Troy Hunt

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks. I also killed off the non-anonymous endpoints of Pwned Passwords today so it's k-anonymity all the way now...

I've been at the AusCERT conference [https://conference.auscert.org.au/] this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: > Off to #AusCERT2018 [https://twitter.com/hashtag/AusCERT2018?src=hash&ref_src=twsrc%5Etfw]! It’s all blue outside today, what an awesome day for a short walk fro...

Back in August, I pushed out a service as part of Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/] via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines [https://www.nist.gov/itl/tig/special-publ...

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned [https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/] (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely, .gov.uk and .gov.au - as well as across a handful of their oth...

Well it's all quietened down here with Scott gone so it's back to business as usual, which means, well, it's not very quiet at all! I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: > #cyber [https://twitter.com/hashtag/cyber?src=hash&ref_src=twsrc%5Etfw] pic.twitter.com/CIMDhPfKIP [https://t.co/CIMDhPfKIP] — Troy Hunt (@troyhunt) May 23, 2018 [...

Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things? As the value of wha...

We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next year, plus of course it will be in Oslo in a few weeks' time [https://ndcoslo.com/] then Sydney in September [https://ndcsydney.com/] where we'll both do i...

It's a new Pluralsight course! Yes, I know I said that yesterday too [https://www.troyhunt.com/new-pluralsight-course-owasp-top-10-2017/], but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture [https://www.troyhunt.com/were-doing-an-all-new-pluralsight-series-creating-a-security-centric-culture/] . As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words...

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fowasp-top10-aspdotnet-application-security-risks%2Ftable-of-contents] . More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in...

This week, Scott Helme is getting bitten by Aussie critters whilst working from a desert island. He's here on the Gold Coast for the NDC Security event [https://ndcsecurity.com.au/] next week so I thought we'd record the update together so we grabbed a couple of cold ones, wandered down to the backyard and recorded there. We cover off a bunch of bits and pieces related to things we're working on together (workshops and Report URI) as well as some (mostly) commonly held views about HTTPS, EV cer...