Loads of bits and pieces this week ranging from travel (including something truly awesome that I can't go into detail on just yet) to Report URI to HIBP. There's also the competition for the Lenovo ThinkPad where I talk about the 4 finalists and if you're reading this within about 18 hours of me posting it, you can still vote for them here: > It's time to vote! I've picked the best 4 projects using the @haveibeenpwned [https://twitter.com/haveibeenpwned?ref_src=twsrc%5Etfw] API to do some reall...

Here's something I hear quite a bit when talking about security things: > Our site isn't a target, it doesn't have anything valuable on it This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes. So what upside is there for an attacke...

I've actually had a day off today. Well mostly - I am still writing this piece and publishing a data breach - but I've pretty much spent the day between pool, beach and jet ski hence my being a bit dishevelled today ? Be that as it may, it's been a massive week and that's primarily due to the launch of Report URI V2 and in particular, the announcement that I've joined Scott in running the project. I've contributed dollars, social leverage and expertise because I genuinely think it's an awesome...

It seems that there is no limit to human ingenuity when it comes to working around limitations within one's environment. For example, imagine you genuinely wanted to run a device requiring mains power in the centre of your inflatable pool - you're flat out of luck, right? Wrong! Or imagine there's a fire somewhere but the hydrant is on the other side of train tracks and you really want to put that fire out but trains have still gotta run too - what options are you left with? None? Wrong again...

What if I told you... that you can get visitors to your site to automatically check for a bunch of security issues. And then, when any are found, those visitors will let you know about it automatically. And the best bit is that you can set this up in a few minutes and add it to your site with zero risk. Or if you like, set it up so that it can automatically block certain types of attacks. It's not an expensive appliance, it's not a wacky browser extension and it's not some weird proprietary cod...

I'm between (short domestic) trips, I'm playing with my new iPad and I'm working on something really, really cool I'm going to be talking about next week. Seriously, this is a big thing that's been in the works for a while now and I'll be covering it in detail in the next update. For now, I've caught up on the whole IoT warning thing I totally overlooked last week. Frankly, it's just as well given how long that one was, the whole South Africa situation is still a very serious incident that has...

Current status: The competition has run and been won! Scroll down to the bottom for the result. Friends who follow what I'm up to these days will see that I'm often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I'm writing this now) and a lot of time in hotel rooms. Want to know how I churn out so much content? It's using that otherwise wasted down time to do useful things. But to do that, I need to be produ...

I'm doing this week's update a little back to front due to the massive incident in South Africa involving what looks like pretty much the entire population. I've spent the first half an hour just talking about that incident in a way that I hope is consumable for the layperson. I wanted to explain what these things many regular viewers understand as "data breaches" are, why I have them and pretty much everything else I know about the incident in South Africa. I'm hoping that explaining things via...

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know. Who Am I and Why Do I Have This Data? Some background context is important as I appreciate there's a lot of folks out there who haven't heard of me or what I...

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone [https://textslashplain.com/2017/10/18/chrome-field-trials/], but don't worry, it's coming very soon even if it hasn't yet arrived for yo...