It happened again – someone tweeted me about a negative security experience and I just had to take a look: [https://twitter.com/andrew_barratt/status/285343903874428928] C’mon, really? This can’t be for real. But a little more investigating and here we are: [https://twitter.com/EE/status/285305896358256640] This is bad (for reasons I’ll discuss shortly), but it’s far from isolated: [https://twitter.com/EE/status/285045909287497730] EE is over in the UK and they’re “the new network for y...

This content is now available in the Pluralsight course "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/ethical-hacking-sql-injection]Everybody knows the easiest way to save yourself from SQL injection is to use object relational mappers (ORMs such as Entity Framework) or stored procedures, right? Often I see this becoming a mantra: “You don’t need to worry about SQLi if you’re using [Entity Framework | stored procedures]”. I also see the mantra blindly repeated and it’s wro...

Three and a bit years on and it’s time for a change. Blogging has been good to me – very good – but I was starting to feel a bit like the plumber whose own house was full of leaky pipes. Heavy markup burdened by Blogger’s propensity for in-page CSS, completely mobile unaware and as I’ve written before, not real friendly for those half a billion Chinese internet users [https://www.troyhunt.com/2012/03/browsing-broken-web-software-developer.html]. Plus of course, several years of design weariness...

One of the things I’ve really enjoyed about blogging and engaging with the development and security communities is some of the opportunities it’s opened up simply by doing thing I really enjoy. I’m talking about opportunities like the MVP award, joining up with the Friends of Redgate and numerous other perks and rewards that seem to pop up out of the woodwork. I’m very happy to now be joining the ASPInsiders [http://aspinsiders.com]: The who now?! > The ASPInsiders is a select group of int...

It happened again. Well actually, it happens all the time but I got inadvertently drawn into it again. I’m referring to this: [https://twitter.com/wishgenie/status/273396847802974208] Totally secure! Not just “pretty” secure or “really” secure but totally secure! I need to learn how to do that. Now this was in response to the following tweet: [https://twitter.com/scampreturns/status/273103876075421697] This is a familiar banter; a concerned customer raises a valid point about the technica...

This week’s post on Disassembling the Woolworths Facebook scam [https://www.troyhunt.com/2012/11/disassembling-woolworths-facebook-scam.html] has had a pretty good run. In part, I suspect this is due to the approaching holiday shopping season and in part because I know this scam is really doing the rounds and being seen by a lot of people. Yesterday I had a chat with Dan Kaplan from Secure Computing Magazine [http://www.scmagazine.com/podcast-the-anatomy-of-a-facebook-gift-card-scam/article/269...

Who wants free stuff? C’mon, everybody wants a free lunch, right? Yes, yes they do and that’s precisely the trigger used in scams like this one. Recently I wrote about the mechanics of another Facebook scam [https://www.troyhunt.com/2012/10/she-did-what-in-school-mechanics-of.html] where the “bait” was photos of a salacious school girl. Many people – including female friends and my mother in law – readily fell for that one. This one takes quite a different and rather cunning approach which chai...

So today is November 5 and as promised, the global anonymous tirade has descended. The victims so far are both numerous and diverse; PayPal, ImageShack, Lady Gaga (I’m told this outage is a bad thing), Saturday Night Live and so on and so forth. Down here in Australia where our clock ticks over before most of the rest of the world, the November 5 shenanigans have started a little earlier. What that means is we’ve got a whole lot of sites looking like this right now: These sites include Ascen...

After a short exchange of friendly but accusatory cross-continental messages, I’ve learned something new about .NET projects today. Let me start with the symptoms as that’s the first thing I Googled for and how I suspect others will find this and save themselves some pain in the future. Let’s say you have a solution like this: This is a brand newie right out of the box to demonstrate the problem. The web project references the ClassLibrary project as a project reference. In other words, the...

I’ll admit to some amusement when I see friends liking pages such as this: I’ll admit to even more amusement when they’re mature adults (of either gender) or as seen recently, when they’re my mother in law. Of course when confronted about their salacious ways they’ll always swear black and blue that they never “liked” the link. Except they did, they just didn’t know it. What you’re seeing here is a Facebook “worm” or in other words a script which replicates itself. Someone sees it, clicks th...