Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - NTLM 100 Percent Broken Using Hashes Derived from Captures (

uCallHimDrJ0NES writes: Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a "white hat" has researched and exposed the how-to details for us all to enjoy. Microsoft has posted a little guidance for those who need to turn off NTLM: Have fun explaining your new security project to your management, server admins!
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

NTLM 100 Percent Broken Using Hashes Derived from Captures

Comments Filter:

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (8) I'm on the committee and I *still* don't know what the hell #pragma is for.