An Alert System for Security Breaches

[InfoSec News <alerts () infosecnews org>]

http://bits.blogs.nytimes.com/2012/09/19/an-alert-system-for-security-breaches/

By NICOLE PERLROTH
The New York Times
September 19, 2012

It was, no doubt, the year of the security breach.

Hackers breached LinkedIn, LastFM.com, eHarmony, Yahoo and other sites, 
then posted customers’ usernames, passwords, e-mail addresses and device 
IDs to the Internet for all to see. In most cases, the consumers had to 
dig through hackers’ data dumps to find out what, if any, of their 
information had been compromised, then scurry to change their log-in 
credentials across many sites.

Now, with breaches on the rise, some companies have started offering 
customers new services to save them the trouble. LastPass, a service for 
managing passwords, said on Tuesday that it had partnered with 
PwnedList, a database of leaked usernames and passwords, to alert 
customers if a Web site was breached and if their information was 
included in the data dump.

The company will perform daily scans of PwnedList’s database of 24 
million (and growing) publicly leaked usernames and passwords and alert 
customers by e-mail if a domain was breached, if their log-in 
information was compromised and if they used the same password for the 
breached Web site elsewhere. In a blog post, LastPass said it planned to 
offer its alert system, called LastPass Sentry, free.

[...]

--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/