Which topic was at the source of this? It’s too old but I had the idea to register the domain “leaked in.com”. A funny name close to the one of the well-know social network for professionals. Once back into my room, I checked and the domain was available… not for long! My idea was to open a new blog with articles about data loss and data leaks. I started the blog but quickly stopped to update it due to a lack of time. The content remained non updated until recently.
Today I’ve a tool to monitor pastebin.com and I had another idea: what not compile my findings on a web site to show to everybody the risks to have sensitive data copied on pastebin.com (with intend or not). Some kind of “security awareness” website.
Today, I published a new version of my tool just before the BlackHat Arsenal. Amongst others, I added an option to send collected data to a WordPress blog using its XMLRPC interface.
In the same time, leakedin.com is now back online with live data posted by my tool which runs on a 24×7 basis. What I’m looking for? Here are some interesting regular expressions:
-----BEGIN RSA PRIVATE KEY----- -----BEGIN DSA PRIVATE KEY----- -- phpMyAdmin SQL Dump -- MySQL dump -----BEGIN CERTIFICATE----- -----BEGIN PGP PRIVATE KEY BLOCK----- \.HOICenable secret encrypted password \".*\"; root:.*:0:0: root:.*:0:99999:7::: CN\=Admin http://[a-zA-Z0-9-_]\:.*\@[a-zA-Z0-9-_].[a-zA-Z0-9-_] ftp://[a-zA-Z0-9-_]\:.*\@[a-zA-Z0-9-_].[a-zA-Z0-9-_] \?[a-zA-Z0-9-_]=.*UNION.*SELECT mysql_connect\([^\$] http:\/\/.*\.\.\/\.\.\/\.\. remote file inclusion \|\s+Password\s+\| [p0o]wn[3d]d