A Twitterer sent me this a few days ago: > .@troyhunt [https://twitter.com/troyhunt] you've got SSL issues in Chrome 58+ on @ASafaWeb [https://twitter.com/ASafaWeb] pic.twitter.com/qtUiMxV9tW [https://t.co/qtUiMxV9tW] — Jonathan (@Eonasdan) April 13, 2017 [https://twitter.com/Eonasdan/status/852523365076267008] Now normally when I get a report about an SSL thing not working (by which we mean TLS, but we say SSL anyway), I jump on over to SSL Labs (see?!) and run a report I can then direct peo...

Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big whack of our internet browsing history just in case. The theory these genius policy makers have is that if they can probe into all our lives far enough, they'll be able to see when we're doing terrori...

I didn't mean to talk for 42 minutes today, but somehow, I kinda ended up there. A good whack of that went to explaining how I'd done the subscription implementation you see below, especially as people had asked why there are two CAPTCHAs and indeed I wanted to explain why I'd even added the feature in the first place. Anyway, I've had hundreds of people sign up to it since yesterday so hopefully it's proving useful to those folks (I did end up fixing that IE bug too). There's that plus some com...

It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1348902]: > Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International is not wanted and was put there without our permission....

Someone sent me an email today which essentially boiled down to this: > Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft reports risk events [https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events#leaked-credentials] , one of which is the discovery of leaked credentials that match those...

This whole "personal brand" thing is a really interesting space. I mean here we are talking about people as individuals such as you and I yet applying a term to us in the same way as we'd talk about brands like, say "Ferrari" or "Apple". I pick those simply because they're two of the strongest, most recognisable brands I can think of which makes it a whole lot easier to draw some of the parallels I'm about to. The first thought I really gave to brand was about 7 and a half years ago when I wrot...

Wow, what a crazy week! Three pretty serious blog posts, my Security Sense column plus a bunch of stuff I've been doing in the background around arranging travel for the European summer. I didn't mention it in my weekly update, but unfortunately I had a workshop in Dublin cancel due to an unexpected change on their end so I had to fill that gap. The good news is that it took all of 24 hours and I lined up another one in Amsterdam which actually works out better due to me doing a subsequent one a...

The tech news recently has seen quite a lot of chatter about an alleged haul of Apple credentials [http://www.zdnet.com/article/apple-icloud-ransom-what-you-need-to-know/], apparently about 250 million of them in all. Allegedly. Maybe. Or was it 300 million? [https://www.macrumors.com/2017/03/22/apple-ransom-300m-icloud-accounts-claim/]. No - wait - it might have only been 200 million [http://mashable.com/2017/03/21/hackers-icloud-accounts-ransom/#VyYFdlgLMkqN]. The number itself has been the so...

I went to Helsinki a couple of years ago. I was there running a security workshop for a local company and whilst in town, I caught up with Mikko Hypponen [https://twitter.com/mikko]: > Troy Hunt (@troyhunt [https://twitter.com/troyhunt]) in Helsinki today. Troy's http://t.co/zOiZnkMpNo service is highly recommended! Use it. pic.twitter.com/lf59Hz7zvI [http://t.co/lf59Hz7zvI] — Mikko Hypponen (@mikko) May 28, 2015 [https://twitter.com/mikko/status/603890257814278144] Now Mikko is a very inter...

LastPass had an issue the other day [https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/] , a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants an RCE vuln in their software - but as is prone to happen with these incidents, some people went about promptly...