The original release was put out by Finnlevy Records but has since been remastered and is available on the Svart label. The band went through many line-up changes but it was the guitarist Matti Kurkinen who would steer the band into the progressive arenas of rock and wrote all of the tracks on PEOPLE NO NAMES, their debut album all by his lonesome. When touring under the name Vietnam, one of the concert organizers objected to the name and forced them to change it. KALEVALA was formed in 1969 by bassist Juha "Lido" Salonen and the name actually came about by accident. Well, if you're calling yourself the musical Finnish equivalent of Shakespeare then you should expect some pretty epic music delivered, don't ya think? NO NAME COLLECTION RAR PASSWORDThe goal of HIBP has always been to change behaviours, namely to move people from using those one or two or three weak passwords all over the place and get themselves into a proper password manager like 1Password and create strong, unique passwords everywhere (full disclosure: I'm on their board of advisors).Not to be confused with the more modern Russian folk-metal band, this KALEVALA is from Finland and was formerly named Vietnam before changing their name to the 19th century epic compilation of poetry by Elias Lönnrot which is regarded as some of the most significant literary works in all of Finnish national identity. It also means they may find their password breached and not know which service leaked it. As with other breaches without a single clear origin, this means that people may find themselves pwned and not know which service leaked their data. The lot - both emails and passwords (note: these go in as separate archives and never as pairs, read more about Pwned Passwords here). NO NAME COLLECTION RAR PLUSGiven the number of individual breaches, the legitimacy of the data plus the vast number of previously unseen email addresses and passwords, I've loaded it all into HIBP. Plus, considering that SHA-1 hashes occupy a total character space of 16^40, you can easily do the maths on how extremely unlikely this is (and the impact is still very low if it does). I'm ok with that because it's not a good password! But what about hash collisions? What if someone else tries to use a password where the SHA-1 hash is equal to the SHA-1 hash of the junk data? It'd return a hit in HIBP which would effectively be a false positive, but whether there's a small amount of junk data in there or not (and it's a very small amount - well under 1%), the same issue prevails. Someone might feasibly try to use the second password and a service using HIBP's Pwned Passwords might then reject it due to its prevalence. Nobody is going to use the first password with all the HTML in it so it has no real world impact. When these passwords flow through into Pwned Passwords, they ultimately exist as hashes to be downloaded or queried using k-anonymity. But neither of these data quality issues matter - here's why: Let's drill deeper now and take a look inside one of these files and I'm going to pick " (Business and Industry).txt" and as best I can make it, is a Thai fashion site. Because it's relevant to the story and especially relevant to people who find their data in this breach via an HIBP search, I'm going to list the two sets of files in their entirety via the following Gists: This is where the "more than 23,000 hacked databases" headlines come from as this is how many files are in the archive. NO NAME COLLECTION RAR RARrar files giving a grand total of 23,618 files. rar files in it whilst the second has a further 8,949. NO NAME COLLECTION RAR ZIP FILEMore on that shortly, let's start with what's in there and we're looking at a zip file named "Cit0day.in_special_for_xss.is.zip" that's 13GB when compressed:Ī couple of folders down are two more folders named "Cit0day " and "Cit0day Prem "Īnd then this is where it gets interesting: The first folder has 14,669. The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data. It's increasingly hard to know what to do with data like that from Cit0Day.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |