If you're here reading this then it probably won't come as a big surprise but brace yourself anyway - we have a security problem. Yes, yes, I know, it's all very terrifying and not a day goes by where someone isn't getting cyber-something'd. As best I can tell from the news, it's pretty much all to do with guys in hoodies sitting at green screens pwning all our things. I'm quite sure that's the case, I even did a quick check on Google to confirm: I talk about these crazy hacker perceptions in...

One of the things I'm finding with running Have I been pwned [https://haveibeenpwned.com/] (HIBP) is that over time, my approach is changing. Nothing dramatic thus far, usually just what I'd call "organic" corrections in direction and usually in response to things I've learned, industry events or changes in the way people are using the service. For example, the Ashley Madison hack led to the concept of a sensitive breach [https://www.troyhunt.com/heres-how-im-going-to-handle-ashley/] which meant...

Last week I wrote about how 8 million GitHub profiles were leaked from GeekedIn's MongoDB [https://www.troyhunt.com/8-million-github-profiles-were-leaked-from-geekedins-mongodb-heres-how-to-see-yours/] which is always a risk when you expose a DB with no auth whatsoever! For any other website, this would be a typical data breach scenario in that info that was meant to remain private was made public. However, GeekedIn lost publicly accessible GitHub data so whilst yes, there was a breach, no, it...

Earlier this year, I wrote about bad user experiences on websites [https://www.troyhunt.com/its-2016-already-how-are-websites-still/] and foremost among these were the shitty things some sites do with ads. Forbes' insistence that you watch one before manually clicking through to the story, full screen and popover ads and ads that would take over your screen after you started reading the article were all highlighted. Unanimously, we hate this experience. Because the aforementioned experiences ar...

Lots on this week and I'm very happy to have finally got myself organised and set up an audio podcast feed. It's getting a heap of downloads already so obviously, people did actually want it and frankly, I'm sorry I didn't get it organised earlier! That and much more in this week's update iTunes podcast [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699] | Google Play Music podcast [https://goo.gl/app/playmusic?ibi=com.google.PlayMusic&isi=691797987&ius=googlepl...

Let me make it crystal clear in the opening paragraph: this incident is not about any sort of security vulnerability on GitHub's behalf, rather it relates to a trove of data from their site which was inappropriately scraped and then inadvertently exposed due to a vulnerability in another service. My data. Probably your data if you're in the software industry. Millions of people's data. On Saturday, a character in the data trading scene popped up and sent me a 594MB file called geekedin.net_mirr...

I have multiple Yahoo data breaches. I have a Twitter data breach. I have Facebook data breaches. I know they are data breaches from those sources because people told me they are, ergo, they're data breaches. Except they're not - they're all fake. Problem is though, fake data breaches don't make for a very good headline nor do they give you something worth trading; for many people, it's not in their best interests to establish what's fake and what's not. Earlier this year I wrote about how I ve...

I've been doing the weekly updates [https://www.troyhunt.com/tag/weekly-update/] for a couple of months now and by all accounts, they've been very well-received. One of the early pieces of feedback I got though was that I should also publish them as an audio podcast so that people can listen to them in the car or while doing whatever else it is that people do while listening to syndicated content via the likes of iTunes. Yesterday I finally got around to getting all this setup by using the Omn...

I write a blog with a lot of security things on it so understandably, it upsets me somewhat when my site throws security warnings: I'd had a number of people report this and indeed I'd seen it myself, albeit transiently. Diving into the console, I found the source of the problem: Who the hell is Circulate?! And what are they doing in my blog? Let's find out: Right... I don't have any ads on my blog these days (just sponsor messages) so there shouldn't be any third-party monetisation goi...

I've done a number of "Play by Play" courses for Pluralsight this year on a range of topics including Social Engineering with my mate Lars Klint [http://app.pluralsight.com/courses/play-by-play-social-engineering], Deconstructing the Hack with my mate Gary Eimerman [http://app.pluralsight.com/courses/play-by-play-ethical-hacking-deconstructing-hack] , Modernizing Your Deployment Strategy with Octopus Deploy with my mate Damo Brady [http://app.pluralsight.com/courses/play-by-play-modernize-with-...