Collaborate Disseminate
My understanding of Have I Been Pwned is that it checks your password to see if someone else in the world has used it.
This really doesn’t seem that useful to me. It seems equivalent to asking if anyone in the world has the … Continue reading Is "Have I Been Pwned’s" Pwned Passwords List really that useful?
tl;dr – a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven’t been seen in HIBP before. Those 80M records are now searchable, read on for the full story:…
Continue reading I’ve Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned
Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains:
When processing requests to establish
Continue reading I’ve Just Launched “Pwned Passwords” V2 With Half a Billion Passwords for Download
I don’t know how many data breaches I’m sitting on that I’m yet to process. 100? 200? It’s hard to tell because often I’m sent collections of multiple incidents in a single archive, often there’s junk in there and often there’s redundancy across those collections. All I really know is…
Continue reading Streamlining Data Breach Disclosures: A Step-by-Step Process
The company plans to trial an add-on that will warn users if they appear in Troy Hunt’s Have I Been Pwned? database. Continue reading Involved in a data breach? Firefox to test alerts in the browser
Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS, it still has a ways to go. Continue reading Taking HTTPS Denial to an Absurd Level
Friends who follow what I’m up to these days will see that I’m often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I’m writing this now) and a lot of…
Continue reading Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad!
What does the Disqus data breach tell us about security? Continue reading Learning from the Disqus data breach
No matter how much anyone tries to sugar coat it, a service like Have I been pwned (HIBP) which deals with billions of records hacked out of other peoples’ systems is always going to sit in a grey area. There are degrees, of course; at one end of the spectrum…
Continue reading The Ethics of Running a Data Breach Search Service
A trove of 711 million email accounts used by a colossal spam operation was found by a Parisian security researcher this week. The collection, hosted on a publicly accessible server in the Netherlands, includes email addresses, corresponding passwords and servers engineered to help the spam avoid inbox filters. Uncovered by a pseudonymous researcher named Benkow moʞuƎq and reported by blogger and developer Troy Hunt, the spambot known as “Onliner” marks the largest-ever data set loaded into haveibeenpwned.com, a popular breach notification service operated by Hunt. Onliner delivers Ursnif banking malware, ZDNet reported, which is responsible in more than 100,000 global infections. Ursnif is infamous years-old data-stealing malware that has been updated continuously. It’s an evolving threat that can move through numerous attack vectors. In a 2017 report, Palo Alto Networks researchers said “newer versions of the threat allow attackers to steal browsing data such as banking and credit card information, acquire passwords via screenshots and keylogging, […]
The post 711 million email addresses found in popular banking malware’s spambot appeared first on Cyberscoop.
Continue reading 711 million email addresses found in popular banking malware’s spambot