Running Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if...

Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI. This is massive for us, and very, very unexpected too. We talk about why this wee...

I don't normally do back-to-back blog posts, but this was no normal week! I just posted about how I won the European Security Blogger Award Grand Prix Prize for the Best Overall Security Blog [https://www.troyhunt.com/i-just-won-the-european-security-blogger-award-grand-prix-prize-for-the-best-overall-security-blog] and per the title of this post, a couple of hours later Scott Helme and I backed it up with this at the SC Awards [http://www.scawardseurope.com/]: > To us! ? #SCAwards2018 [https:...

I'm not sure how I found myself in a European award program, maybe it's like Australians in Eurovision [https://en.wikipedia.org/wiki/Australia_in_the_Eurovision_Song_Contest]? But somehow, I wiggled my way into The European Security Blogger Awards [https://www.surveymonkey.com/r/EUBloggerAwards2018] and before even having a chance to come down off the high that was last week's Award for Information Security Excellence at the AusCERT conference in Australia [https://www.troyhunt.com/auscert-and...

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks. I also killed off the non-anonymous endpoints of Pwned Passwords today so it's k-anonymity all the way now...

I've been at the AusCERT conference [https://conference.auscert.org.au/] this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: > Off to #AusCERT2018 [https://twitter.com/hashtag/AusCERT2018?src=hash&ref_src=twsrc%5Etfw]! It’s all blue outside today, what an awesome day for a short walk fro...

Back in August, I pushed out a service as part of Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/] via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines [https://www.nist.gov/itl/tig/special-publ...

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned [https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/] (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely, .gov.uk and .gov.au - as well as across a handful of their oth...

Well it's all quietened down here with Scott gone so it's back to business as usual, which means, well, it's not very quiet at all! I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: > #cyber [https://twitter.com/hashtag/cyber?src=hash&ref_src=twsrc%5Etfw] pic.twitter.com/CIMDhPfKIP [https://t.co/CIMDhPfKIP] — Troy Hunt (@troyhunt) May 23, 2018 [...

Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things? As the value of wha...