Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Troy Hunt Profile picture
Troy Hunt
@troyhunt
Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
13 subscribers
Jul 17 12 tweets 7 min read
Rack upgrade day! Some new @Ubiquiti goodness to consolidate things, pics and details coming… Image
Image
Image Alright, let’s jump into this and full disclosure: @Ubiquiti has sent me all the bits you’ll see to play with. That’s after I spent a bunch of my hard-earned cash buying their gear and writing about it 9 years ago now, I’ve just been a fan ever since: troyhunt.com/ubiquiti-all-t…
Mar 13 7 tweets 2 min read
Working with @Cloudflare pages is so cool, check out this workflow: We have an open source repo for @haveibeenpwned's ux-rebuild which is here: github.com/HaveIBeenPwned/
Jan 2 7 tweets 2 min read
The Pornhub story regarding age verification shows just how hard privacy-preserving identifying verification is. Even when everyone agrees on the sentiment (nobody is saying kids should have access to porn), there’s no consensus on the execution. 404media.co/pornhub-is-now…Image
Image It took me a few seconds to VPN into Texas and capture these screens. It takes someone in Texas a few seconds to VPN into California and *not* see these screens! It costs a few bucks a month for a good VPN with loads of exit nodes around the world, placing you where you want.
Oct 25, 2024 5 tweets 1 min read
Was confused whilst doing my live stream just now why there was a sudden spike in DB usage on @haveibeenpwned. Turns out it was related to *dropping* this constraint: ALTER TABLE [dbo].[Domain] ADD CONSTRAINT [CHK_DomainName_Pattern] CHECK (([dbo].[IsDomainValid]([DomainName])=(1)))
Oct 9, 2024 9 tweets 3 min read
Hi folks, yes, I'm aware of this. I've been in communication with the Internet Archive over the last few days re the data breach, didn't know the site was defaced until people started flagging it with me just now. More soon. Looks like someone compromised a polyfill JS file on a subdomain to inject the alert, but that doesn't explain the root site being down
Oct 8, 2024 21 tweets 6 min read
This was a very uncomfortable breach to process for reasons that should be obvious from @josephfcox's article. Let me add some more "colour" based on what I found: Ostensibly, the service enables you to create an AI "companion" (which, based on the data, is almost always a "girlfriend"), by describing how you'd like them to appear and behave: Image
Sep 25, 2024 4 tweets 1 min read
Another cool little @Cloudflare thing that snuck out recently is this very simple security.txt creator: Image It's a simple form-based configuration that takes the basics of a security.txt file in the following interface: Image
Jul 29, 2024 7 tweets 2 min read
Our Aussie Cyber Security Act is going to be interesting to watch unfold not just in it's initial form, but as it evolves over the years. IMHO, great steps forward, but let's look at those arguments *against* it abc.net.au/news/2024-07-3… "Business groups say the new disclosure rules, and the proposed $15,000 fines for failures to disclose a payment, could sink some small operators." - you only get fined if you don't disclose, so... don't hide the breach!
Jul 19, 2024 22 tweets 5 min read
Something super weird happening right now: just been called by several totally different media outlets in the last few minutes, all with Windows machines suddenly BSoD’ing (Blue Screen of Death). Anyone else seen this? Seems to be entering recovery mode: Image The issue is worldwide: dailymail.co.uk/news/article-1…
Jul 6, 2024 9 tweets 3 min read
Let's start with what should be obvious: any infosec story that includes a headline about "largest", "greatest", "worst", or similar superlatives should be regarded with suspicion right from the outset. That said, let's delve into this one: cybernews.com/security/rocky… Firstly to the title - "RockYou". This harks back a decade and a half to a 2009 data breach that exposed 34M records. It was particularly noteworthy as the passwords were in plain text: en.wikipedia.org/wiki/RockYou
May 25, 2024 18 tweets 5 min read
A thread on this because the more I looked into it, the more I wanted to say about it: Firstly, this has come after @zackwhittaker's article which boils down to "it's stalkerware and it has appeared in a bunch of hotels it maybe shouldn't have and we know this because it has vulns disclosing what's captured and the company isn't responding" techcrunch.com/2024/05/22/spy…
May 10, 2024 19 tweets 5 min read
So this is an interesting one for several reasons. Firstly, the defacement which was obviously designed to antagonise a conservative media company. Maybe someone with an axe to grind, but definitely evidence of breach. Then there are the 3 different classes of data set published at the bottom of the defacement, let's go through each by file name:
Jan 31, 2024 12 tweets 4 min read
Alright folks, this is starting to smell like bullshit. Not the alleged breach (which smells bad for reasons I'll explain in a moment), but the "AI" line from both Europcar and the PR agency that just emailed me pitching someone's hot take on it. Here's why: Firstly on the legitimacy of the data, a bunch of things don't add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names. For example: Image
Oct 30, 2023 7 tweets 2 min read
We often receive comments to the effect of “we want to purchase a @haveibeenpwned subscription but our company doesn’t allow us to use a credit card”. What is the financial reason behind this?

This is a very small portion compared to those that *do* pay by card, but why is this? To add to this, having spent 14 years at Pfizer I’d see policies like this all the time. But it’s also not like there was a blanket ban: try going on a business trip and asking the person at the noodle shop you’re having lunch at to raise an invoice on 60 day terms 🤣
Sep 8, 2023 4 tweets 2 min read
Let me add some more context to the Dymocks breach, starting with giving them a massive pat on the back for responding so quickly. It was less than 48 hours ago between me contacting someone there via LinkedIn and them having sent disclosure emails to customers. Massive kudos! What's not as clear from the story is the extent to which the data was already circulating before I was able to get in touch with them. Multiple Telegram channels and a popular *clear web* (not dark web) forum were broadly circulating the data.
Jun 16, 2023 12 tweets 4 min read
Crikey Miele 🤦‍♂️ ImageImage Ah, so that’s why. Up until 10 minutes ago… Image
Jun 8, 2023 19 tweets 8 min read
Had a weird thing happen with @AzureApiMgmt that caused the public @haveibeenpwned API to start getting laggy, especially around 1 week ago. It went from ~220ms response times 90 days ago to over 1 second up until yesterday. Scaled out an instance and now we're down to ~70ms. Image This is despite very consistent performance of the underlying @AzureFunctions app. Something started gradually going south at the APIM level and I'm continuing to look at that with the team there. Image
May 30, 2023 10 tweets 5 min read
Ok folks, here’s the next edition of “Troy’s IoT Hell” 👿

Recently I had to make a call between buying the older Yale Assure locks sold locally here in Aus or the newer one only sold in the US. This was for 2 locks, one for the front door and one for the front (undercover) gate. I went with the newer ones from the US as they were smaller, looked a lot neater, support Matter (with a coming add on module) and only took a few days for shipping. They look *great*! ImageImage
May 24, 2023 10 tweets 2 min read
Got an unexplainable Azure Function problem which I suspect will have an obvious answer once I start explaining it to other people, so here goes: I have a function with a queue trigger that makes an outbound HTTP call after the queue item is picked up. I can place messages in the queue and see them disappearing moments later, but the outbound call never gets sent.
May 22, 2023 42 tweets 16 min read
So @Charlotte_Hunt_ is selling a fridge on Gumtree and immediately starts getting messages like this. The first one gets a bit of “no, we can discuss here” and they disappear. This one… gets a burner address to see how weird shit gets. What’s the angle? There’s always an angle… Image 🍿 Image
May 17, 2023 8 tweets 3 min read
This is interesting reading regarding the .zip TLD. However, it's of near zero consequence to phishing attacks, read it first then I'll explain: medium.com/@bobbyrsec/the… Read it? Good, here's the problem: let's start with the opening para which asserts that you can't quickly tell which URL is legit due to the .zip TLD. That's true, you can't. But which URL in the second image is the real Google blog site? ImageImage