It may sound like a Tintin adventure, but the Crystal Microphone is far from make believe and as it turns out, one of the fabled awards now adorns my desk: The engraving is self-explanatory and I’m enormously proud of the success of Hack Yourself First: How to go on the Cyber-Offense [http://pluralsight.com/training/Courses/TableOfContents/hack-yourself-first]. It went to the top 10 very quickly at a time when there were 700 other courses vying for eyeballs and several months on it’s rated 4...

I’m frequently amused by the sort of stuff my Facebook friends “like”. For example: The more salacious content you find around Facebook often has a hidden agenda, for example the classic She did WHAT in school [https://www.troyhunt.com/2012/10/she-did-what-in-school-mechanics-of.html] scam I wrote about last year. Snapchat [http://www.snapchat.com/] allows you to take a pic or a video and set an expiry date after which it’s “theoretically” destroyed, just the sort of stuff that appeals to sex...

Last month I had a great couple of days at Web Directions South in Sydney. Great on the first day because I got to kick back and watch messages like this popping up on the Twitters: And then great on the second day because I got to talk to everyone about what it means to your app security to have your wifi hijacked. The video of that talk has just gone up on YouTube and IMHO, it’s come up rather well: I also wrote in more detail about how I used the Pineapple at Web Directions and what data...

I’ve been working on a little project recently that involves handling hundreds of millions of email addresses from various sources. More on that in a later post, but for now let’s just assume that I want to have a reasonable degree of confidence that each of these addresses from an untrusted source is valid. Indeed many of them are just rubbish – beyond the obvious “does it have an @ symbol”, a bunch of them don’t have dots in the domains or contain illegal characters in places where they just s...

I had bit of feedback on my last post I hadn’t seen in the past. For example, this one on Twitter [https://twitter.com/couchsecurity/status/400212134480470016]: > 0% of this page renders with Ghostery turned on. I'm not sure if this is irony, or which... And then reinforced by Mikko Hypponen [https://twitter.com/i/connect]: > I noticed the same thing. Troy, you might want to check out your blog against Ghostery's default settings. And repeated on Hacker News [https://news.ycombinator.co...

Adobe had a little issue the other day with the small matter of 150 million accounts being breached and released to the public. Whoops. So what are we talking about? A shed load of records containing an internal ID, username, email, encrypted password and a password hint. Naked Security did a very good write up on Adobe’s giant-sized cryptographic blunder [http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/] in terms of what they g...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]So I had this plan: I was going to download the (very unfortunate) Adobe data breach [http://stricture-group.com/files/not-adobe.7z], suck it into SQL Server, do the usual post-import data clean up then try and draw some insightful conclusions from what I saw. Good in theory and so...

There’s this whole idea of “the creepy line” when it comes to the way our personal data is collected and reused without our permission. Eric Schmidt of Google fame reckons they get right up to it without crossing it [http://blogs.telegraph.co.uk/technology/shanerichmond/100005766/eric-schmidt-getting-close-to-the-creepy-line/] or in other words, they push the boundaries as far as society will tolerate without getting too pissed off. Thing is though, how you define “creepy” is a very personal th...

Update: 17 Feb 2014: Sanity has prevailed and the service has now been pulled [http://www.zdnet.com/linkedin-dumps-intro-in-services-overhaul-7000026123/]. -------------------------------------------------------------------------------- LinkedIn Intro [https://intro.linkedin.com] has already become known by many names: A dream for attackers [http://www.theverge.com/2013/10/25/5027334/linkedin-intro-security-concerns-bishop-fox-mandiant] , A nightmare for email security and privacy [http://ven...

So I’ve just wrapped up another Web Directions [http://webdirections.org/wds13] presentation where the Pineapple has featured. The what now?! You know, the WiFi Pineapple [https://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html], that little guy with the ability to do all sorts of nasty things to wireless traffic. Now I’ve Pineappled before, but I’ve never Pineappled quite like this and that’s all down to the Mark V [http://hakshop.myshopify.com/products/wifi-pineapple] w...