Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski 😎 But, of course, there's still a heap of stuff happening that's worthy of discussion, everything from the UK gov's NCSC doing good work to the Reply All podcast I was on this week to new data breaches to the ongoing shenanigans involving kids "smart" watches. And oh boy, the communications strategies of a couple of these in particular is just absolutely woeful. All that and more in this week's update.
Oh - and right after I published this, I noticed some crazy static for about 14 seconds at the 27:15 mark. Sorry - I'd republish it but I'd be looking at about 2 hours to re-render and re-upload and this is already going out a couple of hours late so, yeah, sorry!
- The NCSC has published a list of the worst 100k passwords you can now go and download (these came from HIBP's Pwned Passwords list and are available to download in the clear)
- The Pwned Passwords API has really grown in usage lately (10.5M hits a day with a 98.4% cache hit ratio courtesy of Cloudflare)
- I was on the Reply All podcast again this week (these guys rock - listen to this podcast at every opportunity!)
- TicTokTrack is back online per the schedule they represented last week, but apparently the Sri Lanka bombings meant they were back online... when they said they would be? (that's a link to the original story, their PR process has been absolutely terrible)
- There are some very shady communications coming from SPACETALK in the wake of the TicTokTrack incident (seriously guys, when is ambulance chasing ever looked on as a good thing?!)
- Varonis is sponsoring my blog this week and giving you access to their free "Enemy Within" course (written by me!)
- And whilst we're talking insider threats, let us not forget the man who outsourced his job to China (6 years old now, still kinda stupid and hilarious at the same time)