Weekly update

We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ☀️ We're also talking about my .NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below)....

It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast & Secure in Sydney on Wednesday then the Varonis webinar yesterday (recorded, I'll share once it's online). Be that as it may, I did manage to pump out a long-awaited blog post on the total cost of running Pwned Passwords in HIBP and its... 2.6c per day ? This week there's also a few random things ranging from online authenticity (the human kind), changes in Chrome 69 (there's some major visual security indic...

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn't mention it when I recorded, but there's already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post. Also, just in case...

Home! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be in this location. I've gotta stay home more... This week, there's no new blog posts due to travel commitments so it's a bit shorter, but there's still the usual array of goings on. I update how the Mozilla testing with HIBP is going, I'm going to update my Ubiquiti network at home and I get a bit cranky about people installing spyware on other people's phones...

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week. But to do something a little more worthy of episode 100, I wanted to share a bit abo...

It's a traveling weekly update this week as I round out a couple of workshops in Sydney and head to Canberra. That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. This week, I'm talking about a couple of different data breaches and delve into the Adult-FanFiction one in particular. Just read that thread I link to in the references below, wow... But there's also...

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: > BBQ time ? pic.twitter.com/yq5hXOGABt [https://t.co/yq5hXOGABt] — Troy Hunt (@troyhunt) August 3, 2018 [https://twitter.com/troyhunt/status/1025220673092767744?ref_src=twsrc%5Etfw] [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/...

Alrighty, 2 big things to discuss today and I'll jump right into them here: Exactis: it's hard to know where to even start with this one and frankly, the more I think about the more frustrated I am that services like this even exist in the first place. But they do and it's worthwhile being aware of them so have a listen to the video this week and check out the links I've shared below. Why No HTTPS? This is Scott Helme's and my little project which turned out to be a much bigger project but one...

This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series [https://www.pluralsight.com/courses/security-culture-creating]. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing. This week, I'm still on HTTPS. I don't mean for this to become a repetitive topic (an...

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die ? It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means. But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Pass...