Penetration Testing mailing list archives

Re: Secure Password Policy?

From: Tim <pand0ra.usa () gmail com>
Date: Fri, 20 Jan 2006 00:15:41 -0700

Correction on the last line.
"Note that  after you disable the storage of passwords you will have
to change the
 password in order for it not to store the new password. My
understanding is that the old password will always remain."  Should
read as "Note that  after you disable the storage of passwords you
will have to change the  password in order for it not to store the old
LM hash." From what I have seen the LM field for the hash is blanked
out but you will see a hash for the NTLM field.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Secure Password Policy?, (continued)
- - Re: Secure Password Policy? Neil (Jan 22)
    - List of "clickable" on-line pen-test tools Petr . Kazil (Jan 23)
    - Re: List of "clickable" on-line pen-test tools Ivan . (Jan 24)
    - Re: List of "clickable" on-line pen-test tools Alvin Oga (Jan 25)
    - Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
    - Message not available
    - Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
    - Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)
- Re: Secure Password Policy? Stephen J. Smoogen (Jan 19)
- Re: Secure Password Policy? Alexander Klimov (Jan 19)
  - Re: Secure Password Policy? Tim (Jan 21)
    - Re: Secure Password Policy? Tim (Jan 21)
  - "Ping scan" through Google Petr . Kazil (Jan 22)
    - Re: "Ping scan" through Google -- Perl version for *NIX Peter Hille (Jan 22)
    - Re: "Ping scan" through Google Robert Wesley McGrew (Jan 22)
    - Re: "Ping scan" through Google pagvac (Jan 23)
- Re: Secure Password Policy? Neil (Jan 20)
  - Re: Secure Password Policy? David M. Zendzian (Jan 22)
  - Re: Secure Password Policy? Brian Anderson (Jan 22)
- Re: Secure Password Policy? bf (Jan 21)
  - Re: Secure Password Policy? bf (Jan 21)
- RE: Secure Password Policy? Mark Atherton (Jan 19)

(Thread continues...)