What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-23 04:45:27 | Weekly update 53 (Salt Lake City edition) (lien direct) | Presently sponsored by: Get a security solution that will keep your website up and running-and keep you sleeping soundly: Symantec Website Security. Learn howWhat a week! Epic hardly describes the experience I've just had at Pluralsight Live in Utah, not least of which was this stage:
No new writing this week but I did want to comment on the Equifax CSO degree story (and my poorly worded tweet about it) as well as... |
Equifax | ||
|
2017-09-15 07:44:40 | Weekly update 52 (lien direct) | Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.Hey, it's weekly update 52! That's almost a year's worth of weekly videos, next week will actually be that anniversary (ok, it's a day short, but close) and by that time I'll be over in Utah doing the Pluralsight Live thing. I'm especially looking forward to this event, there's a... | |||
|
2017-09-14 08:45:41 | Face ID, Touch ID, No ID, PINs and Pragmatic Security (lien direct) | Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I... | |||
|
2017-09-08 07:37:41 | Weekly update 51 (Melbourne edition) (lien direct) | Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Really quick intro as I rush between events today: I'm in Melbourne and have just finished a "Hack Yourself First" workshop then it's OWASP conference time tomorrow. It's been a mostly fun week with a couple of oddball experiences thrown in, but leave you to watch the video... | |||
|
2017-09-04 08:13:41 | How I Finally Fixed My Parents Dodgy Wifi With AmpliFi (lien direct) | Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.I have no idea who it was that first modified Maslow's hierarchy of needs in this fashion, but I do know that's it's never been truer than now:
More wifi things used by more people in more corners of the house. Many people do now consider connectivity to be a... |
|||
|
2017-09-01 08:48:30 | Weekly update 50 (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howYep, hit right in the face with a dodgeball. There was blood. But retribution was swiftly mine as I hunted down the kids on the other team. Oh - and I also loaded 711 million records into HIBP. That's the real story this week and I wanted to speak in | |||
|
2017-08-29 19:31:34 | Inside the Massive 711 Million Record Onliner Spambot Dump (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howLast week I was contacted by someone alerting me to the presence of a spam list. A big one. That's a bit of a relative term though because whilst I've loaded "big" spam lists into Have I been pwned (HIBP) before, the largest to date has been a | |||
|
2017-08-24 09:29:47 | Weekly update 49 (snow edition) (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howI'm at the snow! Yes, Australia has snow. No, it's not like the big mountain riding of Europe or North America, but the warmer weather means you can regularly sit outside in the sun during the day with a cold beer which is pretty awesome. I've got a couple of | |||
|
2017-08-18 06:56:19 | Weekly update 48 (windy Sydney edition) (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I've been in Sydney all week for the NDC conference here so it's been a pretty non-stop time. A 2 day workshop, 2 new Pluralsight courses, 2 talks and all the usual social things that go along with these. But regardless, I got that Ubiquiti UniFi course out and a | |||
|
2017-08-14 22:14:35 | Free Course: Here\'s What This Ubiquiti UniFi Stuff Is All About (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.Last year, I got fed up with my wifi. The coverage was patchy, the devices were unstable (my speed would regularly drop to less than 2Mbps until I restarted the router) and even though it was new gear, it felt just like the gear I'd had a decade ago. Same | |||
|
2017-08-11 06:51:52 | Weekly update 47 (lien direct) | Sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Last update before travelling again, but fortunately it's just a cruisy 9-hour drive down to Sydney for NDC then a week of snowboarding (yeah Australia has snow). I'll be doing a workshop at NDC and I'll also be doing one in Melbourne next month so check that out if you're | |||
|
2017-08-10 08:34:12 | Don\'t Take Security Advice from SEO Experts or Psychics (lien direct) | Sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.As best I understand it, one of the most effective SEO things you can do is to repeat all the important words on your site down the bottom of the page. To save it from looking weird, you make the text the same colour as the background so people can't | |||
|
2017-08-04 08:29:04 | Weekly update 46 (lien direct) | Sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.This has been an insane week, not least because of spending the day yesterday installing a Ubiquiti network as part of my upcoming course. A heap of fun, but one little glitch threw my day out. Another glitch with my Pwned Passwords service threw my day today out so I'm | |||
|
2017-08-03 08:39:24 | Introducing 306 Million Freely Downloadable Pwned Passwords (lien direct) | Sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST's Digital Identity Guidelines which were recently | |||
|
2017-08-01 07:56:32 | Pastes on Have I Been Pwned Are No Longer Publicly Listed (lien direct) | Sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.Over the weekend, a Have I Been Pwned (HIBP) subscriber contacted me after they found their Spotify credentials online. It turns out that this particular woman went searching for her specific password after finding "some guy listening to Mexican music from a foreign device on my acct". In the search | |||
|
2017-07-31 07:47:53 | Kids Pass Just Reminded Us How Hard Responsible Disclosure Is (lien direct) | Sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.Only a couple of months ago, I did a talk titled "The Responsibility of Disclosure: Playing Nice and Staying Out of Prison". The basic premise was to illustrate where folks finding security vulnerabilities often go wrong in their handling of the reporting, but I also wanted to show how organisations | |||
|
2017-07-28 07:24:04 | Weekly update 45 (lien direct) | Sponsored by: Thanks to Raygun! See every problem in your software and how to fix it. Reproduce issues with greater speed and accuracy. Try it free today!This week I've had my head down working on a new course for Ubiquiti, the guys who make the very fine wifi things I now have in my house and since writing about them, many others do too. I'll be sharing more about that in the coming weeks but whilst | |||
|
2017-07-26 07:40:03 | Passwords Evolved: Authentication Guidance for the Modern Era (lien direct) | Sponsored by: Thanks to Raygun! See every problem in your software and how to fix it. Reproduce issues with greater speed and accuracy. Try it free today!In the beginning, things were simple: you had two strings (a username and a password) and if someone knew both of them, they could log in. Easy. But the ecosystem in which they were used was simple too, for example in MIT's Time-Sharing Computer, considered to be the first computer | |||
|
2017-07-21 08:12:55 | Weekly update 44 (lien direct) | Sponsored by: Thanks to Raygun! See every problem in your software and how to fix it. Reproduce issues with greater speed and accuracy. Try it free today!This was one of those weeks where time disappeared on totally unplanned things, namely due to the debate that raged on over days about certs (get popcorn then read upwards and downwards from there). I stayed well and truly clear of that once it got heated, but I then spent | |||
|
2017-07-19 07:35:25 | On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let\'s Encrypt (lien direct) | Sponsored by: Thanks to Raygun! See every problem in your software and how to fix it. Reproduce issues with greater speed and accuracy. Try it free today!Last week I wrote about how Life Is About to Get a Whole Lot Harder for Websites Without HTTPS. Somewhere in the comments there, the discussion went off on a tangent about commercial CAs, the threat Let's Encrypt poses to them and subsequently, the value (or lack thereof) posed by | |||
|
2017-07-14 07:24:07 | Weekly update 43 (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I'm home! After that crazy travel schedule (6 weeks and 1 day in all, thank you very much) I'm back in my own bed with some peace and quiet and... jet lag. It's always worse coming home from Europe, a combination of flying east (I travel over two short nights) | |||
|
2017-07-11 08:38:58 | Life Is About to Get a Whole Lot Harder for Websites Without HTTPS (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.In case you haven't noticed, we're on a rapid march towards a "secure by default" web when it comes to protecting traffic. For example, back in Feb this year, 20% of the Alexa Top 1 Million sites were forcing the secure scheme:
These figures are from Scott Helme's biannual report |
|||
|
2017-07-10 08:34:02 | The Alarming Prevalence of Data Breach Cover-Ups (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.Last week, The AA in the UK came spectacularly undone when attempting to cover up a data breach. I wrote about them while describing The 5 Stages of Data Breach Grief but in short, they consciously elected not to notify subscribers after being alerted to the disclosure of 13GB worth | |||
|
2017-07-07 09:03:29 | Weekly update 42 (Nieuwegein edition) (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howWell this trip is certainly ending with a bang: 3 blog posts this week (not including this one) plus two massive user group talks in the Netherlands and two workshops of two days each. But that's it - I'm done! It's Friday morning here in Nieuwegein at the time of | |||
|
2017-07-05 14:40:01 | The 5 Stages of Data Breach Grief (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howWhen you see something play out enough times, you start to notice patterns. I was reflecting on this today as I watched The AA rapidly digging themselves in deeper and deeper after publishing 13GB worth of customer data to the internet, including partial credit card data. Which they denied: The | |||
|
2017-07-05 09:06:27 | Password Strength Indicators Help People Make Ill-Informed Choices (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howI watched a discussion unfold on Twitter recently which started like so many of the security related ones I see: When website errors make no sense! @Argos_Online my password is more complex than your system can handle. What gives? @troyhunt #insecurity pic.twitter.com/64VA7qINGP— Jon Carlos (@billywizz) | |||
|
2017-07-03 09:50:06 | MVP, year 7 (lien direct) | Sponsored by: Cybercriminals want to interrupt your business. Be unstoppable with Symantec Complete Website Security. Learn howJust over 6 years ago, I received my first Microsoft MVP award. It was unexpected, in part because I'd only started doing anything community facing 18 months earlier. But it rated - people were finding what I was doing genuinely useful and that award was an absolutely pivotal moment which | |||
|
2017-06-30 08:54:46 | Weekly update 41 (Southampton edition) (lien direct) | Sponsored by: Log management is ripe for change! Free yourself from by-the-byte pricing with Exabeam Log Manager. Calculate your cost savingsInto week 5 of travel now and I'm in Southampton on the south coast of England. The family holidaying is over and it's back to workshops and user groups for the remainder of the trip both here in the UK then back in the Netherlands next week. Despite the schedule, | |||
|
2017-06-28 17:42:19 | Strawberrynet\'s privacy insanity (lien direct) | Sponsored by: Log management is ripe for change! Free yourself from by-the-byte pricing with Exabeam Log Manager. Calculate your cost savingsA little while back, I wrote about Website enumeration insanity and how our personal data was being mishandled. In a nutshell, an enumeration risk boils down to a feature on a website allowing anyone to "ask" if a user exists on the website with the site then returning a positive | |||
|
2017-06-23 09:00:49 | Weekly update 40 (Leiden edition) (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.Another week abroad, this time in the Netherlands and fortunately a combination of time out with the family and just a single workshop. Still, that workshop raised an interesting question around data retention in backups and how the right to erasure under GDPR will be handled. I discuss that from | |||
|
2017-06-17 15:40:05 | Weekly update 39 (Oslo edition) (lien direct) | Sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.This has probably been the most relentless week I've had in one place since... I dunno. Forever? It was all in Oslo and all centred around the NDC event but it meant kicking off with a massive 2 day workshop (50 people - a record!), then an OWASP user group | |||
|
2017-06-09 08:19:56 | Weekly update 38 (Trondheim edition) (lien direct) | Sponsored by: Help Net Security - Trusted source for daily information security news and analysisIt's week 2 of my 6-week European summer tour and I'm in Trondheim Norway which frankly, is a pretty awesome place: Awesome spot 😎 pic.twitter.com/wBAYGShQNH— Troy Hunt (@troyhunt) June 9, 2017 Being busy with workshops and talks means I'm always going somewhere or doing something so time | |||
|
2017-06-02 08:47:44 | Weekly update 37 (Leuven edition) (lien direct) | Sponsored by: Help Net Security - Trusted source for daily information security news and analysisI'm in Belgium! After 35 hours of travel to Porto in Portugal then 2 days of workshop plus a user group there, I'm now in Leuven which is in the home of epic Belgium beer. I'm now into day 2 of another workshop here after having done a user group | |||
|
2017-05-26 06:49:37 | Weekly update 36 (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerI've been at the AusCERT conference this week and whilst I scored a nomination for "Individual Excellence in Information Security", it wasn't meant to be this year (or the last 2 times!) but I did get a shiny certificate :) It was a great event and I really enjoyed meeting a | |||
|
2017-05-25 05:58:25 | Free course: The GDPR Attack Plan (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerYou know what people really like? Government regulation! ...crickets... Ok, maybe not so much, but this one is actually really important. The General Data Protection Regulation is an EU reg that kicks in on 25 May 2018 so we've got bang on a year to get organised. It's important within | |||
|
2017-05-19 06:52:09 | Weekly update 35 (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerHang on - where did my week go?! WannaCry came out of the blue and accosted a big whack of my time starting first thing Saturday. And then, just as it was quietening down, I go and write about not turning off Windows Update and holy shit, did people come | Wannacry | ||
|
2017-05-15 07:47:37 | Don\'t tell people to turn off Windows Update, just don\'t (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerYou know what really surprised me about this whole WannaCry ransomware problem? No, not how quickly it spread. Not the breadth of organisations it took offline either and no, not even that so many of them hadn't applied a critical patch that landed a couple of months earlier. It was | Wannacry | ||
|
2017-05-13 08:56:42 | Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerI woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry | Wannacry | ||
|
2017-05-12 07:09:15 | Weekly update 34 (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerThe big news this week has been dealing with that massive volume of data I loaded into HIBP a week ago. A combination of the mechanics of getting it loaded, the flood of feedback once I did and actually trying to prepare myself for upcoming talks has made it a | |||
|
2017-05-08 09:33:06 | Here are all the reasons I don\'t make passwords available via Have I been pwned (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerOver the last few days, I've loaded more than 1 billion new records into Have I been pwned(HIBP). As I describe in that blog post, this data was from two very large "combo lists", that is email address and password pairs created by malicious parties in order to help | |||
|
2017-05-05 07:27:54 | Weekly update 33 (sunrise edition) (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerWow, what a day! I got up at about 3:30 this morning and have been going non-stop dealing with the masses of feedback as a result of the billion-and-a-bit breached records I'm presently loading into HIBP. I talk about it in the blog post, but the "small" one of | |||
|
2017-05-04 22:20:40 | Password reuse, credential stuffing and another billion records in Have I been pwned (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerThe short version: I'm loading over 1 billion breached accounts into HIBP. These are from 2 different "combo lists", collections of email addresses and passwords from all sorts of different locations. I've verified their accuracy (including my own record in one of them) and many hundreds of millions of the | |||
|
2017-05-02 08:36:07 | Microsoft Flow + Azure Storage + WebJobs + MailChimp + Outlook (lien direct) | Sponsored by: Netsparker - Scan your websites & detect SQL Injection, XSS and other vulnerabilities with the dead accurate Netsparker web security scannerA few years back, I added a donations page to Have I been pwned (HIBP). Now as I explained at the time, I didn't particularly need them to cover my hard-cash outgoings because I run the thing on a shoestring, but as I explain on that page, it takes a | |||
|
2017-04-28 09:50:38 | Reckon you\'ve seen some stupid security things? Here, hold my beer... (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.My mate Lars Klint shared this tweet the other day: Your password is not unique. pic.twitter.com/ga4GwxtzrQ— Lars Klint (@larsklint) April 16, 2017 Naturally, I passed it on because let's face it, that's some crazy shit going on right there. To which the Twitters responded with equal | |||
|
2017-04-28 07:05:00 | Weekly update 32 (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.Home again and blog wise, it was a quiet week. I've been working on some new material you'll see next month as well as preparing for upcoming Europe travels where I've got a heap of events to get to. I've got a new Lenovo to show you in this update | |||
|
2017-04-25 07:52:22 | Wiring a home network from the ground-up with Ubiquiti (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.The title of this blog post is what many of us techie folks dream of - free reign to build your own home network! It might seem like a pretty geeky dream (ok, it is a pretty geeky dream), but the reality is that we're increasingly dependent on our home | |||
|
2017-04-21 06:18:58 | Weekly update 31 (Sydney Opera House edition) (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.Another beautiful spot today while I'm back in Sydney working on the agenda for NDC here in August. It's a quick trip albeit one very jammed-packed as we work through over 700 talk submissions and try to distil them down to the best ~135 of the bunch. There's a few | |||
|
2017-04-20 07:45:22 | New Pluralsight course: Azure Beyond Websites (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.I've been really actively involved with building things on Microsoft's Azure cloud for probably about 4 or 5 years now. Many of you will know already that Have I been pwned (HIBP) was built from the ground up on Azure (in fact, one of the reasons I built the service | |||
|
2017-04-19 07:04:40 | All your websites using StartCom certificates are about to break (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.A Twitterer sent me this a few days ago: .@troyhunt you've got SSL issues in Chrome 58+ on @ASafaWeb pic.twitter.com/qtUiMxV9tW— Jonathan (@Eonasdan) April 13, 2017 Now normally when I get a report about an SSL thing not working (by which we mean TLS, but | |||
|
2017-04-18 07:49:19 | Mandatory ISP data retention and the law of unintended consequences (lien direct) | Sponsored by: Protect your Mobile and Web Apps from Attacks - Let Gold Security Pentest your Business.Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big |
To see everything:
Our RSS (filtrered)
