Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Troy Hunt Profile picture
Troy Hunt
@troyhunt
Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Aug 11, 2018 11 tweets 4 min read
I've had a heap of people pointing me to this post by @meyerweb and I want to add some thoughts in a tweet stream. Start by reading the post because it really is excellent and should remind us all of how different things are in other parts of the world I want to make sure people don't see this as a reason not to do HTTPS so I've had a good chat to @meyerweb and want to put a few things in context. The first is this: caching in this fashion is the very definition of a "man in the middle" and has serious privacy ramifications.
Jul 16, 2018 13 tweets 3 min read
I've had a heap of press and individual queries on Australia's #MyHealthRecord over the last week. This is essentially centralised electronic health records that everyone will get unless explicitly opting out. Here's my thoughts: Firstly, we need to acknowledge there's upsides and downsides; I want the right people to have my health info should they need it (especially in an emergency), but clearly I don't want that info falling into the wrong hands either.
Jul 1, 2018 15 tweets 4 min read
Alrighty, let's tear this apart because the FUD from the CA Security Council is deafening. We'll start with this short video: The CASC includes some of the world's largest commercial certificate authorities and is pushing hard to drive the adoption of EV certs in an era where it's increasingly hard to make any money from DV
Jun 27, 2018 7 tweets 4 min read
Crunch time: Pwned Passwords is getting big so I have to look at costs. Over the last week, I've served over 54M requests to the service from a rapidly growing number of consumers. However, @Cloudflare has fielded 92% of those for me and @AzureFunctions has only had to process just over 4M of them. It's done that in an average time under 30ms and a 50th percentile of 22ms. There have been no failures.
May 19, 2018 15 tweets 5 min read
I've seen some absolutely crazy comments on the debate about changes to HTTPS indicators and EV over the last few days to the point that I've actively muted discussions that have gone off the rails. Let me shine a critical light on the whole thing: Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying "Hey, it would be good if traffic wasn't eavesdropped on or modified". This is fixing a deficiency in the web as it has stood for years.