Have You Been Pwned: NTLM Hashes

Troy Hunt continues to be amazing for cyber security with the Have I Been Pwned project. All the Version 3 passwords have been released as NTLM hashes, the password hash used by Windows. This should be really useful for any sysadmins managing a Windows Enterprise deployment wanting to make sure that users aren’t using bad passwords. Hopefully as this is adopted it will also reduce the number of poor password rules that many companies still enforce.

Things like: Continue reading “Have You Been Pwned: NTLM Hashes”

Have You Been Pwned?

Have you been pwned? Troy Hunt, a security researcher at Microsoft has set up a great project called “haveibeenpwned” so you can find out. You can use the website to search for an e-mail address and see if they have been included in past data breaches. You can also sign up to be notified of future breaches too. If your e-mail has been found, it will tells you what data has been leaked, such as poorly hashed passwords. My results (for my generic sign-up email) are below. The Adobe and LastFM password leaks are a serious concern since MD5 is no longer considered a secure hashing algorithm. Oops. Continue reading “Have You Been Pwned?”