And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane...
Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed. Mind you, a heap of them were asking questions already addressed in the blog post, but that's just the nature of the internet.
What I will say is that if you're interested in more details on this incident, do read the comments. It'll give you a sense of the way this sort of thing impacts everyday people, and it'll also give you a sense of the sort of comments I have to deal with after these incidents...
Well, it's one more sunny weekly update then snow time again so I've gone particularly beachy today. I'm also particularly breachy, talking about a massive combo list I'm presently pondering for inclusion in HIBP. These lists are frequently used for account takeover attacks against the likes of Spotify which is the subject of this week's blog post. Plus, I'm talking a bit about a bunch of Ubiquiti bits I'll be installing soon to fix the problem seen below:
Oh - and I did end up heading out on the water with Kevin Mitnick, albeit on the boat. I think it's alright. Maybe...
And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was in 2017). But we're here now so it's back to business as usual blog wise.
This week is dominated by the personal finance lessons blog post. This has gotten massive traction this week and has been read by tens of thousands of people. But perhaps what surprises me most is that out of all the feedback I've had, there's only been one negative comment. O-n-e. Frankly, I'm not even sure he actually absorbed the content as the comment was very specifically addressed in the post, but that forms one little part of everything I cover in this week's update. I also touch on the aforementioned 2018 retrospective which I've been doing these last few years as a little reminder of what I've been up to.
This is (probably?) the longest weekly update I've done so far and I do hope it helps add a bit more personality and context to that finance blog post. Do please continue to share feedback and ask questions, I've really enjoyed seeing people get motivated by it.
I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity which was really disappointing to see. Several other non-related events following that demonstrated similar online aggressiveness and I don't know if it was a case of too much eggnog or simply people having more downtime to be dicks online, but it was a really odd spate of bad behaviour.
Be that as it may, I hope there's some useful content in this one but I do appreciate the car bit in particular may not be relevant to a lot of people. In case you want to skip it, that bit starts at about the 3-minute mark and goes until the 28-minute mark. For those that do watch it, I hope you enjoy something a little bit different this week whether you agree with my choice or not 🙂
It's a new car! (that's the tweet with the pics and all the likes, but if you dig far enough, you'll see a negative undercurrent too)
This week I'm talking about my new (free!) Pluralsight course, yet more data breaches, some really wacky Spotify attitudes towards passwords, a cool new Report URI feature we're looking for beta testers on and introducing an all new sponsor - strongDM. That's it from Canada, it's off to a hot Aussie Christmas now and the next few days will come from sunny home 😎
I'm in Whistler! And as I say at the start of this video, I did seriously consider having a week off these videos, but I found a comfy spot by the fire and a cold beer and all was good in the world again. This week has some updates on my Canada travels, a couple of data breaches I loaded during the week, new HIBP stickers and some really screwy password practices at HSBC. I'll still be here in Whistler next week so will pump out one more snowy update before heading home for a hot Christmas.
I'm on countdown to take-off for the next 2 and a bit weeks so I'm going to keep this intro really short because it's sitting between me and a relaxing cold one (as soon as the bags are ready). Heaps of services got pwned, Australia has a screwy set of circumstances (and reactions) around a cyber bill and HIBP had a 5th birthday celebration which resulted in stickers and a really fun live AMA video. That's it for now - next week's update comes from the snow!
I'm pushing this out a day late so firstly, apologies for the break in what's otherwise a pretty steady cadence. But having said that, as I say at the start of this video I've really been struggling with work / life balance lately. As such, I recorded this Thursday evening then spent most of Friday on the jet ski with my son. We balanced out a lot of work on this trip 😎
But check out the scenery! Just stunning. Saw hundreds of turtles, dugongs, mantas and star fish. Just an amazing place. pic.twitter.com/kgWBhK8nrD
Getting back to business as usual, I was in Sydney for a day trip during the week, I'm off to Canada in a week from today, example.com forgot to renew their cert, there was a massive new breach to go into HIBP and York City Council seriously screwed up their handling of a very ethical security report. Oh - and the massive Marriott / Starwood breach only came to light Saturday morning my time so it didn't get a mention this week, I'll see if there's anything worth covering off next week. For now, here's this week's update and I'll come to you once more next week before heading off to waaay colder times:
It's a no-blog week, but that doesn't mean any less is happening! This week, I've finally wrapped up the Lego Bugatti, got myself into the new iPad, connected my washing machine (I know, I know, I didn't plan it this way!) and then isolated it on a separate IoT network. What a time we live in... Oh - and speaking of times we live in, our data is getting thrown around the place like never before thanks to data aggregators and their constant breaches and frankly, I'm a bit fed up with it. All that and more in this week's update.
Bit of a change of scenery this week; I've gone to the other end of the house whilst invasive palm tree roots are water blasted out from beneath my office window as part of our garden renos. But hey, that's a nice place to be on a day like this 😎
Other than the location, it's business as usual. There's been some interesting discussion on biometric this morning, I'm appealing to developers of extensions and add-ons to whitelist themselves when a CSP is present and I'm talking about Google's U2F implementation. That last one in particular has had a heap of traction so appears to have struck a bit of a chord. Checking out Google Analytics, it looks it made it to the front page of Hacker News and whilst I always take those comments with a grain of salt, it's nice to see it getting air time.