Weekly update 23

Sponsored by: Checkmarx – Remediate security vulnerabilities early in the SDLC. Save developer time – enhance your ROI.

I started out doing this weekly update with not much news to share due to being away running a workshop for a couple of days then sitting on planes and in airports for another day. It was only as I finished recording I saw both shattered.io and CloudBleed, both of which you know are serious because they have cool bug names and even logos. But in all seriousness, these are both major vulnerabilities but the real-world impact isn’t yet clear, at least not to me. Great headlines and they’re generating plenty of hysteria, but I suspect the reality of each will pan out to be somewhat less than what some are claiming.

Moving on, this week I cover recent US travel plus my upcoming European summer tour which I’m really looking forward to, not least because it’s 3 months away and I get to stay home until then! There’s also a couple of new HIBP breaches loaded, various general security bits and a brand-new sponsor this week. Next week, I should have a pretty major incident to talk about but until then, here’s this week:

iTunes podcast | Google Play Music podcast | RSS podcast


  1. Travel plans for the European summer (pretty jam packed, but a little bit of time left)
  2. This is not how you do password resets! (but they really are good guys and followed swiftly with a fix)
  3. No, you don’t need to connect your kids’ toys to the internet (at least the Germans don’t think so – they’ve banned a connected doll)
  4. Trump got hacked (putting “secure” in the URL does not make it so!)
  5. Checkmarx is up in the sponsor bar (they make a very fine static analysis tool)

Leave a Reply