Mastodon

Weekly Update 95

13 July 2018

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die ? It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means.

But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Passwords V3. But if I'm honest, it's the post and associated video on HTTPS and static websites I enjoyed the most and based on the number of likes in the launch tweet, it's really hit a sweet spot:

Yet amazingly, as I type this I'm watching my Twitter feed fill with arguments about the feasibility of attacks, how Google is being an unfair bully and how Scott wasn't very nice when he referred to HTTPS-naysayers as "anti-vaxxers". But this is just a fleeting thing, in the grand scheme of it all, and in the near future we'll all look back and wonder what the fuss was about as secure connections become the norm. For those struggling to accept the change, I suggest having a read of Who Moved My Cheese? An Amazing Way to Deal with Change in Your Work and in Your Life. (True story: this was a corporate mandate in my last job as we were going through a round of layoffs!)

Listen on Apple Podcasts
Get it on Google Play
Download via RSS

References

  1. There were a bunch of data breaches I discussed this week including:
    2. Domain Factory in Germany
    3. Polar Fitness and military personnel tracking
    4. Timehop got popped...
    5. ...but their breach disclosure message is awesome
    6. Cyanweb's breach disclosure message is terrible
  2. Check out Stefán Jökull Sigurðarson's poll on how to handle a customer with a pwned password (wow, you people are ruthless!)
  3. I loaded a 111 million record credential stuffing list called "Pemiblanc" (and heaps of people asked for their password from the data so...)
  4. I published Pwned Passwords V3 (which, of course, includes all the Pemiblanc passwords so hopefully that helps people who found themselves in that data set)
  5. Your static website needs HTTPS (I kinda love this video, it was fun and the feedback has been sensational)
  6. Netsparker is sponsoring my blog again this week (still my favourite security tool after all these years!)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications