What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
TroyHunt.webp 2018-02-06 08:37:49 How Long is Long Enough? Minimum Password Lengths by the World\'s Top Sites (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.I've been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security - a paradigm that every single person with an online account understands - yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low...
TroyHunt.webp 2018-02-02 08:46:18 Weekly Update 72 (lien direct) Presently sponsored by: DigiCert: What are the keys to securing the Internet of Things and are you prepared? Learn how PKI can secure your devices.I'm home! It's nice being home 😀 This week I start by getting a couple of things off my chest, namely some pretty wacky reactions to my suggesting that we're never going to see a coders' hippocratic oath and how I feel when media outlets say "the dark web"...
TroyHunt.webp 2018-02-01 08:32:12 My Blog Now Has a Content Security Policy - Here\'s How I\'ve Done It (lien direct) Presently sponsored by: Digicert: What are the keys to securing the Internet of Things and are you prepared? Learn how PKI can secure your devices.I've long been a proponent of Content Security Policies (CSPs). I've used them to fix mixed content warnings on this blog after Disqus made a little mistake, you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I'm a...
TroyHunt.webp 2018-01-31 08:38:37 I\'m Teaming Up with Scott Helme to Run "Hack Yourself First" Workshops in Europe (lien direct) Presently sponsored by: Digicert: What are the keys to securing the Internet of Things and are you prepared? Learn how PKI can secure your devices.This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers... I've just arrived home to the Gold Coast in Australia...
TroyHunt.webp 2018-01-27 10:03:20 Weekly Update 71 (Denmark Edition) (lien direct) Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late... LastPass
TroyHunt.webp 2018-01-24 17:27:07 We\'re Doing an All New Series on Pluralsight: Creating a Security-centric Culture (lien direct) Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good... LastPass
TroyHunt.webp 2018-01-19 10:54:25 Weekly Update 70 (NDC London Edition) (lien direct) Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week... LastPass
TroyHunt.webp 2018-01-15 06:10:01 Streamlining Data Breach Disclosures: A Step-by-Step Process (lien direct) Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is... LastPass
TroyHunt.webp 2018-01-12 07:35:15 Weekly Update 69 (Boat Edition) (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.It's my last day in the sun ☹️ Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking...
TroyHunt.webp 2018-01-11 06:12:15 Is India\'s Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2 billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. It's also an era where this sort of information is constantly leaked...
TroyHunt.webp 2018-01-05 08:05:23 Weekly Update 68 (lien direct) Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesIt's 2018! All new year and already someone has gone and broken our computer things courtesy of the Meltdown and Spectre bugs. I only touch briefly on them in this week's update and I refer people to my Twitter timeline for good coverage I've shared. However, there's one resource which...
TroyHunt.webp 2018-01-01 08:33:25 2017 Retrospective (lien direct) Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesI look back a lot more than what I suspect people realise. Not in a reminiscent way, but rather because I find it helps me put things in perspective. A lot of people like to set personal goals or objectives so that there's something specific they're setting out to achieve...
TroyHunt.webp 2017-12-29 06:50:04 Weekly Update 67 (lien direct) Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesIt's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But...
TroyHunt.webp 2017-12-28 08:03:57 New Pluralsight Course: Care and Maintenance of Development VMs (lien direct) Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesRegular readers will know I create a lot of Pluralsight courses. It's now 5 years ago I started writing my first one which incidentally, is still my highest rated course every month (apparently the OWASP Top 10 as it relates to ASP.NET is still a big thing). Most of...
TroyHunt.webp 2017-12-23 08:23:17 Weekly Update 66 (lien direct) Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesThis week, it's all about fixing data breaches. Following on from my Congressional testimony last month, I committed to writing about how we can address the root causes which has led to the 5-part epic that was this week's posts. These posts consumed a huge amount of time this week...
TroyHunt.webp 2017-12-22 07:32:23 Fixing Data Breaches Part 5: Penalties (lien direct) Presently sponsored by: Security Newsletter: a weekly e-mail digest of infosec news.In the first 4 parts of "Fixing Data Breaches", I highlighted education, data ownership and minimisation, the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all...
TroyHunt.webp 2017-12-21 03:40:48 Fixing Data Breaches Part 4: Bug Bounties (lien direct) Presently sponsored by: Security Newsletter: a weekly e-mail digest of infosec news.Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education; let's do a better job of...
TroyHunt.webp 2017-12-20 12:01:05 Fixing Data Breaches Part 3: The Ease of Disclosure (lien direct) Presently sponsored by: Security Newsletter: a weekly e-mail digest of infosec news.This week, I've been writing up my 5-part guide on "Fixing Data Breaches". On Monday I talked about the value of education; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach, namely by...
TroyHunt.webp 2017-12-19 08:37:02 Fixing Data Breaches Part 2: Data Ownership & Minimisation (lien direct) Presently sponsored by: Security Newsletter: a weekly newsletter digesting last week's infosec news into a shortlist of useful articles.Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about...
TroyHunt.webp 2017-12-18 06:08:56 Fixing Data Breaches Part 1: Education (lien direct) Presently sponsored by: Security Newsletter: a weekly newsletter digesting last week's infosec news into a shortlist of useful articles.We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them...
TroyHunt.webp 2017-12-15 08:45:14 Weekly Update 65 (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this...
TroyHunt.webp 2017-12-13 11:12:33 I\'m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine..." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel
TroyHunt.webp 2017-12-12 10:22:02 Face ID Stinks (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date,...
TroyHunt.webp 2017-12-11 11:17:49 New Pluralsight Play by Play: What You Need to Know About HTTPS Today (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.As many followers know, I run a workshop titled Hack Yourself First where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known...
TroyHunt.webp 2017-12-08 07:36:01 Weekly Update 64 (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Home. The US Congress trip was an epic experience but man it's nice to be back! I got home early Monday morning after a 34-hour door-to-door commute and have spent the last 4 days trying to readjust which means being dead tired by 8pm then up at 4am. Fun times....
TroyHunt.webp 2017-12-04 08:42:42 The Trouble with Politicians Sharing Passwords (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Yesterday I had a bunch of people point me at a tweet from a politician in the UK named Nadine Dorries. As it turns out, some folks were rather alarmed about her position on sharing what we would normally consider to be a secret. In this case, that secret is...
TroyHunt.webp 2017-11-30 23:28:24 Weekly Update 63 (US Congress Edition) (lien direct) Presently sponsored by: White Hat Academy. Learn modern web app security in interactive labs; exploit and protect against the 2017 OWASP Top 10 risks.Last week, I was sitting next to a croc-infested river in the middle of nowhere (relatively speaking). This week, I'm in front of the United States Capital having just spoken to the very people who create the laws that govern not just the US but let's face it, have a...
TroyHunt.webp 2017-11-29 15:40:12 Here\'s What I\'m Telling US Congress about Data Breaches (lien direct) Presently sponsored by: White Hat Academy. Learn modern web app security in interactive labs; exploit and protect against the 2017 OWASP Top 10 risks.Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you! As I...
TroyHunt.webp 2017-11-24 08:34:32 Weekly Update 62 (Rockhampton Edition) (lien direct) Presently sponsored by: MINDBODY is the leading online marketplace for wellness services with a growing software security team. Make an impactful career move today!This is going to be a couple of weeks of polar opposite updates: This week I'm in Rockhampton, a regional centre in my home state where I'm surrounded by gum trees, chirping birds and a croc-invested river. Next week will be Washington DC where I'll have just finished testifying in... Guideline
TroyHunt.webp 2017-11-21 19:48:08 I\'m Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say? (lien direct) Presently sponsored by: MINDBODY is the leading online marketplace for wellness services with a growing software security team. Make an impactful career move today!There's a title I never expected to write! But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. It's an amazing opportunity to influence decision makers... Guideline
TroyHunt.webp 2017-11-17 08:46:06 Weekly Update 61 (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.A bit of a "business as usual" week this one, but then this business is never really "usual"! I start out with a talk at McAfee's MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can't talk...
TroyHunt.webp 2017-11-14 08:44:51 Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. As it turns out, breaking websites is a heap of fun (with the obvious caveats) and people really get into the exercises. The first one...
TroyHunt.webp 2017-11-10 07:39:53 Weekly Update 60 (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Loads of bits and pieces this week ranging from travel (including something truly awesome that I can't go into detail on just yet) to Report URI to HIBP. There's also the competition for the Lenovo ThinkPad where I talk about the 4 finalists and if you're reading this within about...
TroyHunt.webp 2017-11-09 08:28:04 The One Valuable Thing All Websites Have: Reputation (and Why It\'s Attractive to Phishers) (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Here's something I hear quite a bit when talking about security things: Our site isn't a target, it doesn't have anything valuable on it This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable...
TroyHunt.webp 2017-11-03 06:37:34 Weekly Update 59 (lien direct) Presently sponsored by: Worried your social media accounts got hacked? ZeroFOX provides the only account protection tool for you, the individual user. Learn more.I've actually had a day off today. Well mostly - I am still writing this piece and publishing a data breach - but I've pretty much spent the day between pool, beach and jet ski hence my being a bit dishevelled today 😀 Be that as it may, it's been a...
TroyHunt.webp 2017-11-02 08:42:34 Bypassing Browser Security Warnings with Pseudo Password Fields (lien direct) Presently sponsored by: Worried your social media accounts got hacked? ZeroFOX can teach you how to protect yourself. Learn how.It seems that there is no limit to human ingenuity when it comes to working around limitations within one's environment. For example, imagine you genuinely wanted to run a device requiring mains power in the centre of your inflatable pool - you're flat out of luck, right? Wrong! Powerboard Floating in Pool Or imagine...
TroyHunt.webp 2017-11-01 09:15:56 I\'m Joining Report URI! (lien direct) Presently sponsored by: Worried your social media accounts got hacked? ZeroFOX can teach you how to protect yourself. Learn how.What if I told you... that you can get visitors to your site to automatically check for a bunch of security issues. And then, when any are found, those visitors will let you know about it automatically. And the best bit is that you can set this up in a...
TroyHunt.webp 2017-10-27 08:41:31 Weekly update 58 (lien direct) Presently sponsored by: Get a security solution that will keep your website up and running-and keep you sleeping soundly: Symantec Website Security. Learn howI'm between (short domestic) trips, I'm playing with my new iPad and I'm working on something really, really cool I'm going to be talking about next week. Seriously, this is a big thing that's been in the works for a while now and I'll be covering it in detail in...
TroyHunt.webp 2017-10-24 08:45:46 Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad! (lien direct) Presently sponsored by: Get a security solution that will keep your website up and running-and keep you sleeping soundly: Symantec Website Security. Learn howFriends who follow what I'm up to these days will see that I'm often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I'm writing this now) and a lot of...
TroyHunt.webp 2017-10-20 07:09:02 Weekly update 57 (lien direct) Presently sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.I'm doing this week's update a little back to front due to the massive incident in South Africa involving what looks like pretty much the entire population. I've spent the first half an hour just talking about that incident in a way that I hope is consumable for the layperson....
TroyHunt.webp 2017-10-19 08:20:52 Questions about the Massive South African "Master Deeds" Data Breach Answered (lien direct) Presently sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This...
TroyHunt.webp 2017-10-18 19:59:43 The 6-Step "Happy Path" to HTTPS (lien direct) Presently sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now...
TroyHunt.webp 2017-10-17 08:04:36 New Pluralsight Course: Emerging Threats in IoT (lien direct) Presently sponsored by: Build your own mock malware and test your stack. Stackhackr will tell you if your company is vulnerable. Built by Barkly.It's another Pluralsight course! I actually recorded Emerging Threats in IoT with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: Troy and Lars We choose to...
TroyHunt.webp 2017-10-13 08:16:58 What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets? (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack, the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via...
TroyHunt.webp 2017-10-13 07:35:45 Weekly update 56 (island edition) (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it...
TroyHunt.webp 2017-10-09 08:26:30 Disqus Demonstrates How to Do Breach Disclosure Right (lien direct) Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week,... Equifax
TroyHunt.webp 2017-10-06 05:59:32 Weekly update 55 (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Lots of writing and lots of other stuff too this week. A claim that HIBP is bogus, new breaches appearing (and oh boy, wait until you see all of these ones...), some new bits from Ubiquiti and then the actual writing of things. I've got a lot of material on...
TroyHunt.webp 2017-10-05 07:49:44 I\'m Now Running Remote Workshops (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Almost 2 and a half years ago to the day, I left the corporate world. It's funny looking back on it because on the one hand, 2 and a half years isn't that long but on the other hand, it was a lifetime ago; my life is totally different today...
TroyHunt.webp 2017-10-03 08:19:02 Here\'s How I Decide What I Endorse and How I Ensure Transparency (lien direct) Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.One of the by-products of an increasingly public profile is that companies want you to promote their things. You see this all the time in all walks of life whether it be product placement in movies, celebs sponsored by car companies or indeed the sponsor banner you see at the...
TroyHunt.webp 2017-09-29 06:59:44 Weekly update 54 (lien direct) Presently sponsored by: Get a security solution that will keep your website up and running-and keep you sleeping soundly: Symantec Website Security. Learn howAh, home! It's nice at home, I think I'll stay here. When I got back from Utah on Sunday I checked my TripIt and noticed I'd been away bang on 40% of the year but fortunately, that's it for the 2017 overseas stuff. That said, I've got a bunch of...
Last update at: 2024-07-21 17:07:40
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter