Troy Hunt

This week, it's all about fixing data breaches. Following on from my Congressional testimony last month, I committed to writing about how we can address the root causes which has led to the 5-part epic that was this week's posts. These posts consumed a huge amount of time this week which is why the weekly update is going up a day late, but it's here now and it's a whopper! iTunes podcast [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] | Google Play Music pod...

In the first 4 parts of "Fixing Data Breaches", I highlighted education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/], data ownership and minimisation [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], the ease of disclosure [https://www.troyhunt.com/fixing-data-breaches-part-3-the-ease-of-disclosure/] and bug bounties [https://www.troyhunt.com/fixing-data-breaches-part-4-bug-bounties/] as ways of addressing the problem. It was inevitable tha...

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws. I went on to data ownership and minimisation [https...

This week, I've been writing up my 5-part guide on "Fixing Data Breaches". On Monday I talked about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], namely by collecting a lot less data in the first place then recognising that it belongs to the...

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server c...

We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem [https://www.troyhunt.com/heres-what-im-telling-us-congress-about-data-breaches/]. My full written testimony is in that link and it talks about many of the issue we face today and the impact data br...

I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this week, there's a bunch of stuff around a new Pluralsight course, my dismay with Face ID and a bit of taking a UK bank to task. That last one actually had a good end result too so I'm pretty happy about that ? iTunes podcast [https://itunes.app...

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine..." The latest such event was with NatWest [http://personal.natwest.com] (a bank in the UK), and it culminated with this tweet from them: > I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy? DC — NatWest (@NatWest_Help) December 12, 2017 [https://twitter.com/NatWest_Help/status/940672376127270912?ref...

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week [https://www.cultofmac.com/518009/phil-schiller-says-face-ids-competitors-stink/] finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID [https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/] just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it th...

As many followers know, I run a workshop titled Hack Yourself First [https://www.troyhunt.com/workshops/] where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known quantity, but there's one module more than any other that changes at a fierce rate - HTTPS. I was thinking about it just now when considering how to approach this post launching the new course because le...