Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Windows XP / 2K3 Default Users
From: Peter Wood <peterw () firstbase co uk>
Date: Wed, 01 Nov 2006 09:05:48 +0000

At 17:27 31/10/2006 -0700, Thor wrote:
<snip>
>Maybe I'm just in a different environment, but when I see people report
>"routine" cracking SAM's, it really makes we wonder who the client-base is.
>I think the last time I was paid for any work with LM cracking was over 10
>years ago.  I've been turning off LM since Win2k came out, and have been
>telling people to use pass-phrases instead of passwords since Win2000
>allowed 126 character passcodes. Even something as simple as "my dog has
>fleas" couldn't be rainbow cracked with anything I've seen out there.  Of
>course, when you have a pass phrase like "OK, this is my passphrase--crack
>THIS 1 homeboy!" Then the whole thing goes out the window.
<snip>

Hi Thor

We are professional penetration testers based in the UK but working worldwide, with large corporate clients (many international) in all industry sectors. I conduct a large number of on-site penetration tests every year. To date I have yet to find one client who has consistently implemented Windows passwords/phrases longer than 14 characters and the vast majority have *no* passwords longer than 14. None of these clients have turned off LM compatibility in policy either. I give regular talks at (non-hacker) conferences and find most people have no idea about this issue, despite what you and I both know and have known since W2K came out.

best wishes
Pete

-----------------------------------------------------------------
Peter Wood FBCS CITP FIMIS MIEEE CISSP
Chief of Operations
First Base Technologies
tel: +44 1273 454525
mob: +44 7774 239915
www.fbtechies.co.uk
www.white-hats.co.uk


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault