Troy Hunt

As I’ve now widely publicised, I left Pfizer a few months back [https://www.troyhunt.com/2015/04/today-marks-two-important-milestones.html] after 14 years with the firm. You build up a lot of dependencies over 14 years, a lot of access to systems and a lot of people who count on you. As I was preparing to exit, I made a bunch of notes in a draft blog post because firstly, as I recently wrote in How I optimised my life to make my job redundant [https://www.troyhunt.com/2015/07/how-i-optimised-my-...

That’s right folks, I’m finally getting over to London! I’ve made so many awesome connections there over the years (hi Tesco [https://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html]!) and despite getting around quite a bit of late, I haven’t had the opportunity to actually spend time in the UK. All that changes in Jan and it’s thanks to the awesome guys at NDC [http://www.ndc-london.com/]! [http://www.ndc-london.com/] I actually spent a year living in London over the turn of t...

A couple of months ago I wrote about how fellow author Dale Meredith and myself are building out an ethical hacking series on Pluralsight [https://www.troyhunt.com/2015/05/its-ethical-hacking-with-sql-injection_21.html] and in that post I launched the first course I had written for the series on SQL injection. You can read about the ethical hacking series in that blog post and what my approach to covering the CEH syllabus has been (hint: I have my own take on it), but what I will again point out...

This morning I was reading a piece on the Ashley Madison hack [http://www.inquisitr.com/2281408/ashley-madison-hack-customer-service-impact-team-complaints-was-he-on-ashley-madison-site-down-as-users-turn-to-private-investigators/] which helped cement a few things in my mind. The first thing is that if this data ends up being made public (and it’s still an “if”) then it will rapidly be shared far and wide. Of course this happens with many major data breaches, but the emergence already of domain...

I’m very happy to be heading back to the US in a couple of months, this time to keynote at OWASP’s AppSecUSA in San Fransisco [https://2015.appsecusa.org/]. I had a great time in Amsterdam only a couple of months ago keynoting at AppSecEU as well [https://www.troyhunt.com/2015/02/app-sec-in-europe.html] and the whole event was just a heap of fun. It was a really good mix of security pros and developers, each bringing their own strengths to the show and making for some really interesting talks...

If I’m honest, the success of Have I been pwned? (HIBP) [https://haveibeenpwned.com] took me by surprise. It started out as an intriguing exercise to look at how the same accounts were being compromised across multiple data breaches and morphed into something well beyond that in pretty short order. The unexpected success of the service made for some really intriguing technology challenges and provided me with an excellent opportunity to push Microsoft’s Azure to the limits, not just in terms of...

I always find data breaches like today’s Ashley Madison one [http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/] curious in terms of how people react. But this one is particularly curious because of the promise of “discreet” encounters: Of course when the modus operandi of the site is to facilitate extramarital affairs then “discreet” is somewhat of a virtue… if they actually were discreet about their customers’ identities! This all made me think back to the Adult...

If you’re a regular reader, you may have noticed a rather major job change on my behalf [https://www.troyhunt.com/2015/05/so-dust-has-finally-settled.html] recently. The day to day office grind has gone and corporate life is now well and truly behind me, where it will firmly stay. One of the things that amazed me most when I finally wrote about this is how surprised so many people were that I actually had a normal day job: > Can't believe @troyhunt [https://twitter.com/troyhunt] had another jo...

So this has been getting quite a bit of airtime today: > @Sacro [https://twitter.com/Sacro] Hi Ben, I understand but as a business we've chosen not to have the compatibility with password managers. Thanks, Joe — British Gas Help (@BritishGasHelp) July 14, 2015 [https://twitter.com/BritishGasHelp/status/620956147680432128] Yes, it’s ridiculous and British Gas are getting the lambasting they so deserve, but egregious security faux pas is hardly a new thing for them: > @passy [https://twitter....

This is really not what you ever want to see on your own site: It’s a JavaScript prompt and no, it’s not meant to be there. Someone had successfully mounted an XSS attack against this very website! Now I’ve written a lot about XSS, I’ve authored multiple Pluralsight courses that talk about it in detail and I’ve run many workshops on the topic teaching others the very mechanics of how cross site scripting works. Yet here we are – XSS on my own blog. Fortunately, this was discovered by frien...