He lurks quietly in the darkness emerging only to briefly churn out some markup during business hours. He has no face, no name, no records. His only weapon is his word. He is: This is not the work of fiction, these ghosts walk among us, blending seamlessly into their environment until one day they emerge, seeking a job somewhere else. And when they do, prospective employers look for them and… they can’t be found. Anywhere. Yes, the “Ghost Who Codes” is real and you may even be one of them wi...

I’ve seen a few of these going around now, usually with different photos with some sort of mystique: The implied promise is of something interesting happening once you’ve clicked the like button and typed the number 1. There was one with an attractive girl and a square superimposed over her shoulder doing the rounds a little while ago too. I’ve seen others where the instructions are more explicit in terms of words or phrases to type. Here’s a good question: what usually happens when you like...

There will be those who disagree with me (hi DBAs!) but ORMs totally rock. Object Relational Mappers have been around for a while now and you may know them by names such as LINQ to SQL, NHibernate and Entity Framework (among others). The idea of ORMs is that all the plumbing between entities in the app and entities in the database can be abstracted away into a managed framework so that data access can become a no-mess, no-fuss affair. As with many automated ways to build apps, ORMs have their p...

Regular readers of this blog would have seen sagas such as Anatomy of a virus call centre scam [https://www.troyhunt.com/2011/10/anatomy-of-virus-call-centre-scam.html], Scamming the scammers – catching the virus call centre scammers red-handed [https://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html] and my personal favourite, “Type www.” – “Ok, w-w-w-d-o-t”; antagonising call centre scammers [https://www.troyhunt.com/2012/04/type-www-ok-w-w-w-d-o-t-antagonising.html]. That...

As sure as night turns into day, sooner or later your PC will descend into an unrecoverable abyss where it no longer boots, stays booted or can’t even get booted to begin with. I’ve had memory go bad, motherboards die, CPUs fried, many mechanical disks develop bad sectors and now for the second time, an SSD gradually turn itself into nothing more than a paperweight. I now have a very robust backup strategy which I’ll come back to (courtesy of previously losing data and deciding that was never g...

It’s the Low Orbit Ion Cannon and yes, you can be arrested and sentenced to a prison term for using it to mount a distributed denial of service attack on a website. But let’s not get ahead of ourselves, there are a few things to understand first. LOIC has shot to fame in recent years as the tool of choice for what we colloquially refer to as hacktivists [http://en.wikipedia.org/wiki/Hacktivist], or in other words, folks with an axe to grind – usually for political purposes – who use the web to...

A few months back I had another chat to Today Tonight, a national prime time current affairs program I’ve previously appeared on in relation to call centre scammers taking over unsuspecting victim’s PCs [https://www.troyhunt.com/2012/08/virus-scams-social-engineering-victims.html]. This time it was about the security of internet banking which gave me a chance to collate some good practices, many of which didn’t go to air but I kept hold of with the intention of sharing in the context of the vide...

Do you remember what you were doing in October, 2001? You weren’t watching videos on YouTube, updating your Facebook status or even using the term “social media”. It was still the days of web 1.0 and REST was something you did when you were tired. If you had a puppy, it’s probably no longer with us. This was a cutting edge device: Websites were “Best viewed in Internet Explorer 5” and looked like this: That 800x600 image was the typical resolution too, it was the most your common 15” CRT...

I write a lot about website security. Sometimes I’ll publicly point out flaws in software but there are many, many other times where it remains a private conversation for various reasons. The one common thread across most of these incidents is that as developers, we often make bad security design decisions. It’s us – the organic matter in the software development process – that despite the best of intentions make bad choices that introduce serious risks. My belief – and one of the key reasons I...

It was a few months back now, but last year I spent a little time with fellow MVP Denny Cherry [http://twitter.com/mrdenny/] on his podcast People Talking Tech [http://peopletalkingtech.com]. We had a great talk about security in general with a lot of focus on SQL Injection in particular. It’s a nice light-hearted 24 minute chat that I enjoyed doing and I hope you enjoy listening to. You can listen online or download from People Talking Tech, Episode 18 – Troy Hunt [http://peopletalkingtech.com...