MoreRSS

site iconTroy HuntModify

Create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of Troy Hunt

每周更新 458

2025-07-02 16:08:12

Weekly Update 458

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page, so if you want to see the highlights, head over there. That's it for this week, it's home for a day then I'll come to you from Tokyo for the next one.

Weekly Update 458
Weekly Update 458
Weekly Update 458
Weekly Update 458

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Have Fun Teaching was breached 4 years ago and 27k of their records are now in HIBP (they went very much "radio silence" after disclosure)
  3. Robinsons Malls in the Philippines had a breach thay finally made its way into HIBP (the breach itself was back in June last year)
  4. Because Teespring was frankly, appallingly bad, we have a new merch store courtesy of Fourthwall (if you ordered from Teespring and haven't received your merch, contact their support and if that doesn't work, dispute the charge with your card company)

每周更新 457

2025-06-22 01:36:24

Weekly Update 457

Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that's a shotgun style that plugs straight into the iPhone and it's usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don't know if this was connection related or what, but I was in no position to troubleshoot once the stream had started, unfortunately.

Moving on, it's been a ridiculously hectic week of bacb-to-back events then to top it off, we've bee dealing with crazy traffic volumes on HIBP:

Anyway, you just can't predict these things, hope you enjoy this week's video regardless.

Weekly Update 457
Weekly Update 457
Weekly Update 457
Weekly Update 457

References

  1. Sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.
  2. If you want to follow along with travels, most of the pics I post these days are going to a public Facebook account (such is the fragmented social media world today)
  3. Catch me in Rome next week for the DotNetCode Italy meetup (that'll be the last public event of the tour)
  4. Was it really 16B passwords? (obviously this story got huge traction, let's see what the data says)

每周更新 456

2025-06-12 17:51:21

Weekly Update 456

It's time to fly! It's two months to the day since we came back from the last European trip, again spending the time with some of the agencies and partners we've fostered at HIBP over the years. This time, it's the driving tour I talked about earlier last month, and we have absolutely jam-packed it! But hey, it's a part of the world I love driving in, it's summer over there (I know, it's a bit upside-down in that half of the world), and there are lots of cool people and places to see. Interesting, Switzerland was by far the most dominant "come and say g'day" country, and we've ended up with events or meetups in Zurich, Bern and Geneva, along with invites in other places we just didn't have time to make work. But Switzerland is awesome, so perhaps that's a place for a longer stay next time with a little less grand touring. Regardless, I'll come to you with another live stream next Friday from Monaco 😎

Weekly Update 456
Weekly Update 456
Weekly Update 456
Weekly Update 456

References

  1. Sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing
  2. Catch me in Zurich on Monday (that one is courtesy of the Azure Zurich User Group)
  3. And in Rome the week after (thank you DotNetCode Italy for hosting!)

每周更新 455

2025-06-09 16:27:23

Weekly Update 455

The bot-fighting is a non-stop battle. In this week's video, I discuss how we're tweaking Cloudflare Turnstile and combining more attributes around how bot-like requests are, and... it almost worked. Just as I was preparing to write this intro, I found a small spike of anomalous traffic that, upon further investigation, should have been blocked. So we've pivoted again, adding yet more logic to try and give legit humans the best experience possible whilst making it painful for the bots. Fortunately, we're doing this with resources that have minimal impact if a limited number of bot requests come through, but it does make for a challenging if not somewhat infuriating experience.

Weekly Update 455
Weekly Update 455
Weekly Update 455
Weekly Update 455

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We've now identified the first round of partners to onboard to HIBP (these are companies that can help victims "after the breach")
  3. ColoCrossing had a breach that exposed 7k customer email addresses for their cloud service (looks like this just ColoCloud)
  4. We love the HIBP merch store, but Teespring's support is absolutely woeful (we'll move to an alternate provider in the very near future)
  5. We're still tweaking Cloudflare's Turnstile to keep the bad guys out and the good guys in (that's a link to the HIBP homepage which we think we have dialed in pretty good now, see if you get a nice async request or a full page post-back)

每周更新 454

2025-06-02 18:26:35

Weekly Update 454

We're two weeks in from the launch of the new HIBP, and I'm still recovering. Like literally still recovering from the cold I had last week and the consequent backlog. A major launch like this isn't just something you fire and forget; instead, it takes weeks of tweaks and refinements to iron out all the little creases, both known and unpredictable. None of them have been significant, fortunately, but the more I look at it, the more I see, and the more we refine. This week, we're diving headfirst into something I'd rather avoid: wacky procurement demands. Stuff like quote generation so that you can have the same stuff as you can find on the pricing page right now, just as a PDF with your name on it 🤦‍♂️ And look, I get it - it's not the people reading this making those demands and I have tread in your shoes and felt your pain. Hopefully, sometime this week, we'll automate away both your and my pain, and that'll be a massive step forward for all of us. Stay tuned!

Weekly Update 454
Weekly Update 454
Weekly Update 454
Weekly Update 454

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. I'm coming to Zurich! (now at the correct date of June 16)
  3. The Fédération Francaise de Rugby breach turned up (282k people in there, including with their DoBs for some reason 🤷‍♂️)
  4. Sticking with the French theme, their "Free" ISP data popped up too (another 14M people there, also with dates of birth 🤷‍♂️)
  5. And the second coming of Operation Endgame also made its way to HIBP (with support from our friends in LEA 👮)

每周更新 453

2025-05-27 08:26:01

Weekly Update 453

Well, the last few weeks of insane hours finally caught up with me 🤒 Not badly, but I evidently burned enough midnight oil to leave the immune system somewhat degraded and just after recording this video, I really didn't feel like doing much at all. Some congestion and sniffles aside, it's really not that bad, but definitely evidence of a very intense period, which thankfully, is now behind us. So, this week, let's talk about that awesome new HIBP website 😊

Weekly Update 453
Weekly Update 453
Weekly Update 453
Weekly Update 453

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. We launched! (the end of one era, the beginning of another)
  3. Cloudflare's Turnstile is protecting a bunch of features in the new HIBP site from automation (but we do need to work on the rate at which it thinks real people are bots)
  4. I later put out a poll on the rate at which Turnstile was blocking access (when I speculated about 10%, I was pretty close - it's actually 8.7%)