I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed, we stopped maintaining downloadable behemoths of data. A little later, we added the downloader to make it easy to pull down the latest and greatest complete data set directly...

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this). But hey, we're surrounded by water and a beer delivery is due today so no crisis 😎 There's also a heap more data breach news and I'll be putting that connected BBQ to use for the first time today, stay tuned for epic pics on all of the above over the coming hours! References 1. HTTPS still doesn'...

Breaches all over the place today! Well, this past week, and there's some debate as to whether one of them is a breach, a scrape or if the term just doesn't matter anyway. Plus, we've been kitchen shopping, I'm helping friends out with connected doorbells and other random but somehow related things this week. Enjoy 😊 References 1. I'll be "at" GOTO Aarhus in May (there online, but definitely speaking at the show) 2. Following all the awesome input, we decided to forego the teppanyaki plate...

Well and truly back into the swing of things in the new year, I think what I've found most satisfying this week is to sit down and pump out a decent blog post on something technical. It's an itch I just haven't had enough time to scratch properly in recent times and I really hope Pwned or Bot makes up for that. I love that it's generating discussion (both for and against) and that it's causing people to stop and think about how we establish the legitimacy of identities in an increasingly bot-cen...

It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system. When I first built Have I Been Pwned (HIBP), my mantra was to "do good things after bad things happen". And arguably, it has, largely by enabling individuals and organisations to learn of their own personal exposure in breaches. However, the use cases go...

Big week! So big, in fact, that I rushed into this week's update less prepared and made it a very casual one, which is just fine 😊 It's mostly password books and kitchen equipment this week, both topics which had far more engagement than I expected but made them all the more interesting. Next week I'll get back into the pattern of switching between last thing Friday and first thing Friday so it'll be my morning again on the 20th, see you then! References 1. After all this week's action, I w...

Strap yourself in, this is a big one! Big video, big breach (scrape?), and a big audience today. The Twitter incident consumed a heap of my time before, during and after this live stream, but then I go and get a sudden itch to do stuff like the number plate capturing and, well, there goes even more hours I don't have. But hey, I love what I do and I have no regrets, I hope you enjoy watching this week's vid 😊 Oh - one more thing: today I set up an official Mastodon account for HIBP. If you've...

We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays. For now though, here's the last of it from a pretty crazy year, en...

It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas. Hope yours has been amazing too, see you from home next week 😊 References 1. LastPass has added an update re their recent security incident (if keychains have...

Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled together a weekly vid from the Norwegian mountains. Much of this week is a combination of our travels here, responses to my tweets around cookie warnings and reactions to Elon's various decisions (and undecisions) on Twitter. Plus, there's the CoinTracker and Gemini breaches which appear to have stemmed from the SendGrid breach, the connection to that incident having been made by CoinTracker...