Code to check if your Email Adresses where compromised

Yesterday, the Swiss Governmental CERT has published a press release stating that more than 6000 Email Accounts where compromised. They offer a tool to check if your address is compromised, which is, in my option very well designed. (Some people asked why the site is hosted at Cloudflare - the CERT claims thy did that for DDoS prevention. The Databse supposedly is based in Switzerland). To check an Email-Address is contained in the database, the site creates a SHA-265 Hash of the lowercase Emailadress and transfers this. This ensures that no real Emailadresses are transferred. The downside is that this way, it is not so simple to check a lot of Emailadresses (like all of your company). Below, I provide a simple Powershell script to check a list of Emailadresses. As an input, it requires a simple CSV of the format Email me@email.com I throttled the script quite a bit to be nice.

	## This scipt does a check of all the email adresses given in a CSV File
	# See also http://www.govcert.admin.ch/blog/20/leaked-mail-accounts
	# Written by Daniel C. Oderbolz, 2016 using code by Jon Gurgul
	# Blessing from https://github.com/endlesssoftware/sqlite3/blob/master/btree.c
	# May you do good and not evil.
	# May you find forgiveness for yourself and forgive others.
	# May you share freely, never taking more than you give
	# When resulting page contains
	# <center><h1>Email Address <b>NOT</b> in Database</h1><br /></center>
	# the adress is not in the DB
	# The File has a simple Header: "Email"
	$filepath = "users.csv"
	$baseurl = "https://checktool.ch/index.php?hash="
	#http://jongurgul.com/blog/get-stringhash-get-filehash/
	Function Get-StringHash([String] $String,$HashName = "SHA256")
	{
	$StringBuilder = New-Object System.Text.StringBuilder
	[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{
	[Void]$StringBuilder.Append($_.ToString("x2"))
	}
	$StringBuilder.ToString()
	}
	# Main Loop
	Import-CSV $filepath -Header Email | Foreach-Object{
	# Progress
	Write-Host -NoNewline "."
	# Get SHA256 Hash
	$hash = Get-StringHash($_.Email.toLower().trim())
	$url = $baseurl + $hash
	# https://teusje.wordpress.com/2012/12/29/web-scraping-with-powershell/
	$site = Invoke-WebRequest -UseBasicParsing -Uri $url
	# Check if text is there (which is good)
	$ok = $site.Content -match "Email Address <b>NOT</b> in Database"
	if ( -not $ok)
	{
	$message = "WARNING: Address " + $_.Email + " Found in Database!"
	Write-Host
	Write-Host $message
	}
	# Trottle requests
	Start-Sleep -milliseconds 500
	}

view raw compromised_emails.ps1 hosted with ❤ by GitHub

What to do if an address of yours was compromised?

This could mean two things: either the actual Email-account is compromised (really bad) or some web account where this Email address was used is compromised (badness depends on if the service is critical AND if the same password was used elsewhere). I recommend the following:

• Immediately Change the Password of said Email-Account
• Change the password of all accounts where the Email address is used as a password

To do this properly, you need a list of your accounts and their passwords  - not on paper, but in a Passwordsafe like Keepass. A Passwordsafe also includes a strong password generator - each account must have its own password!

Moving Contents of subdirectories in a Windows batch or on the command line

Imagine you encounter a directory scruture like this:

In each of these yearly folders, there are many subfolders. My goal was to flatten this structure so that all of these subfolders are in th current folder (in other words, one level higher that they are now). It turns out that this is not so easy in Windows because the command move does not intepret * to include folders. Superuser.com to the rescue! User Rik proposed this nifty solution that works like a charm:

 @echo off  
 for /d %%d in ("*") do (  
  for /d %%e in ("%%d\*") do (  
   move "%%e" .  
  )  
 )  

Note: this code only works for subdirectories. If the yearly folders directly contain files, they will not be copied. In this case, use this code:

 @echo off  
 for /d %%d in ("*") do (  
  for /d %%e in ("%%d\*") do (  
   move "%%e" .  
  )  
  move "%%d\*" .  
 )  

Thanks a lot, Rik!