Software Spotlight: haveibeenpwned
Hello and welcome back to the Nottingham Nerds blog! We are excited to report that haveibeenpwned (HIBP) is going open source!
For those unaware, the term pwned is a term coined at MIT in the 1960s when programmers were building chess AI. This term was used heavily in the late 1990s to early 2000s by the gaming community. Often thought of as a misspelling of the word owned and possibly thought to pay homage to early hackers who tampered with phone equipment rather than computers, pwned may have been simply be following this trend. (e.g., phishing, phreaking). Pwned was used very heavily by gamers as a taunt to opponents who they had just soundly defeated in a video game especially in games like Quake 3/4 Arena and StarCraft (late 1990s to 2005). The term strongly implies domination, severe defeat, or humiliation of a rival or opponent. Today, it is more often used in the context of computer security/hacking - when a hacker is successful they will often say that they pwned a company, network, server, computer, etc. It is from these origins that haveibeenpwned gets its name, where pwned is synonymous with hacked or breached.
HIBP is a website / application programming interface (API) to check whether any of your emails/passwords/phone numbers have been present in any known data breaches over the past decade or so, and is often used as a tool by security researchers and technologists alike to ensure their accounts remain secure. It's easy enough, enter your email into the search text box and press enter. If the email entered has been in any breaches, any information on the breaches will be displayed on the webpage including where and when these breaches occurred and often what types of information/data was breached.
The fact that HIBP is now going open-source is a big step in terms of security and privacy. This is also a great step for HIBP to push itself further into the open-source and security communities, where it can solidify it's position as a useful, secure, and privacy-friendly resource for people to verify whether any of their accounts (even ones they forgot about or didn't even sign up for) have been breached which furthers the security of accounts held by anyone using this tool and allows them to react appropriately when they are in a breach. This tool and tools like it are invaluable, especially when they are free and open-source. This allows for audits and world-wide contributions to source code which can help projects thrive and allows anyone that can use a web browser to utilize this tool.