RE: Password Cracking

["Allan Schon" <allanschon () mckinleymachinery com>]

Well, if you examine your log files, you should be to find each of these hacking attempts, and get some information 
about the hackers.  If, however, you don't find evidence of a brute force attack in your logs, your system itself may 
have been compromised.  If I were you, I'd do a comprehensive security audit RIGHT NOW, do determine what, if any, 
damage has been done.

If these cracking attempts were aimed at a specific director, or a small group of them, you may want to read up on 
'social engineering'.  It is very likely that your clients are not terribly tech-savvy (most people aren't), and may 
have actually given thier passwords to the cracker.  Oops. :)

If I were you, I'd go to your local library and pick up a book or two on computer security. Check out this site for a 
list of titles: http://www.securityfocus.com/library/category/4

Good luck!

-----Original Message-----
From: Peter Weiss [mailto:dvdsandbooks () hotmail com]
Sent: Saturday, May 17, 2003 7:57 PM
To: security-basics () securityfocus com
Subject: Password Cracking




I was recommended this site by a friend of mine. I manage the website 
http://www.breakdownservices.com/ , and lately there have been numerous 
attempts at obtaining login information for legit casting directors. I 
was simply wondering what tools hackers are using to obtain such 
information (many of the attempts turned out to be successful). I did 
some research on my own, and read about brute force/dictionary attacks, 
but when trying to satisfy my knowledge of these techniques I couldn't 
find anything to use them with. Also, is this the only technique hackers 
could possible use on my site? I figure if I understand how this works, I 
can prevent it!
Thanks.

---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------