Weekly Update 234

Written by Troy Hunt / Original link on Mar. 13, 2021


A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video.



  1. Complying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly)
  2. We're rapidly going cashless, but not everybody is happy (there are some valid points in that thread, but also some pretty tenuous arguments IMHO)
  3. My friend Tanya Janca has published Alice & Bob Learn Application Security (I really like the way this book is structured, check it out!)
  4. The PC audio rabbit hole is deep, but I finally hit the bottom and placed my order (hopefully be here for next week's update)
  5. Microsoft Exchange got hit with some serious state-sponsored nasties ("allegedly" from China)
  6. The Exchange issue only hit self-managed instances, further supporting my long held view that managed platforms like O365 are the way to go (outsource the problem!)
  7. Gab got hacked again with a heap of posts made under users' identities (this is what happens when you don't take your first breach seriously enough!)
  8. Home Assistant started telling people not to use Pwned Password, and people got pissed (this is nuts, and it deserved a dedicated blog post)
  9. Sponsored by Get a FREE password audit on your Active Directory users with pwncheck from

troyhunt troyhunt

« Laminas CI Automation - A Week of Symfony #741 (8-14 March 2021) »