Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad!

Presently sponsored by: Get a security solution that will keep your website up and running—and keep you sleeping soundly: Symantec Website Security. Learn how

Friends who follow what I’m up to these days will see that I’m often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I’m writing this now) and a lot of time in hotel rooms. Want to know how I churn out so much content? It’s using that otherwise wasted down time to do useful things. But to do that, I need to be productive whilst mobile and I owe a lot of that to the machine I use when travelling.

Now, to make sure this doesn’t sounds like an incentivised Lenovo pitch, firstly, refer back to my stance on what I’ll endorse and my history with buying Lenovos and secondly, there’s nothing in this one for me, it’s someone else who’s going to get something cool! But seriously, a huge part of how I get so much stuff done is that I can be super productive using the ThinkPad I travel everywhere with and that’s due to a combination of the keyboard (one of its most highly-regarded features), reliability (I’m yet to have one die on me) and frankly, brutally functional design. These are not aesthetically pleasing machines – let’s be honest about that – but man they’ve got substance over beauty in spades. (Fun fact – I’m just returning home from a conference where the AV guy had to warn the speaker after me that Macs sometimes slip off the lectern due to the curved bezel on the base not holding it in place.)

But best of all, Lenovo is giving me one to give you! Well, one of you anyway and it’s a pretty slick unit being the ThinkPad 25 Year Anniversary Edition. This machine is packing a Core i7, 16GB of RAM, a half TB of SSD, an Nvidia GeForce 940MX GPU, USB Type C (Thunderbolt 3), 3 classic USB 3.0 ports (three!), SD card reader, HDMI port, ethernet jack, infrared face recognition camera and fingerprint reader. This is no half-hearted attempt at a laptop, it’s the full beans:

Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad!

So yeah, Lenovo said I can give one away, I just needed to work out how I wanted to do it. I wanted to give it to someone who actually did something (no randomisation) and I wanted them to do something for the betterment of online security. It also had to be something that other people could use to achieve that objective which brings me to the Have I Been Pwned (HIBP) API.

I launched the HIBP API right after launching the service itself, almost 4 years ago now. Since then, many people have done many wonderful things with it (some of which are linked to on the API consumers page) which further the objective of helping victims of data breaches learn of their exposure. I want to use this opportunity to motivate people to do more with that API.

Here’s the rules of the competition:

  1. Whatever you build must be made publicly available and without cost. Code on GitHub, free app in an app store, openly available website etc.
  2. The scope covers both the API to search for breached accounts and the Pwned Passwords either by API or querying the downloadable password hashes.
  3. You should leave a comment below explaining what you’ve built and linking to where it can be found.
  4. It must be working software that people can actually use!
  5. The deadline is 2 weeks from today which puts it at 7 November. Cut-off time is midday for me Gold Coast time.
  6. I will take the 4 best uses of the API and put out a Twitter poll that will run for 24 hours. The winner of that gets the ThinkPad.
  7. If the poll draws, I’ll run it again with the front-runners from the poll.

Lenovo will ship this machine to you anywhere in the world so you’re eligible regardless of your geography. If you’ve already created something using the API, awesome, you’ve got a head start, but I still need a comment here submitting it to the competition. If you’re looking for inspiration, let me share a few ideas:

  1. Find a way to reach more people who may not already know they’ve been pwned.
  2. Find a way to visualise the data in a way that helps people understand their exposure.
  3. Find a way for organisations to make better use of either the breached account API or Pwned Passwords.
  4. Find a way to integrate into other tooling such that the data is more accessible.

Do also read the API docs page carefully; there’s info on the rate limit, what I consider abuse and what the acceptable use is. Anything that doesn’t adhere to this isn’t in the running!

So that’s it – go and build awesome things – then whoever can build the most awesomest gets an awesome machine to build even more awesome things!

Leave a Reply