Troy Hunt

Earlier this year, I spent some time in San Fran with friend and Bugcrowd [https://www.bugcrowd.com/] founder Casey Ellis [https://twitter.com/caseyjohnellis] where we recorded a Pluralsight "Play by Play" titled Bug Bounties for Companies [https://www.troyhunt.com/new-pluralsight-course-bug-bounties-for-companies/]. I wrote about that in the aforementioned post which went out in May and I mentioned back then that we'd also created a second course targeted directly at researchers. We had to pull...

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: > BBQ time ? pic.twitter.com/yq5hXOGABt [https://t.co/yq5hXOGABt] — Troy Hunt (@troyhunt) August 3, 2018 [https://twitter.com/troyhunt/status/1025220673092767744?ref_src=twsrc%5Etfw] [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/...

So that little project Scott Helme [https://scotthelme.co.uk/] and I took on - WhyNoHTTPS.com [https://whynohttps.com/] - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game. We're already seeing some sites on the Day 1 list go HTTPS (alth...

Alrighty, 2 big things to discuss today and I'll jump right into them here: Exactis: it's hard to know where to even start with this one and frankly, the more I think about the more frustrated I am that services like this even exist in the first place. But they do and it's worthwhile being aware of them so have a listen to the video this week and check out the links I've shared below. Why No HTTPS? This is Scott Helme's and my little project which turned out to be a much bigger project but one...

As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure" [https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html]. This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We've known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying "this is coming". Yet somehow, we've arrived at today with a sizabl...

This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series [https://www.pluralsight.com/courses/security-culture-creating]. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing. This week, I'm still on HTTPS. I don't mean for this to become a repetitive topic (an...

Two of my favourite developer things these days are Azure Functions [https://www.troyhunt.com/azure-functions-in-practice/] and Cloudflare Workers [https://scotthelme.co.uk/cloudflare-workers-report-uri/]. They're both "serverless" in that rather than running on your own slice of infrastructure, that concept is abstracted away and you get to focus on just code executions rather than the logical bounds of the server it runs on. So for example, when you have an Azure function and you deploy it und...

I love so many of the underlying principles of GDPR as it relates to protecting our personal data. I love the idea of us providing it for a specific purpose and it not being used beyond that. I love that it seeks to give us more control over access to (and erasure of) our data. I also love that the regulation has the potential to seriously bite organisations that don't protect it. You'd be hard pressed to find anyone who disagrees with any of that. However, there are many things I dislike about...

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die ? It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means. But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Pass...

It was Jan last year that I suggested HTTPS adoption had passed the "tipping point" [https://www.troyhunt.com/https-adoption-has-reached-the-tipping-point/], that is, it had passed the moment of critical mass [https://en.wikipedia.org/wiki/The_Tipping_Point] and as I said at the time, "will very shortly become the norm". Since that time, the percentage of web pages loaded over a secure connection has rocketed from 52% to 71% [https://letsencrypt.org/stats/] whilst the proportion of the world's t...