Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impending HIBP domain search changes. As I say in the vid, I really value people's feedback on this so if nothing else, please skip through to 48:15, listen to that section and let me know what you think. By the time I do next week's vid my hope is that all the coding work is done and I'm a couple of days out from shipping it, so now is your time to provide input if you think there's something I'm missing that really should be in there 🙂

References

1. Sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today!
2. Messing with door-knocking real estate agents is a really good use of Home Assistant and Ubiquiti IMHO (channelling my inner Password Purgatory demons on this one!)
3. The BookCrossing breach went into HIBP (plain text passwords FTW!)
4. An old Roblox breach surfaced and also went into HIBP (Roblox has had quite the time of it lately...)
5. BreachForums, was itself, breached (definitely legit too, given the presence of a "lurker" account I created there)

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Sad news to wake up to today. Kevin was a friend and as I say in this week's video, probably the most well-known identity in infosec ever, and for good reason. He made a difference, and I have fun memories with him 😊

Felt really sad waking up and seeing “RIP Kevin” in my timeline. I doubt there is a more well known name in our industry but if he’s unfamiliar to you (or you haven’t read this book), go and grab “Ghost in the Wires” which is an exceptional read.

Kevin started regularly coming… pic.twitter.com/w1UMm7mGa8

— Troy Hunt (@troyhunt) July 20, 2023

In other news, I share a lot more on the upcoming domain search changes in this week's video and I've gotta say, I'm feeling pretty good about them. I spent most of the day after recording this writing code and drafting the blog post and I'm pretty damn happy with each right now. I'll keep sharing more info via these updates to the extent that by the time everything launches in a couple of weeks, you'll know it all anyway if you're paying attention here 😎

References

1. Sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today!
2. If you haven't done already, go read Ghost in the Wires, the Kevin Mitnick story (it's a genuinely entertaining read)
3. If you mistype an email address, it will go to the wrong place! 🤯 (the .mil conflation with .ml story has received way more airtime than what it's due IMHO)
4. Shellys, Shellys everywhere (after feedback from Richard and Lars on this week's video, I'm pretty sure I'm going to ditch MQTT altogether now)
5. The Roblox Developers Conference had 4k people's data leaked (goes back a few years and they did eventually disclose, but it would have been nice for them to beat me to it)
6. It's more than a month ago now that I wrote about the impending domain search changes (but not long to go now 🙂)

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Today was a bit back-to-back having just wrapped up the British Airways Magecart attack webinar with Scott. That was actually a great session with loads of engagement and it's been recorded to so look out for that one soon if you missed it. Anyway, I filled this week's update with a bunch of random things from the week. I especially enjoyed discussing the HIBP domain search progress and as I say in the video, talking through it with other people really helps crystalise things so I think I'll keep doing that as the dev work continues. Stay tuned for more on that next week, see you then 😊

References

1. Sponsored by: Americans lost $8.8B to identity theft in 2022. Secure your online info with Aura the #1 rated identity theft protection. Start free trial.
2. Scott Helme and I did a Report URI webinar just before this video, all about the Magecart attack on British Airways (stay tuned for the recording)
3. The renos have been very trying on my patience (but the garage is looking totally epic 😎)
4. I finally fixed this hum when the camera was on... by using a USB cable to charge it instead (this was so painful, obviously some sort of electrical interference going on there)
5. I completely forgot to talk about my IoT lock batteries (but yeah, that linked tweet sums it all up)
6. A full "baker's dozen" of MVP awards! (that's 13 years running now 😲)