🐻 DeuZa aka 0x2A - ᚲᚷᚱᚹᚾᛗᛚᛜᚢᛒ<p><a href="https://github.com/deuza/chkpwd/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/deuza/chkpwd/</span><span class="invisible"></span></a></p><p>A free web tool (CC-0) for generating and analyzing in detail the strength of a <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> or <a href="https://mastodon.social/tags/passphrase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passphrase</span></a> </p><p><a href="https://mastodon.social/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHP</span></a> <a href="https://mastodon.social/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Node</span></a> <a href="https://mastodon.social/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Node</span></a>.js <a href="https://mastodon.social/tags/JS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JS</span></a> <a href="https://mastodon.social/tags/zxcvbn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zxcvbn</span></a> <a href="https://mastodon.social/tags/TAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TAI</span></a> <a href="https://mastodon.social/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://mastodon.social/tags/entropy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>entropy</span></a> <a href="https://mastodon.social/tags/Shannon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shannon</span></a> <a href="https://mastodon.social/tags/HIBP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIBP</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a></p>
#hibp
0 posts0 participants0 posts today
Nach langer Entwicklungszeit ist die komplett neu gestaltete Website von Have I Been Pwned (#HIBP) jetzt online! https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/
Troy Hunt · Have I Been Pwned 2.0 is Now Live!This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in
Whoever did the parsing on the latest batch of HIBP data: who hurt you?
Daten von rund 250.000 #MSI-Kunden bei Have I Been Pwned | Security https://www.heise.de/news/Daten-von-rund-250-000-MSI-Kunden-bei-Have-I-Been-Pwned-10246593.html #HIBP #Datenschutz #privacy #DataLeak #Datenleck
heise online · Daten von rund 250.000 MSI-Kunden bei Have I Been Pwned
Always good* to get an email from #HIBP reminding me that I once made the mistake of purchasing from DigiDirect using a real email address
This Week in Security: The Internet Archive, Glitching With a Lighter, and Firefox In-the-wild - The Internet Archive has been hacked. This is an ongoing story, but it looks like ... - https://hackaday.com/2024/10/11/this-week-in-security-the-internet-archive-glitching-with-a-lighter-and-firefox-in-the-wild/ #thisweekinsecurity #hackadaycolumns #internetarchive #securityhacks #firefox #news #hibp
Hackaday · This Week In Security: The Internet Archive, Glitching With A Lighter, And Firefox In-the-wildThe Internet Archive has been hacked. This is an ongoing story, but it looks like this started at least as early as September 28, while the site itself was showing a creative message on October 9th…
#InternetArchive (https://Archive.Org) Hacked: 31 Million Accounts Compromised
According to #HIBP, the Internet Archive's authentication database was stolen a 6.4GB SQL file named "ia_users.sql" which contains user information, including email addresses, usernames, timestamps of password changes (with the most recent being September 28th), and even encrypted passwords.
https://hackread.com/internet-archive-archive-org-hacked-accounts-compromised/ #breach
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site.
#News #InternetArchive #Tech #Security #WaybackMachine #HIBP #DataBreach #Hack
BleepingComputerInternet Archive hacked, data breach impacts 31 million usersInternet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
attacks against beloved organizations (Internet Archive)
Has archive dot org been hacked?
https://www.reddit.com/r/cybersecurity/comments/1g022es/has_archiveorg_been_hacked
Just discovered a new drawback of using catchall email addresses to sign up for things.
Enough companies have now lost my data that I can't use #haveibeenpwned for free anymore, because each has lost a unique address.
Not that I mind paying towards #hibp
361 million stolen accounts leaked on Telegram added to #HIBP
User username and password combos added to Have I Been Pwned database.
Almost half were emails not found in Have I Been Pwned’s database prior.
These credentials were found in various #Telegram channels.
Users should avoid reusing#passwords and avoid using passwords that have been leaked/cracked previously. It is also encouraged to use #mfa - especially for sensitive accounts.
Replied in thread
@quarkslab To summarize: Passbolt was sending k-anonymity hash queries to the HIBP API on each keystroke of password entry. Analysis of the submitted hashes can dramatically reduce the keyspace necessary to guess the password.
quarkslab even wrote a custom hashcat module to exploit the combined hashes! Great analysis, @doegox!
https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html
Quarkslab's blog · Passbolt: a bold use of HaveIBeenPwnedPassbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?
(D.Burch) 
I wonder if any breaches in @haveibeenpwned contained my password in it? .....Ah, beans!
Ich hab es vielleicht ein bisschen übertrieben. Freitag sind noch ein paar Quellen dazu gekommen und die sind über das Wochenende fertig prozessiert worden. Wir sind bei 9.217.160.883 Hashes. Nur noch 10% davon sind von #HIBP, der Rest ist aus anderen Quellen.
pwcheck.gwdg.deGWDG Password-Check
Continued thread
…OK zugegeben, mensch kann über diese #Schwachstelle auch #Propaganda von #HIBP machen. Ich pers. empfinde dies fast schon lustig, trotz allem sehr doof und beklemmend:
«100 Millionen #Passworte kursieren im Netz: So überprüfen Sie, ob Sie betroffen sind:
Im #Internet sind Passwörter und #Daten von Millionen Nutzern veröffentlicht wurden. Wie Sie checken, ob Sie betroffen sind, zeigen wir hier.»
[Boulevard]
Regarding the Mother of all Breaches: it is not a new leak. It’s a collection of existing leaks!
https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
What should you do? Just the usual.
1. Sign up for notifications on https://haveibeenpwned.com/.
2. Use a password manager (e.g., @bitwarden).
3. Bonus: Generate a unique email address per service with SimpleLogin (integrates well with Bitwarden).
Have I Been Pwned: Gigantisches Naz.API-Datenleak hinzugefügt
Der Passwort-Prüfdienst HIBP hat fast 71 Millionen im Zuge von Cyberattacken kopierte E-Mail-Adressen in seine Datenbank aufgenommen.
#Datenleak #Datenleck #HIBP #Naz.API #Passwortklau #Security
heise online · Have I Been Pwned: Gigantisches Naz.API-Datenleak hinzugefügt