These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]It seems like every time I turn around there’s something I haven’t seen in Azure. If I’m honest, it leaves me in a perpetual state of “Oh man, there is so much stuff I don’t know”. I suspect that resonates with many readers of this blog because there’s just so much stuff to keep on...

I’ve been doing a lot of talking about API security recently because frankly, there’s a lot to talk about. Those little web services that sit behind the rich client apps on our devices and increasingly behind our Internet of Things have a nasty habit of having some really serious vulnerabilities in them. I’m talking about everything from leaking data to allowing unauthorised users to perform actions they shouldn’t be allowed to all the way through to entirely useless SSL implementations because...

A couple of weeks back, this bloke hit the news [http://www.smh.com.au/nsw/barry-spurr-emails-investigated-by-university-of-sydney-20141016-1179kj.html] when his private emails were leaked and disclosed that he was fond of, shall we say, a very “colonial” vernacular when it comes to talking about our indigenous people: That he is (was?) a professor at a university would normally suggest that he’s a pretty switched on guy, but the evidence is clearly to the contrary. Speaking of people we’d...

Let’s go through just some of the ways you can hand your valuable datas over to people that want to get somewhere in between you and whatever service it is you want to talk to at the other end. You can get pineappled [https://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html] and certainly that’s been a favourite of mine to demonstrate because it’s just so damn easy (it’s also kinda cool, if I’m honest). The router you connect through can be pwned and its DNS changed to hel...

You know how you always wanted a fork with an ARM processor that could upload data wirelessly over the internet? C’mon, you know you want it and now you can get a HAPIfork [http://www.hapi.com/product/hapifork]. Or how about your light globes? Yes, LIFX totally rocks [http://au.lifx.co/] but no, I wasn’t so keen on the idea once I learned your neighbours could pwn your wifi through them [http://www.smh.com.au/digital-life/consumer-security/security-vulnerability-found-in-lifx-smart-light-bulbs-...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]Just a quick one as it’s mostly explained in How to Disable SSL 3.0 in Azure Websites, Roles, and Virtual Machines [http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/] , but there are a few bits worth adding. Oh – just in...

As I’ve written in the past [https://www.troyhunt.com/2013/12/micro-optimising-web-content-for.html], I put an awful lot of effort into making Have I been pwned? [https://haveibeenpwned.com/] (HIBP) fast. Not just a bit fast, blisteringly fast and that includes when it’s under a huge amount of load [https://www.troyhunt.com/2014/09/10-things-i-learned-about-rapidly.html]. But there was something bugging me with the site when it came to performance and it was this: That’s right, 33 images loa...

We don’t seem to go far these days without the next “catastrophic” bug hitting the internets. Remember how a few weeks ago Shellshock [https://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html] was going to end the internet as we know it? If you believed all the headlines, that sucker was going to own us through our light globes (I suspect some poetic license was taken on my IoT comments) and the web would never be the same. Scroll forward and it’s already “Shell-what?” Earlier th...

I’ve learned some rather intriguing things about what our mobile apps are doing while we’re not looking in the six days since I launched the challenge to find crazy stuff in mobile app communications [https://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html]. For example, there’s the social app that allows you to accept friend requests on behalf of someone else [https://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html#comment-1627770487] if you call the API in the right...

In the spirit of “here’s something I couldn’t find an easy answer for so I’m writing it myself”, let me very briefly run you through how to have Raygun ignore specific exception types raised by Web API. Firstly, Web API support came a couple of months ago [https://raygun.io/blog/2014/08/webapi-exception-tracking/] which is rather important given how much stuff is transitioning to APIs these days. I use Web API fairly extensively in Have I been pwned? [https://haveibeenpwned.com/] (HIBP), partl...