We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me. Breaches I'd never seen before. Some of them were known by the companies who'd previously made public disclosures; R...

Lots of writing and lots of other stuff too this week. A claim that HIBP is bogus, new breaches appearing (and oh boy, wait until you see all of these ones...), some new bits from Ubiquiti and then the actual writing of things. I've got a lot of material on the backlog too, including a really neat technical one I'm looking forward to pumping out this month. Today though, I wanted to talk about how I handle endorsements without selling my soul, the challenge of a very long digital paper trail (a...

Almost 2 and a half years ago to the day, I left the corporate world [https://www.troyhunt.com/today-marks-two-important-milestones/]. It's funny looking back on it because on the one hand, 2 and a half years isn't that long but on the other hand, it was a lifetime ago; my life is totally different today and in entirely positive ways. When I got that independence, suddenly I had a world of opportunities to choose from. I could do anything I wanted - and it was awesome! More Pluralsight courses,...

One of the by-products of an increasingly public profile is that companies want you to promote their things. You see this all the time in all walks of life whether it be product placement in movies, celebs sponsored by car companies or indeed the sponsor banner you see at the top of this blog. These companies benefit from the exposure granted to them by individuals with influence. The flip side is that the allure or money or free goods can taint the impartiality of said individual. For example,...

Ah, home! It's nice at home, I think I'll stay here. When I got back from Utah on Sunday I checked my TripIt and noticed I'd been away bang on 40% of the year but fortunately, that's it for the 2017 overseas stuff. That said, I've got a bunch of events lined up in Aus for the rest of the year and I'll talk more about those soon. This week, I've actually had some time to catch up on writing and pumped out a couple of blog posts that have been on my mind for some time. It's stuff I'm passionate a...

I've been thinking a lot about the relevance of formal education such as university degrees for those of us working in tech lately. Not just degrees, but various other forms of certifications so for the sake of simplicity, let's bundle it all up into "qualifications": > qualification /ˌkwɒlɪfɪˈkeɪʃ(ə)n/ Noun: a pass of an examination or an official completion of a course, especially one conferring status as a recognized practitioner of a profession or activity. This post has actually been in...

No matter how much anyone tries to sugar coat it, a service like Have I been pwned [https://haveibeenpwned.com/] (HIBP) which deals with billions of records hacked out of other peoples' systems is always going to sit in a grey area. There are degrees, of course; at one end of the spectrum you have the likes of Microsoft and Amazon using data breaches to better protect their customers' accounts [https://www.troyhunt.com/random-thoughts-on-the-use-of-breach-data/]. At the other end, there's servi...

What a week! Epic hardly describes the experience I've just had at Pluralsight Live in Utah, not least of which was this stage: No new writing this week but I did want to comment on the Equifax CSO degree story (and my poorly worded tweet about it) as well as the ongoing concern I keep hearing from people about biometric auth, especially in the US. So that's just a quick intro, I'm rushing this one out a bit as it seems that the one place in the world with worse connectivity than my home in A...

Hey, it's weekly update 52! That's almost a year's worth of weekly videos, next week will actually be that anniversary (ok, it's a day short, but close) and by that time I'll be over in Utah doing the Pluralsight Live [https://www.pluralsight.com/event-details/2017/live-2017] thing. I'm especially looking forward to this event, there's a huge amount of organisation gone into it and I think it'll be a really slick show. This week - Equifax. Wow. It's such a mess on so many levels and as I say in...

I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox: > "less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature": htt...