http://www.informationweek.com/news/security/client/231902027 By Mathew J. Schwartz InformationWeek November 01, 2011 Up to 50,000 breached records appear online every week. Do any of them include your usernames and passwords? Answering that question is the principle aim of free website PwnedList.com, which is billed by its creator as being "a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise." A user enters an email address, and the site says whether it's spotted that email address amongst breached records. As of Monday, the site had amassed five million breached records, roughly 70% of which included email addresses, and 30% that had usernames, that had been "pwned" (hacker-speak for owned or controlled) by online attackers or inadvertently exposed online. PwnedList was created by Alen Puzic, a security intelligence researcher for HP's TippingPoint DVLabs. Via background details posted to the site, it began as a research project "to discover how many compromised accounts can be harvested programatically in just a couple of hours," he said. That's researcher-speak for using scripts to automatically analyze large amounts of data to extract any usernames, passwords, or other sensitive information they contain. In the first experiment, interestingly, Puzic found that he could automatically retrieve 30,000 usernames and passwords after only about two hours of work, for everything from email addresses and social media login details to banking and other financial information. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Nov 01 2011 - 23:49:57 PDT
This archive was generated by hypermail 2.2.0 : Tue Nov 01 2011 - 23:52:17 PDT