Last week we got news of the Rosebutt data breach [http://motherboard.vice.com/read/rosebuttboard-ip-board]. This is a very particular class of site and like many others we've recently seen compromised, it's highly likely that members would have preferred to keep their identities secret. It doesn't matter if you don't agree with the lifestyle choice of those on the site and certainly I myself am not one to look around the house at everyday items and think "I wonder if that could...". That's enti...

A couple of months ago I did a video titled Understanding CSRF, the video tutorial edition [https://www.troyhunt.com/understanding-csrf-video-tutorial/] which was a pretty raw run through of the mechanics and defences of cross site request forgery. It's content I often show in my workshops [https://www.troyhunt.com/workshops/] and I recorded the video pretty much as I present it in those sessions. Today I thought I'd do one on content security policies or as we otherwise know it, CSP. This is...

Round 2 of European travel for me this year has just wrapped up with talks in Brussels for Techorama (which incidentally, was sensational!) followed by a private event for a multinational information services company in Barcelona doing my usual Hack Yourself First workshop [https://www.troyhunt.com/workshops/]. But it's time for the next one already so it's back to Europe again and then after catching my breath at home for a couple of week, time for some US travel for the first time this year. L...

This was pretty big news 18 months ago: It was what greeted Sony Pictures employees [https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack] when they turned up to the office and switched on their machines. Machines infected with malware was one thing - a very bad thing at that - but it got much, much worse for Sony. In all, we saw about 40GB of company data walk out the proverbial door and it included everything from employee credentials to unreleased films to somewhere in the order...

Let me start with this headline [http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6]: Other headlines went on to suggest that you need to change your password right now [http://www.iflscience.com/technology/millions-passwords-hotmail-gmail-and-yahoo-have-been-stolen] if you're using the likes of Hotmail or Gmail, among others. The strong implication across the stories I've read is that these mail providers have been hacked and now there's a mega-list of stolen accounts floating...

I've just been reading Kingpin by Kevin Poulsen [http://www.amazon.com.au/Kingpin-Butler-master-billion-network-ebook/dp/B006FLRFQK?ie=UTF8&keywords=kingpin%20hacker&qid=1461881397&ref_=sr_1_1&sr=8-1] which sheds some really interesting light on criminal credit card fraud in the mid 2000's. Towards the end of the book, there's a reference to a 1997 case in which the government persuades the sentencing judge to permanently seal the court transcripts for fear that disclosure would impact the targ...

I certainly didn't expect it would go this far when I built Have I been pwned [https://haveibeenpwned.com/] (HIBP) a few years ago, but I've just loaded the 100th data breach into the system. This brings it to a grand total of 336,724,945 breached accounts that have been loaded in over the years, another figure I honestly didn't expect to see. But there's something a bit different about this 100th data breach - it was provided to me by the site that was breached themselves. It was self-submitte...

Update (just a couple of hours later): We're fixed! By all means, read the background it you're having similar problems or jump to the bottom for the solution. -------------------------------------------------------------------------------- I'm writing this post because I've pretty much exhausted all other avenues. I'm out of ideas. I'm stumped. I'm also missing a truckload of Disqus comments that should be appearing on many of the blog posts I've just migrated. Let me explain what I've done...

It's been 434 blog posts over six and a half years. It's gone from being excited about a hundred visitors in a week to hundreds of thousands on a big day. It's taken me from a hobby to a career. In so many ways, this blog has defined who I am and what I do today but finally, it was time for a change. You're now reading an all new blog in an all new design on an all new platform. The content is the only thing that remains and I've literally rebuilt everything from the ground up over the last few...

Remember when OPM got breached last year [https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach]? There was a lot of excitement in various parts of the world (namely the US) because here we had a government department (Office of Personnel Management), and they’d just lost 21.5 million records! These records included such sensitive data as names, dates of birth and addresses and by any reasonable measure, it was serious – that’s almost 7% of the country’s population! Yet some...