Sponsored by:

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

536 posts

Pragmatic thoughts on #CloudBleed

It has a cool name and a logo - this must be serious! Since Heartbleed, bug branding has become a bit of a thing and more than anything, it points to the way vulnerabilities like these are represented by the press. It helps with headlines and I'm sure it does wonderful things for bug (brand?) recognition, but it also has a way of drumming up excitement and sensationalism in a way that isn't always commensurate with the actual risk. That said, the Cloudflare bug is bad, but the question we need to be asking is "how bad"? I saw the news break yesterday morning my time and I've been following it closely since. As I've written a lot about Cloudflare...

Weekly update 23

I started out doing this weekly update with not much news to share due to being away running a workshop for a couple of days then sitting on planes and in airports for another day. It was only as I finished recording I saw both shattered.io and CloudBleed, both of which you know are serious because they have cool bug names and even logos. But in all seriousness, these are both major vulnerabilities but the real-world impact isn't yet clear, at least not to me. Great headlines and they're generating plenty of hysteria, but I suspect the reality of each will pan out to be somewhat less than what some are claiming. Moving on, this week I cover recent...

My 2017 European summer tour: talks, workshops and more!

These days, I find myself spending more and more time in Europe. Four trips last year and one already this year versus only a single trip to the US each year (which I'm still on). There just tends to be more demand for events and workshops and if I'm honest, I particularly like the place. I've got a lot of history there having lived in the UK and Netherlands before and I love spending time back there sitting the sun at historic locations with a decent coffee or sampling the local breweries. Fun times. What's been less fun is European winters and spending long times away without my family. In order to rectify things, I've decided to come back for...

Weekly update 22 (Golden Gate Bridge edition)

What an awesome spot for a weekly update! Just one of the sensational views I saw today, the first day I've completed a full marathon: Ok, bit more than a marathon, 51.19km in total according to Runkeeper. Now frankly, I'm not overly keen on running (I just get bored), so I walked all over San Francisco, looked at interesting things, took plenty of photos and had some nice breaks instead. I took my Lenovo Yoga 900 in the backpack (I'll write about that separately later), and broke the day into 4 parts, taking some time out in between to sit down, have a break and get a bit of work done. That's a balanced day out I reckon :) iTunes...

Weekly update 21

I got up this morning thinking "I need to do my weekly update today because it's Friday". Except it's not, and due to the joy that is international travel, I really had no idea what day it was! So bottom line, I'm a day late, but with me heading off to the US for the RSA conference on Wednesday, I'm not even sure there's a lot of point me trying to acclimatise to home before I go. Regardless, this week I talk about some of that travel, how I'm now handling "fabricated" data breaches in HIBP (and how I accidentally found my own data in one), the big milestone I just hit of one million subscribers and Netsparker's ongoing support...

One million subscribers later, here's the state of Have I been pwned

I hit a bit of a milestone last week with HIBP which I thought deserved a little celebration: Sometime today, @haveibeenpwned broke through the 1M verified subscriber mark. Having a quiet champagne alone before flying home πŸ˜€πŸΎ pic.twitter.com/whIss3OXeO— Troy Hunt (@troyhunt) February 2, 2017 A million verified subscribers (that is they've received a welcome email and clicked a link to confirm they actually want in), is a pretty major feat in my books, especially for a somewhat niche service. As I sat on the plane back home, I started to think about where the service now stood in terms of things like subscribers, the notifications it's sent and indeed who's using it for what purposes. I decided...

Introducing "fabricated" data breaches to Have I been pwned

I've written before about how I verify data breaches and discussed it at length in various conference talks. I take verification very seriously because misattribution can have serious consequences on the company involved, those in the alleged breach and indeed, on myself as well. To give you a sense of how much effort can go into verification, last month I wrote about a data breach investigation blow by blow where ultimately, I failed to verify the authenticity of the data. Due to the prevalence of legitimate data in there though, I still loaded it into HIBP and flagged it as "unverified", a concept I introduced in the middle of last year. The point of unverified data breaches is that they...

Weekly update 20 (Dubai airport edition)

It's the end of another big trip and time to take the long journey home. This time it's Copenhagen to London, then Dubai, then finally Brisbane and a ride home to the Gold Coast. It's been a busy week in the lead up to the travel too with lots of talks and writing. But the big pone I'm most proud of this week is this: Sometime today, @haveibeenpwned broke through the 1M verified subscriber mark. Having a quiet champagne alone before flying home πŸ˜€πŸΎ pic.twitter.com/whIss3OXeO— Troy Hunt (@troyhunt) February 2, 2017 I'll write more next week about the state of HIBP, where it's come from and where I see it going. Until then, here's this week's update...

HTTPS adoption has reached the tipping point

That's it - I'm calling it - HTTPS adoption has now reached the moment of critical mass where it's gathering enough momentum that it will very shortly become "the norm" rather than the exception it so frequently was in the past. In just the last few months, there's been some really significant things happen that have caused me to make this call, here's why I think we're now at that tipping point. We've already passed the halfway mark for requests served over HTTPS This was one of the first signs that we'd finally hit that tipping point and it came a few months ago: Yesterday, for the first time, @Mozilla telemetry shows more than 50% of page loads were encrypted...

Weekly update 19 (brewery edition)

Supercar factory last week. Brewery this week. This is how it's done! As I've written before, despite the many awesome moments these trips have, they're enormously busy with a huge amount jammed into them. This week I talk about travels in Belgium, how they crashed HIBP with a massive surge of traffic after some good press, my upcoming Copenhagen workshop and the inevitable demise of LeakedSource which finally happened yesterday. Next week... somewhere on a plane... on the way to somewhere warm :) iTunes podcast | Google Play Music podcast | RSS podcast References I'm on Belgian TV! (this is the news story that crashed HIBP as tens of thousands of Belgians suddenly descended on the site) My Copenhagen workshop next week is...