Troy Hunt

I’m not often astounded by the woefulness of a security practice any more, but every now and then there’s a notable exception. Take this one, for example: > @BetfairHelpdesk [https://twitter.com/BetfairHelpdesk] Is it right that all one needs to change their password is their username and date of birth? — Paul Sawers (@psawers) April 23, 2015 [https://twitter.com/psawers/status/591279641828143104] Yes, that’s exactly what it looks like and just for the sake of posterity should those Betfair r...

I was preparing for a talk last weekend where I wanted to show the sorts of bad mobile app behaviours you can readily find using Telerik’s Fiddler [http://www.telerik.com/fiddler]. Now I’ve spent quite a bit of time over the years looking at the behaviour of the apps we use every day on our phones, in fact it was nearly four years ago that I wrote Secret iOS business; what you don’t know about your apps [https://www.troyhunt.com/2011/10/secret-ios-business-what-you-dont-know.html] and called out...

Today marks two important milestones for me – it’s the first time I’ve ever mentioned Pfizer [http://www.pfizer.com] on this blog and after 14 years, it’s my last day working for them. Both those milestones are significant and in their own ways, mark a pivotal point in my career. For those that are interested, I’d like to tell you what I’ve been doing in recent years and give a hint of what will come next. “Architect” There’s this odd thing that tends to happen in many peoples’ careers and I...

I’ve been having a few sleepless nights lately worrying about the big one. The big “what”, you ask? I mean another massive data breach the scale of Adobe back in 2013, you know, the one where they had a 153 million user accounts wander out the door. If I had to load those into Have I been pwned? [https://haveibeenpwned.com/] (HIBP), frankly I’m not sure how I’d do it. Or at least I wasn’t sure. When I first wrote about how I built the system [https://www.troyhunt.com/2013/12/working-with-154-mi...

This content is now available in the Pluralsight course "Getting Started with CloudFlare Security" [http://www.pluralsight.com/courses/cloudflare-security-getting-started]As you may be well aware by this, Microsoft’s Azure gets me rather excited [https://www.troyhunt.com/search/label/Azure]. That’s not without merit IMHO, it’s a sensational product for all the reasons you can read about in the blog posts at the end of that link. Almost without exception, when I get a question about Azure I have...

I didn’t think there was much wrong with my existing recording setup, but it turned out to be one of those “You don’t know what you don’t know” kind of things. It was only whilst over at the Pluralsight author summit [https://www.troyhunt.com/2015/03/on-being-pluralsight-author.html] last month that I talked to people who actually knew what they were doing and then I realised what was wrong! As a result of that visit, I’ve just finished totally revamping my recording setup. New mic. New boom. N...

Let’s just get this out of the way early – Azure is awesome. No really, I am continually blown away by the stuff you can do with it, how cheaply you can do it and just how much it changes the conversation you can have with those you’re delivering solution to using Microsoft’s cloud. This is not an endorsement based on my affinity for Microsoft nor is it constructed from what I read or see at talks, it’s based on my own firsthand experiences delivering real world software on the platform. I’ve b...

It’s never real nice waking up to something like this: This was Have I been pwned? [https://haveibeenpwned.com] (HIBP) first thing my Saturday morning. The outage was accompanied by a great many automated email notifications and manual reminders from concerned citizens that my site was indeed, down. Having my Azure showcase site down at the very same moment as my Pluralsight course on Azure was launched – Modernizing Your Websites with Azure Platform as a Service [http://www.pluralsight.com/c...

Update: Literally an hour after posting this, I had another call running the same scam. As suggested earlier [https://twitter.com/DAkacki/status/584191349836095488], I broadcast this one via Periscope [https://www.periscope.tv/] and you can can go back and watch it via the app. I’ll be more organised next time and have a special machine ready for them :) These things just don’t stop. I had my first seriously nasty one [https://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html]...

Last year was rather busy. I pushed out 78 blog posts. I had lots of millions of page views with over half a million on the Shellshock bug post [https://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html] alone (and mostly just in September). There were a bunch of conferences both down here in Australia and overseas, a few national TV spots and another 5 Pluralsight courses. And the ultimate endorsement of online success, abusive trolls. It was a very good year :) So per the title...