It’s a bit hard to even know where to begin with this one, perhaps at the start and then I’ll try and piece all the bits together as best I can. As you may already know if you’re familiar with this blog, I run the service Have I been pwned? [https://haveibeenpwned.com/] (HIBP) which allows people to discover where their personal data has been compromised on the web. When a breach hits the public airwaves, I load in the email addresses and those who subscribe to the service (it’s free) get noti...

So the Ethical Hacking series marches on, this time with my third course in the series, Ethical Hacking: Hacking Web Applications [http://www.pluralsight.com/courses/ethical-hacking-web-applications]. As a quick recap of why we’re doing this series, Ethical Hacking material remains the number one requested content on Pluralsight’s course suggestion list [http://support.pluralsight.com/forums/127919-new-course-suggestions]. It’s more in demand than all the new shiny Microsoft .NET bits or fancy c...

So a few months ago I wrote about having a little visit to London [https://www.troyhunt.com/2015/07/its-time-to-visit-london.html] in Jan and offered to do a workshop or two while I’m there. Anyway, one thing lead to another and now I’m away for four weeks. In Jan. When it’s cold there. And hot here. But seriously, it’s wonderful there’s been so much interest in my “Hack Yourself First” workshops. I’m spending time with some really interesting organisations who are getting their developers trai...

This must have seemed like a good idea at the time: > We're LIVE! Tweet your cyber crime questions in using #cybercrimensw [https://twitter.com/hashtag/cybercrimensw?src=hash] — NSW Police (@nswpolice) October 14, 2015 [https://twitter.com/nswpolice/status/654084466600644608] The idea of a hashtag campaign is to drum up social support where anyone can chime in with their 2 cents worth and all going according to plan, you get all this nice warm and fuzzy community engagement. Problem is though...

This is somewhat of a perplexing acquisition, but apparently LastPass is now owned by LogMeIn [https://blog.lastpass.com/2015/10/lastpass-joins-logmein.html/]. I get it in the-big-publicly-traded-company-gobbling-up-the-smaller-one kinda way, but it’s an odd marriage for a company that builds remote desktop software to buy one that builds a password manager. People aren’t real happy either when you look at the comments they’ve left on that post. Why aren’t they happy? I touched on it here: >...

I’m a big proponent of the content security policy paradigm (CSP) supported by modern browsers. In fact I’m so keen on them I even wrote a Pluralsight course: Introduction to Browser Security Headers [http://www.pluralsight.com/courses/browser-security-headers]. (Sidenote: I’m enormously happy with how well this course has been received, seems there’s an appetite for securing our things after all!) Now if you’re not sure what all the fuss is about, have a quick read of my launch blog post for...

So it turns out that someone got in my wife’s ear and suggested it might be a good idea for her to start a blog. Who would ever suggest such a crazy thing [https://www.troyhunt.com/2009/10/why-online-identities-are-smart-career.html]?! It actually makes a lot of sense as Kylie embarks on her path as a more public identity and fellow Pluralsight Author [http://www.pluralsight.com/author/kylie-hunt] that she has an online presence. Having me around who has some experience with this should make it...

I’ve got a heap of resources I constantly come back to in talks, workshops and just during the course of my everyday work. Frankly, I have trouble remembering them all myself plus I reckon they’re kinda useful for other people too so I thought I’d drop them all into a post here. If you’ve got good stuff I’ve missed (and you almost certainly will), drop it into the comments below as I’d love to add to my own set of resources plus that way it gets shared with everyone. Enjoy! SSL / TLS / HTTPS 1...

Now I swear this is entirely coincidental, but only this month I wrote a very tongue-in-cheek piece titled Good news – your credit card is fine and only your irreplaceable things were hacked! [https://www.troyhunt.com/2015/09/good-news-your-credit-card-is-fine-and.html] The basic premise of this piece was that when you see a company proudly asserting that your credit card is fine even though they’ve just been pwned six ways from Sunday (hi Ashley Madison!), that assurance is of little consequenc...

I’ve had a rough time of it lately – the internet has been down. I know, it’s been disturbing to say the least and I actually can’t remember the last time the connection coming into my home was totally out. In some ways, the problem is not as bad as it was some years ago due to my wife and I having fast other devices that can connect direct to 4G yet in other ways, it’s worse due to the number of things connected – usually connected – to the internet. The hardest bit of all this though was deal...