Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - NTLM 100 Percent Broken Using Hashes Derived from Captures (blogspot.com)

uCallHimDrJ0NES writes: Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a "white hat" has researched and exposed the how-to details for us all to enjoy. Microsoft has posted a little guidance for those who need to turn off NTLM: http://support.microsoft.com/kb/2793313. Have fun explaining your new security project to your management, server admins!
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

NTLM 100 Percent Broken Using Hashes Derived from Captures

Comments Filter:

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.

Working...