This is going to be a brief blog post but it's a necessary one because I can't load the data I'm about to publish into Have I Been Pwned [https://haveibeenpwned.com] (HIBP) without providing more context than what I can in a single short breach description. Here's the story: Kayo.moe [https://kayo.moe/] is a free, public, anonymous hosting service. The operator of the service (Kayo) reached out to me earlier this week and advised they'd noticed a collection of files uploaded to the site which a...

Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Shortly thereafter, the masses descend on said organisation and express their outrage at the stated position. Where it gets interesting (and this is the whole point of the post), is when another group of folks pop up and accuse the outraged group of doing a bit o...

It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast & Secure in Sydney on Wednesday then the Varonis webinar yesterday (recorded, I'll share once it's online). Be that as it may, I did manage to pump out a long-awaited blog post on the total cost of running Pwned Passwords in HIBP and its... 2.6c per day ? This week there's also a few random things ranging from online authenticity (the human kind), changes in Chrome 69 (there's some major visual security indic...

As time has gone by, one of the things I've enjoyed the most in running Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) is seeing how far I could make the dollars stretch. How big can it go whilst at the same time, running it on a shoestring? I keep finding new ways of optimising cost and the two most significant contributions to that since launching almost 5 years ago have come via serverless technology provided by 2 of my favourite tech companies: Cloudflare and Microsoft. By way of (v...

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn't mention it when I recorded, but there's already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post. Also, just in case...

I'm still pretty amazed at how much traction Pwned Passwords [https://haveibeenpwned.com/Passwords] has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice [https://www.troyhunt.com/pwned-passwords-in-practice-real-world-examples-of-blocking-the-worst-passwords/] which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too [https://blog.github.com/2018...

Home! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be in this location. I've gotta stay home more... This week, there's no new blog posts due to travel commitments so it's a bit shorter, but there's still the usual array of goings on. I update how the Mozilla testing with HIBP is going, I'm going to update my Ubiquiti network at home and I get a bit cranky about people installing spyware on other people's phones...

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week. But to do something a little more worthy of episode 100, I wanted to share a bit abo...

It's a traveling weekly update this week as I round out a couple of workshops in Sydney and head to Canberra. That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. This week, I'm talking about a couple of different data breaches and delve into the Adult-FanFiction one in particular. Just read that thread I link to in the references below, wow... But there's also...

Rounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fmodern-browser-security-reports] . This time, it's with Scott Helme [https://scotthelme.co.uk/] who for most of my followers, needs no introduction. You may remember Scott from such previous projects as securityheaders.io [https://securityheaders.com/], Report URI [https://report-uri.co...