Over the last week, the Hacking Team story has absolutely exploded. It’s dominated the security news, featured heavily in tech publications and regularly appeared in the mainstream press. The 400GB of data leaked has been extensively torrented, mirrored and reproduced then of course commentated on at length in various articles and social media pieces. In terms of public breaches, this is as exposed as data gets. Clearly, this incident is also highly controversial. Hacking Team has long been und...

Recent I wrote about Speaker style bingo [https://www.troyhunt.com/2015/06/speaker-style-bingo-10-presentation.html] which called out a bunch of common anti-patterns I see (and indeed have done myself) in technical talks. If I’m honest, I’m a bit surprised at how much attention that post garnered and it appears to have really resonated with people. When I wrote that post, I was back home but between speaking events in Europe so was both reflecting on the talks I’d just done and preparing for the...

I hate getting notices like this one from a few hours ago: I’ve had many of these already over the years and I’m sure I’ll see many more in the years to come, that’s just how the web seems to work these days. But here’s what really got my attention in Plex’s email today: > We're sorry for the inconvenience, but both your privacy and security are very important to us Oh good, feeling much better now! So privacy and security are important, but with the benefit of hindsight, probably not imp...

I had a crazy trip to the Norwegian Developers Conference in Oslo this month; 2 days of workshops, a user group presentation, 2 conference talks, a podcast and a panel discussion. Despite the craziness of it all though, I was massively pleased that after the dust settled on the more than 150 speakers presenting over 200 talks, I found myself up here: Those little buzzers in front of the screen were hit on the way out and it so happened that I had a huge number of the green ones selected for...

During my travels over recent weeks I’ve been doing a quick demo that works like this: First, I open up the dev tools in Chrome and select the network tab. Second, I load up americanexpress.com [http://americanexpress.com] and show the network requests: I point out how the first one goes out over HTTP because this is what browsers do when you don’t explicitly enter a scheme such as “https://”. The server responds to this request with an HTTP 301 “Moved Permanently” and a “location” header w...

You know how you like free stuff? And cloud? And security? Of course you do – what’s not to like?! Well because Pluralsight and CloudFlare love it, we’re making my latest course available to everyone 100% for free for the next week [https://get.pluralsight.com/free-weekly-course.html]. [https://get.pluralsight.com/free-weekly-course.html] This is a great course for anyone who wants a very slick way of quickly adding SSL and raft of other security features to their site with a bare minimum of...

A couple of weeks ago I did a free webinar on Pluralsight titled Why SQL Injection Remains the #1 Web Security Risk Today (and what you should know about it) [https://get.pluralsight.com/webinar_why_sql_injection_remains_the_1_web_security_risk_today.html] . This is a rather self-explanatory title and it’s completely true – SQL injection remains a big thing and we keep getting it wrong. Like an example? Only 8 months ago, Drupal had a major vulnerability in their product [https://www.drupal.org/...

I’ve had a week and a bit playing with the Apple Watch, pretty much all of that time being on flights and at events which is probably not a normal usage representation, but it’s certainly given me a chance to give it a good workout. Some stuff is good, some is bad and a bunch of it is quite frankly absolutely pointless. But I expected that – it’s what you get with first gen tech – what I was more interested in is how it changes the way I might do otherwise normal everyday stuff. Pictures speak...

You may not realise this, but you use CloudFlare [https://www.cloudflare.com/]. You probably use it every day and you do so without even realising it. You reap numerous benefits from it as well but they’re seamless – it just makes your browsing experience better. By better I mean faster and most importantly in the context of this blog post and my latest Pluralsight course [http://www.pluralsight.com/courses/cloudflare-security-getting-started], more secure. Unless you’re an attacker in which cas...

There’s been a huge amount of activity on Have I been pwned? [https://haveibeenpwned.com/] (HIBP) in recent weeks, particularly in the wake of the Adult Friend Finder breach [http://time.com/3893946/adultfriendfinder-data-breach/] which drew a lot of attention. The activity has comprised of organic browser-based traffic as well hits to the API [https://haveibeenpwned.com/API/v2]. The latter in particular is interesting as you can see a steady rate of traffic (or a steady increase of traffic) sud...