Clik here to view.
Going dark: online privacy and anonymity for normal people
Last week we got news of the Rosebutt data breach. This is a very particular class of site and like many others we've recently seen compromised, it's highly likely that members would have preferred to...
View ArticleClik here to view.
Observations and thoughts on the LinkedIn data breach
Last week there was no escaping news of the latest data breach. The LinkedIn hack of 2012 which we thought had "only" exposed 6.5M password hashes (not even the associated email addresses so in...
View ArticleClik here to view.
The emergence of historical mega breaches
Over the period of this month, we've seen an interesting trend of data breaches. Any one of these 4 I'm going to talk about on their own would be notable, but to see a cluster of them appear together...
View ArticleClik here to view.
Dating the ginormous MySpace breach
It's been a crazy time for data breaches and as I wrote yesterday, we've seen a very distinct pattern of historical mega breaches lately. Fling in 2011, LinkedIn in 2012, tumblr in 2013 and the mother...
View ArticleClik here to view.
How I prepared for the NDC keynote (and other speaker tips)
I just had an absolutely sensational trip over to Europe which kicked off with my favourite event of the year - NDC Oslo. I first came to this event two years ago and talked about How I Hacked my Way...
View ArticleClik here to view.
Evernote is crippling their free service, here's how to move to OneNote
I've been using Evernote for about 6 years now. Nothing heavy duty, just basic notes that I collect around things like conference talk ideas, code snippets some recipes I often make and other rather...
View ArticleClik here to view.
Security insanity: how we keep failing at the basics
Some days, it just feels like the world is working against you or in the case of today, like it's all just going to metaphorical security hell. As much as we like to keep pushing the needle further...
View ArticleClik here to view.
I'm a car enthusiast - bring on self-driving cars!
I've had this post in mind for a while now. It's a little tangential to the sort of stuff I'd normally write, yet it's something I'm passionate about and has become more topical in the last few days....
View ArticleClik here to view.
Everything you need to know about loading a free Let's Encrypt certificate...
Let us start with what's wrong with the world today, and that's certificate authorities. Just take a look at the trusted root CAs running on a Windows 10 machine: The very premise of having these root...
View ArticleClik here to view.
Introducing unverified breaches to Have I been pwned
Data breaches can be shady business. There's obviously the issue of sites being hacked in the first place which is not just shady, but downright illegal. Then there's the way this information is...
View ArticleClik here to view.
Getting to grips with cloud computing security on Pluralsight
Two of the things you'll have found me most frequently writing about on this blog are "cloud" and "security". Whilst the latter seems to have been what I've gravitated towards most in recent years, the...
View ArticleClik here to view.
Round 4 of Europe for 2016: More talks, more workshops
If you follow my Twitters, you may have noticed I can be a bit, well, "despondent" about the climate in Europe. No, not the whole Brexit political climate situation, I mean more like this: Crowds of...
View ArticleClik here to view.
Why am I in a data breach for a site I never signed up to?
This question in the title of this post comes up after pretty much every data breach I load so I thought I'd answer it here once and for all then direct inquisitive Have I been pwned (HIBP) users when...
View ArticleClik here to view.
I wanna go fast: HTTPS' massive speed advantage
I tweeted this the other day, and the internet was not pleased: HTTPS is slow. No - wait - is it HTTP that's slow?! https://t.co/T49GG7oCaK pic.twitter.com/cfnYOpXMWc— Troy Hunt (@troyhunt) July 8,...
View ArticleClik here to view.
Stop the madness! Ridiculous security scare tactics revealed
You know the best way to sell security products? Scare the shit out of people. I mean make them really genuinely fearful that if they don't have the thing you're pushing that a bunch of nasty stuff...
View ArticleClik here to view.
What you should and shouldn't worry about when you complete today's census
There's a lot of people getting themselves worked up about the Australian census whose five-yearly cycle falls due today. For the most part, it's like any other normal census we've done ever since I...
View ArticleClik here to view.
The "Have I been pwned" API, rate limiting and commercial use
It's almost 3 years ago now that I launched the Have I been pwned (HIBP) API and made it free and unlimited. No dollars, no rate limits just query it at will and results not flagged as sensitive will...
View ArticleClik here to view.
Website enumeration insanity: how our personal data is leaked
I've just wrapped up a couple of Hack Yourself First workshops down closer to home in Australia and true to usual form, attendees found some absolute zinger security implementations. Previous workshops...
View ArticleClik here to view.
Understanding account enumeration, the video tutorial edition
I've been running my Hack Yourself First workshop all over the world where I talk to software developers about various security risks which they then get to exploit firsthand. It's a lot of fun and...
View ArticleClik here to view.
Self-hosted vBulletin - you're doing it wrong! (and why you should be using...
Another day, another data breach: Full news on the GTAGaming breach is here: https://t.co/KuNSuol442 (vBulletin again)— Troy Hunt (@troyhunt) August 23, 2016 Yesterday it was a different one:...
View Article