Recently, I released my first-ever WordPress plugin, Forbid Pwned Passwords, to the WordPress plugin repository. Despite being a relatively small project, I’m proud of my little contribution to the WordPress community.
Blog
It’s likely that you’re already aware of the massive data breach disclosed last week against major credit reporting bureau Equifax (NYSE: EFX). It’s hard to miss the uproar in the aftermath, given the frightened coverage in mainstream media over the last few days. Continue reading
Earlier this week, a report citing “terabytes of leaked content” was released by cybersecurity firm DirectDefense. In this report, the firm lambasted Carbon Black (a well-respected endpoint security provider) for purportedly making vast amounts of user data publicly visible on an automated basis. Using language like “Welcome to the world’s largest pay-for-play data exfiltration botnet,” DirectDefense claims that all Carbon Black customers are at risk of massive data breaches.
The story quickly reached the media — as is typically the case when the words “terabytes of data” are thrown around — and spread through infosec circles rapidly. There was only one issue, however:
Every single file contained in the “leak” was uploaded due to an optional, off-by-default setting enabled by the “victim” users.
“daredevi1”
There it is, folks. My everything-password from my school days. Continue reading
If you’re well-versed in concepts like base64-encoding, code obfuscation, and malware detection, you’re free to skip down to the good part (literally the section title “The Good Part”). The short version is: You can perform searches for plaintext strings encoded in base64. I’m personally very excited about this.
For the less-experienced, or the more avid readers of the previous category, please read on.