It's 2018! All new year and already someone has gone and broken our computer things courtesy of the Meltdown and Spectre bugs. I only touch briefly on them in this week's update and I refer people to my Twitter timeline for good coverage I've shared. However, there's one resource which stands out above the others and it's this thread from Graham Sutherland [https://twitter.com/gsuberland/status/948907452786933762]. If you want to get a good overview quickly, start there. In other news, I talk a...

I look back a lot more than what I suspect people realise. Not in a reminiscent way, but rather because I find it helps me put things in perspective. A lot of people like to set personal goals or objectives so that there's something specific they're setting out to achieve but for me personally, I just want to see progress. I want to be able to do these retrospectives - not just on Jan 1 but every day - and say to myself "yeah, I'm happy with how far I've moved ahead". And believe me when I say t...

It's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But I did eventually record a full update and in an otherwise slow news week, I thought I'd talk a little bit about Xmas down under in Australia. About 93% of visitors to my blog this year have been from other parts of the world (most notabl...

Regular readers will know I create a lot of Pluralsight courses. It's now 5 years ago I started writing my first one [https://www.troyhunt.com/introducing-owasp-top-10-for-aspnet-on/] which incidentally, is still my highest rated course every month (apparently the OWASP Top 10 as it relates to ASP.NET is still a big thing). Most of the time, the courses I create are on topics I know well, primarily on security but occasionally with a bit of cloud and development practices sprinkled in for variet...

This week, it's all about fixing data breaches. Following on from my Congressional testimony last month, I committed to writing about how we can address the root causes which has led to the 5-part epic that was this week's posts. These posts consumed a huge amount of time this week which is why the weekly update is going up a day late, but it's here now and it's a whopper! iTunes podcast [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] | Google Play Music pod...

In the first 4 parts of "Fixing Data Breaches", I highlighted education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/], data ownership and minimisation [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], the ease of disclosure [https://www.troyhunt.com/fixing-data-breaches-part-3-the-ease-of-disclosure/] and bug bounties [https://www.troyhunt.com/fixing-data-breaches-part-4-bug-bounties/] as ways of addressing the problem. It was inevitable tha...

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws. I went on to data ownership and minimisation [https...

This week, I've been writing up my 5-part guide on "Fixing Data Breaches". On Monday I talked about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], namely by collecting a lot less data in the first place then recognising that it belongs to the...

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server c...

We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem [https://www.troyhunt.com/heres-what-im-telling-us-congress-about-data-breaches/]. My full written testimony is in that link and it talks about many of the issue we face today and the impact data br...