. |
|||||||||||
. |
|||||||||||
. |
Related LinksNew Website May Find Your Insecure Password Before Most Hackers DoDate: 2011-11-04 23:04:54 A new site, pwnedlist.com, now has spiders crawling the web looking for breached or vulnerable password lists. The site was created by Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint. According to the site's "learn" page, the site does not keep any email data submitted through queries (no phishing). The little they reveal about site architecture is great. We are big fan of Amazon Simple DB (SDB) and feel it's the one the least vulnerable database platforms a website can use. For the truly skeptical, the site enables users to submit their email as an SHA-512 hash See what are hashes and rainbow tables. We tested a known bad email from a recent hack and it did not show up in the database. In fairnmess, the same address was not found in shouldichangemypassword.com either. The sites domain was registered in June 2011 under a proxy service, which is very common and does not raise any flags. The founder is a well respected and active member of the security community. All timelines on personal and business twitter feeds correlate properly. We started this article on November 1st, and submitted some questions to the website. In the three days that followed we've received no response, but at least dozen publications have reported on pwnedlist.com, including Brian Krebs and Kaspersky Labs. Every indication points to pwnedlist.com being a great resource. Related Stories Kaspersky Labs ThreatPost has the only real interview with founder, Alen Puzic as of 04-Nov-2011. Brian Krebs has a good article geared toward the more technical crowd. Category: Breach Subcategory: Authentication |
|
|||||||||
. |
|
||||||||||
. |