Penetration Testing mailing list archives
Re: Secure Password Policy?
From: Tim <pand0ra.usa () gmail com>
Date: Fri, 20 Jan 2006 00:15:41 -0700
Correction on the last line. "Note that after you disable the storage of passwords you will have to change the password in order for it not to store the new password. My understanding is that the old password will always remain." Should read as "Note that after you disable the storage of passwords you will have to change the password in order for it not to store the old LM hash." From what I have seen the LM field for the hash is blanked out but you will see a hash for the NTLM field. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Secure Password Policy?, (continued)
- Re: Secure Password Policy? Neil (Jan 22)
- List of "clickable" on-line pen-test tools Petr . Kazil (Jan 23)
- Re: List of "clickable" on-line pen-test tools Ivan . (Jan 24)
- Re: List of "clickable" on-line pen-test tools Alvin Oga (Jan 25)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
- Message not available
- Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
- Re: Secure Password Policy? Neil (Jan 22)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)
- Re: Secure Password Policy? Tim (Jan 21)
- Re: Secure Password Policy? Tim (Jan 21)
- "Ping scan" through Google Petr . Kazil (Jan 22)
- Re: "Ping scan" through Google -- Perl version for *NIX Peter Hille (Jan 22)
- Re: "Ping scan" through Google Robert Wesley McGrew (Jan 22)
- Re: "Ping scan" through Google pagvac (Jan 23)
- Re: Secure Password Policy? David M. Zendzian (Jan 22)
- Re: Secure Password Policy? Brian Anderson (Jan 22)
- Re: Secure Password Policy? bf (Jan 21)