It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry. Enjoy ? [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] [https://playmusic.app.goo.gl/?ibi=com.goog...

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection [https://letsencrypt.org/stats/], browsers are increasingly naggy when anything isn't HTTPS [https://www.wired.com/story/google-chrome-https-not-secure-label/] and it's never been cheaper nor easier to HTTPS all your things [https://httpsiseasy.com/]. Which meant that this rathe...

It's been a pretty full week this one with a couple of talks in Sydney followed by another in Melbourne. Then, to top it all off, getting sick hasn't helped and oh boy did this one hurt. Good news is that even just a few hours after recording this video I'm feeling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon. That'll come, but not for a while yet. Oh - I forgot to mention it in the vid but I'm also now publishing this podcas...

Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means... it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time. On the infosec side of things, there's a a bunch of...

It's my first conference back in Australia since probably about May and I'm experiencing a rare luxury - not flying! I'm sticking to driving some big distances just to get a break from the tyranny that is check-in, security and airport lounges. Seriously, it was beginning to do my head in so now it's cruise control and podcasts for me in the foreseeable future. This week's travel has brought me to Sydney where the new iPhone got a good workout: > Night Mode on the iPhone 11 Pro is rather amazi...

Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers. But hey, at least the discussion...

Well, this will be the last weekly update done overseas for some time as I count down the return to beaches, sunshine and fantastic coffee (yes, I'm confident saying that even whilst in Italy!) It's been a non-stop trip with an attempt of a bit of downtime at the end of it, albeit with limited success. Regardless, this week I'm covering off the last few days travels, reflecting on 10 years of blogging and looking at a really cool use of HIBP related to net neutrality comments lodged at the FCC....

It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you think. Given the coming schedule (and a deep, deep desire for a few days of downtime), the next one might be more of the same so I hope it resonates! [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcas...

Hungary! And that's about as much intro as I'm going to do on that because this is going out super later and I'm writing this at the end of a very long day. Only other thing I'll mention is the audio - the Instamic failed to record again so it's now going firmly into the e-waste bin. Anyway, on a more positive note, enjoy the beautiful sights of the Hungarian parliament before you jump into this week's update: > Budapest! ?? pic.twitter.com/RBgc2ssfiR [https://t.co/RBgc2ssfiR] — Troy Hunt (@t...

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against. But firstly, let's just establish what's hap...