It’s about six weeks into the life of Have I been pwned? [https://haveibeenpwned.com] now and I’m enormously pleased with the reception its received. The fact that I’ve had to write posts like the micro optimisation one [https://www.troyhunt.com/2013/12/micro-optimising-web-content-for.html] or the one about getting too big for Google [https://www.troyhunt.com/2013/12/too-big-for-google-when-analytics-fails.html] and had to deal with all the problems I’ve discussed there has actually been a very...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was checking the NewRelic [http://newrelic.com] stats on “Have I been pwned?” the other day (you do have the free NewRelic service on your Azure websites [http://www.hanselman.com/blog/PennyPinchingInTheCloudEnablingNewRelicPerformanceMonitoringOnWindowsAzureWebsites.aspx] , righ...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]A few weeks ago now I launched the notification service for Have I been pwned? [https://www.troyhunt.com/2013/12/have-you-been-pwned-now-you-can-be.html] (HIBP). The premise of the service is that whilst it’s great to be able to go to the HIBP website [https://haveibeenpwned.com/]...

I was amused (and frankly a little bewildered) the other day to see this bloke in the paper [http://www.couriermail.com.au/news/queensland/brisbane-motorist-fined-for-leaving-car-window-slightly-down-on-hot-day/story-fnihsrf2-1226793936291] : What he’s holding there is a fine… for leaving his car windows down a little. You see, the police down here took a view that in doing so he was inviting criminals to break into his car by very clearly leaving his security in a compromised state. This, in...

Did you know that every time you submit a Web Forms page it sends a hash-based message authentication code with it so that the website can ensure the View State hasn’t been tampered with? Or that every time you use the MVC Razor syntax to emit anything to the page it HTML encodes it? Unless, of course, you’re using the Html.Raw helper – oh and that none of that does you any good in the JavaScript and CSS contexts or the HTML attribute context? Were you aware that ASP.NET limits the size of the...

I thought I’d seen it all when it comes to cold call virus scammers, you know, the guys who call you up from “Windows” because they’ve had reports of viruses from your machine? I’ve recorded their audio [https://www.troyhunt.com/2011/10/anatomy-of-virus-call-centre-scam.html], recorded their video [https://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html], antagonised them [https://www.troyhunt.com/2012/04/type-www-ok-w-w-w-d-o-t-antagonising.html], interviewed one of the blo...

Well we almost made it through the first day of the new year without a major data breach; it got to about mid-afternoon my time then wammo! The 2014 breach count was off and racing. If I’m honest, I actually spent some procrastinating over whether this could really be considered a breach and indeed if the data was even of any functional value to an attacker. I came to the conclusion that it is and, well, it is. Let me explain the thinking and why I’ve made it searchable via Have I been pwned? [...

I noticed an odd trend when reviewing the ELMAH [https://code.google.com/p/elmah/] logs in Have I been pwned? [https://www.haveibeenpwned.com/] recently. I was seeing a lot of 404 “Page not found” errors for paths like this: /gen204?client=te-lib-alt&trans=confSum=982,numLowConf=0,numPhrases=1,cB15=1,cB19=1 /gen204?client=te-lib-alt&trans=confSum=4726,numLowConf=0,numPhrases=5,cB15=1,cB19=4 /gen204?client=te-lib-alt&trans=confSum=2000,numLowConf=0,numPhrases=2,cB20=2 Uh, ok, this doesn’t look...

Just under three weeks ago now, I launched Have I been pwned? [https://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html] which could tell you if you owned one of 154 million email addresses that had been caught up in recent data breaches. Subsequently, the site turned out to be wildly popular [https://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html] and as with such things, a lot of good ideas came up in terms of features people would like to see. Without doubt, the numbe...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I had a little problem last week. I built a very small website [http://haveibeenpwned.com] – really just a one pager with a single API – whacked it up on an Azure website and then promptly had a quarter of a million people visit it in three days. Uh, bugger? Ok, what’s behind the...