Have I Been Pwned

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]A few weeks ago now I launched the notification service for Have I been pwned? [https://www.troyhunt.com/2013/12/have-you-been-pwned-now-you-can-be.html] (HIBP). The premise of the service is that whilst it’s great to be able to go to the HIBP website [https://haveibeenpwned.com/]...

Well we almost made it through the first day of the new year without a major data breach; it got to about mid-afternoon my time then wammo! The 2014 breach count was off and racing. If I’m honest, I actually spent some procrastinating over whether this could really be considered a breach and indeed if the data was even of any functional value to an attacker. I came to the conclusion that it is and, well, it is. Let me explain the thinking and why I’ve made it searchable via Have I been pwned? [...

Just under three weeks ago now, I launched Have I been pwned? [https://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html] which could tell you if you owned one of 154 million email addresses that had been caught up in recent data breaches. Subsequently, the site turned out to be wildly popular [https://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html] and as with such things, a lot of good ideas came up in terms of features people would like to see. Without doubt, the numbe...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I had a little problem last week. I built a very small website [http://haveibeenpwned.com] – really just a one pager with a single API – whacked it up on an Azure website and then promptly had a quarter of a million people visit it in three days. Uh, bugger? Ok, what’s behind the...

I got a lot of requests after launching HIBP for an API and I saw some great ideas come up in terms of how it might be used for very constructive purposes. Truth be told, there was an API from day one insofar as this was precisely what the web UI was hitting every time you searched for an email address anyway, I just hadn’t published any docs on it or promoted its existence. That said, I did give it a bit of tweaking to make it more “RESTful” (this, apparently, is what all APIs must be these da...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I’m one of these people that must learn by doing. Yes, I’m sure all those demos look very flashy and the code appears awesome, but unless I can do it myself then I have trouble really buying into it. And I really want to buy into Azure because frankly, it’s freakin’ awesome. This...

I often write up analyses of the passwords disclosed in website breaches. For example, there was A brief Sony password analysis [https://www.troyhunt.com/2011/06/brief-sony-password-analysis.html] back in mid-2011 and then our local Aussie ABC earlier this year where I talked about Lousy ABC cryptography cracked in seconds as Aussie passwords are exposed [https://www.troyhunt.com/2013/02/lousy-abc-cryptography-cracked-in.html]. I wrote a number of other pieces looking specifically at the nature...