It's another Pluralsight course! I actually recorded Emerging Threats in IoT [https://app.pluralsight.com/library/courses/play-by-play-emerging-threats-in-iot] with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: 1....

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack [https://www.troyhunt.com/when-children-are-breached-inside/], the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad... th...

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest. Regardless, it's mostly good but apologies for the patchy bits all the same....

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me. Breaches I'd never seen before. Some of them were known by the companies who'd previously made public disclosures; R...

Lots of writing and lots of other stuff too this week. A claim that HIBP is bogus, new breaches appearing (and oh boy, wait until you see all of these ones...), some new bits from Ubiquiti and then the actual writing of things. I've got a lot of material on the backlog too, including a really neat technical one I'm looking forward to pumping out this month. Today though, I wanted to talk about how I handle endorsements without selling my soul, the challenge of a very long digital paper trail (a...

Almost 2 and a half years ago to the day, I left the corporate world [https://www.troyhunt.com/today-marks-two-important-milestones/]. It's funny looking back on it because on the one hand, 2 and a half years isn't that long but on the other hand, it was a lifetime ago; my life is totally different today and in entirely positive ways. When I got that independence, suddenly I had a world of opportunities to choose from. I could do anything I wanted - and it was awesome! More Pluralsight courses,...

One of the by-products of an increasingly public profile is that companies want you to promote their things. You see this all the time in all walks of life whether it be product placement in movies, celebs sponsored by car companies or indeed the sponsor banner you see at the top of this blog. These companies benefit from the exposure granted to them by individuals with influence. The flip side is that the allure or money or free goods can taint the impartiality of said individual. For example,...

Ah, home! It's nice at home, I think I'll stay here. When I got back from Utah on Sunday I checked my TripIt and noticed I'd been away bang on 40% of the year but fortunately, that's it for the 2017 overseas stuff. That said, I've got a bunch of events lined up in Aus for the rest of the year and I'll talk more about those soon. This week, I've actually had some time to catch up on writing and pumped out a couple of blog posts that have been on my mind for some time. It's stuff I'm passionate a...

I've been thinking a lot about the relevance of formal education such as university degrees for those of us working in tech lately. Not just degrees, but various other forms of certifications so for the sake of simplicity, let's bundle it all up into "qualifications": > qualification /ˌkwɒlɪfɪˈkeɪʃ(ə)n/ Noun: a pass of an examination or an official completion of a course, especially one conferring status as a recognized practitioner of a profession or activity. This post has actually been in...

No matter how much anyone tries to sugar coat it, a service like Have I been pwned [https://haveibeenpwned.com/] (HIBP) which deals with billions of records hacked out of other peoples' systems is always going to sit in a grey area. There are degrees, of course; at one end of the spectrum you have the likes of Microsoft and Amazon using data breaches to better protect their customers' accounts [https://www.troyhunt.com/random-thoughts-on-the-use-of-breach-data/]. At the other end, there's servi...