Troy Hunt

A few months back I got a call one evening which was clearly a virus call centre scam; you know, the ones that call you out of the blue, tell you your PC is infected with all sorts of nasties and offer to fix it for you? Or maybe you don’t know, which of course is why these scams have been going on for quite some time and are still very active today. Fortunately I did know about such things so rather than summarily dismissing them with a level of disdain I normally reserve only for telemarketer...

Who here doesn’t write enough unit tests? I mean other than me? Somehow no matter how good my test coverage gets I always fell like there are some bits missing. Partly this is because unit testing practices tends to be one of those religious debates and you if you listen to enough people, it’s easy to convince yourself you’re doing it wrong. One area that’s always been a little tricky is testing anything with a database dependency. In part, this is because those tests often end up being depende...

Today I had the pleasure of spending about an hour and a half talking to Peter Shaw [http://shawtyds.wordpress.com/] from LIDNUG [http://lidnug.org] about security, security and, uh, security! If the LinkedIn .NET User Group is a little bit new to you, it’s the top LinkedIn group dedicated to .NET with a staggering 47,387 members at the time of writing. This is a casual chat rather than a a full on interview and covers a bunch of the usual stuff I talk about such as the OWASP Top 10. Hope you e...

Who here has become rather dependent on Visual Studio’s intellisense? C’mon, be honest, no matter hard-core you are or how impure you think intellisense is you always end up using it to some degree, even if it’s just for discovering object behaviours. Back when Visual Studio 2010 launched we got some pretty nifty improvements in intellisense which were previously only available by way of third party tools like ReSharper. The improvements included the ability to partially match a string anywhere...

Yep, this Troy! Right at the tail end of my Christmas holidays a couple of weeks back I had the pleasure of having a great chat with these guys: In case you’ve been living under a rock (no pun intended), for the last nine and a half years, .NET Rocks is without doubt the foremost .NET themed podcast in the universe. By the time they got to me, there had already been 734 prior episodes (frequently running for an hour or more), so the series has well and truly become ingrained in the psyche of...

We’re all familiar with CAPTCHA right? That impenetrable fortress of crazy squiggly characters that only a real human can decipher. Whilst they tend to drive us a bit nuts, they do actually provide a valuable function in that they prevent the automation of requests against online services. For example, you can’t get yourself a Google account [https://accounts.google.com/SignUp?continue=http%3A%2F%2Fwww.google.com.au%2F&hl=en] without first wrapping your head around what on earth this one says:...

Another week, another major security incident with a significant website. So the news this time is that Zappos – those guys who sell shoes (among other things) – to folks in the US may have, uh, accidentally disclosed somewhere in the order of 24 million user accounts [http://www.pcworld.com/businesscenter/article/248244/zappos_hacked_what_you_need_to_know.html] . Bugger. Now of course at the root of this is inevitably yet more evildoers intent on breaking through website security for financial...

I love ELMAH [http://code.google.com/p/elmah/] – this is one those libraries which is both beautiful in its simplicity yet powerful in what it allows you to do. Combine the power of ELMAH with the convenience of NuGet and you can be up and running with absolutely invaluable error logging and handling in literally a couple of minutes. Yet, as the old adage goes, with great power comes great responsibility and if you’re not responsible with how you implement ELMAH, you’re also only a couple of mi...

Back in September last year we saw the emergence of the padding oracle vulnerability [https://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html] which suddenly got a whole lot of ASP.NET developers very nervous. The real concern with this vulnerability was that there really wasn’t much you could do at the code level beyond a couple of little tweaks – what was really needed was for patches to get installed on servers and fast. The problem back then was that, well, you couldn’...

Just when you start thinking we’ve seen out the last of the major security breaches for 2011, Christmas day brings us one final whopper for the year: Stratfor [http://en.wikipedia.org/wiki/Stratfor]. Much has already been said about why they might have been hacked and who might [http://www.security-ray.com/2011/12/white-hat-security-firm-stratfor-hacked.html] (or might not [http://pastebin.com/8yrwyNkt]) have done it, but the fact remains that there are now tens of thousands of customer passwo...