[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What the f*** is going on?

To: coderman <coderman@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] What the f*** is going on?
From: jf <jf@xxxxxxxxx>
Date: Thu, 24 Feb 2011 12:11:52 -0500

> this is only true for remote attackers hitting network service auth.

Mhmm, and runas, su et al couldn't benefit from this?
 
> better to assume they've got your hashes and you're racing the
> rainbows, dicts, and CUDAs for longevity...

Not that assuming you're popped/gonna get popped and acting accordingly is a 
horrible idea, but to make sure I'm understanding your debating points 
correctly; you're arguing that the reason you want complex passwords is to slow 
the rainbow tab les once an attacker has write access to lsass, read access to 
shadow, popped the pdc, et cetera?
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] What the f*** is going on?
  - From: Michal Zalewski

References:
- Re: [Full-disclosure] What the f*** is going on?
  - From: Paul Schmehl
- Re: [Full-disclosure] What the f*** is going on?
  - From: jf
- Re: [Full-disclosure] What the f*** is going on?
  - From: coderman

Prev by Date: [Full-disclosure] [SPANISH] Curso Online y Presencial de penetration testing
Next by Date: Re: [Full-disclosure] What the f*** is going on?
Previous by thread: Re: [Full-disclosure] What the f*** is going on?
Next by thread: Re: [Full-disclosure] What the f*** is going on?
Index(es):
- Date
- Thread