Mastodon

Weekly Update 61

17 November 2017

A bit of a "business as usual" week this one, but then this business is never really "usual"! I start out with a talk at McAfee's MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can't talk about... but will next week!)

In terms of new things, I've now got my hands on an iPhone X so I spend a bunch of time talking about that. It only arrived yesterday so I'm still learning and forming opinions, but early feedback is that I love this phone! Well actually, in the video I talk about stuff I love, stuff I'm not real happy about and a bunch of things in between but even since recording that video this morning (I'm half a day on now which has basically doubled my iPhone X experience!) I've found other stuff to like. The real biggy is having all the screen real estate of my old 7 Plus in a phone that's physically near identical in size to a non-Plus phone. Just on that, I speak in pretty generic terms in the video but a quick check on Apple's iPhone comparison page shows that the 7 Plus (and 8 Plus, for that matter) has a screen size of 5.5" with 401ppi whilst the X's screen is 5.8" and 458ppi. Yeah, I do actually love this phone :)

In other news, I wrote a big piece on CSPs this week, namely around the different ways they can handle scripts. There's a few really cool options that give you middle grounds between the "run anything" state that you're in without a CSP and "run nothing" default state when a CSP is in place. I talk about hashes and nonces which are cool, but then there's browser flakiness to deal with too (which is not cool). All that and more in this week's update. Enjoy!

iTunes podcast | Google Play Music podcast | RSS podcast

References

  1. Ars is calling "bullshit" on claims of FaceID hacking (it's an interesting read and there's certainly some questions that need answering, such as the ones Dan Goodin tweeted earlier today)
  2. Getting to grips with content security policies and scripts (I talk about no CSP, nonces, hashes and outright banning of unsafe inline scripts)
  3. Terbium Labs is back sponsoring my blog this week (big thanks to those guys and their Matchlight product, they've been regularly supporting this blog for a year now)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications