, SecurityFocus 2005-11-09
A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.
Expand all |
Post comment
Gold at the end of rainbow cracking?
2005-11-09
Anonymous (4 replies)
Anonymous (4 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (2 replies)
Anonymous (2 replies)
Gold at the end of rainbow cracking?
2005-11-10
Mike B (3 replies)
Mike B (3 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Pete (3 replies)
Pete (3 replies)
Gold at the end of rainbow cracking?
2005-11-11
Anonymous (1 replies)
Anonymous (1 replies)
So, you break into one system and gain admin rights (bypassing the password system somehow, or using a password cracked from another system from a stolen password hash), then you crack the passwords, and can use them on *other computers*, as well as the one you originally broke into.
Once you've broken in and got admin rights, you don't need so much to crack passwords to do bad things, like read or alter sensitive data. However, if you have a password perhaps it's a more stealthy way to continue your nefarious activities? There's no rootkit left around to detect, though if you use someone's password and assume their identity - that leaves traces of system usage that can be picked up in audit logs.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11355/32722#32722