Information Security News mailing list archives
Were Your IDs, Passwords Stolen? Check PwnedList
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 2 Nov 2011 01:49:57 -0500 (CDT)
http://www.informationweek.com/news/security/client/231902027 By Mathew J. Schwartz InformationWeek November 01, 2011Up to 50,000 breached records appear online every week. Do any of them include your usernames and passwords?
Answering that question is the principle aim of free website PwnedList.com, which is billed by its creator as being "a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise." A user enters an email address, and the site says whether it's spotted that email address amongst breached records.
As of Monday, the site had amassed five million breached records, roughly 70% of which included email addresses, and 30% that had usernames, that had been "pwned" (hacker-speak for owned or controlled) by online attackers or inadvertently exposed online.
PwnedList was created by Alen Puzic, a security intelligence researcher for HP's TippingPoint DVLabs. Via background details posted to the site, it began as a research project "to discover how many compromised accounts can be harvested programatically in just a couple of hours," he said. That's researcher-speak for using scripts to automatically analyze large amounts of data to extract any usernames, passwords, or other sensitive information they contain. In the first experiment, interestingly, Puzic found that he could automatically retrieve 30,000 usernames and passwords after only about two hours of work, for everything from email addresses and social media login details to banking and other financial information.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Were Your IDs, Passwords Stolen? Check PwnedList InfoSec News (Nov 01)