Weekly Update 102

Presently sponsored by: How fast can you update your security after an algorithm is compromised? Improve crypto agility with tips from DigiCert’s CTO

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn’t mention it when I recorded, but there’s already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post.

Also, just in case you’re in the area, I’ll be speaking at API Days in Melbourne on Tuesday then at Fortinet’s Fast and Secure conference in Sydney the following day. For those not local, I’ll then be doing my Modern State of Insecurity talk as a webinar for Varonis on Wednesday my time and that’s a free one to join in on. Hope one of those works for you!

Weekly Update 102
Weekly Update 102
Weekly Update 102


  1. The Logitech BRIO is pretty neat with Windows Hello (really liking the auth experience of this thing)
  2. That crazy HTTPS email (“HTTPS is a huge waste of oil, coal and gas”)
  3. Let’s Encrypt’s Response to crazy Namecheap claims (this really has to be read to be believed…)
  4. I published the whole 517M Pwned Passwords as NTLM hashes (use ’em to check password practices within your Active Directory environment)
  5. A quarter of people in some organisations are using a pwned password (how about in your own organisation?)
  6. DigiCert are sponsoring my blog this week (one of the commercial CAs doing good things and calling it like it is!)

Leave a Reply