I don’t normally do the year in review thing, but then I don’t normally have a year like this either. Whilst it may not seem like it to the casual observer, life changed in so many significant ways in 2015, more so than any time in probably the last 15. The other day I was having a spin back through my tweets with media and I realised just how nuts things had been, so I thought I might capture a bunch of them here as they really tell the story. This is as much for me to reflect on the year as...

I’ve had a couple of experiences recently where guests have come to stay and then requested to jump on my wifi. In each case, I’ve declined and in turn they have expressed some degree of shock and outrage. Because it will happen again and because I don’t want upset guests staying in my house, allow me to articulate clearly and objectively why my network is off limits and why perhaps you too want to think twice about allowing access to yours. It’s not that I don't trust my guests… Let’s start he...

Every now and then, a Pluralsight course completely defies the odds of what I expected it to do. Now it’s not that I don’t think this latest one [https://app.pluralsight.com/library/courses/play-by-play-ethical-hacking-troy-hunt/table-of-contents] is a good course, rather it’s that it’s a play-by-play which effectively went like this: Pluralsight: Hey, how about you hack Gary Eimerman [https://twitter.com/garyeimerman] and we record it? Me: You had me at “hack”! And that’s about it – now it’...

Pluralsight content remains enormously popular among a growing audience of technology pros not just because of the breadth of content (we’re talking about well over 4,000 courses now), but because it’s so cheap to get into. Less than a dollar a day and you’ve got access to some really top notch content that’s created by some of the best in the business then scrutinised and peer reviewed to ensure it’s right up there as the best possible training material you can find on the web. It’s amazing the...

Hey, did you hear about this new security risk? It’s called SQL injection and attackers can just suck all your datas out of your system if you screw it up badly enough. Allegedly there’s like, millions of websites at risk and even kids can easily break into them! Wait – this isn’t a new risk?! Well how come it’s all over the news and these seriously large companies keep getting pwned by it?! How is that even possible?! And here we are at that reality of today; SQL injection, whilst well unders...

My Pluralsight courses get pirated all the time. I used to have Google alerts for them but frankly, the flood of emails I’d get each day just didn’t justify the “return” I’d get by forwarding them on to the Pluralsight piracy folks. I ended up rationalising it with the tongue-in-cheek analogy that those who would seek to pirate my security content are probably more likely to do evil things with it thus causing others to realise that they need security training! Of course I hope that’s not actual...

I suspect we’re all getting a little bit too conditioned to data breaches lately. They’re in the mainstream news on what seems like a daily basis to the point where this is the new normal. Certainly the Ashley Madison debacle [https://www.troyhunt.com/2015/08/heres-what-ashley-madison-members-have.html] took that to a whole new level, but when it comes to our identities being leaked all over the place, it’s just another day on the web. Unless it’s our children’s identities, that’s a whole new l...

In running Have I been pwned? (HIBP) [https://haveibeenpwned.com/], I often get asked – “Can I trust you with my email address?” – which I find to be a very odd question. It’s odd because for the most part, we never really think about how trustworthy a website is before we enter the address. What I mean by this is that we all sign up for dozens if not hundreds of services ranging from shopping to social to professional and enter a whole heap of data, including our email address all the time. We...

So someone sent me this on the weekend: They asked me to censor the Bitcoin address because as you can see above, it’s unique to them and quite understandably, they don’t want anything that can tie this blackmail attempt back to them going public. Except that the address is a perfect match with this one: > Looks like some people are attempting to capitalize on the @Patreon [https://twitter.com/Patreon] hack/leak. @Troyhunt [https://twitter.com/troyhunt]. Kinda funny to me. pic.twitter.com/8...

I did a security workshop in a faraway land recently. I’ll not say which one because I want to ensure there’s an appropriate level of anonymity for this story as it could be rather inconvenient for the subject of it otherwise. Anyway, I do my usual thing of showing attendees how to hack their own things. We do SQL injection and XSS and a whole bunch of other really hands on stuff targeted at developers. The niche I find myself filling these days is security content that talks to folks who actua...