Weekly Update 81 (Hawaii Edition)

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during RSA to learn more!

We’re in Hawaii! “We” being Scott Helme and myself and we’re here for the Loco Moco Sec conference which has been a heap of fun (the location may have played a part in that…) And what a location:

Weekly Update 81 (Hawaii Edition)

Scott joined me for this week’s update and we were fresh out of a great talk from the Google Chrome Security PM so have a bit to share there about changes coming to the browser. And then, T-Mobile – whoa! Just read the thread I link to in the references below (get popcorn – this one is a crazy ride). We also talk a bit about not deleting our Facebook accounts and being a bit pragmatic about choosing what you digitise (no, this is not “victim blaming”, it’s about applying some common sense). And finally, there’s the CSP wizard we released in Report URI this week and it’s really cool – super reliable CSP generation based on real-world reports from visitors to your site. (Oh – and here’s the tweet on serving almost 1.2 BILLION requests from Report URI over the last week.)

Next week I’ll be in Maui and doing proper holiday stuff with the family. I’m sure I’ll have another weekly update, I just don’t know when. Here’s this week’s all ready to go:

iTunes podcast | Google Play Music podcast | RSS podcast

References

  1. Chrome will be deprecating the “HTTPS” prefix from the address bar (that tweet is from Emily Schechter who’s the Security PM for Chrome and it’s based on a heap of evidence from focus groups)
  2. T-Mobile Austria has had an absolute Twitter meltdown (this is an insane series of tweets, just read it…)
  3. I passed the 100k Twitter followers mark! (that linked tweet is the first in a thread about how I’ve benefited from the platform over the years)
  4. Neither Scott nor I are deleting our Facebook accounts and we both advise people to think about what they digitise (this is not about “victim blaming”, this is about considering your own personal risk profile)
  5. We launched the CSP wizard in Report URI (this is really cool and makes it a breeze to build up your policy)
  6. Terbium Labs is sponsoring my blog this week (they’ve been great and I’m prodding Scott to adopt a similar model 😊)

Leave a Reply