Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.
Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense, according to a new military-wide policy for reporting and fixing security vulnerabilities.
Security researchers are often reluctant to report programming flaws or security holes they’ve stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges. But on Nov. 21, the DoD aimed to clear up any ambiguity on that front for the military’s substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules.