As feature releases go, this is not exactly a killer, but to my surprise it was one that was requested quite frequently. It turns out that people really wanted to be able to keep abreast of new breaches and pastes in Have I been pwned? [https://haveibeenpwned.com/] (HIBP) via RSS. Not only is that a perfectly reasonable request, but it was also an easy one to get on top of so here it is! There are two RSS feeds both linked in from various places on the site including in the navigation. For your...

Here’s a conundrum for you: would you trust this page with your credit card? It has HTTPS and it has a GoDaddy logo with a padlock (if the significance of this is lost on you, my thoughts on both GoDaddy [https://www.troyhunt.com/2014/06/moving-from-godaddy-to-dnsimple.html] and padlock icons [https://www.troyhunt.com/2011/07/padlock-icon-must-die.html] are well documented), so from a casual glance, it’s ok, right? But what if the SSL implementation looked like this [https://www.ssllabs.com/s...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]It seems like every time I turn around there’s something I haven’t seen in Azure. If I’m honest, it leaves me in a perpetual state of “Oh man, there is so much stuff I don’t know”. I suspect that resonates with many readers of this blog because there’s just so much stuff to keep on...

I’ve been doing a lot of talking about API security recently because frankly, there’s a lot to talk about. Those little web services that sit behind the rich client apps on our devices and increasingly behind our Internet of Things have a nasty habit of having some really serious vulnerabilities in them. I’m talking about everything from leaking data to allowing unauthorised users to perform actions they shouldn’t be allowed to all the way through to entirely useless SSL implementations because...

A couple of weeks back, this bloke hit the news [http://www.smh.com.au/nsw/barry-spurr-emails-investigated-by-university-of-sydney-20141016-1179kj.html] when his private emails were leaked and disclosed that he was fond of, shall we say, a very “colonial” vernacular when it comes to talking about our indigenous people: That he is (was?) a professor at a university would normally suggest that he’s a pretty switched on guy, but the evidence is clearly to the contrary. Speaking of people we’d...

Let’s go through just some of the ways you can hand your valuable datas over to people that want to get somewhere in between you and whatever service it is you want to talk to at the other end. You can get pineappled [https://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html] and certainly that’s been a favourite of mine to demonstrate because it’s just so damn easy (it’s also kinda cool, if I’m honest). The router you connect through can be pwned and its DNS changed to hel...

You know how you always wanted a fork with an ARM processor that could upload data wirelessly over the internet? C’mon, you know you want it and now you can get a HAPIfork [http://www.hapi.com/product/hapifork]. Or how about your light globes? Yes, LIFX totally rocks [http://au.lifx.co/] but no, I wasn’t so keen on the idea once I learned your neighbours could pwn your wifi through them [http://www.smh.com.au/digital-life/consumer-security/security-vulnerability-found-in-lifx-smart-light-bulbs-...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]Just a quick one as it’s mostly explained in How to Disable SSL 3.0 in Azure Websites, Roles, and Virtual Machines [http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/] , but there are a few bits worth adding. Oh – just in...

As I’ve written in the past [https://www.troyhunt.com/2013/12/micro-optimising-web-content-for.html], I put an awful lot of effort into making Have I been pwned? [https://haveibeenpwned.com/] (HIBP) fast. Not just a bit fast, blisteringly fast and that includes when it’s under a huge amount of load [https://www.troyhunt.com/2014/09/10-things-i-learned-about-rapidly.html]. But there was something bugging me with the site when it came to performance and it was this: That’s right, 33 images loa...

We don’t seem to go far these days without the next “catastrophic” bug hitting the internets. Remember how a few weeks ago Shellshock [https://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html] was going to end the internet as we know it? If you believed all the headlines, that sucker was going to own us through our light globes (I suspect some poetic license was taken on my IoT comments) and the web would never be the same. Scroll forward and it’s already “Shell-what?” Earlier th...