Let’s just start here [https://www.smashwords.com/about/supportfaq]: Allow me to provide a technical security perspective on this – it’s complete bullshit. More specifically, you’re seeing this because whoever designed the Smashwords site screwed up and embedded insecure content in a page loaded over a secure connection. So what does this look like? Here’s an example in Internet Explorer: But more importantly, what does it actually mean? Short answer: you can’t trust the page any more tha...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure] Yesterday I wrote part 1 of this 2 part series [https://www.troyhunt.com/2014/01/azure-will-save-you-from-unexpected.html] and explained the Godzilla redundant approach of storage in Azure. Each bit of data you put into Azure storage gets replicated multiple times over within the...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]The other day I wrote about how I’d implemented the notification service behind Have I been pwned? [https://www.troyhunt.com/2014/01/behind-notification-service-of-have-i.html] and I pointed out how I’d used SQL Azure to manage the data associated with this part of the service. Ye...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I’ve had a recurring discussion with a number of well-meaning people (WMPs) recently which has gone kind of like this: WMP: We’re going to build you a web site and we’re going to use Azure. Me: Awesome! So you’d use an Azure Web Site service then? WMP: No, even better, we’re goi...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]Azure Web Sites are not your father’s hosting. The big thing you need to wrap your head around is that this model of standing up web sites moves us away from the classic paradigm of just firing up files over FTP then not thinking about the hosting again to one where serving content...

It’s about six weeks into the life of Have I been pwned? [https://haveibeenpwned.com] now and I’m enormously pleased with the reception its received. The fact that I’ve had to write posts like the micro optimisation one [https://www.troyhunt.com/2013/12/micro-optimising-web-content-for.html] or the one about getting too big for Google [https://www.troyhunt.com/2013/12/too-big-for-google-when-analytics-fails.html] and had to deal with all the problems I’ve discussed there has actually been a very...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was checking the NewRelic [http://newrelic.com] stats on “Have I been pwned?” the other day (you do have the free NewRelic service on your Azure websites [http://www.hanselman.com/blog/PennyPinchingInTheCloudEnablingNewRelicPerformanceMonitoringOnWindowsAzureWebsites.aspx] , righ...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]A few weeks ago now I launched the notification service for Have I been pwned? [https://www.troyhunt.com/2013/12/have-you-been-pwned-now-you-can-be.html] (HIBP). The premise of the service is that whilst it’s great to be able to go to the HIBP website [https://haveibeenpwned.com/]...

I was amused (and frankly a little bewildered) the other day to see this bloke in the paper [http://www.couriermail.com.au/news/queensland/brisbane-motorist-fined-for-leaving-car-window-slightly-down-on-hot-day/story-fnihsrf2-1226793936291] : What he’s holding there is a fine… for leaving his car windows down a little. You see, the police down here took a view that in doing so he was inviting criminals to break into his car by very clearly leaving his security in a compromised state. This, in...

Did you know that every time you submit a Web Forms page it sends a hash-based message authentication code with it so that the website can ensure the View State hasn’t been tampered with? Or that every time you use the MVC Razor syntax to emit anything to the page it HTML encodes it? Unless, of course, you’re using the Html.Raw helper – oh and that none of that does you any good in the JavaScript and CSS contexts or the HTML attribute context? Were you aware that ASP.NET limits the size of the...