PINs can be up to 6 digits (at least here in the UK, but I doubt it's country specific), even though the ones they give you by default are only ever 4. So that's only a leak of 1% of them.
My card doesn't even let me include repeating digits in its PIN. I suppose it can make a one-off guess more likely than one in a thousand to correctly guess my PIN.
Haha, I have a file in my home directory that has every possible SSN because I wanted to be able to tell a friend “I have your SSN in a file on my computer.”
I think this is a joke, but I think it is a problem if someone finds any sensitive uuid here, because the list on this website is a tiny subset of all possible uuids, so it provides a useful rainbow table for anyone attempting brute force attacks. I.e. generating and using random uuids would have an astronomically small success rate, whereas trying the ones on this site may not (depending on where they came from, which I'm not sure of).
Oh.. ha, gotcha. Thanks for explaining. Incidentally, glad uuid's computed on the fly (as opposed to pre-computed) as I think the site would require a very (impossibly?) large database.
> depending on where they came from, which I'm not sure of
They're coming straight out of your processor :)
Careful where you scroll: Your password and your crypto wallet recovery phrase are in there somewhere too! (Unless you have one of those fancy 24 word long ones.)
All possible UUIDs are in this page, it’s not a tiny subset.
They are generated by your device on the fly as you move through the list so you can’t really use it as a rainbow table any more than manually creating the table yourself.
This is the biggest hack since every ATM PIN was leaked: https://pastebin.com/SmJRB8eQ
PINs can be up to 6 digits (at least here in the UK, but I doubt it's country specific), even though the ones they give you by default are only ever 4. So that's only a leak of 1% of them.
It helps, but only temporary. I wouldn't be surprised if all 6 digit PINs will be leaked within a few decades.
2 replies →
Does that not cause problems on some card machines? I've come across a few that definitely don't let you put in more than four digits.
16 replies →
My card doesn't even let me include repeating digits in its PIN. I suppose it can make a one-off guess more likely than one in a thousand to correctly guess my PIN.
3 replies →
Haha, I have a file in my home directory that has every possible SSN because I wanted to be able to tell a friend “I have your SSN in a file on my computer.”
Holy shit, my PIN is on there. How the hell did that get that?? I was told it was a 1/10,000 chance of someone guessing it.
Mine too.
Takes me back to when my password was leaked:
https://github.com/danielmiessler/SecLists/pull/155
2 replies →
Don't worry, I already checked your account and there wasn't anything there to take.
I am sure our IT security department would jump right on to that if informed of it...
Looking forward to a "havemyuuidsbeenpwned.com" service :))
>10b82756-f8b4-4fee-a508-adeadbeef5eb
Oh well, time to reformat
2016 called, they want their "Side of Beef" jokes back.
With the way things are at work right now I simply don't have time to mitigate this leak in my personal data security. I've officially given up.
I hope this gets incorporated into haveibeenpwned.com.
Wait till someone files a CVE
Nerd hacker politics, but SSN leaks are no joke.
Agreed: The real joke is any organization using SSNs as an authentication mechanism (as opposed to an identifier).
Nothing>door>door with lock
Both in terms of security, and in the crime of vulnerating it.
I had a database of all SSNs for a while, but it was on a work laptop, so I didn't get to keep it.
Here you go; every SSN: https://github.com/panzertime/every_ssn
3 replies →
I think this is a joke, but I think it is a problem if someone finds any sensitive uuid here, because the list on this website is a tiny subset of all possible uuids, so it provides a useful rainbow table for anyone attempting brute force attacks. I.e. generating and using random uuids would have an astronomically small success rate, whereas trying the ones on this site may not (depending on where they came from, which I'm not sure of).
You should check out the author's blog post about the site — it is quite literally every UUID, computed and rendered on demand.
https://eieio.games/blog/writing-down-every-uuid/
Oh.. ha, gotcha. Thanks for explaining. Incidentally, glad uuid's computed on the fly (as opposed to pre-computed) as I think the site would require a very (impossibly?) large database.
1 reply →
> depending on where they came from, which I'm not sure of
They're coming straight out of your processor :)
Careful where you scroll: Your password and your crypto wallet recovery phrase are in there somewhere too! (Unless you have one of those fancy 24 word long ones.)
All possible UUIDs are in this page, it’s not a tiny subset.
They are generated by your device on the fly as you move through the list so you can’t really use it as a rainbow table any more than manually creating the table yourself.