Security Basics mailing list archives
RE: Password Cracking
From: "Allan Schon" <allanschon () mckinleymachinery com>
Date: Tue, 20 May 2003 08:04:15 -0400
Well, if you examine your log files, you should be to find each of these hacking attempts, and get some information about the hackers. If, however, you don't find evidence of a brute force attack in your logs, your system itself may have been compromised. If I were you, I'd do a comprehensive security audit RIGHT NOW, do determine what, if any, damage has been done. If these cracking attempts were aimed at a specific director, or a small group of them, you may want to read up on 'social engineering'. It is very likely that your clients are not terribly tech-savvy (most people aren't), and may have actually given thier passwords to the cracker. Oops. :) If I were you, I'd go to your local library and pick up a book or two on computer security. Check out this site for a list of titles: http://www.securityfocus.com/library/category/4 Good luck! -----Original Message----- From: Peter Weiss [mailto:dvdsandbooks () hotmail com] Sent: Saturday, May 17, 2003 7:57 PM To: security-basics () securityfocus com Subject: Password Cracking I was recommended this site by a friend of mine. I manage the website http://www.breakdownservices.com/ , and lately there have been numerous attempts at obtaining login information for legit casting directors. I was simply wondering what tools hackers are using to obtain such information (many of the attempts turned out to be successful). I did some research on my own, and read about brute force/dictionary attacks, but when trying to satisfy my knowledge of these techniques I couldn't find anything to use them with. Also, is this the only technique hackers could possible use on my site? I figure if I understand how this works, I can prevent it! Thanks. --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Password Cracking Peter Weiss (May 19)
- RE: Password Cracking Scott (May 20)
- <Possible follow-ups>
- RE: Password Cracking Allan Schon (May 20)