Speaking

Over the last few weeks I’ve been working on a piece with 4 Corners titled In Google We Trust [http://www.abc.net.au/4corners/stories/2013/09/09/3842009.htm] which went to air last night. For international readers (or local folk who just don’t watch the ABC), 4 Corners has been around for decades and has always been high quality journalism on thoroughly investigated stories without the sensationalism we get used to in many other current affairs programs. Seeing it all come together it was obvio...

Well that’s my first TechEd down as both a speaker and a delegate and what better place to have it than in my home town of the Gold Coast. For international readers, think of it as having all the best bits of what you know of Australia (beaches, good weather, scantily clad [insert preference here]) whilst all the bad bits you know of cities (pollution, bad traffic, angry people) get left behind in Melbourne and Sydney. Clearly this is an entirely unbiased view. You never quite know what to expe...

Last week I had a video chat with the guys over on PaulDotCom [http://pauldotcom.com/] (which, of course is at pauldotcom.com [http://pauldotcom.com/]) on a whole bunch of app sec related issues, specifically around how developers can become more security aware. We also spoke quite a bit on how developers and security people can generally get along with each other better than what they tend to at present which IMHO, is often a rather corrosive current state of affairs. There's a bit of banter i...

I’ve been doing a number of smaller presentations to user groups and private audiences lately and one of the things I’ve been focussing on is trying to give a sense of how fundamentally broken the security of much of what we’re working with is. I’ve been focussing on three areas: broken web (easily discoverable flaws), broken developers (fundamental misunderstandings about important security concepts) and broken devices (vulnerable equipment on the web). This presentation was to the CIAOPS Virt...

A little while back I wrote about Hacking yourself first [https://www.troyhunt.com/2013/05/hack-yourself-first-how-to-go-on.html] and detailed a bunch of different ways for developers to seek out risks in their own apps, hopefully before attackers find them first. I’m extremely enthusiastic about this approach and believe that developers need to hone cyber-offence skills in order to properly understand – and protect their apps from – risks on the web. There’s a heap more content coming from me a...

For many of you, Scott Hanselman [http://www.hanselman.com/] will need no introduction and is a very familiar face, voice and writer. Among the many good things that Scott does to support the web development community (and that’s not just the Microsoft folks either), he’s also the man behind the Hanselminutes podcast [http://www.hanselminutes.com/372/are-you-secure-wifi-honeypots-pineapples-and-ssl-with-troy-hunt] which I was very happy to join him on recently. In fact this remains one of the v...

I’m pushing the “Publish” button on this just before I go on stage at Web Directions Code [http://code13melb.webdirections.org/] because all things going well, what I’m going to talk about in this post will form part of my demo about securing web services. I’m making some (admittedly very simple) code available and providing some resources that will hopefully help everything I talk about with regards to unprotected wireless traffic make sense. I’d like to begin by introducing you to Pineapple...

A few months back I had another chat to Today Tonight, a national prime time current affairs program I’ve previously appeared on in relation to call centre scammers taking over unsuspecting victim’s PCs [https://www.troyhunt.com/2012/08/virus-scams-social-engineering-victims.html]. This time it was about the security of internet banking which gave me a chance to collate some good practices, many of which didn’t go to air but I kept hold of with the intention of sharing in the context of the vide...

It was a few months back now, but last year I spent a little time with fellow MVP Denny Cherry [http://twitter.com/mrdenny/] on his podcast People Talking Tech [http://peopletalkingtech.com]. We had a great talk about security in general with a lot of focus on SQL Injection in particular. It’s a nice light-hearted 24 minute chat that I enjoyed doing and I hope you enjoy listening to. You can listen online or download from People Talking Tech, Episode 18 – Troy Hunt [http://peopletalkingtech.com...

This week’s post on Disassembling the Woolworths Facebook scam [https://www.troyhunt.com/2012/11/disassembling-woolworths-facebook-scam.html] has had a pretty good run. In part, I suspect this is due to the approaching holiday shopping season and in part because I know this scam is really doing the rounds and being seen by a lot of people. Yesterday I had a chat with Dan Kaplan from Secure Computing Magazine [http://www.scmagazine.com/podcast-the-anatomy-of-a-facebook-gift-card-scam/article/269...