Security Incidents mailing list archives
Re: compromised machines
From: Mike Lyman <mikelyman-security () comcast net>
Date: Fri, 27 Aug 2004 23:12:11 -0500
Scott Weeks wrote:
Are you sure they didn't crack the passwords? Do you have 'strong' passwords on the machines?
Don't forget derived/incremented passwords. Users who have passwords cracked and then go on to continue to use the series will cause you problems. BigDog1, BigDog2, BigDog3, BigDogX is fairly guessable and I know from experience they will cause you problems even if they are otherwise "strong."
On Windows you can implement a custom passflt.dll that will check for these. Look for numbers, replace them with 0-9 and hash and compare with the password history. If you have a match, you've got a password incrementer.
(Sorry but I didn't code the passflt.dll we used that did that but from what I've seen of the documentation on Microsoft's site on passflt.dll, it should be repeatable. While you are at it, throw in a small dictionary check for common words.)
-- Mike Lyman, CISSP mikelyman-security () comcast net "You can't take the sky from me"
Current thread:
- compromised machines Varun Pitale (Aug 26)
- Re: compromised machines Brian Eckman (Aug 27)
- Re: compromised machines Scott Weeks (Aug 27)
- Re: compromised machines Mike Lyman (Aug 30)
- Re: compromised machines bob (Aug 31)
- Re: compromised machines Mike Lyman (Aug 30)
- Re: compromised machines Harlan Carvey (Aug 27)
- Re: compromised machines Michael H. Warfield (Aug 30)
- Re: compromised machines Jose Maria Lopez (Aug 30)
- <Possible follow-ups>
- Re: compromised machines soccer4net () netzero com (Aug 27)