Security Basics mailing list archives
Re: Password Cracking
From: "Steve" <securityfocus () delahunty com>
Date: Sat, 11 Sep 2004 10:47:00 -0400
An interesting thing we learned during a recent vulnerability assessment is that even if you have a good password hardening approach and secure that password store your folks might use that same password on other systems that are not as secure. Consider you are running hardened passwords for NT, and SAM is encrypted, good right? Well some of your people might use their same passwords they use for NT on other less secure systems, for instance using them for a particular FTP site and storing that in the FTP client configuration. So your hacker gets their password that way and can easily likely figure out their network login. Bingo, they are in. This is something that needs to be addressed by policy and technology. Informing your users not to use the same password on different systems but also providing them some form of single sign-on or authentication. I am calling this vulnerability Strong Passwords but Weak Systems. ----- Original Message ----- From: "Michael Shirk" <shirkdog () cryptomail org> To: <security-basics () securityfocus com> Sent: Friday, September 10, 2004 8:32 AM Subject: RE: Password Cracking
LC and John are password cracking tools. What is a password cracking tool? Rather amazingly, computers don't store passwords*.
Actually, some computers do store passwords. A special thank you to users who save their passwords in a file unencrypted. :-) Shirkdog -----Original Message----- From: szucker () sst-pr-1 com [mailto:szucker () sst-pr-1 com] Sent: Thursday, September 09, 2004 1:23 AM To: PrasannaM () catsglobal co in; security-basics () securityfocus com Cc: dcoletta12 () hotmail com Subject: RE: Password Cracking; Re: Importance: Low !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ CryptoMail provides free end-to-end message encryption. http://www.cryptomail.org/ Ensure your right to privacy. Traditional email messages are not secure. They are sent as clear-text and thus are readable by anyone with the motivation to acquire a copy. !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Password Cracking, (continued)
- Re: Password Cracking GuidoZ (Sep 16)
- Re: Password Cracking K. K. Mookhey (Sep 18)
- Re: Password Cracking Anirudhya Mitra (Sep 27)
- Re: Password Cracking GuidoZ (Sep 27)
- Re: Password Cracking GuidoZ (Sep 27)
- Re: Password Cracking Über GuidoZ (Sep 13)
- Re: Password Cracking Steve (Sep 13)
- Re: Password Cracking Miles Stevenson (Sep 18)
- RE: Password Cracking Jonathan Loh (Sep 15)
- Re: Password Cracking Dave Aronson (Sep 18)
- RE: Password Cracking Nick Owen (Sep 15)
- RE: Password Cracking William Baglivio (Sep 15)
- RE: Password Cracking easternerd (Sep 23)
- Re: Password Cracking GuidoZ (Sep 15)
- Re: Password Cracking David J. Bianco (Sep 16)