Troy Hunt

MARCH 1, 2018

There's a verification process where control of the domain needs to be demonstrated (email to a WHOIS address, DNS entry or a file or meta tag on the site), after which all aliases on the domain and the breaches they've appeared in is returned. At the time of writing, over 110k domain searches have been performed and verified.

Government 226

Government Data breaches Passwords Authentication 226

Troy Hunt

JANUARY 10, 2018

I've implemented CAA on HIBP and it's simply a matter of some DNS records and a check with a CAA validator : Unfortunately, there are no such records for Aadhaar: Now in fairness to Aadhaar, CAA is very new and the take-up is low ; we cannot be critical of them for not having implemented it yet. Let them paste passwords!

Hacking 279

Hacking Government Encryption Risk 279

Troy Hunt

NOVEMBER 25, 2020

I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. For some reason, the Shelly on my garage door is making a DNS request for api.shelly.cloud once every second! 24 subnet.

IoT 363

IoT Firmware Risk Manufacturing 363

eSecurity Planet

APRIL 14, 2023

The company also offers a range of additional cybersecurity solutions, including DDoS protection, web application firewalls, and DNS services. By requiring users to provide two forms of authentication, such as a password and a security token , 2FA can significantly reduce the risk of unauthorized access to online accounts and other resources.

Software 109

Software DDOS Accountability Firewall 109