Penetration Testing mailing list archives
Re: Rainbow Tables
From: "ROB DIXON" <rdixon () workforcewv org>
Date: Wed, 08 Feb 2006 09:55:09 -0500
Good point. You said it better than I did. I wasn't trying to be one directional. I just thought that the "others" shouldn't restrict him to one avenue. Thanks for clairifying! Robert L. Dixon, CSO CHFI A+ State of West Virginia's West VIriginia Office of Techonology Infrastructure Applications Netware/GroupWise Administrator Telephone: (304)-558-5472 ex.4225 Email:rdixon () workforcewv org
"T.Dudek" <duderik () gmail com> >>>
One word: "pirated software". ok, so it's two words ;-) I've seen enough cases where the evildoers were using lophtcrack or the various commercial software/hardware keystroke loggers that you can buy. Most of the time it's pirated stuff, but why not use the best you can get/steal when you're a criminal? I'd say the "others" should be informed of both risks, and need to be reminded that "most likely" does not really mean anything. I wouldn't step on a plane that would "most likely" not crash.. On 2/7/06, ROB DIXON <RDIXON () workforcewv org> wrote:
Hey Tony, The "others" should be informed that the malicious attacker is most likely to NOT use "commercial" products. And that for a true benchmark, maybe use the products that a malicious attacker would use. Most of which will probably be open source or free at the least. That is assuming that they are not writing their own software. ;) I guess I'm asking, how do you justify "not" using free products? You can buy pre-computated rainbow tables, but there are different rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 , md5, etc.
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Rainbow Tables, (continued)
- Re: Rainbow Tables Jerome Athias (Feb 07)
- Re: Rainbow Tables trashcanmn (Feb 07)
- Re: Rainbow Tables ROB DIXON (Feb 07)
- Re: Rainbow Tables Max Ashton (Feb 08)
- Re: Rainbow Tables T.Dudek (Feb 08)
- RE: Rainbow Tables Boogiebruva (Feb 08)
- RE: Rainbow Tables Craig Wright (Feb 07)
- RE: Rainbow Tables Terry Vernon (Feb 08)
- RE: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Arley Barros Leal (Feb 08)
- Re: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 08)
- RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 09)
- Re: Rainbow Tables DokFLeed (Feb 09)
- Re: Rainbow Tables jalvare7 (Feb 09)
- Re: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 09)
- RE: Rainbow Tables Tom Brennan (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 10)
- RE: Rainbow Tables Tony Stark (Feb 09)
(Thread continues...)