Troy Hunt

For a week where I didn't think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there's always a lot to discuss, and that's before questions from the live audience as well. As I allude to at the end of this update, next week I'm going to have something really, really cool to announce that has been a long time in the works so keep an eye out for that one 😎 [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id11...

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future....

This one is a real short intro as right now, it hurts to type (copy and paste is earlier 😊): I’m Back at a *REAL* Conference; Dealing with RSI; Shellies and MQTT; My IoT Aircon Hack; Drowning in Data Breaches. [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi=com.google.PlayMusic&isi=691797987&ius=googleplaymusic&apn=com.google.android.music&link=https://play.google.com/music/m/If3tw7npymckucxq4q76762ncny?t%3DTroy_Hunt's_Wee...

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much shit breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon! [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi...

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway 😊 All that and more in this week's update. [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [ht...

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in t...

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg ( govcert.lu [https://www.govcert.lu/en/]) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future....

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet [https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action] . This strain of malware dates back as far as 2014 and it became a gateway into infected machin...

Lots of bit and pieces this week, most of which is self-explanatory based on the references below. One thing to add though is the outcome of the ClearVoice Surveys breach I live-tweeted during the stream: someone from there did indeed get in touch with me. We spoke on the phone, they confirmed the legitimacy of the breach and acknowledged they'd seen it posted to a hacking forum where it's now spreading broadly. They're working on their disclosure but as I said to them on the call, the fact it's...

Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed off to Thredbo for a couple of days of mountain biking, hitting trails I've only ever snowboarded down before (yes, we get snow in Australia). Back to normality (I think we can start calling it that now), Rob and I did our book editing session, the Facebook scraping incident (let's stop calling it a "data breach") continued to consume time and in a case of very fortuitous timing, they're c...