I'm doing this week's update a little back to front due to the massive incident in South Africa involving what looks like pretty much the entire population. I've spent the first half an hour just talking about that incident in a way that I hope is consumable for the layperson. I wanted to explain what these things many regular viewers understand as "data breaches" are, why I have them and pretty much everything else I know about the incident in South Africa. I'm hoping that explaining things via...

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know. Who Am I and Why Do I Have This Data? Some background context is important as I appreciate there's a lot of folks out there who haven't heard of me or what I...

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone [https://textslashplain.com/2017/10/18/chrome-field-trials/], but don't worry, it's coming very soon even if it hasn't yet arrived for yo...

It's another Pluralsight course! I actually recorded Emerging Threats in IoT [https://app.pluralsight.com/library/courses/play-by-play-emerging-threats-in-iot] with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: 1....

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack [https://www.troyhunt.com/when-children-are-breached-inside/], the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad... th...

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest. Regardless, it's mostly good but apologies for the patchy bits all the same....

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me. Breaches I'd never seen before. Some of them were known by the companies who'd previously made public disclosures; R...

Lots of writing and lots of other stuff too this week. A claim that HIBP is bogus, new breaches appearing (and oh boy, wait until you see all of these ones...), some new bits from Ubiquiti and then the actual writing of things. I've got a lot of material on the backlog too, including a really neat technical one I'm looking forward to pumping out this month. Today though, I wanted to talk about how I handle endorsements without selling my soul, the challenge of a very long digital paper trail (a...

Almost 2 and a half years ago to the day, I left the corporate world [https://www.troyhunt.com/today-marks-two-important-milestones/]. It's funny looking back on it because on the one hand, 2 and a half years isn't that long but on the other hand, it was a lifetime ago; my life is totally different today and in entirely positive ways. When I got that independence, suddenly I had a world of opportunities to choose from. I could do anything I wanted - and it was awesome! More Pluralsight courses,...

One of the by-products of an increasingly public profile is that companies want you to promote their things. You see this all the time in all walks of life whether it be product placement in movies, celebs sponsored by car companies or indeed the sponsor banner you see at the top of this blog. These companies benefit from the exposure granted to them by individuals with influence. The flip side is that the allure or money or free goods can taint the impartiality of said individual. For example,...