Weekly Update 123

Presently sponsored by: Twilio: Learn about why building your own 2FA solution is risky and expensive. Use our Authy API to add 2FA to your app in a matter of days.

So it’s been a bit of a crazy week. I got onto the plane in Australia on Thursday evening just as Europe was waking up to the news of the 773M email address credential stuffing list I loaded into HIBP. And then the flood began; blog comments, emails, tweets – it was an absolute deluge. I spent the flight fielding the ones I could, landed in Oslo and dealt with more on the way up the mountain then frankly, got there and tuned out. Out of office on, blog comments closed and tweets ignored. This trip was planned downtime with my son and good friends and I really needed it.

In this week’s update, I talk about the coverage of that event with Scott Helme while sitting in Oslo during a break in our workshops. We also talked about what frankly, became a bit of a spectacle: the VLC debate about serving updates over HTTP. I’ll link to that in the references below and you can hear Scott’s and my thoughts on it there. Next week, we’ll both be in London at the NDC conference so Scott will join me again for another update then.

Weekly Update 123
Weekly Update 123
Weekly Update 123

References

  1. That 733M email address credential stuffing list (this post so clearly laid out all the facts, there was absolutely no room left for misinterpretation)
  2. The Hacker News piece on VLC serving updates over HTTP got way out of control (this escalated way too quickly and and became a pretty negative spectacle to watch)
  3. Twilio is sponsoring my blog this week (they’re talking about using Authy to add 2FA to your app)

Leave a Reply