search

mozilla / blurts-server

Mozilla Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.
https://monitor.mozilla.org
Mozilla Public License 2.0
710 stars 203 forks source link

Only offer 2FA advice on domains that support 2FA on breach-details page? #1516

Closed pdehaan closed 6 months ago

pdehaan commented 4 years ago

I was randomly looking at the https://monitor.firefox.com/breach-details/EuropaJobs#breach-detail breach for a different bug, and noticed that it suggests that I "Set up two-factor authentication (2FA)", but from the look of the linked https://twofactorauth.org/ site, that domain (europa.jobs) doesn't support 2FA.

A bit of a rabbit hole later, and I inferred that I can fetch the domains from the .yml files in https://github.com/2factorauth/twofactorauth/tree/master/_data/. Next, I wrote https://github.com/pdehaan/2fa-domains which scrapes and aggregates the twofactorauth _data files. Next next, I wrote https://github.com/pdehaan/blurts-2fa which compares the HIBP domain list to the 2FA domain list, and it looks like possibly only 29 20 (out of of the 426 known HIBP breached sites) might support 2FA.

Although I might have a medium bug in my logic based on the fact that https://twofactorauth.org/#transport shows 45 domains, but only 2 seemingly support 2FA, so I should be filtering the scraped .yml files and making sure each website in https://github.com/2factorauth/twofactorauth/blob/master/_data/transport.yml has a tfa key so we know the site actually supports 2FA. Fixed.

Updated list of HIBP+2FA domains:

833 2FA domains
426 breaches
20 breached domains have 2FA

Adobe
Ancestry
Aternos
Bitly
Canva
Dropbox
EpicGames
GateHub
Kickstarter
LeagueOfLegends
LinkedIn
MailRu
MyHeritage
Neteller
NexusMods
OVH
Patreon
Snapchat
Tumblr
VK
groovecoder commented 4 years ago

I started some work-in-progress code for this in a local file. Copying here ...

  "use strict";

  const got = require("got");

  const AppConstants = require("../app-constants");
  const RemoteSettings = require("../lib/remote-settings");

  if (
    !AppConstants.FX_REMOTE_SETTINGS_WRITER_USER ||
    !AppConstants.FX_REMOTE_SETTINGS_WRITER_PASS ||
    !AppConstants.FX_REMOTE_SETTINGS_WRITER_SERVER
  ) {
    console.error("update2fa requires FX_REMOTE_SETTINGS_WRITER_SERVER, FX_REMOTE_SETTINGS_WRITER_USER, FX_REMOTE_SETTINGS_WRITER_PASS.");
    process.exit(1);
  }

  (async () => {
    const path = "/data.json";
    const all2faSitesResp = await got(`${AppConstants.TWOFA_ORG_ROOT}${path}`);
    const all2faSites = JSON.parse(all2faSitesResp.body);
    for (const category in all2faSites) {
      for (const site in all2faSites[category]) {
        console.log("site: ", all2faSites[category][site]);
      }
    }

❌  for (const twofaSite of all2faSites) {
      const data = {
❌      Name: breach.Name,
❌      Domain: breach.Domain,
❌      BreachDate: breach.BreachDate,
❌      PwnCount: breach.PwnCount,
❌      AddedDate: breach.AddedDate,
❌      DataClasses: breach.DataClasses,
      };

      console.log("New breach detected: \n", data);

      try {
        await RemoteSettings.postNewBreachToBreachesCollection(data);
      } catch (e) {
        console.error(e);
        process.exit(1);
      }
    }

    console.log("Requesting review on breaches collection");
    await RemoteSettings.requestReviewOnBreachesCollection();

  })();
EMMLynch commented 6 months ago

Closing since we've redesigned the site and functionality since this was created. If you feel that this is still needed, please let me know.