Mastodon

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Microsoft Regional Director

This was not what I was expecting earlier this week: > I am delighted to welcome you to the Microsoft Regional Director program! [https://lh3.googleusercontent.com/-4LX7MFBmD2M/VtgQGXTimKI/AAAAAAAAI5g/TAhUk372Arw/s1600-h/msrd-logo-192px-alpha2.png] More specifically, the nomination I received some weeks back was not what I expected and this week’s message was what I’d dared not get my hopes up too much about. A bit of context first – I’m not going to work for Microsoft and despite the ti...

Kids and Code: Conditions and loops

Last week I published the first post of Kids and Code [https://www.troyhunt.com/2016/02/kids-and-code-simple-programming-on.html] where I started recording the process of teaching my six-year-old son to code. We used code.org [https://code.org/] which is just awesome, specifically the Minecraft game which has just the right balance of difficulty, engagement and entertainment. It’s mostly dragging and dropping blocks which represent procedures, but it’s a great way of getting kids to think about...

Breaches, “Have I been pwned?”, password reuse, 1Password and good deeds

I spend a lot of time on Have I been pwned [https://haveibeenpwned.com/] (HIBP) which consists of both maintaining and building out the software with new features as well as obviously sourcing new data for it on a regular basis. I make it freely available to the community and some time ago at the suggestion of some of those who’d found it useful, I stood up a donations page [https://haveibeenpwned.com/Donate]. Whilst the service is cheap to run courtesy of Azure being pretty cost efficient, it’s...

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

Last month I was over in Norway doing training for ProgramUtvikling, [http://programutvikling.no/] the good folks who run the NDC conferences I've become so attached to. I was running my usual “Hack Yourself First” workshop [https://www.troyhunt.com/2016/02/more-europe-even-more-again-and-more.html] which is targeted at software developers who’d like to get up to speed on the things they should be doing to protect their apps against today’s online threats. Across the two days of training, I cov...

Kids and Code: Simple programming on code.org

There are few more valuable skills for kids these days than knowing their way around technology. In fact, I’d argue that you could say the same for adults but particularly when you consider the skills that are going to be most valuable in the future for our children, understanding how the connected world functions is key. Their existence is fundamentally different to ours and if you were born in the 70’s like me (or even earlier), just think about how fundamentally different their education and...

Suggesting you shouldn’t digitise your sexual exploits isn’t “victim blaming”, it’s common sense

There was a piece in the news the other day on how a high school teacher videod his sexual exploits then stored them on Dropbox, after which it was summarily compromised. The video was then posted to the school’s faculty page which obviously caused him enormous embarrassment then to top it off, the school fired him. This is a newsworthy story with regards to privacy and security and was worth sharing: > Probably don't put these in Dropbox: "Teacher’s sex tape stolen from hacked Dropbox, posted...

Everything you need to know about the Apple versus FBI case

Some days, the news is dominated by a single security story and not just in the tech news either, but today the consumer news is all about Apple’s message to their customers [http://www.apple.com/customer-letter/]. I’ve been getting a heap of media requests and seeing some really interesting things said about the story so let me distill all the noise into the genuinely interesting things that are worth knowing. There are way more angles to this than initially meet the eye, and it’s a truly signi...

A social engineering Play by Play on Pluralsight with Lars Klint

The other day, a hacker compromised someone’s email account. It was almost certainly a phishing attack, he probably just sent them over an email claiming to be from the victim’s organisation and then just, well, asked for their credentials. From there, the attacker wandered over to the web portal of the victim’s organisation and attempted to logon, which unfortunately for him didn’t work. No worries, they simply called up the helpdesk who kindly gave him access. So now he’s logged in to the vict...

More Europe, even more again and more workshops

I just spent almost a month in Europe and did an insane number of events: 7 workshops of 2 days each, 6 conference talks, video interviews, Pluralsight courses, media events, multiple user groups and amazingly, absolutely everything went perfectly to plan! Trips like that are both very intensive and very fulfilling and whilst 27 days was longer than I’d ideally like, I had a fantastic time in Europe so I’m coming back again – twice – in the coming months. I’ve give you the tl;dr version first t...

No, VTech cannot simply absolve itself of security responsibility

A few months ago, the Hong Kong based toy maker VTech allowed itself to be hacked [https://www.troyhunt.com/2015/11/when-children-are-breached-inside.html] and millions of accounts exposed including hundreds of thousands of kids complete with names, ages, genders, photos and their relationships to their parents replete with where they (and assumedly their children) could be located. I chose this term deliberately – “allowed itself to be hacked” – because that’s precisely what happened. In an era...