[Klug-general] Passwords
David Halliday
david.halliday at gmail.com
Mon Sep 5 09:46:46 UTC 2011
Do you have an example of this?
I presume this is going to be the case for "common" passwords like "love",
"secret" and "god" etc...
On 5 September 2011 10:42, Julia Freeman <klug at quixotic.org.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Sep 05, 2011 at 10:33:26AM +0100, David Halliday wrote:
> > One thought. If security is a concern this is potentially dangerous. A
> > common way to exploit authentication on windows AD networks is that the
> > client computer remember the last
> > 10 user-names/passwords successfully authenticated. This is useful to
> > authenticate people when network availability is unreliable. However if
> you
> > are in a public environment or there is a chance that someone might be
> > interested in exploiting the network then having physical access to a
> > machine which stores user-names/passwords is a big
> > security vulnerability, especially if a network admin was one of the last
> 10
> > people to access that machine. This is a very common mechanism used to
> > exploit MS based networks.
> >
> > From a security mindset, once a person has physical access to a machine
> that
> > machine is easily compromised (and anything on it can and will be used
> > against you). One live CD, FTP location to copy the shadow file to, jack
> the
> > ripper (and time & CPU cycles) and you are open wide.
> >
>
> Increasingly these days you can actually crack a password quicker by just
> googling the hash from the shadow file...
>
> It's kinda worrying...
>
> J
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFOZJlx42M0lILkmGIRAhm5AJ90Ecam8fu/4ywhwJ4BOlVKCdczjwCgrgRZ
> klM5KAkF2aCutqQ4DVblvZE=
> =XVZK
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110905/b03869b8/attachment-0001.htm>
More information about the Kent
mailing list