I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: > Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "TraceTogether...

It's a day late because somehow, even in the current climate, I still find myself with a lot on my plate and the 2am getup yesterday morning didn't leave me much like talking by the usual time I'd record this video came around. Regardless, I haven't missed a week yet and I wasn't going to start today! No great single stories of significance this week but I thought I'd share some insights into how life is gradually returning to a new kind of normal here. We've fared exceptionally well in Australi...

Spiders! Ok, not your normal start to a weekly update but yeah, we had a bit of an infestation this week which did take the mind of other current events for a while. Much of what's happened beyond that this week has resulted in various tweet storms; the Zoom credential stuffing situation, the Coronavirus tracking app (holy cow that has some "robust" debate around it) and the (seemingly endless) thread of progress as I build up my Ubiquiti network. All that and more in the vid below ? [https://i...

Hot on the heels of onboarding the USA government to Have I Been Pwned last month [https://www.troyhunt.com/welcoming-the-usa-government-to-have-i-been-pwned/], I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team (CERT-IS [https://www.cert.is/]), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding...

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling [https://www.4cabling.com.au/]. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool. I've tweaked the levels a bit at that point to try and compensate, still not quite sure what happened but hopefull...

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents..."...

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: > Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog. No, no it wouldn't and there are all sorts of reasons why not. First among them is that if I was to add a link to your...

I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so... it's just all becoming a blur. But be that as it may, life marches on and this week like every other one before it was full of interesting cyber-things. I find the situation with Zoom in particular quite fascinating, particularly the willingness - even eagerness - that so many seem to have to throw the very tool that's bringing so many peop...

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach [https://www.troyhunt.com/we-take-security-seriously-otherwise/]. It seems that not much has changed since then: > “At...

This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the last couple of days. But, especially given the current circumstances, I'm pretty happy with the result ? This week's update covers those events plus the onboarding of the USA government onto HIBP, an announcement I...