Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

561 posts

Wiring a home network from the ground-up with Ubiquiti

The title of this blog post is what many of us techie folks dream of - free reign to build your own home network! It might seem like a pretty geeky dream (ok, it is a pretty geeky dream), but the reality is that we're increasingly dependent on our home networks these days because of the amount of stuff we connect to them. That little consumer-grade combination modem and wireless access point your ISP gave you or the one you bought from the local PC store is going to struggle to provide fast, reliable connectivity across the house to all your devices; that very architecture predates smart phones, connected TVs and the (frankly ridiculous) array of IoT things we have...

Weekly update 31 (Sydney Opera House edition)

Another beautiful spot today while I'm back in Sydney working on the agenda for NDC here in August. It's a quick trip albeit one very jammed-packed as we work through over 700 talk submissions and try to distil them down to the best ~135 of the bunch. There's a few weeks of early bird tickets left so if you're down here in Aus (or feel like a holiday), get in and grab them cheap. This week, I'm really excited about this: This is awesome - for the first time after 5 years and 30 @pluralsight courses, I've got one rating a perfect 5! https://t.co/awZ2Ow8qKu pic.twitter.com/IZ4BB57D3b— Troy Hunt (@troyhunt) April 20, 2017...

New Pluralsight course: Azure Beyond Websites

I've been really actively involved with building things on Microsoft's Azure cloud for probably about 4 or 5 years now. Many of you will know already that Have I been pwned (HIBP) was built from the ground up on Azure (in fact, one of the reasons I built the service was to play with Azure "in anger"!), what less people know is the work I'd been doing before that. In my previous life looking after Pfizer's software architecture in this corner of the world, I was pushing hard to move apps we were building into Azure, in particular the PaaS constructs they have available. Time and time again, the discussion would go like this: Vendor: (Pfizer outsourced all their dev...

All your websites using StartCom certificates are about to break

A Twitterer sent me this a few days ago: .@troyhunt you've got SSL issues in Chrome 58+ on @ASafaWeb pic.twitter.com/qtUiMxV9tW— Jonathan (@Eonasdan) April 13, 2017 Now normally when I get a report about an SSL thing not working (by which we mean TLS, but we say SSL anyway), I jump on over to SSL Labs (see?!) and run a report I can then direct people to. This usually provides emphatic proof that the SSL configuration is fine and they've just got an old client or some funky MitM stuff going on in their local network. However, this time was different: "Grade will be capped to T". Now I didn't immediately realise what "T" was,...

Mandatory ISP data retention and the law of unintended consequences

Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big whack of our internet browsing history just in case. The theory these genius policy makers have is that if they can probe into all our lives far enough, they'll be able to see when we're doing terrorist kinda stuff. And really, what better way is there than siphoning up info on the websites we go to? Job done, beer o'clock, glad we solved that one. Except no, they've just made...

Weekly update 30

I didn't mean to talk for 42 minutes today, but somehow, I kinda ended up there. A good whack of that went to explaining how I'd done the subscription implementation you see below, especially as people had asked why there are two CAPTCHAs and indeed I wanted to explain why I'd even added the feature in the first place. Anyway, I've had hundreds of people sign up to it since yesterday so hopefully it's proving useful to those folks (I did end up fixing that IE bug too). There's that plus some commentary on the jokers who tried to extort Apple (and obviously failed spectacularly) along with the Cloudflare webinar I did this week, why security is too hard for...

New Pluralsight Course: What Every Developer Must Know About HTTPS

It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with Mozilla: Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International is not wanted and was put there without our permission. Please remove it immediately. We have our own security system and it has never been breached in more than 15 years. Your notice is causing concern by our subscribers and is detrimental to our business. If this sounds a...

Random thoughts on the use of breach data for protection of accounts

Someone sent me an email today which essentially boiled down to this: Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft reports risk events, one of which is the discovery of leaked credentials that match those within AD. In other words, they've identified that someone used the same email address and password in multiple places and they've let the administrator of this particular AD instance know. As you can imagine from my work with Have I been pwned (HIBP), I have many thoughts on the subject. Rather than keep them to...

New Pluralsight Course: Crafting a Brand for Growth and Prosperity

This whole "personal brand" thing is a really interesting space. I mean here we are talking about people as individuals such as you and I yet applying a term to us in the same way as we'd talk about brands like, say "Ferrari" or "Apple". I pick those simply because they're two of the strongest, most recognisable brands I can think of which makes it a whole lot easier to draw some of the parallels I'm about to. The first thought I really gave to brand was about 7 and a half years ago when I wrote my first ever blog post on Why online identities are smart career moves. Now if I'm honest, that post looks much more insightful...

Weekly update 29

Wow, what a crazy week! Three pretty serious blog posts, my Security Sense column plus a bunch of stuff I've been doing in the background around arranging travel for the European summer. I didn't mention it in my weekly update, but unfortunately I had a workshop in Dublin cancel due to an unexpected change on their end so I had to fill that gap. The good news is that it took all of 24 hours and I lined up another one in Amsterdam which actually works out better due to me doing a subsequent one after than in Utrecht so looks like more time eating fries with mayonnaise (yes, the opening scene of Pulp Fiction is true). There's a lot...