Troy Hunt, the creator of the popular website "Have I of Been Pwned" made it known Few days ago source code release from the compromised password verification website "Have I of Been Pwned?"
For those unfamiliar with Have I of Been Pwned, they should know that this is quite a famous website which allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information on billions of leaked accounts and allows users to search for their own information by entering their username or email address.
This website has served as an inspiration to others Similar websites or that even connect to this website, such is the case of Firefox Monitor or even Google itself, which informs its users if any of their data stored in the browser's password manager has been compromised.
Have I of Been Pwned, It also offers users to register to receive notifications of whether your email address appears in future leaks. The site has been widely touted as a valuable resource for Internet users who want to protect their own security and privacy.
On the release of the source code for Have I of Been Pwned
Troy Hunt mentioned in a blog post that initially, the intention to open the project code was announced in August last year, but the process was delayed and the code was published until now.
In August, I announced that I planned to open the HIBP codebase as open source. He knew it wouldn't be easy, but he also knew it was the right thing to do for the longevity of the project. What I didn't know is how trivial it would be for all kinds of reasons you can imagine and many others that aren't immediately obvious. One of the key reasons is that there is a lot of effort involved in choosing something that has been run as a one-person pet project for years and moving it into the public domain. I had no idea how to manage an open source project, establish the licensing model, coordinate where the community invests, receive contributions, redesign the release process, and all sorts of things that I'm sure I haven't even thought about yet. This is where the. comes in.
After announcing the intention to go open source, my friend and CEO of the foundation, Claire Novotny, reached out and offered support, thus starting a new conversation. I have known Claire for years as another Microsoft regional director and later as a Microsoft employee and project manager on the .NET team. But .NET Foundation is not part of Microsoft, it is an independent non-profit organization ...
The service code is written in C # and released under the BSD license. The project is planned to be developed with community participation under the auspices of the non-profit organization .NET Foundatuon.
At the same time, the start of project cooperation was announced HaveIBeenPwned with the US Federal Bureau of Investigation. which expressed its willingness to pass on information about compromised passwords revealed as a result of ongoing investigations.
For example, when fighting botnets, the FBI often comes across a database of passwords used in malware to carry out attacks. The interest in transferring information to the HaveIBeenPwned service is associated with the desire to obtain a single point to verify compromised accounts. It is planned to transfer password information in the form of SHA-1 and NTLM hashes. A special API will be developed to organize an automated password transmission channel.
Finally if you are interested in knowing more about it, you can check the details in the following link.