Re: compromised machines

["bob" <vxul () yahoo com>]

I suggest the download of MSBA. Which can be found at 
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
It tests for weak passwords and among other things proccess's that dont need 
to be running.

.02
-japboy

----- Original Message ----- 
From: "Mike Lyman" <mikelyman-security () comcast net>
To: <incidents () securityfocus com>
Sent: Friday, August 27, 2004 11:12 PM
Subject: Re: compromised machines


> Scott Weeks wrote:
> > Are you sure they didn't crack the passwords?  Do you have 'strong'
> > passwords on the machines?
>
> Don't forget derived/incremented passwords. Users who have passwords 
> cracked and then go on to continue to use the series will cause you 
> problems. BigDog1, BigDog2, BigDog3, BigDogX is fairly guessable and I 
> know from experience they will cause you problems even if they are 
> otherwise "strong."
>
> On Windows you can implement a custom passflt.dll that will check for 
> these. Look for numbers, replace them with 0-9 and hash and compare with 
> the password history. If you have a match, you've got a password 
> incrementer.
>
> (Sorry but I didn't code the passflt.dll we used that did that but from 
> what I've seen of the documentation on Microsoft's site on passflt.dll, it 
> should be repeatable. While you are at it, throw in a small dictionary 
> check for common words.)
>
> --
> Mike Lyman, CISSP
> mikelyman-security () comcast net
>
> "You can't take the sky from me"