Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Weekly Update 238

"What a shit week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. And I ran a workshop over 4 half days. And had 2 lots of guests visiting. And had to deal with all sorts of other unpleasant stuff outside of that. Damn that beer tasted good... ReferencesThe petition in front of UK parliament to require verified IDs on social media platforms has fallen flat (not unsurprising, and the response is actually quite nicely written IMHO)I've probably taken a little...

Welcoming the Ukrainian Government to Have I Been Pwned

Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge. Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia....

I’m Writing a Book with Rob Conery, and It’s Gonna Be Awesome

I've been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense. It all began when Rob Conery reached out a few years ago and said "dude, we should totally turn a bunch of your blog posts into a book" to which I replied, "why?" I mean they're all up on my blog anyway, why on earth would anyone want to read them just stuffed into a book? But he had my attention, because he's Rob Conery, and he made a good point: Because I know there’s more there...

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There's been huge interest in this incident, and I've seen near-unprecedented traffic to Have I Been Pwned (HIBP) over the last couple of days, let me do my best to explain how I've approached the phone number search feature. Or if you're impatient, you can head over to HIBP right now and search for your number. What's Changed?I'd never planned to make phone numbers searchable and indeed this User Voice idea sat there for over 5 and a half years without action. My position on this was that it didn't make sense for a bunch...

Weekly Update 237

As soon as I started watching this video back, I remembered why I don't do daylight mode in these any more. It's just so... boring. That said, I've got a bunch of stuff in the pipeline to enhance the room design and lighting as I think there's still plenty of room for improvement, stay tuned for that one. For now though, a lot of this week's video is about the Ubiquiti situation and I'm very candid about my feelings on that one. I'm also very happy about what I've done with Coinhive, so enjoy listening to that piece 😎 ReferencesI tweeted about my annual purchase of 1Password and next minute, people are debating the virtues of cloud storage and open source...

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own coinhive.com and am doing something useful with it, read on. You know how people don't like ads? Yeah, me either (at least not the spammy tracky ones that invade both your privacy and your bandwidth), but I also like free content on the web and therein lies the rub; how do content...

Weekly Update 236

This 🤬🤬🤬 DAC! I mean it's a lovely device, but it's just impossible to use it as an audio source in the browser without it killing the camera. I'm very close to being out of ideas right now, only remaining thing I can think of is to set everything up on the laptop and see if it suffers a similar fate to what's happening on my desktop. The last thing I feel like doing now is burning more precious hours, but it's getting to that point. In other news, more breaches and a big argument about SMS based 2FA, enjoy 😊 ReferencesMy Apollo Twin DAC audio problems remain, as of this moment, unresolved (this is such a nice bit of kit, but...

Weekly Update 235

A slow start this week as the camera refused to be recognised by any browser. The problem, of course, was that I'd plugged in a new DAC for the replacement speakers 🤷‍♂️ Despite the slow start, there's a heap in this week's update on all sorts of different things as I find myself continually drawn in different directions. But that's also what I love about this industry, that there's so much variety and always something to scratch every itch 🙂 ReferencesA massive thanks to everyone who has supported Elle's fundraising efforts (helping support the school and plant trees)The new Genelec speakers arrived, and they're amazing 😎 (the DAC and camera also seem to be working together now, I just plugged the DAC...

Weekly Update 234

A big, big week with a heap of different things on the boil. Cyber stuff, audio stuff, IoT stuff - it's all there! Sorry about the camera being a little blue at the start, if anyone knows why it's prone to do this I'd love to hear from you. But hey, at least the audio is spot on, hope you enjoy this week's video. ReferencesComplying with NIST Password Guidelines in 2021 (a piece from this week's sponsor, intro'd by yours truly)We're rapidly going cashless, but not everybody is happy (there are some valid points in that thread, but also some pretty tenuous arguments IMHO)My friend Tanya Janca has published Alice & Bob Learn Application Security (I really like...

Home Assistant, Pwned Passwords and Security Misconceptions

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter I've come to love as I've embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently: always something... now you are in my @home_assistant setup also :) Thanks @troyhunt pic.twitter.com/4d4Qxnlazl — Jón Ólafs (@jonolafs) March 3, 2021 Awesome! Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed....