Since a very young age, many of us have been taught that C is for cookie [http://www.youtube.com/watch?v=Ye8mB6VsUHw] and that apparently, “That’s good enough for me”. Except it’s not – the hidden depths of the cookie were never really explored so is it any wonder that after being ingrained with such a trivial view of cookies from such a young age that so many of us are handling them in an insecure fashion? You see, there’s far more to cookies than meets the eye and I want to delve into a coupl...

Here’s a little magic trick in .NET: In ASafaWeb [https://asafaweb.com] I have a facility to schedule scans at a certain time of day. Because I want to be all warm and fuzzy and user friendly, when people sign up to the service I ask for their time zone then whenever they schedule a scan they enter the time of day they’d like it to happen in their local time and I pull some magic tricks to make it happen. The process has been working flawlessly since the middle of last year – until this weekend...

Browsing through my Facebooks the other day, I came across an interesting little sponsored ad: Banking, you say? In your Facebook, you say? What could possibly go wrong?! The overriding concern that immediately sprung to mind was that you’re mixing two domains of a very, very different nature. On the one hand we have our social media, frequently the source of status updates about our breakfast, commentary on the latest lolcats [http://en.wikipedia.org/wiki/Lolcat] and as I’ve written on nume...

I don’t know how Evernote stored my password, you know, the one they think might have been accessed by masked assassins (or the digital equivalent thereof). I mean I know that their measures are robust [http://evernote.com/corp/news/password_reset.php] but then again, so were Tesco’s [https://www.troyhunt.com/2012/08/why-xss-is-serious-business-and-why.html] and according to their definition, “robust” means storing them in plain text behind a website riddled with XSS and SQL injection (among oth...

45 seconds. That’s how long it took to crack 53% of the ABC’s now very public password database. That’s more than half of the almost 50,000 passwords that were publically exposed today [http://www.cyberwarnews.info/2013/02/27/abc-australia-hacked-49561-moderator-and-user-credentials-leaked/] . How the passwords (among other data) were exposed is yet to play out, but what we now know for sure is that the mechanism the ABC used to protect these credentials was woefully inadequate. Here’s how it wa...

It’s pretty much the hottest new “device” on the block today and yes, there’s a damn good chance that it could replace or at least significantly supplement a laptop. And a tablet. And possibly a desktop PC too. Scrolling back just for a sec, a couple of months back I sent Red Gate Software [http://www.red-gate.com] some tips on optimising ASP.NET web apps which then made their way into their free eBook titled 50 Ways to Avoid, Find and Fix ASP.NET Performance Issues [http://www.red-gate.com/pro...

A few weeks back I wrote about The impending crisis that is Windows XP and IE 8 [https://www.troyhunt.com/2013/01/the-impending-crisis-that-is-windows-xp.html] and boy did I hear some opinions! “Why should I be forced to upgrade?! I’m happy with my 11 year old OS dammit!” “I’m sick of Microsoft always changing things!” “Get off my lawn ya damn kids!” But most interestingly: “Why should I be forced to upgrade my hardware to run this new OS?!” Really? I mean I know there’s this unwritten law...

He lurks quietly in the darkness emerging only to briefly churn out some markup during business hours. He has no face, no name, no records. His only weapon is his word. He is: This is not the work of fiction, these ghosts walk among us, blending seamlessly into their environment until one day they emerge, seeking a job somewhere else. And when they do, prospective employers look for them and… they can’t be found. Anywhere. Yes, the “Ghost Who Codes” is real and you may even be one of them wi...

I’ve seen a few of these going around now, usually with different photos with some sort of mystique: The implied promise is of something interesting happening once you’ve clicked the like button and typed the number 1. There was one with an attractive girl and a square superimposed over her shoulder doing the rounds a little while ago too. I’ve seen others where the instructions are more explicit in terms of words or phrases to type. Here’s a good question: what usually happens when you like...

There will be those who disagree with me (hi DBAs!) but ORMs totally rock. Object Relational Mappers have been around for a while now and you may know them by names such as LINQ to SQL, NHibernate and Entity Framework (among others). The idea of ORMs is that all the plumbing between entities in the app and entities in the database can be abstracted away into a managed framework so that data access can become a no-mess, no-fuss affair. As with many automated ways to build apps, ORMs have their p...