Troy Hunt

MAY 21, 2024

What we never made any formal announcements about is that we did hire Stefán on a part-time basis beginning earlier last year to help out with the coding when he had free cycles amidst his full-time work.

Passwords 308

Passwords Hacking 308

CyberSecurity Insiders

MARCH 25, 2021

Although this does take time, with training and upskilling programs , insightful workshops, and “Hacker Fridays” (where employees can try to hack a specific smart device), team members will become more capable of dealing with the new diagnostics support work, as well as any general IoT problems.

IoT 100

IoT Authentication Passwords Data collection 100

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking 279

Hacking Government Risk Encryption 279

Troy Hunt

DECEMBER 20, 2017

It was being sold for 5 Bitcoins: That's over US$80k in today's money but back then, it was only a couple of grand (which actually, seems like pretty good value for 167 million accounts and passwords stored as unsalted SHA1 hashes). When I run workshops , at the end of the second day I like to talk about automating security.

Data breaches 119

Data breaches Marketing Penetration Testing Government 119

Troy Hunt

FEBRUARY 6, 2018

I've been giving a bunch of thought to passwords lately. Some won't let you paste a password. I particularly focused on how today's thinking is at odds with many of the traditional views of how passwords should be handled. Now, here's my great insight from all of this: Every single minimum password length is an even number!

Passwords 201

Passwords Authentication Marketing Accountability 201

Troy Hunt

NOVEMBER 25, 2020

I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. It made it easy for all the existing devices to jump onto the new network (I used the same password from the v1 network) and it gives me the option to segment traffic later on.

IoT 358

IoT Firmware Risk Manufacturing 358

Krebs on Security

AUGUST 12, 2022

The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. It had the username and password for the system printed on the machine.

Firmware 207

Firmware Manufacturing Passwords Software 207

Troy Hunt

JULY 12, 2019

So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control characters had snuck in due to the quality (or lack thereof) of the source data. References Scott will be running my Hack Yourself First workshop in Glasgow next week (this is the last stop on the UK tour, get in while you still can!)

Data breaches 156

Data breaches Passwords Accountability Hacking 156

Troy Hunt

SEPTEMBER 26, 2020

(I'll gradually go through the house and replace all the wall sockets with these) Was Activision "hacked" or do people just choose bad passwords?

Passwords 183

Passwords Technology Hacking 183

Troy Hunt

JANUARY 3, 2019

So yes, travel went up but I also did a bunch of remote workshops which helped keep that down, as well sending Scott Helme to run in-person ones that contributed to keeping me on Aussie soil. SSW in Sydney: How safe is your #password ?! TECHpalooza on the Gold Coast: We’ve got a password problem. troyhunt is here to help.

Passwords 205

Passwords Technology Government InfoSec 205

Troy Hunt

JANUARY 3, 2020

NewPassword: passw0rd ConfirmPassword: passw0rd This is a real request from my Hack Yourself First website I use as part of the workshops Scott Helme and I run. You can go and create an account there then try to change the password and watch the request that's sent via your browser's dev tools. Why is this possible?

Passwords 289

Passwords Accountability Risk Hacking 289

ForAllSecure

SEPTEMBER 21, 2021

The FTC claims that spy phones secretly harvested and shared data on people's physical movements phone news online activities through a hidden hack. It's about challenging our expectations about the people who hack for a living. It doesn't take leet hacking skills. It's an important topic, with real human consequences.

Technology 52

Technology Software Surveillance Media 52

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Maybe on hack-yourself-first.com 🤣 Clearly, I didn't forget and I also didn't forgive and he probably should have expected me (sorry, couldn't help myself!) But I can make mistakes.

Scams 69

Scams Data breaches InfoSec Social Engineering 69

Adam Levin

AUGUST 21, 2019

Capital One’s announcement of a hack that affected more than 100 million people should have you asking not what, but who’s in your wallet. Bob from accounting goes on vacation with his laptop, and the next thing you know, millions of customers get hacked. Ever heard about a tortoise getting hacked? Attacks happen.

Phishing 138

Phishing Accountability Cybersecurity Hacking 138

Krebs on Security

OCTOBER 5, 2018

But here’s the thing: Even if you identify which technology vendors are guilty of supply-chain hacks, it can be difficult to enforce their banishment from the procurement chain. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories.

Computers and Electronics 234

Computers and Electronics IoT Manufacturing Technology 234

Troy Hunt

MARCH 2, 2020

My boss was an arsehole (there was broad consensus on that noun), but I stuck it out and dealt with it until circumstances were such that there was a better path forward; ultimately, a redundancy with a nice payout (I cover this in my Hack Your Career talk ). Many of them felt wrong. I spoke at CERN.

Data breaches 340

Data breaches Marketing Cyber Insurance InfoSec 340