Mastodon

Weekly Update 152

17 August 2019

I made it out of Vegas! That was a rather intense 8 days and if I'm honest, returning to the relative tranquillity of Oslo has been lovely (not to mention the massive uptick in coffee quality). But just as the US to Europe jet lag passes, it's time to head back to Aus for a bit and go through the whole cycle again. And just on that, I've found that diet makes a hell of a difference in coping with this sort of thing:

This week it's almost all about commercial CAs and their increasingly bizarre behaviour. It's disappointing to see disinformation and privacy violations from any organisations, but when it's from the ones literally controlling trust on the web it's especially concerning. Maybe once they're no longer able to promote EV in the way they have been that will change, but I have a feeling we've got a bunch more crap to endure yet. See what you think about all that in this week's update:

Listen on Apple Podcasts
Get it on Google Play
Download via RSS

References

  1. Reminder: If you're using the HIBP API to search for email addresses, get yourself onto V3 ASAP! (you've got 2 days until the old versions die)
  2. Chegg had 40M accounts breach with unsalted MD5 password hashes! (it was April last year, now it's searchable in HIBP)
  3. Extended Validation Certificates are (Really, Really) Dead (I've been saying it for ages, but both Chrome and Firefox have really nailed it now)
  4. DigiCert is rejecting the proposal to reduce maximum certificate lifespans (uh, except for that post a few years ago when they thought it was a good idea...)
  5. Sectigo leaked the personal info of a do-gooder which resulted in him receiving a threatening letter (there's all kinds of things gone wrong here)
  6. Big thanks to strongDM for sponsoring my blog over the last week! (see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else")
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications