I was getting a little fed up with the craziness I kept seeing on the web when it comes to security, so I created this: [http://lh3.ggpht.com/-nAoaSvA-cZE/U_r33Cj89lI/AAAAAAAAHAc/TYQYwW3Kz_Q/s1600-h/Logo24.png] That’s right, a great big freakin’ padlock with a straightjacket or more to the point, I created the Twitter account @InfoSecInsanity [https://twitter.com/InfoSecInsanity]. So what exactly is InfoSec Insanity? We’ll let’s take this example from the weekend on restricting passwords wh...

How did you get started in this industry? I mean what made you go “Hey, sitting it a keyboard day in day out whilst focussed on screens and not seeing much sunlight sounds awesom…” – wait, it doesn’t sound quite so awesome when you think of it like that. In fact that was my original view of computers in general but as I told Shawn Wildermuth on his latest Hello World podcast [http://wildermuth.com/hwpod/36_Troy_Hunt], that view of the world soon changed. The change of heart was more than helped...

This is one of those “I keep doing this and it hurts each time and there’s never a good concise resource that explains it well so I’m writing one” posts. Yes, yes, I know it’s easy – if you have Ruby installed. Or you’re living in a *nix world. Or you have a reasonable understanding of Git. Or you get pleasure from pain. However, if you’re living on Windows and you just want to get the damn thing done, it can be painful. I keep setting up new machines and having to remember how to do this from...

We’ve become accustomed to the whole idea of us being electronically tracked based on our various personal habits. In fact just the other day I was asking online about Bose headphones, did a couple of searches then next thing I knew, my own blog was plugging them to me: But again, we’ve got a bit of a sense of tracking cookies now and that the same ad networks operate across seemingly independent websites therefore providing the ability to track and target information. Ratchet up the tracki...

A couple of Saturdays back I spent a day down in Melbourne at DDD [http://www.dddmelbourne.com/] doing the usual combination of showing people some of the ridiculous stuff we’re doing on the net in relation to privacy, how we as developers are building some woefully insecure apps and generally making everyone depressed about the state of web. I do mean that in a constructive way though and indeed that’s the entire premise behind the Hack Yourself First courses I’ve been writing [http://pluralsig...

Did I mention already that NDC was totally awesome [https://www.troyhunt.com/2014/06/ndc-2014-vikings-passwords-and.html]? Pretty sure I said something along those lines (many, many times) and as you’ll see from the presentations I did in that link, I had a heap of fun while I was there. Actually, I had so much fun that I’ve already committed to go back in 2015. That’s it, I’m there! While I was there, I finally got to catch up in person with Carl and Richard of .NET Rocks fame. I’ve been on th...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]Almost without exception, every week I will have one if not both of the following two discussions: Discussion 1: Illusory superiority of website scale The whole idea of illusory superiority [http://en.wikipedia.org/wiki/Illusory_superiority] is that people get around overestimati...

I just moved all my DNS things from GoDaddy to DNSimple. The reasons are self-evident; here’s the visual journey. The public face Danica Patrick: Model, racing driver who can go fast in circles and attractive promo face: Anthony Eden: Coder, open source contributor, founder of DNSimple and rocks a mean beard and pipe: Signup Step 1: Step 2 (she’s also quite pretty – not sure she has a lot to do with domains though): Step 3: Step 4: Step 5: Step 6 (any moment now they’re goi...

Why do we bother with SSL? I mean what’s the risk that we’re trying to protect against by using certificate authorities and serving up traffic over HTTPS? Usually it’s men (or possibly even women) in the middle or in other words, someone sitting somewhere between the client and the server and getting their hands on the data. Do we all agree with this? Yes? Good, then why on earth would you possibly say this? [https://twitter.com/HoytsAustralia/status/478320507402465281] This was in response t...

For some years now, one of the first things I’ve dropped into any new project has been ELMAH [https://code.google.com/p/elmah/]. Grab it from NuGet, provision yourself a SQL database table and watch magic happen as every unhandled error gets dumped into the DB and is reviewable via a handler which exposes the original stack trace amongst other info such as server variables and POST data. In theory, you also secure this. In practice, many people don’t [https://www.google.com/search?q=inurl%3Aelma...