toad.social

1 post1 participant0 posts today

ITSEC NewsAfter the Breach: Finding new Partners with Solutions for Have I Been Pwned Users - Presently sponsored by: Join Snyk's May 15th event to discover how to establish a ... <a href="https://www.troyhunt.com/after-the-breach-finding-new-partners-with-solutions-for-have-i-been-pwned-users/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/after-the-breach-finding-new-partners-with-solutions-for-have-i-been-pwned-users/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a>

ITSEC NewsThe Have I Been Pwned Alpine Grand Tour - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... <a href="https://www.troyhunt.com/the-have-i-been-pwned-alpine-grand-tour/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/the-have-i-been-pwned-alpine-grand-tour/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a>

ITSEC NewsWelcoming The Gambia National CSIRT to Have I Been Pwned - Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, an... <a href="https://www.troyhunt.com/welcoming-the-gambia-national-csirt-to-have-i-been-pwned/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/welcoming-the-gambia-national-csirt-to-have-i-been-pwned/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> <a href="https://schleuss.online/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#government</a>

LavX NewsRevolutionizing Cybersecurity: How Cloudflare Workers Enhance 'Have I Been Pwned?' with HyperscalingIn a groundbreaking move, Troy Hunt's 'Have I Been Pwned?' (HIBP) has integrated Cloudflare Workers to achieve hyperscaling and enhanced performance. This shift not only optimizes user experience but ...<a href="https://news.lavx.hu/article/revolutionizing-cybersecurity-how-cloudflare-workers-enhance-have-i-been-pwned-with-hyperscaling" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/revolutionizing-cybersecurity-how-cloudflare-workers-enhance-have-i-been-pwned-with-hyperscaling</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mastodon.cloud/tags/CloudflareWorkers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareWorkers</a> <a href="https://mastodon.cloud/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a>

Royce WilliamsTIL if you generate and store all even faintly possible IPv4 IPs - 0.0.0.0 through 255.255.255.255 - as ASCII strings ... it takes about 58GB.This is a <a href="https://infosec.exchange/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a> subtoot. 😜 <a href="https://infosec.exchange/tags/PasswordCracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordCracking</a>

Julie WebgirlI typically get phishing emails to my email addresses that are public-showing. It's to be expected.But I just got one to an email I use only when purchasing or signing up for free plug-in services, almost all WordPress and plenty of them.So it would seem there has been a breach, but I haven't been notified and I don't see it on <a href="https://mstdn.social/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a>.There's a decent chance I've made a purchase with a debit card. Yeah that's cool.<a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Erik van Straten<a href="https://mastodon.nl/@EllyvA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EllyvA</a> : precies. Ook ik ben mens en dus maak ook fouten en doe onverstandige/risicovolle dingen; ik ben als de dood dat ik een keer ergens intrap.Ik hoop dat ik dan net zo dapper ben als Charlotte Cowles (<a href="https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html</a> - m.i. zeer lezenswaardig) en Troy Hunt (*) in <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/</a>.In <a href="https://www.security.nl/posting/840236/Veilig+inloggen" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security.nl/posting/840236/Veilig+inloggen</a> leg ik uit hoe je het veiligste kunt inloggen (dit helpt niet tegen foute sites waarop je nog geen account hebt).Aanvulling verderop in die pagina (directe link: <a href="https://security.nl/posting/876137" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.nl/posting/876137</a>): zet altijd "Waarschuwen voor onveilige verbindingen" aan als jouw browser dat ondersteunt (met screenshots voor Safari op iPhone/iPad: <a href="https://infosec.exchange/@ErikvanStraten/113946883735914839" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113946883735914839</a>).(*) Troy Hunt is beheerder van <a href="https://haveibeenpwned.com/About" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://haveibeenpwned.com/About</a><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonatie</a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> <a href="https://infosec.exchange/tags/HaveiBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveiBeenPwned</a> <a href="https://infosec.exchange/tags/CharlotteCowles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CharlotteCowles</a> <a href="https://infosec.exchange/tags/TheCut" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheCut</a>

pcyxSecurity Expert Troy Hunt Lured in by Mailchimp Phish<a href="https://www.darkreading.com/cyberattacks-data-breaches/security-expert-troy-hunt-lured-mailchimp-phish" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.darkreading.com/cyberattacks-data-breaches/security-expert-troy-hunt-lured-mailchimp-phish</a><a href="https://c.im/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://c.im/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://c.im/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TroyHunt</a> <a href="https://c.im/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a> <a href="https://c.im/tags/mailchimp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mailchimp</a>

Karl Voit :emacs: :orgmode:<a href="https://graz.social/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TroyHunt</a> fell for a <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> attack on his mailinglist members: <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/</a>Some of the ingredients: <a href="https://graz.social/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Outlook</a> and its habit of hiding important information from the user and missing <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> which is phishing-resistant.Use <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> with hardware tokens if possible (<a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arxiv.org/abs/2501.07380</a>) and avoid Outlook (or <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a>) whenever possible.Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.Note: any 2FA is better than no 2FA at all.<a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://graz.social/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTP</a> <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TOTP</a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://graz.social/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> <a href="https://graz.social/tags/Ihavebeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ihavebeenpwned</a>

Royce WilliamsThe protective value of "k-anonymity"¹ for Have I Been Pwned / Pwned Passwords API lookups is significantly reduced because frequency data is included. And the more common the password, the more this effect is magnified.An example:<a href="https://gist.github.com/roycewilliams/2034c9253d46fbcaefb13f8e5d42daa2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gist.github.com/roycewilliams/2034c9253d46fbcaefb13f8e5d42daa2</a>... with cracks:<a href="https://gist.github.com/roycewilliams/2bb471cc90cce7f6834204344590fcac" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gist.github.com/roycewilliams/2bb471cc90cce7f6834204344590fcac</a>Using "k-anonymity"¹ to return all hashes that begin with <code>b2e98</code> is less "anonymous" ... when 98.6% of the passwords (by frequency across all leaks) are the top one.It's not really hiding a needle in a haystack if you just lay it on top.Edit: in fact, even without the frequency data, since some passwords are much more common than others ... left-skewed distribution is an intrinsic property of password data. Missing frequency data can be largely reconstructed from public cracking efforts. (And even if that weren't true, the hashes can just be cracked using traditional methods. If the cracking community can get a 97%+ cracking rate², what is being achieved other than plausible deniability?)K-anonymity [as implemented by HIBP, anyway -- true K-anonymity is different¹] may just be a bad fit for password hashes.¹ Not actually k-anonymity at all: <a href="https://en.wikipedia.org/wiki/K-anonymity" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://en.wikipedia.org/wiki/K-anonymity</a>² Actually closer to 99.29% across the entire corpus, publicly: <a href="https://gist.github.com/roycewilliams/40f0e8c93ec9c69f5b5a1874c76f2587" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gist.github.com/roycewilliams/40f0e8c93ec9c69f5b5a1874c76f2587</a><a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a> <a href="https://infosec.exchange/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a>

ITSEC NewsSoft-Launching and Open Sourcing the Have I Been Pwned Rebrand - Presently sponsored by: 1Password Extended Access Management: Secure every sign-in... <a href="https://www.troyhunt.com/soft-launching-and-open-sourcing-the-have-i-been-pwned-rebrand/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/soft-launching-and-open-sourcing-the-have-i-been-pwned-rebrand/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a>

Die Gerichte im echten NordenFür alle <a href="https://social.schleswig-holstein.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a>-Nerds da draußen! Schönes Projekt des <a href="https://social.schleswig-holstein.de/tags/Landgerichts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Landgerichts</a> <a href="https://social.schleswig-holstein.de/tags/L%C3%BCbeck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lübeck</a>: ein kompletter Überblick über die Rechtsprechung der für <a href="https://social.schleswig-holstein.de/tags/Masseverfahren" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Masseverfahren</a> nach <a href="https://social.schleswig-holstein.de/tags/DSGVO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DSGVO</a> zuständigen Spezialkammer gebündelt auf einer Seite: Von <a href="https://social.schleswig-holstein.de/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> über <a href="https://social.schleswig-holstein.de/tags/scraping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scraping</a> und <a href="https://social.schleswig-holstein.de/tags/BusinessTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BusinessTools</a> bis <a href="https://social.schleswig-holstein.de/tags/Schufa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Schufa</a>Bitte hier entlang: <a href="https://www.schleswig-holstein.de/DE/justiz/gerichte-und-justizbehoerden/LandgerichteSH/LGLuebeck/BesucherService/Informationen_DSGVO_GlueckspielR/informationen_dsgvo_glueckspielr_node" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schleswig-holstein.de/DE/justiz/gerichte-und-justizbehoerden/LandgerichteSH/LGLuebeck/BesucherService/Informationen_DSGVO_GlueckspielR/informationen_dsgvo_glueckspielr_node</a><a href="https://social.schleswig-holstein.de/tags/GerichteSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GerichteSH</a> <a href="https://social.schleswig-holstein.de/tags/rechtnordisch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rechtnordisch</a> <a href="https://social.schleswig-holstein.de/tags/LGL%C3%BCbeck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LGLübeck</a>

ITSEC NewsWe're Backfilling and Cleaning Stealer Logs in Have I Been Pwned - Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get ... <a href="https://www.troyhunt.com/were-backfilling-and-cleaning-stealer-logs-in-have-been-pwned/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/were-backfilling-and-cleaning-stealer-logs-in-have-been-pwned/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a>

ITSEC NewsProcessing 23 Billion Rows of ALIEN TXTBASE Stealer Logs - Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get ... <a href="https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/</a> <a href="https://schleuss.online/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a>

ResearchBuzz: FirehoseTroy Hunt: Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs. “We’ve ingested a corpus of 1.5TB worth of stealer logs known as “ALIEN TXTBASE” into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. We’ve also added 244M passwords we’ve never seen before to Pwned Passwords and updated the […]<a href="https://rbfirehose.com/2025/02/27/troy-hunt-processing-23-billion-rows-of-alien-txtbase-stealer-logs/" class="" rel="nofollow noopener noreferrer" target="_blank">https://rbfirehose.com/2025/02/27/troy-hunt-processing-23-billion-rows-of-alien-txtbase-stealer-logs/</a>

BillNot sure what happened here. How many accounts did <a href="https://infosec.exchange/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> receive again?<a href="https://infosec.exchange/tags/rss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rss</a> <a href="https://infosec.exchange/tags/confusion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#confusion</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a> adds 284M accounts stolen by <a href="https://mastodon.thenewoil.org/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infostealer</a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a><a href="https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-284m-accounts-stolen-by-infostealer-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-284m-accounts-stolen-by-infostealer-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/HIBP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HIBP</a> <a href="https://mastodon.thenewoil.org/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a>

Tarnkappe.info📬 Neues Datenleck bei Have I Been Pwned: 284 Millionen Zugangsdaten hinzugefügt <a href="https://social.tchncs.de/tags/Cyberangriffe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberangriffe</a> <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Datenleck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenleck</a> <a href="https://social.tchncs.de/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> <a href="https://social.tchncs.de/tags/Infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infostealer</a> <a href="https://social.tchncs.de/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a> <a href="https://sc.tarnkappe.info/d649aa" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.tarnkappe.info/d649aa</a>

LavX NewsMassive Data Breach: 284 Million Accounts Added to Have I Been Pwned DatabaseThe cybersecurity landscape faces a significant threat as Have I Been Pwned reveals the addition of over 284 million compromised accounts, sourced from infostealer malware. This alarming update unders...<a href="https://news.lavx.hu/article/massive-data-breach-284-million-accounts-added-to-have-i-been-pwned-database" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/massive-data-breach-284-million-accounts-added-to-have-i-been-pwned-database</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mastodon.cloud/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HaveIBeenPwned</a> <a href="https://mastodon.cloud/tags/InfostealerMalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfostealerMalware</a>

Recent searches

Search options

Administered by:

Server stats:

#haveibeenpwned