Sponsored by:

Weekly update

A 108-post collection

Weekly Update 98

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time 😎 pic.twitter.com/yq5hXOGABt— Troy Hunt (@troyhunt) August 3, 2018 References Fashion Nexus suffered a data breach ("Is there an official statement?" - "No") The 5 stages of data breach grief (companies can deny all they want, but if they've been breached, eventually they'll reach the acceptance phase) GitHub is now using Pwned Passwords (they've taken a local copy of the data and check your password at login) Even...

Weekly Update 97

Alrighty, 2 big things to discuss today and I'll jump right into them here: Exactis: it's hard to know where to even start with this one and frankly, the more I think about the more frustrated I am that services like this even exist in the first place. But they do and it's worthwhile being aware of them so have a listen to the video this week and check out the links I've shared below. Why No HTTPS? This is Scott Helme's and my little project which turned out to be a much bigger project but one that was definitely worthwhile doing. We need to do some work on this to refine the results and get it all automating, but...

Weekly Update 96

This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing. This week, I'm still on HTTPS. I don't mean for this to become a repetitive topic (and I'm sure it'll die down after Chrome 68 hits next week), but this week got pretty crazy. The most unexpected outcome of those discussions was a real flat-earther chiming into the Twitter discussion after someone made the innocent mistake of using the...

Weekly Update 95

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die 😢 It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means. But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Passwords V3. But if I'm honest, it's the post and associated video on HTTPS and static websites I enjoyed the most and based on the number of likes in...

Weekly Update 94

It's a week of tweets! I only wrote the one short blog post this week, but I spent a heap of time on the Twitters arguing with people instead so... that's something? But seriously, there was a huge amount of discussion around HTTPS in particular and some very vocal opinions around its usefulness (or lack thereof), which frankly, had myself and many others tearing their hair out. I'll prepare some great demos over the next few days to illustrate the problems which just seem to be going over the heads of many people. It'll be a fun blog post 😃 For now though, here's this week's update which talks through many of the issues covered in those tweets not just as...

Weekly Update 93

Geez it's nice to be home! I took a ride on the jet ski today which was just one of those typically perfect Gold Coast winters days at a balmy 24C. I cruised around the ocean with a pod of dolphins (probably a dozen of them), grabbed some prawns for lunch (not those "shrimp" you get other places, proper big prawns), then sat down here and enjoyed the serenity: I’ve really gotta stay home more ☀️ 😎 pic.twitter.com/soi3J7ygox— Troy Hunt (@troyhunt) June 29, 2018 But I did get a heap of stuff done earlier this week I was really happy with, the biggy being the announcements around Firefox and 1Password integrating with HIBP. I talk...

Weekly Update 92

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home 😎 This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP. Plus, just a little teaser for some big news coming next week, but I'll cover that in detail on Friday from the comfort of home. References The Estonian Central Criminal Police sent...

Weekly Update 91

We're at NDC Oslo! We found a spot on the floor and recorded this a couple of hours before doing our final talk of the event. In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week. And how did it go? Apparently, exceptionally well! Best talk of the conf! @troyhunt and @Scott_Helme on web security - dont get advise from a psychic 😆 #NDCOslo pic.twitter.com/X0m3Q5xFeq— Natalia An (@illumikko) June 15, 2018 Just left #NDCOslo after watching the best talk of the week with @troyhunt and @Scott_Helme pic.twitter.com/PNyNFMMI2V— Thomas Fredriksen (@thomfredev) June 15, 2018 Best...

Weekly Update 90

Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI. This is massive for us, and very, very unexpected too. We talk about why this week. Further to that, there's our experiences from the Infosec Europe conference, Scott's talk about nomx (sorry - "multi-award-winning UK blogger Scott...

Weekly Update 89

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks. I also killed off the non-anonymous endpoints of Pwned Passwords today so it's k-anonymity all the way now. Plus, in this week's blog posts, the Spanish government comes on board HIBP and I write about some really cool large-scale use cases of Pwned Passwords. Oh -...