Who wants free stuff? C’mon, everybody wants a free lunch, right? Yes, yes they do and that’s precisely the trigger used in scams like this one. Recently I wrote about the mechanics of another Facebook scam [https://www.troyhunt.com/2012/10/she-did-what-in-school-mechanics-of.html] where the “bait” was photos of a salacious school girl. Many people – including female friends and my mother in law – readily fell for that one. This one takes quite a different and rather cunning approach which chai...

So today is November 5 and as promised, the global anonymous tirade has descended. The victims so far are both numerous and diverse; PayPal, ImageShack, Lady Gaga (I’m told this outage is a bad thing), Saturday Night Live and so on and so forth. Down here in Australia where our clock ticks over before most of the rest of the world, the November 5 shenanigans have started a little earlier. What that means is we’ve got a whole lot of sites looking like this right now: These sites include Ascen...

After a short exchange of friendly but accusatory cross-continental messages, I’ve learned something new about .NET projects today. Let me start with the symptoms as that’s the first thing I Googled for and how I suspect others will find this and save themselves some pain in the future. Let’s say you have a solution like this: This is a brand newie right out of the box to demonstrate the problem. The web project references the ClassLibrary project as a project reference. In other words, the...

I’ll admit to some amusement when I see friends liking pages such as this: I’ll admit to even more amusement when they’re mature adults (of either gender) or as seen recently, when they’re my mother in law. Of course when confronted about their salacious ways they’ll always swear black and blue that they never “liked” the link. Except they did, they just didn’t know it. What you’re seeing here is a Facebook “worm” or in other words a script which replicates itself. Someone sees it, clicks th...

This content is now available in the Pluralsight course "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/ethical-hacking-sql-injection]You know what really strikes me about a lot of the hacks we’ve seen lately? It just seems too easy. I mean we’re seeing a huge number of attacks (an unprecedented number, by some figures) and all too often the perpetrator is a kid. I don’t mean that in a relative sense to myself as I get older, I mean literally a child. The problem, of course...

Who’s hacking us? How are we (as developers) making this possible? What are some of the common flaws we’re building into software? And what exactly is “pwned” anyway?! All these questions and more come up and get answered in the presentation I made to Developers Developers Developers! [http://lanyrd.com/2012/dddsydney/] in Sydney a few months ago. Fortunately the good folks at SSW [http://www.ssw.com.au/ssw/default.aspx] were kind enough to record and very professionally produce a number of the...

Last week, with the help of the good folks at Red Gate, I set up a little competition to give away 5 licenses [https://www.troyhunt.com/2012/09/life-without-source-control-share-your.html] of their very excellent SQL Source Control [http://www.red-gate.com/products/sql-development/sql-source-control/] product. The entry criteria was simple – share your most painful experience which could have been avoided by using source control. Many painful stories emerged but I thought it worth sharing and c...

Back around the turn of the millennium and during the final heights of the dot com boom, I found myself in London building the UX for the brand new online-only cahoot bank [http://www.cahoot.co.uk/]. (I then realised the miserable weather I was enduring was, in fact, summer and hastily returned to a balmy Aussie winter. But I digress.) As with most things dot com, days regularly stretched into nights and frequently consisted of copious amounts of both caffeine and beer. Mistakes were made. The...

Who likes being treated like they’re in a minority group? Unless it means you’re in that exclusive group of playboy (or girl) billionaires, “minority group” often ends up with you being unfairly discriminated against because you don’t represent the perceived majority. As with social discrimination, technology discrimination is frequently the product of ignorance; people often don’t understand the impact of their choices. What a lot of this boils down to is culture, or more specifically, lack of...

There are two security principles which I hold dearly but are often counterintuitive: 1. Users should be able to create any conceivable password they desire – no limits! 2. All input should be treated as hostile and properly sanitised against a whitelist. This is counterintuitive advice in so far as that second point has always been partially supported natively by ASP.NET request validation. I say “partially” because it’s not the final word in request validation [http://www.asp.ne...