RSS Feed
News
Jul
26
Stop pass-the-hash attacks before they begin
Posted by Roger A. Grimes on 26 July 2011 12:00 PM

Oh how I long for the days of hackers simply cracking password hashes. Defending against that technique required only three steps: First, protect your password hashes from being stolen. Second, use strong password hashes. Third, make your passwords long enough to prevent easy cracking.

These days, cracking password hashes is passé. Today's hackers are all about pass-the-hash (PTH) attacks. With PTH attacks, the bad guys steal the hashes -- either from the password-hash-storage databases or from memory -- and reuse them to create brand-new authenticated sessions.


Read more »



Jul
26
Stop pass-the-hash attacks before they begin
Posted by Roger A. Grimes on 26 July 2011 12:00 PM

Oh how I long for the days of hackers simply cracking password hashes. Defending against that technique required only three steps: First, protect your password hashes from being stolen. Second, use strong password hashes. Third, make your passwords long enough to prevent easy cracking.

These days, cracking password hashes is passé. Today's hackers are all about pass-the-hash (PTH) attacks. With PTH attacks, the bad guys steal the hashes -- either from the password-hash-storage databases or from memory -- and reuse them to create brand-new authenticated sessions.


Read more »




Help Desk Software by Kayako Fusion