#Cryptomator troy hunt passwordFor this reason, Hunt doesn’t discount using a physical password book. In some cases, it’s because it is too complex. “People are using bad passwords–we need to save users from themselves,” Hunt says.īut he points out that so far, stats show just 2% of people are using a password manager. Services can actually use the Pwned Password service on HIBP to prevent their users from using already breached passwords. Password securityĪsked how people can be stopped reusing passwords, Hunt says: “The only way you are going to not do that is using a password manager. This attack thrives on the chance that people reuse their passwords, which means hackers can throw these credentials at several services and bypass authentication on all of them. “Credential stuffing has become massive this year,” Hunt concedes. “It got interpreted by a number of people as the world’s largest data breach–but it was an amalgamation of different breaches.”Įven so, it was important Collection #1 got the coverage: The exposed details could be used for credential stuffing attacks, seeing bots automatically testing millions of email and password combinations on a range of website login pages. However, many misinterpreted the story, and gave Hunt a hard time. Predictably for a story so big, it gave HaveIBeenPwned a huge spike in customers. This mega-breach containing several data sets from different sources was first revealed by Hunt, and he says it was actually the catalyst for his site’s sale. Revealed in January, Collection #1, saw more than a billion unique email address and password combinations posted to a hacking forum for anyone to see. One of the biggest breaches of the year took place at the start of 2019. There was a little bit of me that was fascinated by how weird it was.” “I had to work out: Is this legal? Different aspects of it are legal in different places. There were user names, email addresses, and IP addresses.”īefore he even started, Hunt had some rather unexpected investigations to make. “A vulnerability meant you could personally identify individuals. There have been multiple breaches this year, so which were the worst? Hunt says one breach that affected him “due to the scars it left” was a “zoophilia and bestiality” site called Zooville. They are told by authorities that they need to retain data for terrorism–and then people want privacy.” Troy Hunt on the worst breaches of 2019 I use Google because it’s the best search engine, but it’s really interesting to see the challenges they have. “I haven’t deleted Facebook as my friends are on there. “I think the privacy thing around this is fascinating,” Hunt says. So, as a security researcher who sees a lot of the issues firsthand, has Hunt deleted Facebook yet? The PR made it out to be two hackers out to make money.”Īnother talking point that has dominated 2019 is data security and privacy practices of big tech companies such as Google and Facebook. “I bought my daughter one of these and found how she could be tracked,” he says, explaining how he worked with security researcher Ken Munro at Pen Test Partners to solve the issue. “He handled it so eloquently, but the vendor responded so badly. Afterwards you upload them protected to your favorite cloud service.Hunt cites the example of one of the biggest IoT issues this year: location tracking on children’s smartwatches. #Cryptomator troy hunt free
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |