Recently, I released my first-ever WordPress plugin, Forbid Pwned Passwords, to the WordPress plugin repository. Despite being a relatively small project, I’m proud of my little contribution to the WordPress community.
Blog
5 posts
It’s likely that you’re already aware of the massive data breach disclosed last week against major credit reporting bureau Equifax (NYSE: EFX). It’s hard to miss the uproar in the aftermath, given the frightened coverage in mainstream media over the last few days. Continue reading
Earlier this week, a report citing “terabytes of leaked content” was released by cybersecurity firm DirectDefense. In this report, the firm lambasted Carbon Black (a well-respected endpoint security provider) for purportedly making vast amounts of user data publicly visible on an automated basis. Using language like “Welcome to the world’s largest pay-for-play data exfiltration botnet,” DirectDefense claims that all Carbon Black customers are at risk of massive data breaches.
The story quickly reached the media — as is typically the case when the words “terabytes of data” are thrown around — and spread through infosec circles rapidly. There was only one issue, however:
Every single file contained in the “leak” was uploaded due to an optional, off-by-default setting enabled by the “victim” users.
“daredevi1”
There it is, folks. My everything-password from my school days. Continue reading
If you’re well-versed in concepts like base64-encoding, code obfuscation, and malware detection, you’re free to skip down to the good part (literally the section title “The Good Part”). The short version is: You can perform searches for plaintext strings encoded in base64. I’m personally very excited about this.
For the less-experienced, or the more avid readers of the previous category, please read on.