Troy Hunt

Remember when web security was all about looking for padlocks? I mean in terms of the advice we gave your everyday people, that's what it boiled down to - "look for the padlock before entering passwords or credit card info into a website". Back in the day, this was pretty solid advice too as it gave you confidence not just in the usual confidentiality, integrity and authenticity of the web traffic, but in the legitimacy of the site as well. If it had a padlock, you could trust it and there's wer...

It's a (new) weekly update! Lights are in, things are much brighter and... I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that's what people are ultimately listening to so that's a fantastic start. You'll notice I've also changed the video thumbnail...

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now... But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell [https://www.aaron-powell.com/] who spends his life writing JS things. We spoke about manag...

A couple of months ago, I launched version 2 of Pwned Passwords [https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/]. This is a collection of over half a billion passwords which have previously appeared in data breaches and the intention is that they're used as a black list; these are the "secrets" that NIST referred to in their recent guidance [https://pages.nist.gov/800-63-3/sp800-63b.html]: > When processing requests to establish and change memorized secrets, verifiers SHA...

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today. We've been trying to get this right for 25 years as of yesterday too: > Today: The 25th anniversary of the web: https://t.co/57NuBcpuqt Th...

When I launched Pwned Passwords in August [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/], I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.) But the service did become quite popu...

This week... I'm tired. A two-day remote workshop on London hours meant very unfriendly times for me here in Aus but hey, it beats jet lag! So just a very short intro this time, I recorded the update this morning whilst I was rather a lot more awake so I'll let that do the talking. Enjoy! iTunes podcast [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] | Google Play Music podcast [https://goo.gl/app/playmusic?ibi=com.google.PlayMusic&isi=691797987&ius=googlepl...

Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc's door is ridi...

I'm home! Home is good. My travel stats for this year - not so good. As I say in the video, I need to fix this so at this stage, I'm saying "no" to pretty much everything in the second half of the year that involves international travel and I'll just do the exceptionally awesome stuff. But be that as it may, there's a bunch of other stuff to talk about this week including 3 new blog posts. I'm really hoping to push out a bunch more content over the coming weeks whilst I'm at home (I'm not overs...

I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn't have been publicly accessible. Let's start with this video as it pretty succinctly explains the issue in consumer-friendly terms: > VIDEO: Nova Scotia's government is accusing a 19-year-old of breaching their government website's security ~...