It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley. There's also the whole TicTokTrack kids watch situation which aligns very well with many of both our prior experience. And just on that, when we recorded the video they were planning on getting the service back up and running that day (Thursday Aus time when we recorded). Turns out that didn't happen and frankly, kudos to them for taking a little more time to get things right:
Looks like @tictoctrack didn't go back online yesterday as originally planned and they're now expecting another 4 days of outage whilst they fix the flaws. Frankly, good on them for that, it can't have been an easy decision but this isn't something you want to rush. pic.twitter.com/NapSKJ8L8J
— Troy Hunt (@troyhunt) April 19, 2019
All that and more in this week's update:
References
- We're at NDC Security on the Gold Coast week after next (Scott's doing the World's Best TLS Training, I'm doing Hack Yourself First)
- Let's Encrypt's transition to ISRG root (that post of Scott's went to number 1 on Hacker News so good work on that mate!)
- TicTocTrack had an absolute zinger of an IDOR vulnerability (they're not the only watch in this class to have serious flaws either)
- Twilio are sponsoring my blog this week, big thanks to them! (check our how you can use Authy to add 2FA to your app)