Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 109

Last one before home time! But it has been an epic trip and as I say in the video, this is by far my most enjoyable trip to the US yet after probably a dozen over the last few years (that includes Hawaii, too). Given the interest after my pointing out a couple of little differences in the US compared to the rest of the world last week, after the usual tech and infosec intro this week I decided to focus a big whack of this week's video on what some of differences look like.Other than that, there's the usual things including new tech (the Apple Watch), data breaches (Facepunch and another especially nasty one), sextortion scams and fabricated...

Weekly Update 108

I'm in Texas! And I've had enough BBQ to last me a very long time. I'm here doing a couple of speaking events and other related things as well as taking some time out with my wife to see the sites. As such, it's a bit quieter this week but there's still a couple of things I reckon are worthy of discussion.Just before jumping on the plane over here I pushed out a blog post on how my approach to callbacks in HIBP broke Mozilla's service which in turn broke my Azure Function. This was one of those cases where sure, I didn't want anything to break, but it was a good learning experience that helped me make a...

Breaking Azure Functions with Too Many Connections

For the most part, Have I Been Pwned (HIBP) runs very smoothly, especially given how cheaply I run many parts of the service for. Occasionally though, I screw up and get something wrong that interrupts the otherwise slick operation and results in some outage. Last weekend was one such occasion and I want to explain what I got wrong, how you might get it wrong too and then, of course, how to fix it.But first, some background: A few months ago I announced that Mozilla and AgileBits were baking HIBP into Firefox and 1Password (I'll call them "subscribers" in this post). They're leveraging the anonymity model described there to ensure their users can search for their identities without me...

Weekly Update 107

It's another "business as usual" week; past events, upcoming events, major security news, someone forgetting to renew a certificate and a new Pluralsight course. Actually, thinking about it more, this is possibly the most normal week I can remember, which is kinda disconcerting considering the (potential) impact of some of that news.Next week I'll be back in the US and in Texas so the schedule may be a little erratic, but I'll do what I can to pump out another update on time and with more of the usual craziness this industry is full of. ##ReferencesOne of the kids blogs I referred to was Eve Cogan's (this is a great example of a kid carving out a great social...

New Pluralsight Course: Adapting to the New Normal: Embracing a Security Culture of Continual Change

I take more pleasure than I probably should in watching the bewilderment within organisations as the technology landscape rapidly changes and rushes ahead of them. Perhaps "pleasure" isn't the right word, is it more "amusement"? Or even "curiosity"? Whichever it is, I find myself rhetorically asking "so you just expected everything to stay the same forever, did you?"A case in point: you should look for the green padlock on a website so that you know it's safe. Except that you can't say that anymore because so many phishing sites are using HTTPS (remember, encryption is morally neutral) which is why Barclays Bank had their ad pulled earlier this year. You also can't say "green padlock" anymore because after Chrome...

Weekly Update 106

Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound love for the Pi-hole. Seriously, this is a very cool bit of tech and a fun project to build for home. I'll share more over time...

Mmm... Pi-hole...

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog. Companies I choose to partner with get to appear there and they get themselves 140 characters and a link. That is all. No images. No video. No script. No HTML tags. No tracking. Sponsors are happy as they get exposure, visitors are happy because there's none...

Weekly Update 105

It's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and I just simply didn't get time to push this out until sitting at the airport waiting for the plan home. This week's update is a little different as we did it at SSW's recording setup in front of a live audience. Better video, better audio and some questions asked in the process too. Other than that, it's business as usual: more keyloggers on payment forms, more data breaches and a massive extended validation smack-down. References Scott published his blog post about Magecart coming for you (then right after that the NewEgg breach was announced)...

Extended Validation Certificates are Dead

That's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from "barely there" to "as good as non-existent". This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS (it'll also be gone in Mac OS Mojave when it lands next week): I chose Comodo's website to illustrate this change as I was reminded of the desperation involved in selling EV just last month when...

Weekly Update 104

We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ☀️ We're also talking about my .NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below). Next week, we're in Sydney for NDC so we'll do another joint update then. References I spoke at .NET Conf on pwning your cloud costs (link through to the recorded talk) FreshMenu had a breach and...