Blog Posts Tagged with "Passwords"


How To Crack A SAM Database Using Ophcrack

October 28, 2010 Added by:bitraptor bitraptor

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. Yes, you read that right, in SECONDS...

Comments  (2)


Mom and Dad, It's Time To Get Secure

October 27, 2010 Added by:Niko DePofi

I know your computer is almost a foreign language, so I put together a decent, basic primer of how to keep your information safe when using a PC. This isn't all that can be done. There may never be a truly comprehensive list of what to do to stay safe, but this is a decent primer...

Comments  (0)


Authentication - Risk and Trust Part Two

October 24, 2010 Added by:Guy Huntington

There are many different identity types interacting with a modern enterprise and identity type gradients. The risk associated with these identity gradients may vary according to the purchase amount, or type of information flowing between the enterprise and the identity type gradient..

Comments  (0)


Hashes and the Security Account Manager

October 24, 2010 Added by:bitraptor bitraptor

SAM is far from being perfect, but the real problem lies in the way they store the passwords - it's an old method created by Microsoft prior to the Windows NT family, and they still run the old style LM hash keys so that two concurrent hashes of the passwords are stored...

Comments  (0)


Cracking 14 Character Complex Passwords in 5 Seconds

October 21, 2010 Added by:Dan Dieterle

A Swiss security company called Objectif Sécurité has created a cracking technology that uses rainbow tables on SSD drives. Apparently it is the hard drive access time and not the processor speed that slows down cracking. Using SSD drives can make cracking faster, but just how fast?

Comments  (23)


Just In Time for Fall: Introducing Touchdown Tasks

October 07, 2010 Added by:Brent Huston

Each month, we focus on a specific, measurable task you can use to firm up your own security strategy. The tasks focus on authentication credentials to identify and remove all network, system and application access that does not require secure authentication credentials or mechanisms...

Comments  (0)


More on Twelve Character Passwords

October 05, 2010 Added by:Guy Huntington

Obtaining passwords is so easy using social engineering that it negates the use of a password with special characters and X length. When I go onto client sites one of the first things I do is look under keyboards, behind the screens etc, where I usually find the password written down...

Comments  (3)


Do We Need Twelve Character Long Passwords?

October 02, 2010 Added by:PCI Guru

Are the days of eight character long passwords over? I have seen examples where current threats plus older threats could be used to compromise security. It was just all in how they were put together. It is very important that security professionals need to understand their opponent...

Comments  (5)


Strong Passwords Are Not Enough

September 24, 2010 Added by:Robert Siciliano

Adding one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.It is just as important that your PC is free of malicious programs such as spyware and key-loggers. Beware of RATS a.k.a Remote Access Trojans...

Comments  (0)


Passwords, Dinosaurs, and 8-Track Tapes

August 30, 2010 Added by:Brent Huston

It’s not just a matter of people using short, simple, stupid passwords any more. With advances in easily available and cheap computing power such as advanced graphics processors and solid state drives, even long and complex passwords can be cracked in seconds...

Comments  (2)


Is There Such a Thing as the Perfect Password?

August 25, 2010 Added by:Simon Heron

Using a password by itself leaves the user wide open to abuse from keyloggers and phishing attacks. Add a token into the mix and it greatly reduces the risk of exploitation, as the hacker would have to be close enough to take the token from your possession...

Comments  (3)


Default, Blank and Weak Username/Passwords

July 22, 2010 Added by:Application Security, Inc.

Application Security, Inc.’s Team SHATTER has researched the Top 10 Database Vulnerabilities in order to you with the most up-to-date vulnerabilities, risk and remediation information. Today’s topic is Default, Blank & Weak Username/Passwords...

Comments  (0)


Google Hack Whacks Passwords

April 30, 2010 Added by:Robert Siciliano

Code named Gaia after “Greek Goddess of Earth” a Google single sign on password system was hacked in December. Google is a significant part of many individuals and businesses online activities. Millions rely on Google every day to be fast, functional and most important, secure. A breach such as this may erode the confidence of Google users, but for many, they have all their egg...

Comments  (2)


Passwords…Are they needed?

April 06, 2010 Added by:Katie Weaver-Johnson

This week I received an e-mail from a friend of mine saying he was in the UK to visit his ill sister and needed to borrow money…perhaps many of you have received an e-mail like this too?  In reality, my friend’s e-mail account had been hacked and the e-mail was a hoax.

Comments  (5)


Where are the DBAs?

October 07, 2009 Added by:Infosec Island Admin

What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.

Comments  (3)

Page « < 8 - 9 - 10 - 11 - 12 > »