Security UPDATE--Password Cracking Made Easy--November 16, 2005

1. In Focus: Password Cracking Made Easy

2. Security News and Features

- Recent Security Vulnerabilities

- Windows Defender: Coming to a PC Near You

- Westchester County NY Might Make Unsecured Wi-Fi Illegal

- Trojan Cloaked Behind Sony DRM

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

4. New and Improved

- Security Suite Adds Support for SQL Server 2005

==== Sponsor: BindView ====

Free Security Compliance Reality Check

Get a quick reality check of your IT security compliance for specific regulations by running this FREE Compliance Assessment Tool. You'll get an overall "compliance score" as an example of how BindView solutions can help you monitor and report on compliance--all through a single compliance architecture for managing multiple regulations.

Download your free Compliance Assessment Tool for each of these regulations:

Sarbanes-Oxley FISMA HIPAA GLBA Basel II

Payment Card Industry--Data Security Standard

http://list.windowsitpro.com/t?ctl=15344:21054

==== 1. In Focus: Password Cracking Made Easy

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Many of you probably test the strength of your users' passwords now and then to ensure that people are picking something strong enough to resist attack. Others of you might test password strength as part of your consulting services for various customers. Of course, sometimes you might need to recover a lost password, in which case you need a password cracker.

Several tools that attempt to crack passwords of various types are available, including LCP (at the first URL below) and John the Ripper (at the second URL below). Both these tools can brute-force guess passwords; however, they can take some time, depending on the complexity of the password. Another tool, pwdump2 (at the third URL below), dumps password hashes from within Active Directory (AD) or the Windows SAM database. You'll need pwdump2 or a similar tool to use LCP or John the Ripper.

http://www.lcpsoft.com

http://www.openwall.com/john

http://www.bindview.com/Services/razor/Utilities/Windows/pwdump2_readme.cfm

Another method of cracking passwords is to use rainbow tables, which are sets of possible password hashes and their precomputed plain text equivalents. Having the hashes computed ahead of time saves a lot of time when password cracking because then the cracking software just needs to find the hash of the unknown password in the tables. Once the hash is found, the plain text version of the password is also found. The downsides to this approach are of course the lengthy computation time required to create the tables and the storage requirements for the tables, which can be in the hundreds of gigabytes, depending on a variety of parameters including possible password lengths, character sets, and hash algorithms.

Tools are available to produce rainbow tables. One toolkit, called RainbowCrack, includes tools to generate and sort rainbow tables and a tool to discover an unknown password--assuming of course that you have a copy of the password hash.

http://www.antsight.com/zsl/rainbowcrack

If you don't want to generate your own tables, you can buy precomputed tables or use the recently launched RainbowCrack-Online, a subscription service that can crack your passwords for a fee. The fee, which can range from $29.95 per month to $2499 per year, depends on the number of passwords you want to crack and the length of time you want to use the service. As you would guess, the service uses massive rainbow tables to make password discovery relatively quick.

Using the service to test password strength is probably not practical in many cases. However, you could use the service to discover unknown passwords for a variety of systems because the service supports passwords hashed with LAN Manager, NT LAN Manager (NTLM), Message Digest 5 (MD5), Message Digest 4 (MD4), Secure Hash Algorithm 1 (SHA1), Cisco PIX, and MySQL. Check it out at the URL below.

http://www.rainbowcrack-online.com/

==== Sponsor: Panda Software ====

All the infamous big-name viruses did most of their damage while still new and unknown by antivirus signature files. The Virus, Trojan, Worm, or Hack most likely to pierce your security is one that will not be recognized by your antivirus signature files at the time of the attack. How do you defend your network against smarter, faster, internet-borne malware and zero-day attacks? Download this whitepaper and learn about state-of-the-art Intrusion Prevention Systems that can accurately detect and block threats with virtually zero false-positives, even before protection updates are created.

http://www.windowsitpro.com/go/whitepapers/panda/stopcrimeware?code=secmid1116

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Windows Defender: Coming to a PC Near You

Microsoft's Windows Defender product will soon enter its next beta stage and will eventually move onto computers at large. What, you never heard of Windows Defender? That's because it's the new product name for the current Windows AntiSpyware solution, which is based on technology Microsoft acquired when it purchased GIANT Software. Learn about some new features in this news article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/48367

Westchester County NY Might Make Unsecured Wi-Fi Illegal

A newly proposed law in New York state aims to make it illegal to operate unsecured hotspots in an effort to "protect the public from crimes such as identity theft and other consumer fraud." The law, proposed by Westchester County Executive Andy Spano, would require businesses that operate hotspots to take at least some basic security precautions to protect information as it travels over their networks.

http://www.windowsitpro.com/Article/ArticleID/48354

Trojan Cloaked Behind Sony DRM

Sony's Digital Rights Management (DRM) technology caused an uproar due to its ability to hide itself as well as its difficult removal process. Now at least one Trojan horse program is using Sony's DRM cloaking technology to hide on people's systems.

http://www.windowsitpro.com/Article/ArticleID/48427

==== Resources and Events ====

Avoid Email Armageddon

A computer failing is a fact of life--but there's a difference between a business-ending catastrophe and a minor annoyance. In this free Web seminar, learn what you can do to avoid a messaging meltdown. You'll get the right tools, tips and training that you need to avoid a messaging meltdown when an outage strikes. Register today at:

http://www.windowsitpro.com/go/seminars/messaging/?partnerref=1116emailannc

Get the facts about deploying SQL Server 2005!

SQL Server experts will present real-world information about administration, development, and business intelligence to help you put SQL Server 2005 into practice and how to use its new capabilities to improve your database-computing environment. Receive a one-year membership to PASS and one-year subscription to SQL Server Magazine. Register now at:

http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=1116emailannc

Accelerate Time to Recovery with Minimal Data Loss

Learn how to meet RPO (Recovery Point Objectives) and RTO (Recovery Time Objectives) with a continuous, real-time backup system. In this free, on-demand Web seminar, you'll discover how to roll back data to any point in time--not just to the last snapshot or backup!

http://www.windowsitpro.com/seminars/continuousbackup/index.cfm?code=1116emailannc

Get the Most from Your Infrastructure by Consolidating Servers and Storage

Improved utilization of existing networking resources and server hardware lets you allocate money and time where they're needed most. In this free Web seminar, learn to optimize your existing infrastructure with the addition of server and storage consolidation software and techniques. You'll get the jumpstart you need to evaluate the suitability and potential of your computing environment for the added benefits that consolidation technology can provide.

http://www.windowsitpro.com/go/seminars/serverconsolidation?partnerref=1116emailannc

Free Tools to Stop Internet Attacks

Your network users' negligent or inappropriate activity is often the entry point for Internet criminals to access your systems. In this free Web seminar, you'll learn how to effectively implement policy, user training, and technology to mitigate Internet risks. You will take away free tools to help you analyze threats and create Acceptable-Use Policies (AUPs). Register now at

http://www.windowsitpro.com/seminars/internetsecurity/index.cfm?code=1116emailannc

==== Featured White Paper ====

Protect and Manage Instant Messaging

85% of businesses use IM to improve communication and reduce email usage. In this free white paper, learn how to protect your company and implement a managed IM security solution! Download your free copy now at

http://www.windowsitpro.com/go/whitepapers/postini/instantmessaging?code=1116emailannc

==== Hot Release ====

Meeting Enterprise Management Needs: The Integration of Microsoft SMS 2003 and Afaria

Learn about the capabilities offered by the integration of Microsoft SMS 2003 and Afaria. In this free white paper you'll learn about new functionality and benefits of Microsoft SMS specifically targeted to improving management of remote and mobile devices, challenges of managing frontline systems, how the combined solution creates value around the successful use of technology at the front lines of business and more.

http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=sechot1116

==== 3. Security Toolkit ====

Security Matters Blog: Clean Up or Get Cleaned Out

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Those lacking adequate security-related defenses sometimes learn lessons the hard way and at a hefty price. A simple antivirus program (which anybody can get for free these days) could have prevented a nightmare scenario in which a couple's life savings was pilfered from their E*TRADE account. Read all about it in this blog entry on our Web site.

http://www.windowsitpro.com/Article/ArticleID/48345

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I check the password of the IUSR and IWAM local accounts on a machine?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/48361

Security Forum Featured Thread: HKEY_CURRENT_USER Write Issue

A forum participant uses a logon script to write proxy parameters to the HKEY_CURRENT_USER registry subkey for each user. He has some users that travel between offices and the logon script can't write the subkey values to the registry for those users the way it does for everyone else in the company. To learn more details about the problem and propose a solution, go to:

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44479&enterthread=y

==== Announcements ====

(from Windows IT Pro and its partners)

VIP Monthly Online Pass = Quick Answers

Sign up for a VIP Monthly Online Pass and get online access to ALL the articles, tools, and helpful resources published in SQL Server Magazine, Windows IT Pro, Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security. You'll have 24/7 access to a database of more than 25,000 articles that will give you all the answers you need, when you need them. BONUS--Includes the latest issue of Windows IT Pro each month. Sign up now for just US$29.95 per month:

https://store.pentontech.com/index.cfm?s=1&promocode=eu275buv

Save up to $30 off Windows IT Pro

You won't want to miss any of Windows IT Pro's upcoming fall issues! Subscribe now and discover the best ways to plan for Longhorn, the need-to-knows of VBScript, ways to make sense of SQL Server, the 10 Security Tools You Can't Live Without, Vista launch essentials, and much more. You'll also gain exclusive access to the entire Windows IT Pro online article database (more than 9,000 articles), and you'll save up to $30 off the full cover price. Click here:

https://store.pentontech.com/index.cfm?s=1&promocode=eu205bum

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Security Suite Adds Support for SQL Server 2005 Lumigent Technologies announced that its Information Security Management (ISM) Suite has new features that support Microsoft SQL Server 2005. The new features are in ISM Suite's Lumigent Vulnerability Manager DB 3.0 component. Lumigent Vulnerability Manager DB 3.0 helps organizations identify and remediate vulnerabilities before they're exploited. ISM Suite's other component, Lumigent Audit DB 3.0, continuously monitors and audits changes to data and database environments. For more information, go to

http://www.lumigent.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]