Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

547 posts

Is this hooded cyber-bandit the web's most prolific hacker?

I've been watching the cyber-news pretty closely lately and one of the biggest challenges we seem to have is attribution. I mean, stuff is getting hacked left right and centre but who's actually responsible?? I started paying closer attention and I reckon I've worked it out - it's mostly this guy: He fits the profile to a tee - hoodie, obfuscated face and an apparent love of binary, all calling cards of the modern day cyber-hacker. As you can clearly see from the image, he's suspected of perpetrating the massive Yahoo breach which is very serious business indeed. But it's when you start digging deeper that you realise how far this individual's cyber-raiding goes. For example, there was real concern...

Weekly update 27

Another week down and looking back, I'm not sure precisely what I did. I mean I know I was busy, but you ever have one of those weeks where you just wonder where the time went? Although in fairness, a big chunk of it went to finishing off my latest Pluralsight course on "What Every Developer Must Know About HTTPS". Whilst my work there is done, there's still review and processes and other things that have to happen on Pluralsight's end (they put a lot of effort into quality control), so I suspect I'll feel like I've achieved a bit more in my week once it hits the air. I talk a bit about it in this week's update, plus...

Data breach disclosure 101: How to succeed after you've failed

Organisations don't plan to fail. Probably the closest we get to that in the security space is password hashing, which for all intents and purposes is an acknowledgement that one day, you may well lose them. But organisations rarely plan for how they should handle data breaches and when an incident does happen (and that seems to be a near certainty these days), they're left unprepared; they're in unfamiliar territory, there's enormous stress and pressures on them and frankly, they usually react pretty badly. I've seen a lot of examples of how organisations have dealt with incidents over the years. I've been inside the organisation, advising the organisation, often disclosing incidents to the organisation and of course like everyone else,...

I just added another 140 data breaches to Have I been pwned

There's a seemingly endless flood of data breaches these days. Pretty much every day I get sent dumps from somewhere or other, usually websites I've never heard of and often dating back to compromises from years ago. They vary in size from thousands of accounts to many millions - and this is just the ones I've looked at. In short, there's way more data than I have time to process. Occasionally though, an incident floats to the top of the others which is what's happened over the last few days. There was news just recently of a large number of vBulletin forums having been compromised by an actor known as "CrimeAgency" and the data consequently circulating. I had, in fact,...

Weekly update 26 (jet ski edition)

Y'know, for all the talk of jet skis, I'd never actually done a weekly update on it. Until today. It's autumn here and the weather is still beautiful so I went for a quick blast and recorded this one. This week, there's my Security Sense column on the futility of aiming for absolute security, a lot of talk on the whole Dun & Bradstreet spam list (let's just call it what it is) and also the Wishbone breach, among other things. Incidentally, checkout the underwater bit at the end, especially that jellyfish! iTunes podcast | Google Play Music podcast | RSS podcast References There is no "zero chance of security risks" (and no chance of a zero road toll either) Dun &...

We’ve lost control of our personal data (including 33M NetProspex records)

Earlier this week, I read a really interesting piece on 3 things that need to be done to save the web. The first observation was that "we’ve lost control of our personal data" and the author went on to observe the following: As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it. What’s more, we often do not have any way of feeding back to companies what data we’d rather not share Now this wasn't written by just some random bloke on the internet, it was by...

Weekly update 25

This isn't intentional, but I know these updates are starting to get a bit longer. Ok, last week was a bit mega with Cloudbleed and CloudPets, but this week, well, I just talked until I felt I was done. Let me know if you think this is too long, not long enough, not working well etc, I'm still playing with the formula and learning as I go here. Anyway, this week I talk about the wifi bits Ubiquiti kindly sent me and how I (totally unnecessarily) used them to increase the coverage I get on my jet ski (and the coverage a large chunk of my neighbourhood gets). There's a heap of angles on the CIA toys WikiLeaks has covered...

How I finally fixed the dodgy wifi on my jet ski with Ubiquiti's UniFi Mesh

There are many challenging aspects about being an Australian. For example, being terrorised by kangaroos: Being terrorised by koalas: Or my own unique challenge: not having a decent wifi signal whilst my jet ski is moored on the jetty out the back of the house. This makes every day, normal activities like connecting to the home NAS to watch movies via Plex whilst sitting on the docked ski difficult and clearly, something had to be done. Ok, getting (a bit more) serious for a moment, a few months ago I wrote about how I finally fixed my dodgy wifi where I rebuilt my home network from the ground up with Ubiquiti products. I was sick of the problems I was...

Weekly update 24

Crikey, what a week! Between the two Cloud[thing] stories, most of the last 7 days has disappeared with research, writing, media and seeing the first Cloud[thing] turn into a bit of a non-event whilst recoiling in abject horror as the second Cloud[thing] continued to unfold. This ended up being a 35 minute "update" which is way longer than I'd normally do, but I really wanted to drill into those two stories in particular and try to express some views in a way that doesn't always come across in writing. I hope you find it a useful companion to the written pieces and I also hope that next week is a bit calmer! iTunes podcast | Google Play Music...

A marathon (and a bit) in San Francisco, Lenovo Yoga 900 in tow

One of the best things I do on trips away is walk. It's a combination of things really; it's great for getting over jet lag, a fantastic way a seeing new places and if you do enough of it, a good workout too. I'll regularly walk 20+ kilometres when I've got a full day off in a nice spot, just seeing the sights, meeting up with random Twitter followers and taking some time out in nice spots to get a bit of work done. Which brings me to the Lenovo angle. I've always been of the mindset that a serious laptop I can actually do stuff with must have serious grunt. Serious grunt, in turn dictates heft, as demonstrated by...