Alrighty, 2 big things to discuss today and I'll jump right into them here:
Exactis: it's hard to know where to even start with this one and frankly, the more I think about the more frustrated I am that services like this even exist in the first place. But they do and it's worthwhile being aware of them so have a listen to the video this week and check out the links I've shared below.
Why No HTTPS? This is Scott Helme's and my little project which turned out to be a much bigger project but one that was definitely worthwhile doing. We need to do some work on this to refine the results and get it all automating, but it's already driving people towards the right behaviour in terms of doing HTTPS consistently and properly so we're very happy about that ?
References
- Exactis who provide "people data for a digital world" are an aggregator and seller of your data (also, no HTTPS, just sayin')
- Exactis also published their entire DB to the internet without realising it (that WIRED piece is pretty good and well worth a read)
- Exactis had a huge amount of data they were compiling on people (link through to a paste with a JSON sample)
- Why No HTTPS? (this has had a heap of interest since we launched it and Scott and I super happy with the results so far)
- I explain a lot of the nuances in the launch blog post (it's not always cut-and-dry as to whether a site supports HTTPS or not)
- Get the raw data we use for "Why No HTTPS?" (this is Scott's service where he's dumping everything for public consumption)
- Matchlight by Terbium Labs is sponsoring my blog this week (they're wanting to catch up with folks at Black Hat, check them out via the link)