Ukuzingela kukaTroy, umdali wewebhusayithi ethandwayo "Ngabe Ngithathiwe" wazise Zimbalwa izinsuku ezedlule ukukhishwa kwekhodi yomthombo kusuka kuwebhusayithi yokuqinisekisa iphasiwedi eyonakalisiwe "Ngabe Ngithathiwe?"
Kulabo abangayazi i-I I of Been Pwned, kufanele bakwazi lokho lena yiwebhusayithi edumile impela lokho ivumela abasebenzisi be-Intanethi ukuthi babheke ukuthi ngabe idatha yabo yangasese ifakiwe engcupheni ngenxa yokwephulwa kwedatha. Le sevisi iqoqa iphinde ihlaziye amakhulu okulahlwa kwedatha nama-pastes aqukethe imininingwane kumabhiliyoni ama-akhawunti aputshukile futhi ivumela abasebenzisi ukuthi bazifunele imininingwane yabo ngokufaka igama lomsebenzisi noma ikheli labo le-imeyili.
Le webhusayithi isebenze njengesikhuthazo kwabanye Amawebhusayithi afanayo noma axhumeka kule webhusayithi, kunjalo ngeFirefox Monitor noma iGoogle uqobo, eyazisa abasebenzisi bayo uma kukhona idatha yabo egcinwe kwimenenja ye-password yesiphequluli eyekile.
Ngabe Ngithathiwe, Ibuye inikeze abasebenzisi ukuthi babhalise ukuthola izaziso yokuthi ikheli lakho le-imeyili liyavela yini lapho kuvuza khona esikhathini esizayo. Isiza senziwe kabanzi njengesisetshenziswa esibalulekile sabasebenzisi be-Intanethi abafuna ukuvikela ukuphepha kwabo nobumfihlo babo.
Lapho kukhishwa ikhodi yomthombo ye-Have I of Been Pwned
UTroy Hunt ukhulume kubhulogi ukuthi ekuqaleni inhloso yokuvula ikhodi yephrojekthi yamenyezelwa ngo-Agasti ngonyaka odlule, kodwa inqubo yabambezeleka futhi ikhodi yashicilelwa kuze kube manje.
Ngo-Agasti, ngamemezela ukuthi ngihlela ukuvula i-HIBP codebase njengomthombo ovulekile. Wayazi ukuthi ngeke kube lula, kodwa futhi wayazi ukuthi kwakuyinto efanele ukuyenza isikhathi eside sephrojekthi. Engangingazi ukuthi kungaba yinto encane kangakanani kuzo zonke izinhlobo zezizathu ongazicabanga nezinye eziningi ezingabonakali ngokushesha. Esinye sezizathu ezisemqoka ukuthi kunemizamo eminingi ehilelekile ekukhetheni okuthile obekuqhutshwa njengephrojekthi yesilwane somuntu oyedwa iminyaka nokuyihambisa esizindeni somphakathi. Bengingazi ukuthi ngingayiphatha kanjani iphrojekthi yomthombo ovulekile, ngisungule imodeli yamalayisense, ngiqondise lapho umphakathi utshala khona imali, uthole iminikelo, ngihlele kabusha inqubo yokukhishwa, nazo zonke izinhlobo zezinto enginesiqiniseko sokuthi angikaze ngicabange ngazo okwamanje. Yilapho i-. angene.
Ngemuva kokumemezela inhloso yokuvula umthombo ovulekile, umngani wami kanye ne-CEO yesisekelo, uClaire Novotny, welula isandla wanikeza ukusekelwa, ngaleyo ndlela waqala ingxoxo entsha. Ngimazi uClaire iminyaka njengomunye umqondisi wesifunda seMicrosoft futhi kamuva njengesisebenzi seMicrosoft nomphathi wephrojekthi eqenjini leNET. Kepha i-NET Foundation ayiyona ingxenye yeMicrosoft, yinhlangano ezimele engenzi nzuzo ...
Ikhodi yesevisi ibhalwe ku-C # futhi ikhishwa ngaphansi kwelayisense le-BSD. Le phrojekthi kuhlelwe ukuthi ithuthukiswe ngokubamba iqhaza komphakathi ngaphansi kwenhlangano engenzi nzuzo .NET Foundatuon.
Ngasikhathi sinye, kumenyezelwe ukuqala kokubambisana kwephrojekthi I-HaveBeenPwned ne-US Federal Bureau of Investigation. okuveze ukuzimisela kwayo ukudlulisa imininingwane emayelana namaphasiwedi abekiwe okwembulwe ngophenyo oluqhubekayo.
Isibonelo, lapho kuliwa ama-botnets, i-FBI ivame ukuhlangana ne-database yamaphasiwedi asetshenziswa ku-malware ukwenza ukuhlasela. Intshisekelo yokudlulisa imininingwane kusevisi ye-HaveIBeenPwned ihlotshaniswa nesifiso sokuthola iphuzu elilodwa lokuqinisekisa ama-akhawunti afakwe ebucayini. Kuhlelwe ukudlulisa imininingwane ye-password ngendlela ye-SHA-1 ne-NTLM hashes. Kuzokwakhiwa i-API ekhethekile yokuhlela ishaneli elizenzekelayo lokudlulisa iphasiwedi.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka i- imininingwane kusixhumanisi esilandelayo.