Security

If you're here reading this then it probably won't come as a big surprise but brace yourself anyway - we have a security problem. Yes, yes, I know, it's all very terrifying and not a day goes by where someone isn't getting cyber-something'd. As best I can tell from the news, it's pretty much all to do with guys in hoodies sitting at green screens pwning all our things. I'm quite sure that's the case, I even did a quick check on Google to confirm: I talk about these crazy hacker perceptions in...

Let me make it crystal clear in the opening paragraph: this incident is not about any sort of security vulnerability on GitHub's behalf, rather it relates to a trove of data from their site which was inappropriately scraped and then inadvertently exposed due to a vulnerability in another service. My data. Probably your data if you're in the software industry. Millions of people's data. On Saturday, a character in the data trading scene popped up and sent me a 594MB file called geekedin.net_mirr...

I have multiple Yahoo data breaches. I have a Twitter data breach. I have Facebook data breaches. I know they are data breaches from those sources because people told me they are, ergo, they're data breaches. Except they're not - they're all fake. Problem is though, fake data breaches don't make for a very good headline nor do they give you something worth trading; for many people, it's not in their best interests to establish what's fake and what's not. Earlier this year I wrote about how I ve...

I write a blog with a lot of security things on it so understandably, it upsets me somewhat when my site throws security warnings: I'd had a number of people report this and indeed I'd seen it myself, albeit transiently. Diving into the console, I found the source of the problem: Who the hell is Circulate?! And what are they doing in my blog? Let's find out: Right... I don't have any ads on my blog these days (just sponsor messages) so there shouldn't be any third-party monetisation goi...

I've done a number of "Play by Play" courses for Pluralsight this year on a range of topics including Social Engineering with my mate Lars Klint [http://app.pluralsight.com/courses/play-by-play-social-engineering], Deconstructing the Hack with my mate Gary Eimerman [http://app.pluralsight.com/courses/play-by-play-ethical-hacking-deconstructing-hack] , Modernizing Your Deployment Strategy with Octopus Deploy with my mate Damo Brady [http://app.pluralsight.com/courses/play-by-play-modernize-with-...

My son turned 7 earlier this month. I've been getting him into coding [https://www.troyhunt.com/kids-and-code-simple-programming-on/] and teaching him the fundamentals of using a PC which I reckon is a pretty essential life skill these days. Part of that is helping him to understand the principle of secrets, namely that he should protect the PIN he's using to sign in to his Windows 10 machine. He's good at it too, being sure to shield the little laptop from view whenever he uses it with others a...

I don't give blood as much as I should. My wife has a much better track record than me, regularly donating not just blood but plasma and platelets as well. I know this not just because it's the sort of thing we talk about, but because her data - along with mine - has been leaked publicly in what I believe is the largest ever leak of Aussie data from a local service. Because of the coverage this incident will inevitably receive, I'm writing this piece in advance of them publicly disclosing it in...

We've all had bad neighbours before. Perhaps they were noisy, maybe the kids ran riot or they could have been just continually snaring all the visitor parking spots in your apartment building (bastards). But last week, someone popped up with another bad neighbour story which was quite different to usual... Fellow MVP Paul Cunningham runs a blog over at paulcunningham.me [https://paulcunningham.me/] and for the most part, it looks like any other ordinary blog: Now being a forward-thinking blo...

I was on another whirlwind trip back in July, this time to a bunch of spots in the US which included Chicago where Pluralsight has one of their offices. The last time I was there I'd recorded a "Play by Play" course which is video recorded rather than a screen cast like so many of my others. It meant myself and someone else (in this case, Gary Eimerman [https://twitter.com/GaryEimerman] who's part of the Pluralsight team) actually sitting in front of the camera talking about security as well as...

Last week Google announced some changes to Chrome [https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html], specifically that come January 2017, practices like this [https://www.troyhunt.com/thank-you-waitrose-now-fix-your/] are going to start resulting is browser warnings: That's just one of many such examples I've called out in the past and frankly, I have about zero sympathy for those who are doing this in the first place so a browser warning is only right. But here's...