Blogs @ SelvanSoft: CyberSecurity

Thursday, January 18, 2024

Is your computer compromised?

Easy way to check if your computer is/was compromised now or in the past

With the recent addition of Naz.API dataset (a massive collection of over 1 billion stolen username and passwords) to HIBP service ("Have I Been Pwned" - a service by troyhunt.com), it is now very easy to check if your computer is compromised by information stealing malware now or in the past.

Go to the HIBP service at https://haveibeenpwned.com and enter your e-mail (don’t worry, it is 100% safe) and check the search results. The results may span several pages, so make sure to scroll down and check all the breaches your email is listed as compromised. Keep in mind that it is not at all unusual to see your email show up on multiple breaches. For example, see the screenshot below of my own email search.

As you scroll through the list, check if your email is listed for Naz.API. If your email was one of the unfortunate one to be included in the Naz.API list, it is a clear indication that your computer is now or in the past was compromised and information was stolen. The very least you can do is to make sure your current password is not included in the list. There are couple of ways you can check. I know some password managers like 1Password for example can check all your passwords against HIBP database. If you don’t use any tools that support checking your password in HIBP database you are welcome to use my php script at my GitHub repo below which does the same thing, the only caveat is that it checks one password at a time against HIBP database, so you have to repeat that for all your passwords.

https://github.com/aselvan/scripts/blob/master/security/pwned_password.php

How to run: If you are on a Mac or Linux, you can run the script directly with the two commands as shown below ... If you are windows, you have to install php, curl etc first which is beyond the scope of this blog.

curl -s https://raw.githubusercontent.com/aselvan/scripts/master/security/pwned_password.php -o /tmp/pwned_password.php

php /tmp/pwned_password.php

If you are unfortunate to have your password listed in HIBP as per the tools (1Password or my script or any others that check your password against HIBP), and if it is any of your current passwords, change it ASAP and enable 2F if that’s not already in place. If your current password is not found, it means an old password you used in the past was compromised. Still, it is a good idea to change all your passwords ASAP.

If you use more than one email address now or in the past, repeat this for each e-mail.

For further details can be found at the following links

Wednesday, January 3, 2024

New Year, New Password!

As part of your new year’s resolution, it is a good idea to get your online security a fresh start in 2024. With cyber threats becoming an unfortunate norm these days, it's time to enhance your cyber hygiene to protect yourself from becoming a cybercrime victim this year. Change all your online account passwords, especially financial/banking, shopping, social media accounts. The following is a list of things to consider.

Change your passwords (also change username if permitted)
Enable password-less logins if available.
If you don’t have 2F enabled, make sure to enable it.
If the site supports stronger 2-factor mechanisms, like Authenticator app or better yet hardware key based, use that instead of SMS based 2-factor; While SMS based is better than just password alone, it is prone to attacks like SIM swap scams
Validate your recovery mechanisms.

Reset recovery app keys (if any)
Validate recovery e-mail.
Reset onetime login codes.

Last but not least, invalidate all logins (i.e. log out from all devices and log back in). Though this step may be enforced by the password change, some sites don’t enforce it.

Remember, cyber hygiene is like flossing, not the most glamorous, but essential for long-term digital health. This year, make your online security a resolution you actually stick to. Have a safe 2024 and beyond!