My mate Lars Klint shared this tweet the other day: > Your password is not unique. pic.twitter.com/ga4GwxtzrQ [https://t.co/ga4GwxtzrQ] — Lars Klint (@larsklint) April 16, 2017 [https://twitter.com/larsklint/status/853507749488975873] Naturally, I passed it on [https://twitter.com/troyhunt/status/853517036131041280] because let's face it, that's some crazy shit going on right there. To which the Twitters responded with equal parts abject horror and berating comments for not having already iden...

Home again and blog wise, it was a quiet week. I've been working on some new material you'll see next month as well as preparing for upcoming Europe travels where I've got a heap of events to get to. I've got a new Lenovo to show you in this update plus I do talk quite a bit about that one blog post on building out a Ubiquiti network for my brother and his family which I'm now kinda jealous of! All that and a few other things in the update below, I've got a few extra things in the works for next...

The title of this blog post is what many of us techie folks dream of - free reign to build your own home network! It might seem like a pretty geeky dream (ok, it is a pretty geeky dream), but the reality is that we're increasingly dependent on our home networks these days because of the amount of stuff we connect to them. That little consumer-grade combination modem and wireless access point your ISP gave you or the one you bought from the local PC store is going to struggle to provide fast, rel...

Another beautiful spot today while I'm back in Sydney working on the agenda for NDC here in August [http://ndcsydney.com/]. It's a quick trip albeit one very jammed-packed as we work through over 700 talk submissions and try to distil them down to the best ~135 of the bunch. There's a few weeks of early bird tickets left so if you're down here in Aus (or feel like a holiday), get in and grab them cheap. This week, I'm really excited about this: > This is awesome - for the first time after 5 y...

I've been really actively involved with building things on Microsoft's Azure cloud for probably about 4 or 5 years now. Many of you will know already that Have I been pwned [https://haveibeenpwned.com/] (HIBP) was built from the ground up on Azure (in fact, one of the reasons I built the service was to play with Azure "in anger"!), what less people know is the work I'd been doing before that. In my previous life looking after Pfizer's software architecture in this corner of the world [https://w...

A Twitterer sent me this a few days ago: > .@troyhunt [https://twitter.com/troyhunt] you've got SSL issues in Chrome 58+ on @ASafaWeb [https://twitter.com/ASafaWeb] pic.twitter.com/qtUiMxV9tW [https://t.co/qtUiMxV9tW] — Jonathan (@Eonasdan) April 13, 2017 [https://twitter.com/Eonasdan/status/852523365076267008] Now normally when I get a report about an SSL thing not working (by which we mean TLS, but we say SSL anyway), I jump on over to SSL Labs (see?!) and run a report I can then direct peo...

Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big whack of our internet browsing history just in case. The theory these genius policy makers have is that if they can probe into all our lives far enough, they'll be able to see when we're doing terrori...

I didn't mean to talk for 42 minutes today, but somehow, I kinda ended up there. A good whack of that went to explaining how I'd done the subscription implementation you see below, especially as people had asked why there are two CAPTCHAs and indeed I wanted to explain why I'd even added the feature in the first place. Anyway, I've had hundreds of people sign up to it since yesterday so hopefully it's proving useful to those folks (I did end up fixing that IE bug too). There's that plus some com...

It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1348902]: > Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International is not wanted and was put there without our permission....

Someone sent me an email today which essentially boiled down to this: > Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft reports risk events [https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events#leaked-credentials] , one of which is the discovery of leaked credentials that match those...