Weekly Update 106

Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound love for the Pi-hole. Seriously, this is a very cool bit of tech and a fun project to build for home. I'll share more over time...

Weekly Update 105

It's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and I just simply didn't get time to push this out until sitting at the airport waiting for the plan home. This week's update is a little different as we did it at SSW's recording setup in front of a live audience. Better video, better audio and some questions asked in the process too. Other than that, it's business as usual: more keyloggers on payment forms, more data breaches and a massive extended validation smack-down. References Scott published his blog post about Magecart coming for you (then right after that the NewEgg breach was announced)...

Weekly Update 104

We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ☀️ We're also talking about my .NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below). Next week, we're in Sydney for NDC so we'll do another joint update then. References I spoke at .NET Conf on pwning your cloud costs (link through to the recorded talk) FreshMenu had a breach and...

Weekly Update 103

It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast & Secure in Sydney on Wednesday then the Varonis webinar yesterday (recorded, I'll share once it's online). Be that as it may, I did manage to pump out a long-awaited blog post on the total cost of running Pwned Passwords in HIBP and its... 2.6c per day 😎 This week there's also a few random things ranging from online authenticity (the human kind), changes in Chrome 69 (there's some major visual security indicators gone), yet another spyware breach (just don't...), British Airways being hacked (still light on detail only half a day later) and my ongoing struggles with breach disclosure in a responsible...

Weekly Update 102

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn't mention it when I recorded, but there's already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post. Also, just in case you're in the area, I'll be speaking at API Days in Melbourne on Tuesday then at Fortinet's Fast and Secure conference in Sydney the following day. For...

Weekly Update 101

Home! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be in this location. I've gotta stay home more... This week, there's no new blog posts due to travel commitments so it's a bit shorter, but there's still the usual array of goings on. I update how the Mozilla testing with HIBP is going, I'm going to update my Ubiquiti network at home and I get a bit cranky about people installing spyware on other people's phones. I've made my thoughts about that perfectly clear in the past too: I’m a parent with young kids now coming online. I’m also a guy who...

Weekly Update 100

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week. But to do something a little more worthy of episode 100, I wanted to share a bit about where it is my time is spent today and indeed what I actually earn a living off. This was totally unscripted so I've probably missed things...

Weekly Update 99

It's a traveling weekly update this week as I round out a couple of workshops in Sydney and head to Canberra. That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. This week, I'm talking about a couple of different data breaches and delve into the Adult-FanFiction one in particular. Just read that thread I link to in the references below, wow... But there's also a few new Pluralsight courses in "Play by Play" format which completes the publication cycle for everything I've recorded to date bar the next in the quarterly series of...

Weekly Update 98

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time 😎 pic.twitter.com/yq5hXOGABt— Troy Hunt (@troyhunt) August 3, 2018 References Fashion Nexus suffered a data breach ("Is there an official statement?" - "No") The 5 stages of data breach grief (companies can deny all they want, but if they've been breached, eventually they'll reach the acceptance phase) GitHub is now using Pwned Passwords (they've taken a local copy of the data and check your password at login) Even...