Troy Hunt continues to be amazing for cyber security with the Have I Been Pwned project. All the Version 3 passwords have been released as NTLM hashes, the password hash used by Windows. This should be really useful for any sysadmins managing a Windows Enterprise deployment wanting to make sure that users aren’t using bad passwords. Hopefully as this is adopted it will also reduce the number of poor password rules that many companies still enforce.
Things like: Continue reading “Have You Been Pwned: NTLM Hashes”
Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 517 million compromise passwords (as SHA1 hashes).
Continue reading “Have You Been Pwned: Update 2”
e-mail accounts are a pretty serious single point of failure, more so than I think most people ever consider. Recovery accounts and 2 factor authentication help (if you have them setup), but there is a new option that a lot of people won’t know about. email address aliases.
Continue reading “Securing Your e-mail Account”
Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 501 million compromise passwords (as SHA1 hashes). It now also includes a count of how many time that password has been found, so you can see just how poor your password choices are!
Continue reading “Have You Been Pwned: Update”
Have you been pwned? Troy Hunt, a security researcher at Microsoft has set up a great project called “haveibeenpwned” so you can find out. You can use the website to search for an e-mail address and see if they have been included in past data breaches. You can also sign up to be notified of future breaches too. If your e-mail has been found, it will tells you what data has been leaked, such as poorly hashed passwords. My results (for my generic sign-up email) are below. The Adobe and LastFM password leaks are a serious concern since MD5 is no longer considered a secure hashing algorithm. Oops. Continue reading “Have You Been Pwned?”