According to my page revision history, 9 months ago I started writing a guide on using Cloudflare as a free CND for websites. I’m sure I’ll finish that eventually, but for now here is why I think it is so great. Free load balancing!
I like to sing the praises of Troy Hunt and his efforts to improve the world’s password security. I also take digital security very seriously, but I can understand why most people don’t. Even the most keen people can suffer from apathy from time to time.
Troy Hunt continues to be amazing for cyber security with the Have I Been Pwned project. All the Version 3 passwords have been released as NTLM hashes, the password hash used by Windows. This should be really useful for any sysadmins managing a Windows Enterprise deployment wanting to make sure that users aren’t using bad passwords. Hopefully as this is adopted it will also reduce the number of poor password rules that many companies still enforce.
Things like: Continue reading “Have You Been Pwned: NTLM Hashes”
e-mail accounts are a pretty serious single point of failure, more so than I think most people ever consider. Recovery accounts and 2 factor authentication help (if you have them setup), but there is a new option that a lot of people won’t know about. email address aliases.
Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 501 million compromise passwords (as SHA1 hashes). It now also includes a count of how many time that password has been found, so you can see just how poor your password choices are!
Have you been pwned? Troy Hunt, a security researcher at Microsoft has set up a great project called “haveibeenpwned” so you can find out. You can use the website to search for an e-mail address and see if they have been included in past data breaches. You can also sign up to be notified of future breaches too. If your e-mail has been found, it will tells you what data has been leaked, such as poorly hashed passwords. My results (for my generic sign-up email) are below. The Adobe and LastFM password leaks are a serious concern since MD5 is no longer considered a secure hashing algorithm. Oops. Continue reading “Have You Been Pwned?”