Mastodon

Weekly Update 75

23 February 2018

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here:

The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place. A huge portion of what I've learned personally has come from very robust debates within these communities and in turn, I hope others have also learned from me. These discussions are awesome; they make us all better people and better professionals. Some people in those chats turned out to be pretty aggressive yesterday but rather than focus on the negative, I thought I'd share a talk titled "Hack Your Career" (deep-linked to right point, watch 3 and a half minutes worth from there) and in particular, this quote:

Your social media profile is your opportunity to demonstrate your character

Now, onto the good stuff and because this one went for more than an hour, I'm listing the times different bits are talked about here so you can jump directly to bits of interest:

03:52 - Australia's Notifiable Data Breach Scheme
11:40 - We're going all HTTPS (and some people are pretty angry about that)
22:40 - The defences (and rebuttals) of EV certs
44:00 - Pwned Passwords (this is the good stuff!)

iTunes podcast | Google Play Music podcast | RSS podcast

References

  1. Australia now has a mandatory disclosure law (it's called the "Notifiable Data Breach Scheme" or "NDB" here, this is a webinar I did on it yesterday)
  2. DoesMySiteNeedHTTPS.com (yes, and that link has all the reasons why)
  3. I did actually go and get an EV cert a couple of years ago (and there were a bunch of hoops to jump through)
  4. My blog on the futility of EV certs (the more you think about it, the less sense they make today)
  5. In my "I'm Pwned. You're Pwned. We're All Pwned." talk, I cover EV (this is the one you want to watch to understand why it doesn't work, watch from the deep-linked point in the video where I ask the audience questions, it's really telling)
  6. Pwned Passwords V2 - I'm pretty stoked about this (that's the whole background story, it's a long read but I wanted it to be complete)
  7. Tech Fabric are sponsoring my blog this week (and they picked an awesome week to do it too!)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications