Ramblings & ephemera
From Chapter 2: Botnets Overview of Craig A. Schiller’s Botnets: The Killer Web App (Syngress: 2007):
According to the Rainbowtables.net Web site, using their tables and others on the Internet “it is possible to crack almost any password under 15 characters using a mixed alphanumeric combination with symbols for LM, NTLM, PIX Firewall, MD4, and MD5.” [...]
Posted on November 22nd, 2008 by Scott Granneman
Filed under: Webster U: infosec management, security | No Comments »
From Aaron Margosis’ “Why you shouldn’t run as admin…” (17 June 2004):
But if you’re running as admin [on Windows], an exploit can:
install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
install and start services
install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
access data belonging to other users
cause code [...]
Posted on September 26th, 2008 by Scott Granneman
Filed under: Webster U: infosec management, security, technology | No Comments »
From Christian Seifert’s “Analyzing malicious SSH login attempts” (SecurityFocus: 11 September 2006):
First, we analyzed the login names that were used on the login attempts. During the sample period, there were 2741 unique account names ranging from common first names, system account names, and common accounts to short alphabetical strings captured by the system logger. Of [...]
Posted on November 5th, 2006 by Scott Granneman
Filed under: Webster U: infosec management, security, technology | Comments Off
From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005):
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: infosec management, security | Comments Off
From Nanette Asimov’s “Software glitch reveals private data for thousands of state’s students” (San Francisco Chronicle: 21 October 2005):
The personal information of tens of thousands of California children — including their names, state achievement test scores, identification numbers and status in gifted or special-needs programs — is open to public view through a security loophole [...]
Posted on July 13th, 2006 by Scott Granneman
Filed under: Wash U: tech in changing society, Webster U: infosec management, education, security, technology | Comments Off
From Robert Lemos’s Rainbow warriors crack password hashes (The Register: 10 November 2005):
Over the past two years, three security enthusiasts from the United States and Europe set a host of computers to the task of creating eleven enormous tables of data that can be used to look up common passwords. The tables - totaling 500GB [...]
Posted on June 14th, 2006 by Scott Granneman
Filed under: Webster U: infosec management, business, security | Comments Off
From Usability News’ “Password Security: What Users Know and What They Actually Do“:
A total of 328 undergraduate and graduate level college students from Wichita State University volunteered to participate in the survey, and were regular users of the Internet with one or more password protected accounts. Ages of the participants ranged from 18 to 58 [...]
Posted on April 22nd, 2006 by Scott Granneman
Filed under: Webster U: infosec management, business, security, technology | Comments Off
From Federico Biancuzzi’s “John the Ripper 1.7, by Solar Designer“:
John the Ripper 1.7 also improves on the use of MMX on x86 and starts to use AltiVec on PowerPC processors when cracking DES-based hashes (that is, both Unix crypt(3) and Windows LM hashes). To my knowledge, John 1.7 (or rather, one of the development snapshots [...]
Posted on April 8th, 2006 by Scott Granneman
Filed under: Webster U: infosec management, security | Comments Off
From Network Magazine:
Ken Thompson, a designer of the Unix OS, explained his magic password, a password that once allowed him to log in as any user on any Unix system, during his award acceptance speech at the Association for Computing Machinery (ACM) meeting in 1984. Thompson had included a backdoor in the password checking function [...]
Posted on November 29th, 2005 by Scott Granneman
Filed under: history, security, technology | Comments Off
I wish Mother Nature would decide if she wants to snow or rain or what.
Added a product to their wishlist:
Good God a'mighty but that big man positively.WAILS on the geetar!
The amazingly loud & good Tony Campanella is just starting. This guy rocked the house last year.
<