Security Alerts & News
by Tymoteusz A. Góral

History
#701 How the Pwnedlist got pwned
Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials.

Pwnedlist is run by Scottsdale, Ariz. based InfoArmor, and is marketed as a repository of usernames and passwords that have been publicly leaked online for any period of time at Pastebin, online chat channels and other free data dump sites.

The service until quite recently was free to all comers, but it makes money by allowing companies to get a live feed of usernames and passwords exposed in third-party breaches which might create security problems going forward for the subscriber organization and its employees.
Read more
#701 How the Pwnedlist got pwned
#700 An analysis of overlapping technologies used by cybercriminals and terrorist organizations
#699 Huge number of sites imperiled by critical image-processing vulnerability
#698 Google expands default HTTPS to Blogspot
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12