Troy Hunt

Weekly Update 301

Troy Hunt

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind.

Welcoming the Bulgarian Government to Have I Been Pwned

Troy Hunt

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 298

Troy Hunt

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable.

Weekly Update 302

Troy Hunt

In a complete departure from the norm, this week's video is the much-requested "cultural differences" one with Charlotte. No tech (other than my occasional plug for the virtues of JavaScript), but lots of experiences from both of us living and working in different parts of the world.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Weekly Update 300

Troy Hunt

Well, we're about 2,000km down on this trip and are finally in Melbourne, which was kinda the point of the drive in the first place (things just escalated after that).

Welcoming the Indonesian Government to Have I Been Pwned

Troy Hunt

Four years ago now, I started making domains belonging to various governments around the world freely searchable via a set of APIs in Have I Been Pwned. Today, I'm very happy to welcome the 33rd government, Indonesia!

Downloading Pwned Passwords Hashes with the HIBP Downloader

Troy Hunt

Just before Christmas, the promise to launch a fully open source Pwned Passwords fed with a firehose of fresh data from the FBI and NCA finally came true. We pushed out the code, published the blog post, dusted ourselves off and that was that. Kind of - there was just one thing remaining.

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running.

Breach Disclosure Blow-by-Blow: Here's Why It's so Hard

Troy Hunt

For many years now, I've lamented about how much of my time is spent attempting to disclose data breaches to impacted companies.

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Setting the Bar for Government Access to Have I Been Pwned

Troy Hunt

Over the last 4 years, I've onboarded 28 national government CERTs onto Have I Been Pwned (HIBP) and given them free and open access to APIs that enable them to query and monitor their gov domains.

Weekly Update 294

Troy Hunt

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing.

IoT 217

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

Welcoming the Serbian Government to Have I Been Pwned

Troy Hunt

Supporting national governments has been a major cornerstone of Have I Been Pwned for the last 4 years. Today, I'm very happy to welcome the 31st government on board, Serbia!

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Weekly Update 289

Troy Hunt

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day.

I Wanna Go Fast: How Many Pwned Password Queries Can You Make Per Second?

Troy Hunt

I feel the need, the need for speed. Faster, Faster, until the thrill of speed overcomes the fear of death. If you're in control, you're not going fast enough. And so on and so forth.

Weekly Update 287

Troy Hunt

So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically.

218
218

Weekly Update 281

Troy Hunt

I feel like perfect audio remains an unsolved problem for me.

236
236

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

When is a Scrape a Breach?

Troy Hunt

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car.

Weekly Update 295

Troy Hunt

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it.

Weekly Update 291

Troy Hunt

Bit of a long one this week, just due to a bunch of stuff all coinciding at the same time. The drone is obviously the coolest one and it was interesting to hear other people's experiences with theirs.

Weekly Update 293

Troy Hunt

Didn't get a lot done this week, unless you count scuba diving, snorkelling, spear fishing and laying around on tropical sand cays 😎 This week is predominantly about the time we just spent up on the Great Barrier Reef which has very little relevance to infosec, IoT, 3D printing and the other usual topics.

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.

Why No HTTPS? The 2021 Version

Troy Hunt

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones.

VPN 280

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

Weekly Update 288

Troy Hunt

Wow, what a day yesterday!

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches.

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

Weekly Update 286

Troy Hunt

Somehow this week ended up being all about Russia and Cloudflare. Mostly as 2 completely separate topics, but also a little bit around Cloudflare's ongoing presence in Russia (with a very neutral view on that, TBH).

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API.

Pwned - The Collected Blog Posts of Troy Hunt (Preview)

Troy Hunt

We choose this photo for the cover because this was when it all started. 18-year old Troy, having just discovered the web in early 1995 and chomping at the bit to do something with it.

Weekly Update 274

Troy Hunt

As I start out by saying this week's video, it's very summer here and not a day goes by without multiple pool visits.

Mobile 233

Weekly Update 290

Troy Hunt

I hope scheduling these in advance is working well for everyone, the analytics certainly suggest a much higher viewership so I'm going to keep scheduling these and refining the whole thing further.

190
190

Weekly Update 292

Troy Hunt

Well that was an unusual ending. Both my mouse and keyboard decided to drop off right at the end of this week's video and without any control whatsoever, there was no way to end the live stream!

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence.

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP).

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains.

Pwned Passwords, Open Source in the.NET Foundation and Working with the FBI

Troy Hunt

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field.