Security Bits logo - a green padlock with the words Security Bits to the right and in tiny letters below ithat it says 10101010 indicating a digital lock

Security Bits — 13 August 2023

Deep Dive — Have-I-Been-Pwnd Domain Search Revamped

This is very much glass-half-empty-glass-half-full news. On the one hand, domain searches and domain monitoring have gotten way easier (you had to re-validate your domain for each search before), on the other hand, it’s now a subscription service, but with a generous free tier.

What this feature has always allowed you to do is to search the entire HIBP database of breaches for all records related to email addresses on your domains, and, to set up automated alerts for when an address on your domain shows up in a newly added breach. The new system gives this same functionality but adds an improved API for integrating the searches into other systems or scripts.

An API existed before, but you’ve needed to pay for that for some time now. This new system integrates it all into one account.

With this new system, you use an email address to create a Domain Dashboard (Domain search on the site menu), then you add one or more domains to that dashboard. Authentication is via email loop, so you don’t set a password.

Once you’re on your dashboard you can add domains to search/monitor. You obviously have to verify your ownership of the domain which you can do in one of four ways:

  1. With a link emailed to one of the special reserved addresses on the domain (hostmaster@domain etc.).
  2. By adding a special <meta> tag to the website hosted on your domain.
  3. By uploading a special text file to the root of your domain.
  4. By setting a special DNS TXT record at the top level of your domain (my preferred method, same as used for iCloud/Google Apps/Office365 domain validation).

Your subscription tier depends on the number of compromised accounts across all the domains you add, and the free tier is up to 10. Any Nosillacastaways who own their own domain should consider setting this up IMO.

I set up two dashboards this morning, one for my personal domains, and one for my business domains, and I had them both set up with a total of 8 verified domains in less than half an hour!


❗ Action Alerts

  • Last Tuesday was Patch Tuesday, and Microsoft’s patches includes two that are already being exploited, so don’t delay on these patches! —… &…
  • NightOwl App (used to auto-switch light/dark modes in macOS) was purchased and changed terms of service to put your device into a botnet with no opt out. Apple has since revoked the developer certificate.…

Notable News

Interesting Insights

Palate Cleansers

  • A double from Bart:
    • If you prefer your media in audio form, then the recent Business Movers podcast mini-series on General Magic, a company that nearly invented the iPhone over a decade before Apple did, and where many of the big movers in today’s tech industry cut their teeth is an excellent listen —…
    • If you prefer the same story as a movie, check out the film simply named General…
  • Another podcast recommendation from Bart – A fascinating interview with the open source advocate lawyer who helped save Ed Sheeran in a recent law suit. The music stuff is cool, but the AI stuff later in the interview literally changed my opinions on AI ingesting published works and Microsoft’s Copilot ingesting GitHub: [FLOSS Weekly 744: A Chill Pirate Lawyer – Damien Riehl, Open Source and Legal Rights —…] (
    • If you don’t believe there are only so many melodies, listen to Pachebel Rant:…


When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
A link to audio content, probably a podcast.
A call to action.
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
A link to graphical content, probably a chart, graph, or diagram.
A story that has been over-hyped in the media, or, “no need to light your hair on fire”
A link to an article behind a paywall.
A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
A tip of the hat to thank a member of the community for bringing the story to our attention.

1 thought on “Security Bits — 13 August 2023

  1. […] Security Bits — 13 August 2023 […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top