A little while back, I wrote about Website enumeration insanity [https://www.troyhunt.com/website-enumeration-insanity-how-our-personal-data-is-leaked/] and how our personal data was being mishandled. In a nutshell, an enumeration risk boils down to a feature on a website allowing anyone to "ask" if a user exists on the website with the site then returning a positive or negative response. For example, to this day you can go to Adult Friend Finder's password reset page [https://adultfriendfinder...

Another week abroad, this time in the Netherlands and fortunately a combination of time out with the family and just a single workshop. Still, that workshop raised an interesting question around data retention in backups and how the right to erasure under GDPR will be handled. I discuss that from my tranquil little getaway in Leiden plus ponder what would happen if all my security decisions were one day put on public display. That and more in this week's update, then it's off to London! iTunes...

This has probably been the most relentless week I've had in one place since... I dunno. Forever? It was all in Oslo and all centred around the NDC event but it meant kicking off with a massive 2 day workshop (50 people - a record!), then an OWASP user group (followed by much beer), then workshop Tuesday, family arriving, social NDC event, event kick-off Wednesday, family sightseeing, a Pluralsight recording, shrimp cruise that night, NDC talk on Thursday, a short "how I failed talk" that night f...

It's week 2 of my 6-week European summer tour and I'm in Trondheim Norway which frankly, is a pretty awesome place: > Awesome spot ? pic.twitter.com/wBAYGShQNH [https://t.co/wBAYGShQNH] — Troy Hunt (@troyhunt) June 9, 2017 [https://twitter.com/troyhunt/status/873060637735231488] Being busy with workshops and talks means I'm always going somewhere or doing something so time is a bit limited, but I still managed to get out my Security Sense column this week. I also give some updates on some obse...

I'm in Belgium! After 35 hours of travel to Porto in Portugal then 2 days of workshop plus a user group there, I'm now in Leuven which is in the home of epic Belgium beer. I'm now into day 2 of another workshop here after having done a user group on Azure last night so it's turning into a very long week. Not a lot of new stuff to talk about blog wise, but I share what it's like doing these events and some of the things I learn along the way. iTunes podcast [https://itunes.apple.com/au/podcast/t...

I've been at the AusCERT conference [https://conference.auscert.org.au/] this week and whilst I scored a nomination for "Individual Excellence in Information Security", it wasn't meant to be this year (or the last 2 times!) but I did get a shiny certificate :) It was a great event and I really enjoyed meeting a heap of very cool people and doing a brand new talk on responsible disclosure. I'll share that once it's publicly accessible, AusCERT usually put these out to the world and I was really h...

You know what people really like? Government regulation! ...crickets... Ok, maybe not so much, but this one is actually really important. The General Data Protection Regulation [https://en.wikipedia.org/wiki/General_Data_Protection_Regulation] is an EU reg that kicks in on 25 May 2018 so we've got bang on a year to get organised. It's important within the EU because it relates to how data of their citizens and residents is handled and it's important outside the EU because the regulation can im...

Hang on - where did my week go?! WannaCry came out of the blue and accosted a big whack of my time starting first thing Saturday. And then, just as it was quietening down, I go and write about not turning off Windows Update and holy shit, did people come out of the woodwork to complain about that! Seriously, just read some of the comments there and the anger directed towards what (in my experience) is usually a pretty seamless process is palpable. More than the objections to updates themselves,...

You know what really surprised me about this whole WannaCry ransomware problem [https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/]? No, not how quickly it spread. Not the breadth of organisations it took offline either and no, not even that so many of them hadn't applied a critical patch that landed a couple of months earlier. It was the reactions to this tweet that really surprised me: > Why is malware effective? Because of idiotic advice like this: "Stop Wi...

I woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry incident is both new and scary in some ways and more of the same old stuff in others. Here's what I know and what the masses out there need to understand about this and indeed about ransomware in general. The ransom...