What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-04-18 07:49:19 | Mandatory ISP data retention and the law of unintended consequences (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big | |||
|
2017-04-14 08:15:06 | Weekly update 30 (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.I didn't mean to talk for 42 minutes today, but somehow, I kinda ended up there. A good whack of that went to explaining how I'd done the subscription implementation you see below, especially as people had asked why there are two CAPTCHAs and indeed I wanted to explain why | |||
|
2017-04-13 08:43:54 | New Pluralsight Course: What Every Developer Must Know About HTTPS (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with | |||
|
2017-04-11 08:55:10 | Random thoughts on the use of breach data for protection of accounts (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.Someone sent me an email today which essentially boiled down to this: Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft | |||
|
2017-04-07 09:47:49 | New Pluralsight Course: Crafting a Brand for Growth and Prosperity (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.This whole "personal brand" thing is a really interesting space. I mean here we are talking about people as individuals such as you and I yet applying a term to us in the same way as we'd talk about brands like, say "Ferrari" or "Apple". I pick those simply because | |||
|
2017-04-07 08:33:06 | Weekly update 29 (lien direct) | Wow, what a crazy week! Three pretty serious blog posts, my Security Sense column plus a bunch of stuff I've been doing in the background around arranging travel for the European summer. I didn't mention it in my weekly update, but unfortunately I had a workshop in Dublin cancel due | |||
|
2017-04-06 19:39:08 | Here\'s where the Apple accounts hackers are threatening to wipe came from (lien direct) | The tech news recently has seen quite a lot of chatter about an alleged haul of Apple credentials, apparently about 250 million of them in all. Allegedly. Maybe. Or was it 300 million?. No - wait - it might have only been 200 million. The number itself has been the | |||
|
2017-04-06 07:14:17 | The importance of trust and integrity in a VPN provider (and how MySafeVPN blew it) (lien direct) | I went to Helsinki a couple of years ago. I was there running a security workshop for a local company and whilst in town, I caught up with Mikko Hypponen: Troy Hunt (@troyhunt) in Helsinki today. Troy's http://t.co/zOiZnkMpNo service is highly recommended! Use it. pic. | |||
|
2017-04-04 08:23:27 | Password managers don\'t have to be perfect, they just have to be better than not having one (lien direct) | LastPass had an issue the other day, a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants | Guideline | LastPass | |
|
2017-03-31 03:53:32 | Weekly update 28 (Sydney Harbour Bridge edition) (lien direct) | So the plan this week was to record the update whilst driving from Melbourne to Sydney with Lars Klint in the new car. And I did - record it that is - but due to some screwyness with Lars' GoPro, it turns out that "recording" is not the same as | |||
|
2017-03-24 07:48:25 | Is this hooded cyber-bandit the web\'s most prolific hacker? (lien direct) | I've been watching the cyber-news pretty closely lately and one of the biggest challenges we seem to have is attribution. I mean, stuff is getting hacked left right and centre but who's actually responsible?? I started paying closer attention and I reckon I've worked it out - it's mostly this | |||
|
2017-03-24 07:03:00 | Weekly update 27 (lien direct) | Another week down and looking back, I'm not sure precisely what I did. I mean I know I was busy, but you ever have one of those weeks where you just wonder where the time went? Although in fairness, a big chunk of it went to finishing off my latest | |||
|
2017-03-23 08:45:38 | Data breach disclosure 101: How to succeed after you\'ve failed (lien direct) | Organisations don't plan to fail. Probably the closest we get to that in the security space is password hashing, which for all intents and purposes is an acknowledgement that one day, you may well lose them. But organisations rarely plan for how they should handle data breaches and when an | |||
|
2017-03-21 03:15:15 | I just added another 140 data breaches to Have I been pwned (lien direct) | There's a seemingly endless flood of data breaches these days. Pretty much every day I get sent dumps from somewhere or other, usually websites I've never heard of and often dating back to compromises from years ago. They vary in size from thousands of accounts to many millions - and | |||
|
2017-03-17 07:10:03 | Weekly update 26 (jet ski edition) (lien direct) | Y'know, for all the talk of jet skis, I'd never actually done a weekly update on it. Until today. It's autumn here and the weather is still beautiful so I went for a quick blast and recorded this one. This week, there's my Security Sense column on the futility of | |||
|
2017-03-15 02:00:33 | We\'ve lost control of our personal data (including 33M NetProspex records) (lien direct) | Earlier this week, I read a really interesting piece on 3 things that need to be done to save the web. The first observation was that "we've lost control of our personal data" and the author went on to observe the following: As our data is then held in | |||
|
2017-03-10 07:48:04 | Weekly update 25 (lien direct) | This isn't intentional, but I know these updates are starting to get a bit longer. Ok, last week was a bit mega with Cloudbleed and Cloupets, but this week, well, I just talked until I felt I was done. Let me know if you think this is too long, not | |||
|
2017-03-06 08:26:54 | How I finally fixed the dodgy wifi on my jet ski with Ubiquiti\'s UniFi Mesh (lien direct) | There are many challenging aspects about being an Australian. For example, being terrorised by kangaroos: Being terrorised by koalas: Or my own unique challenge: not having a decent wifi signal whilst my jet ski is moored on the jetty out the back of the house. This makes every day, normal | |||
|
2017-03-03 07:31:35 | Weekly update 24 (lien direct) | Crikey, what a week! Between the two Cloud[thing] stories, most of the last 7 days has disappeared with research, writing, media and seeing the first Cloud[thing] turn into a bit of a non-event whilst recoiling in abject horror as the second Cloud[thing] continued to unfold. This ended | |||
|
2017-03-01 11:27:40 | A marathon (and a bit) in San Francisco, Lenovo Yoga 900 in tow (lien direct) | One of the best things I do on trips away is walk. It's a combination of things really; it's great for getting over jet lag, a fantastic way a seeing new places and if you do enough of it, a good workout too. I'll regularly walk 20+ kilometres when I've | |||
|
2017-02-27 21:01:38 | Data from connected CloudPets teddy bears leaked and ransomed, exposing kids\' voice messages (lien direct) | Only a couple of weeks ago, there were a lot of news headlines about how Germany had banned an internet-connected doll called "Cayla" over fears hackers could target children. One of their primary concerns was the potential risk to the privacy of children: conversations between the child and others can | |||
|
2017-02-25 08:49:24 | Pragmatic thoughts on #CloudBleed (lien direct) | It has a cool name and a logo - this must be serious! Since Heartbleed, bug branding has become a bit of a thing and more than anything, it points to the way vulnerabilities like these are represented by the press. It helps with headlines and I'm sure it does | |||
|
2017-02-24 07:55:27 | Weekly update 23 (lien direct) | I started out doing this weekly update with not much news to share due to being away running a workshop for a couple of days then sitting on planes and in airports for another day. It was only as I finished recording I saw both shattered.io and CloudBleed, both | |||
|
2017-02-20 17:38:41 | My 2017 European summer tour: talks, workshops and more! (lien direct) | These days, I find myself spending more and more time in Europe. Four trips last year and one already this year versus only a single trip to the US each year (which I'm still on). There just tends to be more demand for events and workshops and if I'm honest, | |||
|
2017-02-19 03:30:53 | Weekly update 22 (Golden Gate Bridge edition) (lien direct) | What an awesome spot for a weekly update! Just one of the sensational views I saw today, the first day I've completed a full marathon:
Ok, bit more than a marathon, 51.19km in total according to Runkeeper. Now frankly, I'm not overly keen on running (I just get bored) |
|||
|
2017-02-11 08:31:05 | Weekly update 21 (lien direct) | I got up this morning thinking "I need to do my weekly update today because it's Friday". Except it's not, and due to the joy that is international travel, I really had no idea what day it was! So bottom line, I'm a day late, but with me heading off | |||
|
2017-02-09 09:45:22 | One million subscribers later, here\'s the state of Have I been pwned (lien direct) | I hit a bit of a milestone last week with HIBP which I thought deserved a little celebration: Sometime today, @haveibeenpwned broke through the 1M verified subscriber mark. Having a quiet champagne alone before flying home 😀🾠pic.twitter.com/whIss3OXeO— Troy Hunt (@troyhunt) February 2, 2017 A million verified | |||
|
2017-02-07 08:44:04 | Introducing "fabricated" data breaches to Have I been pwned (lien direct) | I've written before about how I verify data breaches and discussed it at length in various conference talks. I take verification very seriously because misattribution can have serious consequences on the company involved, those in the alleged breach and indeed, on myself as well. To give you a sense of | |||
|
2017-02-03 22:01:42 | Weekly update 20 (Dubai airport edition) (lien direct) | It's the end of another big trip and time to take the long journey home. This time it's Copenhagen to London, then Dubai, then finally Brisbane and a ride home to the Gold Coast. It's been a busy week in the lead up to the travel too with lots of | Guideline | ||
|
2017-01-30 12:07:02 | HTTPS adoption has reached the tipping point (lien direct) | That's it - I'm calling it - HTTPS adoption has now reached the moment of critical mass where it's gathering enough momentum that it will very shortly become "the norm" rather than the exception it so frequently was in the past. In just the last few months, there's been some | |||
|
2017-01-27 16:03:02 | Weekly update 19 (brewery edition) (lien direct) | Supercar factory last week. Brewery this week. This is how it's done! As I've written before, despite the many awesome moments these trips have, they're enormously busy with a huge amount jammed into them. This week I talk about travels in Belgium, how they crashed HIBP with a massive surge | |||
|
2017-01-27 07:30:00 | Thoughts on the LeakedSource take down (lien direct) | Yesterday, the website known as "LeakedSource" went offline. It's still early days and there's not yet an official word on exactly what happened, but the unfolding story seems to be as follows: Yeah you heard it here first. Sorry for all you kids who don't have all your own Databases. | |||
|
2017-01-20 17:22:28 | Weekly update 18 (McLaren edition) (lien direct) | How's this for a spot to be?! This week I'm at the McLaren factory in Woking just outside London courtesy of a kind invite from a friendly Twitter follower. On Sunday, I was shown around some great spots in London by another one and as I've said before, I've only | |||
|
2017-01-13 00:45:43 | Weekly update 17 (the veranda edition) (lien direct) | This is a somewhat shorter, very tired version of my weekly update. As I say in the video, preparing for the NDC conference in London next week has been extremely taxing with two new talks and a bunch of other activities to organise. I didn't mention it in the vid, | |||
|
2017-01-10 08:11:42 | A data breach investigation blow-by-blow (lien direct) | Someone has just sent me a data breach. I could go and process the whole thing, attribute it to a source, load it into Have I been pwned (HIBP) then communicate the end result, but I thought it would be more interesting to readers if I took you through the | |||
|
2017-01-06 07:32:48 | Weekly update 16 (lien direct) | It's a new year! Which means looking back at the old year and while I'm there, also looking back at how much we didn't know we didn't know. This week I also permanently nuked all remaining remnants of the ad network given the success of the sponsorship model and that | |||
|
2017-01-05 10:29:32 | I just permanently removed all ad network code from my blog (lien direct) | I don't mind ads on websites as a concept, that is I don't mind the idea of a message appearing somewhere that helps the producer of said content earn a crust. However, there are other things about ads that I do mind enormously and most of them are due to | |||
|
2017-01-01 08:49:34 | 2016 retrospective (lien direct) | I never used to do these "year in review" style things, but 2015 was a really foundational year for me in many ways so I wrote a 2015 retrospective. Thinking about it over the last few weeks as we approached the end of 2016, a bunch of stuff really stuck | |||
|
2016-12-30 10:53:33 | Weekly update 15 (the poolside edition) (lien direct) | Last one of the year! And yes, it's summer, it's hot and I'm doing it by the pool. However, as I say in the intro, it's only a fortnight until I'll be back in London which is about as far away as you get in every sense. On a more | |||
|
2016-12-29 09:15:02 | 10 ways for a conference to upset their speakers (lien direct) | I was preparing for an upcoming event the other day and very nonchalantly fired off a tweet whilst doing so: As a conference speaker, about the most annoying thing you can ask me to do is to use your slide template...— Troy Hunt (@troyhunt) December 16, 2016 Within short | |||
|
2016-12-23 06:30:47 | Weekly update 14 (lien direct) | Almost done for the year and I've gone beach-style, if not in location then at least in attire. Xmas in Australia is all about the outdoors, the water and usually generous helpings of cold prawns so a little bit different to many places. But like everywhere else, the cyber things | |||
|
2016-12-22 09:39:04 | All websites have something of value for attackers: reputation (lien direct) | I was shopping around for a new exhaust system for the car the other and I found exactly what I wanted via a seller on Facebook. I really wanted to get some more specs on it though so I did what any normal person would do and Googled for it, | |||
|
2016-12-21 08:27:56 | The Ethereum forum was hacked and they\'ve voluntarily submitted the data to Have I been pwned (lien direct) | The title says it all and the details are on their blog, but there's still a lot to talk about. Self-submission to HIBP is not a new thing (TruckersMP was the first back in April), but it's extremely unusual as here you have an organisation saying "we got hacked, we'd | |||
|
2016-12-19 08:24:42 | Journey to an extended validation certificate (lien direct) | Trust is a really difficult thing to define. Think about it in the web security context - how do you "trust" a site? Many people would argue that trust decisions are made on the familiarity you have with the brand, you know, brands like LinkedIn, Dropbox, Adobe... who've all had | |||
|
2016-12-16 07:13:29 | Weekly update 13 (lien direct) | This week begins with the biggest of big breaches - the one that finally broke the big "B" - Yahoo (version 2). It's a massive story and I spent a lot of time yesterday answering media queries about hacker things related to data breaches. I talk about that at the | Yahoo | ||
|
2016-12-14 20:44:49 | Get to grips with internet security basics, courtesy of Varonis (lien direct) | Most readers here understand security fundamentals. They know what makes a strong password, what the padlock in the address bar above means, why software updates are important, the value of locking their mobile devices and some of dangers we face with the internet of things. But equally, most of our | |||
|
2016-12-12 21:21:53 | Careers in security, ethical hacking and advice on where to get started (lien direct) | Many people will disagree with this post, not so much because it's flat out wrong but because there are so many different approaches one can take. It's a very subjective realm but I'm going to put forward some suggestions, make some considered arguments and leave it at that. The context | |||
|
2016-12-09 04:57:33 | Weekly update 12 (lien direct) | This was a pretty jam-packed week which kicked off with the crazy, crazy Indian pathology data leak. You'll sense my frustration with the whole thing and frankly, I still can't quite get over it. Be that as it may, stuff like this provides us with endless material that speaks to | |||
|
2016-12-07 20:32:48 | How Chrome\'s buggy content security policy implementation cost me money (lien direct) | Content security policies (CSPs) can be both a blessing and a curse. A blessing because they can do neat stuff like my recent piece on upgrading insecure requests yet a curse because they can also do screwy things like break your site. Now in fairness, the breaking bit linked to | |||
|
2016-12-05 21:47:09 | Here\'s 1.4 billion records from Have I been pwned for you to analyse (lien direct) | I get a lot of requests from people for data from Have I been pwned (HIBP) that they can analyse. Now obviously, there are a bunch of people up to no good requesting the data but equally, there are many others who just want to run statistics. Regardless, the answer |
To see everything:
Our RSS (filtrered)
