Troy Hunt

MARCH 1, 2018

There's a verification process where control of the domain needs to be demonstrated (email to a WHOIS address, DNS entry or a file or meta tag on the site), after which all aliases on the domain and the breaches they've appeared in is returned. At the time of writing, over 110k domain searches have been performed and verified.

Government 187

Government Data breaches Passwords Authentication 187

eSecurity Planet

APRIL 14, 2023

The company also offers a range of additional cybersecurity solutions, including DDoS protection, web application firewalls, and DNS services. The solution should differentiate between bots and humans accurately and provide mechanisms for users to prove their identity and authenticity quickly.

Software 107

Software DDOS Accountability Firewall 107

Troy Hunt

NOVEMBER 25, 2020

For some reason, the Shelly on my garage door is making a DNS request for api.shelly.cloud once every second! Every time one of the kids asks Alexa a question, a TLS connection is established to Amazon's services and they get the benefit of confidentiality, integrity and authenticity.

IoT 357

IoT Firmware Risk Manufacturing 357

Troy Hunt

JANUARY 10, 2018

I've implemented CAA on HIBP and it's simply a matter of some DNS records and a check with a CAA validator : Unfortunately, there are no such records for Aadhaar: Now in fairness to Aadhaar, CAA is very new and the take-up is low ; we cannot be critical of them for not having implemented it yet. Again, see comments above re why this is odd.

Hacking 279

Hacking Government Risk Encryption 279