I’m very happy to announce that @haveibeenpwned’s Pwned Passwords is now open source under the @dotnetfdn. Now we’ve got some work to do: building an ingestion pipeline for new passwords provided by the @FBI on an ongoing basis. This is super cool 😎 troyhunt.com/pwned-password…
There’s so much I love about this, starting with the fact that it removes a huge barrier for many orgs considering using Pwned Passwords: if I have an unfortunate jet ski related accident and can no longer run the service, you can pick it up and run it yourself.
And because all the passwords are already freely downloadable from @haveibeenpwned, all the data is already in the public domain. Open sourcing the code compliments the already open sourced data.
Next, I hope it also gives people more confidence in what happens when you search the service for a password (or at least a hash prefix). What happens in @cloudflare (their worker is now open source too) and then what happens in @Azure. It’s super, super simple 🙂
Because I really don’t know what I’m doing running an open source project, the @dotnetfdn has been absolutely invaluable. I love what they they do and what their mission is and with friends like @clairernovotny running it, I’ve got complete confidence they’ll be awesome.
And the @FBI bit: imagine having access to more real world passwords as they’re found in the course of investigations and then being to immediately do something good with them. This will be massively beneficial for orgs running services targeted by credential stuffing attacks.
This is just cool from top to bottom 😎 It hasn’t been easy and it’s taken a lot of effort just to get to the point where all this is possible, I’m really excited to see where it goes from here 😊
• • •
Missing some Tweet in this thread? You can try to
force a refresh
It’s finally here - the @haveibeenpwned 3D logo 😎 The reason I bought the @Prusa3D in the first place was to make a bunch of these and hand them out in my travels. A little tweaking to do then I’ll pump out a bunch and give ‘em away.
Pretty happy with this now, might need to start some mass production:
I actually couldn't find any of my own or my family's data in the Australia file which has 7.3M rows. Having said that, I'm hearing from other trustworthy sources that the data is legit and that seems a reasonable assumption to work on for now.
Oh wow, there’s so much to unpack in this video by @LewSpears. Maybe just start by watching it (it’s hilarious, but probably NSFW so wait until you get hom... oh, yeah)
Subsequently, @lorenzofb did a story eloquently titled “Your Cock Is Now Mine” in response to @LewSpears reaching out to him in the earlier video and pretending to have had his wedding tackle cyber’d.
Can anyone verify the legitimacy of this? It appears to indicate multiple Gab accounts were compromised to post the message in the video, including the official account and that of the CEO:
After about a decade and a half of faithful use, my Logitech Z-5500 has finally quit on me. So, what next? I don’t need 5 channels, it’s just for use at the PC, but I want something top-notch as it’s gonna get used a heap. Suggestions?
A really common response here is “studio monitors with an audio interface”. Loads of options here, anyone got recommendations for the audio interface? Seen a few suggestions for Schiit, anything in particular from them?
Getting sucked further and further down this rabbit hole; if I went with something like a @Genelec 8010A paired with a 740A sub, I'd need an XLR amp, right? And which one could take a line out or USB from the PC and provide volume control and headphone jack? Confused 🤷♂️
This came a couple of days after their post about an "alleged data breach" which is full of pretty bizarre statements: news.gab.com/2021/02/26/all…
For example, because they couldn't find any public discussion about the breach they assumed that @WIRED reporters were "essentially assisting the hacker in his efforts to smear our business". There are *always* discussions held in private about a breach before it's made public.