NTLM 100% Broken Using Hashes Derived From Captures 155
New submitter uCallHimDrJ0NES writes "Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a 'white hat' has researched and exposed the how-to details for us all to enjoy. 'You might think that with all the papers and presentations, no one would be using NTLM...or, God forbid, LM. NTLMv2 has been around for quite some time. Surely, everyone is using it. Right? Wrong! According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses!' Microsoft has posted a little guidance for those who need to turn off NTLM. Have fun explaining your new security project to your management, server admins!"
And this is important because? (Score:1)
Can anyone shine some light on this?
Re:And this is important because? (Score:5, Informative)
NTLM stands for Windows NT Lan Manager. Is was used in earlier Windows from NT 3.1 (yes THAT old) up til Win 2K3 IIRC.
Users would authenticate their login credentials to the system. NTLM is the sub-system that does that authentication.
For more details see wikipedia: http://en.wikipedia.org/wiki/NTLM [wikipedia.org]
Re:And this is important because? (Score:4, Informative)
Re: (Score:2)
If you have a web proxy (e.g. squid) with user authentification, you probably are also using NTLM for sending hashed one-time passwords. The only other alternative is Digest authentication, which only few client programs support. The NTLM version used depends on the client machine.
Re: (Score:2)
Squid works fine with Kerberos and AD authentication. And since Vista and Windows 7 are a pain to setup Proxy authentication on Squid ntlm_auth most people should be using Kerberos or digest right now.
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos [squid-cache.org]
Re: (Score:3)
I found the following on the MS site:
Export restrictions screw you again!
Re: (Score:3)
NTLM, you COULD go to Wikipedia - failing all else.
This is the name for Microsoft's 2nd generation authentication protocol - for issuing challenges and responses related to encrypted passwords as a shared secret. The passwords are hashed with a salt, and the value compared with the known password, by the authentication service. This is a variant introduced by Windows NT on the LAN Manger scheme - cooked up in the remote past by MS and IBM, based on Ungerman-Bass software.
This is important, because LM and
Re: (Score:2)
UPDATE!
He doesn't just pass the hash - He gets THE PLAINTEXT PASSWORD. This allows anywhere, anytime auth access, instead of MITM.
Re: (Score:2)
Not quite.
The attacker only gets the password, however the password is never directly used, it is always converted to the hash.The hash is essentially the real password, and for injection attacks is more useful than the password as it saves you from converting the password to the hash.
Re: (Score:3)
XP and 2000 can be made to use NTLMv2 but you have to either use Group Policy or set it in Local Security Policy. I don't know /why/ Microsoft didn't make it default to at least use v2 if both ends agreed, but they wouldn't have forced it on because of back compatibility with NT4 domains.
Re: (Score:2)
Dear god, I hope you're exaggerating.
Re: (Score:1)
I think he is right.
Iwrote some simple asp site that did just that with IE 5.5 when Windows 2000 was brand new.
Hopefully these dinosaurs are going down since XP is getting EOL. Can a recent web developer tell me if you can use NTLDMv2 today with a modern browser?
Re: (Score:1)
Re: (Score:1)
My reply may be somewhat off topic, but give it a read:
SlashDot is to journalism as COBOL is to programming.
I read SlashDot because it is an important and timely source of technical news. But all too often articles are incomprehensible (without research) to readers outside some particular narrow discipline. Writing a lead in to an article is a skill that requires more than technical knowledge -- it requires knowledge (and some assumptions) about the experience of the intended readership. Like several oth
Re: (Score:2)
As a working reporter/writer for two decades, I offer some other tips:
Each sentence should be less important than the one before it. This is called pyramiding in the trade; it allows the reader to quit once he/she understands enough, or for an editor to cut from the bottom.
Never use a big word when a small, familiar one will do.
Keep sentences to less than thirty words, if at all possible. This is mandatory for the lead (first sentence.)
Be brave in paragraphing; do it often.
Read the AP, Chicago or other on
Re: (Score:3)
Do paragraphing not often, but only as often as makes sense. One-sentence paragraphs are for those with grade 2 reading and writing level.
See Anna Merkin.
See Anna Merkin paragraph.
Paragraph, Anna Merkin, paragraph.
And commit Strunk and White to the *bin*, not to memory. See the many comments by Pullum on Language Log and elsewhere, for example, for reasons why. Pay special attention to the fact that White apparently doesn't even know what the passive voice is before
Re: (Score:3)
I have a friend who is a retired newspaper journalist. I wonder if I could interest him in devising some guidelines for ShashDot postings that even amateurs could apply with some improvement to the quality of their posts. Anyone enthusiastic about this?
This will remain irrelevant until the editors do some editing rather than accepting article submissions that are no more than the output of a script that scrapes an RSS feed.
Re: (Score:3)
I wonder if I could interest him in devising some guidelines for ShashDot postings that even amateurs could apply with some improvement to the quality of their posts. Anyone enthusiastic about this?
Not in the slightest. I am, in fact, enthusiastically unenthusiastic about bringing the assumption that your reader needs all the 'the five Ws' answered or technical background spoon-fed to him onto the web.
Newspaper style guides were written for a time when a person who didn't understand the technical background had to pedal down to the library and find a book on the subject, read it, and come back to finish the story days or weeks later. It was better to give them a layman's understanding of the science
Here's why (Score:1)
The submitter has a hardon for Linux and is giddy that the authentication mechanism for an OS that is over a decade old now can be broken.
Re:Here's why (Score:5, Informative)
I'd say this affects Linux too - a bunch of machines with Samba are quite possibly vulnerable, and need a different settings change than what Windows does.
At a minimum, the following in the smb.conf
[global]
client ntlmv2 auth = yes
lanman auth = no
ntlm auth = no
For winbindd, a recompile might be required.
This summary is terrible (Score:2, Insightful)
This is one of the worst summaries I have ever read here. I can easily imagine the joy in the submitter as they are dancing to their own over the top writing style. NTLM is 100% broken. Oh no! Microsoft stopped recommending it and switched to Kerberos starting with Windows 2000. Who the hell cares that someone broke a protocol from 10+ years ago? If anything, it makes NTLM look really good. What sensationalist trash this is.
Re: (Score:2, Informative)
If you knew this well enough, XP - a significantly deployed OS - sends these hashes anyway. It takes a Registry Change through group-policy to change the behavior.
You want fun? Sit on the corp net of any silicon valley company with Wireshark. It's still XP heaven out there... And all the SAMBA servers? Easy pickings, Kerb5 or not.
Re: (Score:3)
Used to do pen/vuln. No more.
Now, I'm a PowerPoint engineer!
Re: (Score:3)
So ... everyone joined to ActiveDirectory then eh? Its been known that NTLM hashes could be reused for years.
And for the record, my Samba servers have been using kerberos for years, not sure why yours aren't. Shitty admin perhaps? Must be as the previous stated reason is what causes a clueful admin to move to kerberos back in 2001 when XP made it possible to use network wide.
When you start mixing unix and windows servers on a domain you pretty much start off by switching everything to kerberos so everyt
Re: (Score:1)
I don't know, maybe everybody didn't immediately switch every machine in their company to XP on day one?
Re: (Score:1)
"This summary is terrible"...
Agree... this is being overblown. Any competent admin of a network of any size already followed guidelines issued nearly a decade ago to start forcing NTLMv2 only unless there was some very specific reason not too. Back in say 2004 time frame there were reasons, by 2008 there really was no excuse. Even if someone missed it it's a simple GPO change and refresh to mitigate as already pointed out throughout the thread. Yawn.
Re: (Score:2, Funny)
>14 chars disables LM, but not NTLM.
>14 character passwords also disables some users.
A very real attack (Score:1)
Re: (Score:1)
they can fuck you up pretty up pretty good
From that... it sounds more likely you were the victim of a man-in-the-middle attack, either that or trojan horse or malware insersion.....
Re:A very real attack (Score:5, Funny)
In fact, I think he may have been penetrated via a back-door.
Re: (Score:1)
So... (Score:1)
Re: (Score:1)
This can be set via Group Policy (Score:3)
http://technet.microsoft.com/en-us/library/cc738867(v=ws.10).aspx [microsoft.com]
Secure Networks vs. Insecure Networks (Score:5, Insightful)
The crucial detail is whether the physical layer of the network can be trusted. If the physical layer is trusted, then NTLM works fine. Historically, lots of corporate networks controlled every computer on the office network, and air-gapped the internet.
Many modern networks, including wireless networks, have a non-trust worthy physical layer. In this case, only end-to-end encryption protects the network. Yes, the newer versions NTLM protect against the most obvious password scanning attacks. However, with a non-trust worthy physical layer, it is possible to simply scan all the network traffic and get the file contents from the network directly. Also, some (almost all?) ODBC and database servers send passwords in the clear. This makes it straightforward to do simple network traffic analysis attacks, and directly gather valuable information from the company network.
The bottom line is that only protocols like SSH work against a non-trustworthy physical layer.
Re: (Score:2)
. If the physical layer is trusted, then NTLM works fine. Historically, lots of corporate networks controlled every computer on the office network, and air-gapped the internet.
To what extent did they control them though? The bigger a network gets the more chance of a rouge device getting on it either through compromise of a machine that was legitimately there or through introducing a machine illegitimately.
Re: (Score:2)
To acheive any kind of security with Windows NT 3.5/4.0, you really need to control the physical layer thoroughly. Any device on the network is a potential source for untrusted code. Once you had untrusted code running on the computer, the network was compromised.
With Windows XP and Windows 7, it's pretty much impossible to lock down the computers. The security certifications that Microsoft had for Windows NT 4.0 no longer exist.
The only current desktop operating system technology that is equivalent t
Re: (Score:1)
Re:Secure Networks vs. Insecure Networks (Score:4, Informative)
Also, some (almost all?) ODBC and database servers send passwords in the clear.
Many database servers allow encrypted passwords, but there are surely a lot of database installations that don't take advantage of it. In PostgreSQL you can use SSL for the client network connection [postgresql.org], which ODBC passes through. Setup SSL as the only way to connect, and encryption has to happen before it hits the wire. MySQL has a similar trick [mysql.com]. Both are just using the OpenSSL library under the hood to encrypt the network traffic.
On the commercial side, Oracle does the same thing with ORA_ENCRYPT_LOGIN [oracle.com]. SQL Server has client and server settings [microsoft.com] that enforce encryption. Basically, if your database traffic isn't encrypted, it's more likely because someone didn't think that was important than because it was impossible. It's a simple checkbox to add to database selection requirements, and it's not hard to find a DBMS that has the capability.
I find people who just stuff user passwords into the database (which can be the same passwords as other services) rather than putting password encryption into their application can also leak data. In PostgreSQL using the built-in pgcrypto [postgresql.org] makes that easy. You also have to be careful to use the same network encryption approach for any replication client, or it's possible to just sniff that instead to get the data. In Postgres those connect with the same encryption possible options as any other client. Most of the tutorials on setting up replication don't cover this though.
Re: (Score:2)
The crucial detail is whether the physical layer of the network can be trusted
Someone maintains that physical layer. Even if they are employees of the company, it doesn't follow that they can be trusted. Someone with access to the physical layer and an NTLM hack could "become" anyone else on the network and do whatever he wanted with little fear of getting caught.
Put another way, If everyone that was employed by the company could be trusted, they could all share the same login with unlimited access. If that makes you cringe, then so should NTLM. I think that's the point of the ar
Re: (Score:2)
That said, I will say that for most people's needs there are plenty of adequate solutions. I find that LibreOffice(and OOo) do a decent job. PostgreSQL in many ways exceeds what MS-SQL does, and there are some decent integrated mail/calendar servers... I do think that Exchange is to this day best in it's class, and there are some features o
Re: (Score:2)
I love how lately saying the truth is flamebaiting/trolling.
What issue was there back in 2003?
Microsoft tried to steer the market away from TCP/IP. It took them ages to get proper TCP/IP support, and when they did, they stole most of it from BSD (this was proven in the famous windows 2k code leak). They hate standards because it makes it harder to lock in their customers. NTLM is nothing but crapware designed to lock-in people. Really, explain WHAT exactly is it that NTLM solves/fixes, now or 10 years ago?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What the fuck are you talking about, you retard?
Re: (Score:2)
Ah, you are right. That's why MySQL has a bigger marketshare than mssql, all serious mailservers use either sendmail, postfix or qmail, and LibreOffice is close to a 25% market share.
Re: (Score:3, Insightful)
So why do home users use Windows?
Because they don't want to deal with stuff like this just to get sound working.
https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture [archlinux.org]
Re: (Score:1)
I remember trying most of the relevant stuff on that page on archlinux and still not getting the sound to work properly.
Wait, you're telling me XP is insecure? (Score:2)
Holy SHIT!
W3 schools (Score:1)
Who would've thought a day would come when W3-schools is used as a reference in a non-humorous way?
How to harden an XP machine ? (Score:3)
We still have quite a number of XP machines in our front office.
How to harden those XP machines and make them use NTLM2 instead?
Thanks !!
Re:How to harden an XP machine ? (Score:5, Informative)
Re:How to harden an XP machine ? (Score:5, Informative)
You can also use Group Policy:
http://technet.microsoft.com/en-us/library/cc738867(v=ws.10).aspx [microsoft.com]
Many many thanks to all !! (Score:1)
Thanks for the informative info that you've so generously shared !!
Thanks again !!
Re: (Score:1)
| You can also use Group Policy:
| http://technet.microsoft.com/en-us/library/cc738867(v=ws.10).aspx [microsoft.com]
Or just cut out the middleman. If one downloads the fixit package the result is a ridiculous 1 MB .msi file, which merely runs a small, embedded VBScript, which changes a single Registry setting:
HKLM\System\CurrentControlSet\control\LSA\LMCompatibilityLevel
DWORD value: 3
Re: (Score:2)
Re: (Score:2)
XP Home don't have Group Policy.
Re: (Score:2)
Re:How to harden an XP machine ? (Score:4, Informative)
Re:How to harden an XP machine ? (Score:5, Funny)
How to harden those XP machines and make them use NTLM2 instead?
My blanket recommendation for hardening XP machines is to encase them in concrete.
Re: (Score:1)
How to harden those XP machines and make them use NTLM2 instead?
My blanket recommendation for hardening XP machines is to encase them in concrete.
But I sell Lucite computer encasement kits, you insensitive clod!
Re:It is called WIndows 7 (Score:5, Insightful)
It is time to get with the times.
Yes, I worked in corporate I.T. before and know all the tired arguments. The OS will turn 13 years old later this year. 13 years?!
Not to mention XP SP 3 after 800 or so updates is slower and not the speed daemon it once was as 9 out of 10 CPU cycles are work around exploits. Stop defining yourselves and your ego on an OS made by the same people who wrote IE 6?
The idea for security in XP is from the last century where all you needed is a good password. It lacks things a modern internet enabled OS have today. It is not a trendmill at this point nor is MS being evil to the mean old beancounters who refuse to see hidden costs and just licensing on a spreadsheet in excel. This story, the one on IE 6-8 being vulnerably last week on slashdot, and many others stating XP is so primptive because it doesn't have protected mode, ASLR, are DEP fully (only a few things have that on XP).
If you ask this because your IT department has no plans to upgrade then another job who treat your profession and seriousness with respect.. They are incompetent and when shit hits the fan and social security numbers are stolen you will get the blame as the cost center and be let go anyway.
It is obvious with the latest security issues in IE6, IE 7-8 (in non protected mode), XP, and now this that it is time to let it go instead of workaround it. Investing time and money into it is like investing cash into a car with 200,000 miles.
These costs are real and so are the liabilities. Grow a pair and sell yourself the cheap asshats at your company? You are not saving anything by keeping an outdated insecure infrastructure and it is not unreasonable to upgrade to a 3 year old OS.
Re: (Score:2)
Win is great for business, just turn off every bells and whistle and you will have an XP like experience.
OpenSUSE is better IMHO, but win7 should not be overlooked.
Recently did some work on a pristine Win8. It works just like Unity..
Re: (Score:1)
9 out of 10 CPU cycles are work around exploits
No.
Yes it is more bloated now than the initial release and slower as a result, not helped by all the stuff installed on it now which uses more CPU than an equivalent program would have used 15 years ago, plus your AV program probably is checking every file/web access (but not Windows itself). But...
It isn't consuming most of its time actively running additional code to prevent exploits. Almost every exploit is corrected by correcting the original code to fix the bug that allows a buffer/integer overflow etc
Re: (Score:2)
you may have worked in corporate IT but you have no clue. What is your source for wild ass claims like "9 out of 10 CPU cycles are work around exploits"? Oh, right, you pulled that out of your ass -- an invented statistic to try and make XP look bad. The problem with that claim is that it is patently false as is obvious not only to anyone with a clue about CPUs, application execution, or anything related -- but even to anyone who gives it a passing thought (for one, your assertion implies 1/10 the performan
Re: (Score:1)
"The claim that "security in XP is from the last century where all you needed is a good password" also shows your utter and complete ignorance of XP and security architectures"
Right, you mean how in XP there is an IMPERSONATION SERVICE where a user mode program can run with kernel mode priveldges and impersonate a critical service?!
No ASLR, limited DEP, no priveldge seperation in the code. Yeah, XP is last century security wise which is fine as other operating systems from the 20th century lacked those as w
Re: (Score:1)
"The claim that "security in XP is from the last century where all you needed is a good password" also shows your utter and complete ignorance of XP and security architectures"
Right, you mean how in XP there is an IMPERSONATION SERVICE where a user mode program can run with kernel mode priveldges and impersonate a critical service?!
No ASLR, limited DEP, no priveldge seperation in the code. Yeah, XP is last century security wise which is fine as other operating systems from the 20th century lacked those as well.
"you may have worked in corporate IT but you have no clue. What is your source for wild ass claims like "9 out of 10 CPU cycles are work around exploits"? Oh, right, you pulled that out of your ass -- an invented statistic to try and make XP look bad"
Yeah, I am making it look bad because in 2013 it is bad. You are telling me after 1,000+ exploits there is no performance penalty or advanced filtering for every input and i/o after 12 years? THe fact of the matter is XP ran good on 128 megs of ram on a Pentium II 300 mhz in 2001. Why can't I run it like this. The answer is because of +700 patches.
I look at XP like a boat with holes all over encased with 3 feet of bandaids. I have not looked at hte source code and neither have you. I do not have to rely on fake statistics. Look at the evidence of it today? I can not see how it is possible to fix all the exploits without breaking apps.
My only explanaition is double the code size and filtering out every i/o and input due to the architecture not being able to withstand the malware we have today. NTLM is yet another example, while IE 6 - 8 while still being patched is not being hacked as I typed this because it can not run in protected mode in XP.
XP never once ran good on 128mb's of ram. Window 98 maybe, but not 2000 or XP. 512MB minimum for solid performance.
Re: (Score:2)
No ASLR, limited DEP, no priveldge seperation in the code. Yeah, XP is last century security wise which is fine as other operating systems from the 20th century lacked those as well.
ASLR was first implemented in July 2001, as part of the pax patch for linux... So it's about as old as XP.
The idea of DEP was partially implemented much earlier, SunOS 4.x and Digital Unix 3.x had non executable stack areas, Linux had a patch to implement such too, it wasn't until much later that AMD implemented direct hardware support for non executable pages on x86, but it was effectively emulated in software long before that.
The idea of layers of filtering slowing down XP is ridiculous, that would be suc
Re: (Score:1)
Anyone have a Gibberish-English dictionary?
Re: (Score:1)
You worked in corp IT and you think it is as easy as flipping a switch to make the change? Unlike the home enthusiast who doesn't mind learning the in/outs of a new OS many corporate users are task focused. The computer is a tool the same as a phone. For better/worse those users have no more interest in how the computer works than I have in the innards of my car's manual transmission. As long as it works I'm happy. If it doesn't I see an expert. You may consider the change from Win XP to Win 7 to be minor but for millions of corporate users any change can be huge and require training which is a double whammie of cost and lost productivity time. From a TCO perspective it is much cheaper to patch and manage than upgrade. The benefits of Win 7 are intangible to the end corporate users.
13 years is not the same timeframe as flipping a switch. From a TCO being hacked is very high as well as all sorts of security issues and not being able to log onto vendor/client portals, not being able to read Photoshop, autocad, and office 2013 files from users and other vendors, suppliers, and customers. XP already is getting more expensive to maintain than to keep current and it will get worse and worse.
As an IT professional it is your responsibility to keep your infrastructure secure and up to date. If
Set Samba to require NTLMv2 hashes (:-)) (Score:3)
See https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#NTLMAUTH [samba.org]
If you set ntlm auth = no, then Samba will reject plain NTLM and require either NTLM v2 (the normal case) or LANMAN (if you have bizzarely backdated your XP box). There is a risk that some software w2ill fail, so it's probably best if you create a pair of virtual servers, and set one up to use NTLMv2. As you find out what fails, you can move the unbroken services to the v2 server.
--dave
Comment removed (Score:4, Insightful)
Re:Thanks alot.... (Score:4, Insightful)
I already replied to someone saying the best way to harden XP is called Windows 7.
I do not understand the strange obsession of keeping XP. Does it save money. No.
Geeks with aspergers lack the social skills to grow a pair and tell the cost accountants they are morons as if these companies who handle customer social security numbers, credit numbers, and other things with their billing department are ripe pickings with XP.
XP has been proven time and time again to be old, insecure, and has security features from a different era. It comes with IE 6. I mean did MS really make it that secure? Oh it is password protected. THat is good enough ... check.
IE 6 - 8 are being exploited right now under XP because it lacks protected mode and even the Mr. Fixit from that exploit has already been circumvented. But those on XP claim they are saving money and how great and secure their OS is that wont listen. Just because it runs on machines with 256 megs of ram doesn't mean it is supperiorly coded and of high quality. THe misinformation many supposedly IT professionals are astounding.
I should start bookmarking these so when someone mods me down and says how great XP is and why change to an inferior bloated OS like win 7 I can cite this and the IE 6 -8 hole links?
Re: (Score:2)
Just because it runs on machines with 256 megs of ram doesn't mean it is supperiorly coded and of high quality.
XP SP3 doesn't even cut that anymore. A bare installation hovers around 384 megs already.
Re: (Score:2)
of course, anyone taking your advice has their head screwed on wrong. Maybe your going about your advice wrong. First, try to learn something about the topic on which you want to give advice. Second, don't insult the people you are talking to at every turn. You really like the phrase "grow a pair", for example. Grow up.
Of course, the same criticism could be leveled at this post. Except I'm not trying to give you advice, just pointing out why your "sage advice" is falling on deaf ears.
Re: (Score:1)
Another thing about XP - any computer purchased in the past ~3 years is going to come with Windows 7. You can get Core i5 Lenovo laptops with 8gb ram for ~$600-$700. Yes, it costs money, but if your org is running computers from 2005, it's probably worth upgrading anyway, unless you have a valid reason for sticking with XP (e.g. your users run software that requires XP and won't run on Win7).
At my last job, cost was one of the barriers to upgrading to Win7. But we pitched it as a hardware upgrade - movin
Re: (Score:2)
Re: (Score:2)
This "Strange obsession" is called backwards compatibility...
Companies have lots and lots of very poorly written software which was designed to run on XP, and doesn't work (the same) on anything else. The reasons why it doesn't work are varied, some just refuses to run when it detects a version it doesn't recognise while others depend on the weaker security model of XP or other such things, while some software mostly works but some features are broken or behave differently.
The cost of testing all this softw
Re: (Score:2)
The cost of testing all this software, and replacing what doesn't work is HUGE both in terms of money and man hours.
Eventually the cost of cleaning up the messes script kiddies make every time they pwn one of your XP machines (and lost business that comes with constantly sending out those "sorry, our security sucks, and now your name, password, credit card numbers, and social security number are on pastebin." messages to customers) will be HUGE-er.
Re: (Score:2)
Re: (Score:1)
lol. Yeah, wikipedia said it, it has to be true. Oh, wait... you didn't even read the complete subsection of the wikipedia article. Your position in IT management awaits.
Re: (Score:2)
I have been noticing this a lot lately but I decided to offer this friendly little help to you:
depreciated is not the word you are wanting to use. The word that you actually want is deprecated.
http://en.wikipedia.org/wiki/Depreciation [wikipedia.org]
http://en.wikipedia.org/wiki/Deprecation [wikipedia.org]
Cheers :)