When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog post, I didn't have anyone in my family able to teach me about coding. For many kids today, that last point is still just as relevant as it was in the 80's and 90's with one major caveat - it doesn't have to be. Te...

Kangaroos! I've been trying to line these guys up for weeks to no avail but finally, they've delivered. Speaking of delivering, I actually got 3 blog posts out this week which I've not done for a while, the most significant of which relates to "data enrichment" companies (also often referred to as "data aggregators"). I have a fundamental issue with the very premise of how these firms operate and I'm getting a little sick of finding my own data in there. Have a listen and see what you think, but...

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 [https://www.zdnet.com/article/millions-of-records-leaked-from-huge-corp...

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch [https://www.troyhunt.com/do-you-really-want-bank-grade-security/], but the fact remains that people have high expectations of how banks should commu...

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches [https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/] by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the r...

Yes, I'm in my car. I'm completely disorganised, rushing to the next event and really didn't plan this very well. But hey, what an awesome little soundproof booth it is! That said, I did keep this week deliberately concise... until I went to edit it and then Adobe Premiere (or the NVIDIA drivers on my laptop) decided to turn a 16 minute video clip into a multi-hour shit-fight. That's before the multi-hour upload process too because "Australia" ? [https://itunes.apple.com/au/podcast/troy-hunts-w...

It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry. Enjoy ? [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi=com.goog...

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection [https://letsencrypt.org/stats/], browsers are increasingly naggy when anything isn't HTTPS [https://www.wired.com/story/google-chrome-https-not-secure-label/] and it's never been cheaper nor easier to HTTPS all your things [https://httpsiseasy.com/]. Which meant that this rathe...

It's been a pretty full week this one with a couple of talks in Sydney followed by another in Melbourne. Then, to top it all off, getting sick hasn't helped and oh boy did this one hurt. Good news is that even just a few hours after recording this video I'm feeling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon. That'll come, but not for a while yet. Oh - I forgot to mention it in the vid but I'm also now publishing this podcas...

Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means... it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time. On the infosec side of things, there's a a bunch of...