Troy Hunt

NOVEMBER 14, 2017

I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. Using Nonces.

Analytics 87

Analytics Libraries IT Risk 87

ForAllSecure

SEPTEMBER 21, 2021

Some of those who bought the spyware were allegedly able to see live locations of the devices, view the targets emails, photos, web browsing history, text messages, video calls, etc. Black Mirror brainstorms, a workshop in which you create Black Mirror episodes. So here's the thing, SpyPhone is not an isolated incident.

Passwords 52

Passwords Access IoT IT 52

ForAllSecure

SEPTEMBER 10, 2021

So getting cybersecurity education materials often comes with a price tag. That's something that's a bit unique, there's typically a video game component with every competition. We'll be expanding on ways that we use the video game in the future, and the game was developed here at CMU at the Entertainment Technology Center.

Education 52

Education Cybersecurity IT Marketing 52

Troy Hunt

JANUARY 10, 2018

The video within that story reiterates over and over again that "Aadhaar data cannot be breached" It then goes on to quote the government as saying that: it cannot be questioned by a handful of individuals. Other Insecure Content Embedded in the Page (and Commented out HTML).

Security 111

Security Government Encryption Risk 111

ForAllSecure

SEPTEMBER 14, 2022

Vamosi: The Computer Science Annual Workshop or CSAW is a well-established CTF competition in New York. So getting cybersecurity education materials often comes with a price tag. So you'll go and learn, and you'll go and study and research and Google around and try and solve whatever task is in front of you. The CTF that we run.

Military 40

Military IT Education Cybersecurity 40

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches 111

Data breaches Passwords IT Mining 111

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. You can safely use an integrity attribute on your script tag because if ever we want to change the implementation, we'll simply rev the version. from its current state.

Libraries 97

Libraries Risk Government IT 97