Over the last 4 years, I've onboarded 28 national government CERTs onto Have I Been Pwned (HIBP) and given them free and open access to APIs that enable them to query and monitor their gov domains. This doesn't give them access to any information they can't already access via the free public domain search feature, but it makes their lives easier. Much easier. As interest from govs has grown, it's caused me to ponder: who am I willing to give access to? Who am I unwilling to give access to? Thos...

Somehow this week ended up being all about Russia and Cloudflare. Mostly as 2 completely separate topics, but also a little bit around Cloudflare's ongoing presence in Russia (with a very neutral view on that, TBH). Looking back on this video a few hours later, the thing that strikes me is the discussion around what appears to be a phishing page seeking donations for Ukraine. Just listen to me try to figure this out and as I say in the vid, if I have trouble discerning phish from legit resource,...

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned [https://haveibeenpwned.com/] being the exception), so I'm always looking for the fastest, cheapest way to get up and running. Last month as part of my blog post on How Everything We're Told About Website Identity Assurance is Wrong [https://www.troyhunt.com/how-everything-were-told-about-website-identity-assurance-is-wrong/] , I spun up a Cloudflare Pages [https://developers.cloudflare.com/pages/]...

With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses. At that and more in this week's update. [https://itunes.apple.com/au/podcast/tro...

A little late this week as the tail end of travel bites into my time, but it's nice to be home again (albeit amidst a period of record rainfall). I'll get back on a normal schedule next week but for now, here's all the usual stuff in number 284, complete with a super cool "ransomwear" hoodie from this week's sponsor, Varonis 😎 [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi=com.google.PlayMusic&isi=691797987&ius=googleplay...

I feel the need, the need for speed. Faster, Faster, until the thrill of speed overcomes the fear of death. If you're in control, you're not going fast enough. And so on and so forth. There's a time and a place for going fast, and there's no better place to do that than when querying Have I Been Pwned's Pwned Passwords service. (Ok, a lot less glamorous than the context of the previous statements, but also less likely to have a catastrophic outcome.) In December last year, Pwned Passwords sa...

A super quick intro this week as I take a bit of time out before a hectic week. It's hotel room quality audio this week, but that's a temporary state before I'm back home next week. I hope you entry week 283, so much FUD to debunk on website identity verification... [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi=com.google.PlayMusic&isi=691797987&ius=googleplaymusic&apn=com.google.android.music&link=https://play.google.com...

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches [https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/] , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs. You'll see more national gov...

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: > Why are you still claiming this @digicert [https://twitter.com/digicert?ref_src=twsrc%5Etfw]? This is extremely misleading, anyone feel like reporting this to the relevant advertising standards authority in their jurisdiction? https://t.co/enzJUodhdG pic...

Just listening back to this now, I'm really happy with the Focusrite Scarlett Solo DAC [https://focusrite.com/en/audio-interface/scarlett/scarlett-solo] that has replaced the old setup. Super simple, one of the cheapest of all the options and just works! Good times. The other thing of note as I put this video into a blog post is that I definitely want to carve out time to write up that DigiCert blog post I discussed. It's just such a nonsensical piece that's so easily debunked yet still has a ve...