Weekly Update 86

Presently sponsored by: Do you desire peace of mind? The hackers don’t wait, secure your website and mobile apps with Gold Security today.

This week, Scott Helme is getting bitten by Aussie critters whilst working from a desert island. He’s here on the Gold Coast for the NDC Security event next week so I thought we’d record the update together so we grabbed a couple of cold ones, wandered down to the backyard and recorded there.

We cover off a bunch of bits and pieces related to things we’re working on together (workshops and Report URI) as well as some (mostly) commonly held views about HTTPS, EV certs and visual indicators. Oh – and I forgot to mention killing off the non-anonymous endpoints for Pwned Passwords last week so that’s in here this week too. Hope you enjoy the banter with Scott, he’s still here next Friday so we’ll do it all again then too.

Weekly Update 86
Weekly Update 86


  1. I’ve listed all the upcoming public workshops Scott and I are doing (we’re both still running a heap of private ones too, contact me about those if you’re interested)
  2. The NHS in Scotland now has SRI on their Browsealoud script (view source and search for “ba.js”)
  3. Comodo my revoke your EV cert because, well… nobody quite knows (that’s related James Burton’s “Identity Verified” company)
  4. Pwned Passwords is killing off non-anonymity endpoints (privacy, speed and performance FTW!)
  5. Stop looking for positive visual security indicators and start focusing on the negative ones (this is actually really important, and a sign of where the industry is moving)
  6. Gold Security is sponsoring my blog again this week (big thanks to those guys for their ongoing support!)

Leave a Reply