I didn't mean to talk for 42 minutes today, but somehow, I kinda ended up there. A good whack of that went to explaining how I'd done the subscription implementation you see below, especially as people had asked why there are two CAPTCHAs and indeed I wanted to explain why I'd even added the feature in the first place. Anyway, I've had hundreds of people sign up to it since yesterday so hopefully it's proving useful to those folks (I did end up fixing that IE bug too). There's that plus some com...

It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1348902]: > Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International is not wanted and was put there without our permission....

Someone sent me an email today which essentially boiled down to this: > Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft reports risk events [https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events#leaked-credentials] , one of which is the discovery of leaked credentials that match those...

This whole "personal brand" thing is a really interesting space. I mean here we are talking about people as individuals such as you and I yet applying a term to us in the same way as we'd talk about brands like, say "Ferrari" or "Apple". I pick those simply because they're two of the strongest, most recognisable brands I can think of which makes it a whole lot easier to draw some of the parallels I'm about to. The first thought I really gave to brand was about 7 and a half years ago when I wrot...

Wow, what a crazy week! Three pretty serious blog posts, my Security Sense column plus a bunch of stuff I've been doing in the background around arranging travel for the European summer. I didn't mention it in my weekly update, but unfortunately I had a workshop in Dublin cancel due to an unexpected change on their end so I had to fill that gap. The good news is that it took all of 24 hours and I lined up another one in Amsterdam which actually works out better due to me doing a subsequent one a...

The tech news recently has seen quite a lot of chatter about an alleged haul of Apple credentials [http://www.zdnet.com/article/apple-icloud-ransom-what-you-need-to-know/], apparently about 250 million of them in all. Allegedly. Maybe. Or was it 300 million? [https://www.macrumors.com/2017/03/22/apple-ransom-300m-icloud-accounts-claim/]. No - wait - it might have only been 200 million [http://mashable.com/2017/03/21/hackers-icloud-accounts-ransom/#VyYFdlgLMkqN]. The number itself has been the so...

I went to Helsinki a couple of years ago. I was there running a security workshop for a local company and whilst in town, I caught up with Mikko Hypponen [https://twitter.com/mikko]: > Troy Hunt (@troyhunt [https://twitter.com/troyhunt]) in Helsinki today. Troy's http://t.co/zOiZnkMpNo service is highly recommended! Use it. pic.twitter.com/lf59Hz7zvI [http://t.co/lf59Hz7zvI] — Mikko Hypponen (@mikko) May 28, 2015 [https://twitter.com/mikko/status/603890257814278144] Now Mikko is a very inter...

LastPass had an issue the other day [https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/] , a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants an RCE vuln in their software - but as is prone to happen with these incidents, some people went about promptly...

So the plan this week was to record the update whilst driving from Melbourne to Sydney with Lars Klint [https://larsklint.com/] in the new car. And I did - record it that is - but due to some screwyness with Lars' GoPro, it turns out that "recording" is not the same as "actually saving it to the SD card". Fortunately, I successfully capture a review we did on the car and I'll look at editing that up later on, but for now there's a short clip on Twitter [https://twitter.com/troyhunt/status/847255...

I've been watching the cyber-news pretty closely lately and one of the biggest challenges we seem to have is attribution. I mean, stuff is getting hacked left right and centre but who's actually responsible?? I started paying closer attention and I reckon I've worked it out - it's mostly this guy: He fits the profile to a tee - hoodie, obfuscated face and an apparent love of binary, all calling cards of the modern day cyber-hacker. As you can clearly see from the image, he's suspected of perp...