New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove my password from lists so hackers won't be able to hack me #155

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
@assafnativ

assafnativ commented Dec 21, 2017

No description provided.

@@ -344,7 +344,6 @@ blue
liverpool
theman
bandit
dolphins

This comment has been minimized.

@mitcom

mitcom Dec 21, 2017

@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords

dolphins-save

@mitcom

mitcom Dec 21, 2017

@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords

dolphins-save

This comment has been minimized.

@D3X

D3X Dec 21, 2017

I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt

@D3X

D3X Dec 21, 2017

I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt

This comment has been minimized.

@MrCo1T

MrCo1T Dec 22, 2017

Привет от дев нулла)0

@MrCo1T

MrCo1T Dec 22, 2017

Привет от дев нулла)0

This comment has been minimized.

@masterrr
@masterrr

masterrr Dec 22, 2017

Golden

This comment has been minimized.

@JohnLBevan

JohnLBevan Dec 26, 2017

Also any sites tested against the revised list should include some kind of logo to confirm that Dolphin is now allowed as a safe password. Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

@JohnLBevan

JohnLBevan Dec 26, 2017

Also any sites tested against the revised list should include some kind of logo to confirm that Dolphin is now allowed as a safe password. Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

This comment has been minimized.

@348624315

348624315 Jan 2, 2018

@liuzhiyuan1993 哦哦,谢谢ଲଇଉକ

@348624315

348624315 Jan 2, 2018

@liuzhiyuan1993 哦哦,谢谢ଲଇଉକ

This comment has been minimized.

@yangzhaofeng

yangzhaofeng Jan 3, 2018

There is a idiom in China, "此地無銀三百兩", which means telling your secret yourself.
For security, you had better close the issue and fully delete it if possible.

@yangzhaofeng

yangzhaofeng Jan 3, 2018

There is a idiom in China, "此地無銀三百兩", which means telling your secret yourself.
For security, you had better close the issue and fully delete it if possible.

This comment has been minimized.

@lirao

lirao Jan 5, 2018

To add on to the translation of the idiom, that phrase literally means writing a sign that says "I did NOT bury 300 grand in this spot"

@lirao

lirao Jan 5, 2018

To add on to the translation of the idiom, that phrase literally means writing a sign that says "I did NOT bury 300 grand in this spot"

This comment has been minimized.

@hinell

hinell Jan 14, 2018

@JohnLBevan

Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

I thinks they can safely merge it. The issue is the dolphin-proof now. 😄

@hinell

hinell Jan 14, 2018

@JohnLBevan

Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

I thinks they can safely merge it. The issue is the dolphin-proof now. 😄

This comment has been minimized.

@jasonmp85

jasonmp85 Feb 22, 2018

The dolphins have communicated to us members of the Fourth International Posadist that they sign off on this request, as exposing them before their plan reaches completion could jeopardize the workers of the world. :shipit: 🐋

@jasonmp85

jasonmp85 Feb 22, 2018

The dolphins have communicated to us members of the Fourth International Posadist that they sign off on this request, as exposing them before their plan reaches completion could jeopardize the workers of the world. :shipit: 🐋

@mikield

This comment has been minimized.

Show comment
Hide comment
@mikield

mikield Dec 21, 2017

This is a security hole. This pull request should be accepted as soon as possible.

mikield commented Dec 21, 2017

This is a security hole. This pull request should be accepted as soon as possible.

@rooterkyberian

This comment has been minimized.

Show comment
Hide comment
@rooterkyberian

rooterkyberian Dec 21, 2017

I'm also affected by this, please merge ASAP

rooterkyberian commented Dec 21, 2017

I'm also affected by this, please merge ASAP

@mitcom

This comment has been minimized.

Show comment
Hide comment
@mitcom

mitcom Dec 21, 2017

@assafnativ @rooterkyberian could you provide any testing data like service addresses and logins so we could check and test to estimate the real impact of this change?

mitcom commented Dec 21, 2017

@assafnativ @rooterkyberian could you provide any testing data like service addresses and logins so we could check and test to estimate the real impact of this change?

@ksx4system

This comment has been minimized.

Show comment
Hide comment
@ksx4system

ksx4system commented Dec 21, 2017

ROTFLMAO!

@Wingless-Archangel

This comment has been minimized.

Show comment
Hide comment
@Wingless-Archangel

Wingless-Archangel Dec 21, 2017

Wingless-Archangel commented Dec 21, 2017

@Fake51

This comment has been minimized.

Show comment
Hide comment
@Fake51

Fake51 Dec 21, 2017

@mitcom you mean, like the publicly available email address and blog address on his github page?

Fake51 commented Dec 21, 2017

@mitcom you mean, like the publicly available email address and blog address on his github page?

@WielkiZielonyMelon

This comment has been minimized.

Show comment
Hide comment
@WielkiZielonyMelon

WielkiZielonyMelon Dec 21, 2017

@assafnativ They see me trollin, they hatin...

WielkiZielonyMelon commented Dec 21, 2017

@assafnativ They see me trollin, they hatin...

@denzuko

This comment has been minimized.

Show comment
Hide comment
@denzuko

denzuko Dec 21, 2017

I think it goes with out saying:

Trololololo

denzuko commented Dec 21, 2017

I think it goes with out saying:

Trololololo

@QuantumInformation

This comment has been minimized.

Show comment
Hide comment
@QuantumInformation

QuantumInformation Dec 21, 2017

4 random words are really easier than the gibberish?

QuantumInformation commented Dec 21, 2017

4 random words are really easier than the gibberish?

@dmytrokyrychuk

Looks good 👍

@FernandoMiguel

This comment has been minimized.

Show comment
Hide comment
@FernandoMiguel

FernandoMiguel commented Dec 21, 2017

@KyrychukD wtf

@wifiuk

This comment has been minimized.

Show comment
Hide comment
@wifiuk

wifiuk Dec 21, 2017

Can you please add my password
dolphins

To this list so I can test it against insecure services..

wifiuk commented Dec 21, 2017

Can you please add my password
dolphins

To this list so I can test it against insecure services..

@mitcom

This comment has been minimized.

Show comment
Hide comment
@mitcom

mitcom Dec 21, 2017

If anybody here is affected too I can suggest temporally change the password to one from https://mostsecure.pw/

mitcom commented Dec 21, 2017

If anybody here is affected too I can suggest temporally change the password to one from https://mostsecure.pw/

@wifiuk

This comment has been minimized.

Show comment
Hide comment
@wifiuk

wifiuk Dec 21, 2017

Is dolphin1 on the list. ;) That's secure as it has a 1

wifiuk commented Dec 21, 2017

Is dolphin1 on the list. ;) That's secure as it has a 1

@aTastyCookie

This comment has been minimized.

Show comment
Hide comment
@aTastyCookie

aTastyCookie commented Dec 21, 2017

Dolphin1!

@wifiuk

This comment has been minimized.

Show comment
Hide comment
@wifiuk

wifiuk Dec 21, 2017

Ah good idea, hackers will never try that..

wifiuk commented Dec 21, 2017

Ah good idea, hackers will never try that..

@chipironcin

This comment has been minimized.

Show comment
Hide comment
@chipironcin

chipironcin Dec 21, 2017

Same here.
Steps to reproduce:

  1. Go to https://accounts.google.com/ServiceLogin
  2. Username: chipironcin@gmail.com Password: dolphins
  3. ????
  4. Profit

chipironcin commented Dec 21, 2017

Same here.
Steps to reproduce:

  1. Go to https://accounts.google.com/ServiceLogin
  2. Username: chipironcin@gmail.com Password: dolphins
  3. ????
  4. Profit
@dsuurlant

This comment has been minimized.

Show comment
Hide comment
@dsuurlant

dsuurlant Dec 21, 2017

Is my password hunter2 safe

dsuurlant commented Dec 21, 2017

Is my password hunter2 safe

@apetresc

This comment has been minimized.

Show comment
Hide comment
@apetresc

apetresc Dec 21, 2017

@dsuurlant I just see *******

apetresc commented Dec 21, 2017

@dsuurlant I just see *******

@Kumar-Kishan

This comment has been minimized.

Show comment
Hide comment
@Kumar-Kishan

Kumar-Kishan Dec 21, 2017

is my password thisissparta safe????????

Kumar-Kishan commented Dec 21, 2017

is my password thisissparta safe????????

@espadrine

This comment has been minimized.

Show comment
Hide comment
@espadrine

espadrine Dec 21, 2017

is my password thisissparta safe????????

Absolutely, if changed!

espadrine commented Dec 21, 2017

is my password thisissparta safe????????

Absolutely, if changed!

@miguemely

This comment has been minimized.

Show comment
Hide comment
@miguemely

miguemely Dec 21, 2017

miguemely commented Dec 21, 2017

@JayKey

This comment has been minimized.

Show comment
Hide comment
@JayKey

JayKey Dec 21, 2017

JayKey commented Dec 21, 2017

@equero

This comment has been minimized.

Show comment
Hide comment
@equero

equero Dec 21, 2017

nice, my 122112 password still alive...

equero commented Dec 21, 2017

nice, my 122112 password still alive...

@rbnpercy

This comment has been minimized.

Show comment
Hide comment
@rbnpercy

rbnpercy Dec 21, 2017

At least I know Alligator1 will never be guessed.

rbnpercy commented Dec 21, 2017

At least I know Alligator1 will never be guessed.

@nebril

nebril approved these changes Dec 21, 2017

Can confirm, is safe.

@0xmohit

This comment has been minimized.

Show comment
Hide comment
@0xmohit

0xmohit Dec 21, 2017

@assafnativ, you had the same password as mine?

0xmohit commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@mitcom

This comment has been minimized.

Show comment
Hide comment
@mitcom

mitcom Dec 21, 2017

@assafnativ, you had the same password as mine?

@0xmohit not anymore, I've just change yours

mitcom commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@0xmohit not anymore, I've just change yours

@ColdGrub1384

This comment has been minimized.

Show comment
Hide comment
@ColdGrub1384

ColdGrub1384 Feb 26, 2018

Hahahhahaha pure genius

ColdGrub1384 commented Feb 26, 2018

Hahahhahaha pure genius

@duttaditya18

This comment has been minimized.

Show comment
Hide comment
@duttaditya18

duttaditya18 Feb 26, 2018

If there are so many approvals, why isn't this merged yet?

duttaditya18 commented Feb 26, 2018

If there are so many approvals, why isn't this merged yet?

@jens1o

This comment has been minimized.

Show comment
Hide comment
@jens1o

jens1o Feb 26, 2018

I hoped that this pull request would die at some point, but there's still something going on(even after two(!) months)...

jens1o commented Feb 26, 2018

I hoped that this pull request would die at some point, but there's still something going on(even after two(!) months)...

@elijahcruz12

This comment has been minimized.

Show comment
Hide comment
@elijahcruz12

elijahcruz12 Feb 27, 2018

@jens1o of course it is, it was unexpected and pretty funny. Even with all these approved, there is of course no merge, even though @assafnativ probably wants a merge.

elijahcruz12 commented Feb 27, 2018

@jens1o of course it is, it was unexpected and pretty funny. Even with all these approved, there is of course no merge, even though @assafnativ probably wants a merge.

@0E800

This comment has been minimized.

Show comment
Hide comment
@0E800

0E800 Feb 27, 2018

Thread muted. (didn't know it was an option till now)
Give it a rest.

0E800 commented Feb 27, 2018

Thread muted. (didn't know it was an option till now)
Give it a rest.

@domino14

This comment has been minimized.

Show comment
Hide comment
@domino14

domino14 Feb 27, 2018

is annoyed about all the comment spam
generates another piece of spam complaining about the spam

domino14 commented Feb 27, 2018

is annoyed about all the comment spam
generates another piece of spam complaining about the spam

@Ekultek

This comment has been minimized.

Show comment
Hide comment
@Ekultek

Ekultek Feb 27, 2018

Ekultek commented Feb 27, 2018

@SharpOB

This comment has been minimized.

Show comment
Hide comment
@SharpOB

SharpOB Feb 27, 2018

S P A M
P
A
M

SharpOB commented Feb 27, 2018

S P A M
P
A
M

@shtukas

This comment has been minimized.

Show comment
Hide comment
@shtukas

shtukas Feb 28, 2018

Jezz ! For technologists we are not very good at this internet thing, are we ?

The correct way to use a thread like this, is to participate to it and then mute it.

This let the early participants, who eventually get tired of subsequent updates, not to be spammed [1], while allowing the genuine new people discovering this to be a part of it and to experience it with the same amusement as we all, old timers, did.

Easy.

[1] I personally don't feel that, I will never mute this as I love it! And as far as my inbox is concerned I discovered my email client's delete button a long time ago, but I understand that's not the case of everybody.

shtukas commented Feb 28, 2018

Jezz ! For technologists we are not very good at this internet thing, are we ?

The correct way to use a thread like this, is to participate to it and then mute it.

This let the early participants, who eventually get tired of subsequent updates, not to be spammed [1], while allowing the genuine new people discovering this to be a part of it and to experience it with the same amusement as we all, old timers, did.

Easy.

[1] I personally don't feel that, I will never mute this as I love it! And as far as my inbox is concerned I discovered my email client's delete button a long time ago, but I understand that's not the case of everybody.

@elijahcruz12

This comment has been minimized.

Show comment
Hide comment
@elijahcruz12

elijahcruz12 Feb 28, 2018

I've been watching this since the first week and commenting on it since, I didn't mute it because it is still a great issue. If you really care that much, you can just read this to get rid of the notifications since you clearly do not know how to.

elijahcruz12 commented Feb 28, 2018

I've been watching this since the first week and commenting on it since, I didn't mute it because it is still a great issue. If you really care that much, you can just read this to get rid of the notifications since you clearly do not know how to.

@danielmiessler

This comment has been minimized.

Show comment
Hide comment
@danielmiessler

danielmiessler Mar 4, 2018

Owner

👍 Although removal of this password would make you, and many marine biologists, more secure, we're going to have to decline at this time.

: )

Best thread ever.

Owner

danielmiessler commented Mar 4, 2018

👍 Although removal of this password would make you, and many marine biologists, more secure, we're going to have to decline at this time.

: )

Best thread ever.

@duttaditya18

This comment has been minimized.

Show comment
Hide comment
@duttaditya18

duttaditya18 Mar 5, 2018

It finally died!

Good Job everyone!

duttaditya18 commented Mar 5, 2018

It finally died!

Good Job everyone!

@assafnativ

This comment has been minimized.

Show comment
Hide comment
@assafnativ

assafnativ Mar 5, 2018

That was fun :)

assafnativ commented Mar 5, 2018

That was fun :)

@jonschlinkert

This comment has been minimized.

Show comment
Hide comment
@jonschlinkert

jonschlinkert Mar 9, 2018

My password is *****************, why does it keep showing up in every single application I use?

jonschlinkert commented Mar 9, 2018

My password is *****************, why does it keep showing up in every single application I use?

philnash added a commit to philnash/pwned that referenced this pull request Mar 12, 2018

Perf: read the response by line instead of loading the whole thing (#5)
* Performance: read the response dump line by line instead of loading the whole thing in memory

The response from the service will grow over time. There is no way to get passwords [unpwned](danielmiessler/SecLists#155), so we can safely assume the list will keep growing, adding more an more new hashes. One day it will grow large enough to start taking down servers, when users "DDoS" applications with known "big" pwned password hash prefixes.

This PR switches from "load everything to memory and find our hash" to "fetch data in chunks, and process line by line".

* Remove regular expressions usage in favour of start_with?

In Ruby `start_with?` is heavily optimized compared to regular expressions (more than 2 times faster). This PR replaces regular expressions with `start_with?`

```
 13.103359   0.734251  13.837610 ( 14.620959)
 13.238428   0.742140  13.980568 ( 14.506166)
 12.836573   0.729563  13.566136 ( 14.191792)
 12.408245   0.642944  13.051189 ( 13.333299)
```
@fgRuslan

This comment has been minimized.

Show comment
Hide comment
@fgRuslan

fgRuslan Mar 29, 2018

Do you know how does Git work?

fgRuslan commented Mar 29, 2018

Do you know how does Git work?

@adamc295

This comment has been minimized.

Show comment
Hide comment
@adamc295

adamc295 Apr 8, 2018

Oh man, this was just hilarious to scroll through. Especially since I was scrolling FAST.

Meanwhile...

EDIT: But still, what if someone uses their ******** in the middle of a sentence?

adamc295 commented Apr 8, 2018

Oh man, this was just hilarious to scroll through. Especially since I was scrolling FAST.

Meanwhile...

EDIT: But still, what if someone uses their ******** in the middle of a sentence?

@jamesjenner

This comment has been minimized.

Show comment
Hide comment
@jamesjenner

jamesjenner Sep 5, 2018

So long and thank's for all the fish.

jamesjenner commented Sep 5, 2018

So long and thank's for all the fish.

@jens1o

This comment has been minimized.

Show comment
Hide comment
@jens1o

jens1o Sep 5, 2018

stop making new notifications, this page takes ages to load lol

jens1o commented Sep 5, 2018

stop making new notifications, this page takes ages to load lol

@tdrama

This comment has been minimized.

Show comment
Hide comment
@tdrama

tdrama Sep 5, 2018

tdrama commented Sep 5, 2018

@tdrama

This comment has been minimized.

Show comment
Hide comment
@tdrama

tdrama Sep 5, 2018

tdrama commented Sep 5, 2018

@Flowy

This comment has been minimized.

Show comment
Hide comment
@Flowy

Flowy Sep 5, 2018

Thank you, I almost forgot about this.

Flowy commented Sep 5, 2018

Thank you, I almost forgot about this.

@domino14

This comment has been minimized.

Show comment
Hide comment
@domino14

domino14 Sep 5, 2018

domino14 commented Sep 5, 2018

@Htarlov

This comment has been minimized.

Show comment
Hide comment
@Htarlov

Htarlov Sep 5, 2018

I heard about magic button called "unsubscribe".
You click that and kaboom, no more notifications.
But maybe it's just some old rumor.

Htarlov commented Sep 5, 2018

I heard about magic button called "unsubscribe".
You click that and kaboom, no more notifications.
But maybe it's just some old rumor.

Repository owner locked as resolved and limited conversation to collaborators Sep 5, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.