Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Welcoming the Norwegian Government to HIBP

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges. During my time in Norway, that included spending time with their National Cyber Security Centre in Oslo. Today, I'm very happy to welcome Norway as the 6th national government onto Have I Been Pwned! You'll see more national governments come on board in the near future but for now, it's...

Weekly Update 165

Yes, I'm in my car. I'm completely disorganised, rushing to the next event and really didn't plan this very well. But hey, what an awesome little soundproof booth it is! That said, I did keep this week deliberately concise... until I went to edit it and then Adobe Premiere (or the NVIDIA drivers on my laptop) decided to turn a 16 minute video clip into a multi-hour shit-fight. That's before the multi-hour upload process too because "Australia" 🙃 ReferencesScott Helme is running my Hack Yourself First workshop in Amsterdam on Dec 9 & 10 (he's getting awesome reviews on these too)Apparently, FinecoBank in Italy reckons you should Google your password and not use it if it appears 10 times or...

Weekly Update 164

It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry. Enjoy 😎 ReferencesNord has had a heap of credential stuffing attacks (or at least a heap of Pastebin entries with creds from attacks)Whilst it sucks for Nord, they do also have some accountability here (the FTC says that "businesses will no longer be able to play the victim-card")Veritas (DNA testing) had a...

HSTS From Top to Bottom or GTFO

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection, browsers are increasingly naggy when anything isn't HTTPS and it's never been cheaper nor easier to HTTPS all your things. Which meant that this rather surprised me: Let me break down what's happening here: I'm in (yet another) hotel and on complete autopilot, I start typing "xer" into the address bar which Chrome then dutifully auto-completes for me: Because it's hotel wifi I expect it to be slow, so I flick over to another tab to do other useful things before switching back...

Weekly Update 163

It's been a pretty full week this one with a couple of talks in Sydney followed by another in Melbourne. Then, to top it all off, getting sick hasn't helped and oh boy did this one hurt. Good news is that even just a few hours after recording this video I'm feeling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon. That'll come, but not for a while yet. Oh - I forgot to mention it in the vid but I'm also now publishing this podcast via Spotify. Check out the link below if that's your preferred means of consuming podcasts. ReferencesCatch Scott Helme running...

Weekly Update 162

Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means... it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time. On the infosec side of things, there's a a bunch of HTTPS related content this week plus a couple of (really) sensitive data breaches. I do give a warning at the beginning of this week's update that one of them...

Weekly Update 161

It's my first conference back in Australia since probably about May and I'm experiencing a rare luxury - not flying! I'm sticking to driving some big distances just to get a break from the tyranny that is check-in, security and airport lounges. Seriously, it was beginning to do my head in so now it's cruise control and podcasts for me in the foreseeable future. This week's travel has brought me to Sydney where the new iPhone got a good workout: Night Mode on the iPhone 11 Pro is rather amazing. This shot last night was just point and shoot well after dark - no filters or touch up! pic.twitter.com/zcklC3VxML — Troy Hunt (@troyhunt) October 17, 2019 Beyond...

Weekly Update 160

Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers. But hey, at least the discussion keeps in providing entertaining material! ReferencesI tweeted about not liking having content blocked when I'm in Europe (no, it doesn't mean I don't like privacy, it means I don't like the choice being...

Weekly Update 159

Well, this will be the last weekly update done overseas for some time as I count down the return to beaches, sunshine and fantastic coffee (yes, I'm confident saying that even whilst in Italy!) It's been a non-stop trip with an attempt of a bit of downtime at the end of it, albeit with limited success. Regardless, this week I'm covering off the last few days travels, reflecting on 10 years of blogging and looking at a really cool use of HIBP related to net neutrality comments lodged at the FCC. Next week... who knows, but at least I'll be home. ReferencesI went to CERN - it was amazing! (that's a bunch of thoughts and pics from the trip, just...

Weekly Update 158

It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you think. Given the coming schedule (and a deep, deep desire for a few days of downtime), the next one might be more of the same so I hope it resonates! ReferencesBecause this week is predominantly about noteworthy tweets, I'm going to do the references a little differently. Firstly, with a sponsor shout-out: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure...