So the dust has finally settled. A month ago I wrote about </pfizer> [https://www.troyhunt.com/2015/04/today-marks-two-important-milestones.html] which marked my departure from the corporate world after spending the last 14 years building and managing their software things across a good whack of the world. With that chapter now formally closed, it’s time to talk about the next phase. It’s time to talk about Pluralsight [http://www.pluralsight.com/]. The path to Pluralsight It was 2012 when I...

I love it when a whole bunch of different bits play really nice together, especially when it’s making things more secure. Today I decided to properly implement a content security policy (CSP) on Have I been pwned? (HIBP) and managed to tie in a whole bunch of nice bits to create what I reckon is a pretty neat implementation. Firstly, if CSP is new to you, go and read Scott Helme’s overview [https://scotthelme.co.uk/content-security-policy-an-introduction/] which is excellent. The tl;dr version...

There was a bit of discussion down here recently about how the National Australia Bank (NAB) has requested their SSL stats be withheld from showing up in the SSL Labs test [https://www.ssllabs.com/ssltest] that which has become so popular in recent times. It’s a great way of identifying what’s good and what bad about an SSL implementation and indeed, it appears that NAB has pulled their stats: Which, of course, looks enormously suspicious. You don’t pull your stats when you have a good result...

Sometimes, good ideas take a while to materialise. The penny only dropped on just how long some of them take when I was going back through my Pluralsight notes just the other day and found this: That was March last year and an awful lot of water has gone under the bridge since then. But it seemed like a really good idea at the time and inevitably, it was. I’d find a willing “muse” with a suitable website then go to town on it, critiquing everything that could possibly we wrong with it. This w...

I’m not often astounded by the woefulness of a security practice any more, but every now and then there’s a notable exception. Take this one, for example: > @BetfairHelpdesk [https://twitter.com/BetfairHelpdesk] Is it right that all one needs to change their password is their username and date of birth? — Paul Sawers (@psawers) April 23, 2015 [https://twitter.com/psawers/status/591279641828143104] Yes, that’s exactly what it looks like and just for the sake of posterity should those Betfair r...

I was preparing for a talk last weekend where I wanted to show the sorts of bad mobile app behaviours you can readily find using Telerik’s Fiddler [http://www.telerik.com/fiddler]. Now I’ve spent quite a bit of time over the years looking at the behaviour of the apps we use every day on our phones, in fact it was nearly four years ago that I wrote Secret iOS business; what you don’t know about your apps [https://www.troyhunt.com/2011/10/secret-ios-business-what-you-dont-know.html] and called out...

Today marks two important milestones for me – it’s the first time I’ve ever mentioned Pfizer [http://www.pfizer.com] on this blog and after 14 years, it’s my last day working for them. Both those milestones are significant and in their own ways, mark a pivotal point in my career. For those that are interested, I’d like to tell you what I’ve been doing in recent years and give a hint of what will come next. “Architect” There’s this odd thing that tends to happen in many peoples’ careers and I...

I’ve been having a few sleepless nights lately worrying about the big one. The big “what”, you ask? I mean another massive data breach the scale of Adobe back in 2013, you know, the one where they had a 153 million user accounts wander out the door. If I had to load those into Have I been pwned? [https://haveibeenpwned.com/] (HIBP), frankly I’m not sure how I’d do it. Or at least I wasn’t sure. When I first wrote about how I built the system [https://www.troyhunt.com/2013/12/working-with-154-mi...

This content is now available in the Pluralsight course "Getting Started with CloudFlare Security" [http://www.pluralsight.com/courses/cloudflare-security-getting-started]As you may be well aware by this, Microsoft’s Azure gets me rather excited [https://www.troyhunt.com/search/label/Azure]. That’s not without merit IMHO, it’s a sensational product for all the reasons you can read about in the blog posts at the end of that link. Almost without exception, when I get a question about Azure I have...

I didn’t think there was much wrong with my existing recording setup, but it turned out to be one of those “You don’t know what you don’t know” kind of things. It was only whilst over at the Pluralsight author summit [https://www.troyhunt.com/2015/03/on-being-pluralsight-author.html] last month that I talked to people who actually knew what they were doing and then I realised what was wrong! As a result of that visit, I’ve just finished totally revamping my recording setup. New mic. New boom. N...