Have I Been Pwned? • Troy Hunt • GOTO 2023

This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar https://gotoaarhus.com Troy Hunt - Information Security Author & Instructor at Pluralsight & Regional Director at Microsoft @troyhuntdotcom ORIGINAL TALK TITLE Lessons From Billions of Breached Records RESOURCES https://www.troyhunt.com https://twitter.com/troyhunt https://linkedin.com/in/troyhunt https://haveibeenpwned.com ABSTRACT Security flaws, hackers and data breaches are the new normal. It’s not just those of us in the industry facing these foes every single day; it’s everyone. Whether you’re online or offline, you simply cannot exist today without your personal information being digitized in systems which are often left vulnerable and exploited at the whim of attackers. But who are these people — the ones who seek to break through our defenses and exploit our data? And how are they continually so effective at doing so, despite our best efforts? In this talk, you’ll hear from the creator of “Have I Been Pwned” about the lessons he’s learned after processing more than 11B records of breached data. You’ll get a glimpse behind the scenes of what caused some of these devastating incidents and how they continue to wreak havoc today, despite how much more aware the industry is becoming. It’s a frightening, eye-opening and entertaining look at infosec and data breaches. [...] TIMECODES 00:00 Intro 01:57 LastPass breach 05:50 Netflix 08:22 True 2FA 11:14 Example: Bank 14:36 https://haveibeenpwned.com 23:55 "We Leak Info" 25:30 Leakedsource 28:10 Optus 42:50 Genesis Market 48:56 Outro Download slides and read the full abstract here: https://gotoaarhus.com/2023/sessions/2560 RECOMMENDED BOOKS Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075 Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.facebook.com/GOTOConferences #Security #CyberSecurity #CyberSecurityTutorial #InformationSecurity #Privacy #Programming #SoftwareEngineering #TroyHunt #HaveIBeenpwned #SecurityFlaws #Breaches #SecurityBreach #InfoSec #Hackers #Hacker #Hacking Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1