Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Whitespace in passwords

from [Steve.Cummings] Network Security [Permanent Link]
Subject: RE: Whitespace in passwords
Date: Wed, 21 Sep 2005 08:27:29 +0100 
I never said that I didn't agree with you but the alt system in my book is a 
more useful way of protecting passwords than 14 character password etc 


Regards

Steve Cummings
Barclays Capital
DDI 0207 773 4245

-----Original Message-----
From: Craig Wright [mailto:cwright@bdosyd.com.au] 
Sent: 21 September 2005 07:32
To: Cummings, Steve: IT (LDN); BMcAninch@PENSON.COM; pen-test@securityfocus.com
Cc: pand0ra.usa@gmail.com
Subject: RE: Whitespace in passwords

John was a tool which was good a decade ago

The tools have moved on - just because not everyone here has used precomputed 
tables and quadratic methods does not mean that an attacker does not know of 
them. I am sure that Barclays Capital has enough of a presence to attract the 
corporate criminal type...

I reiterate - the real issue is to stop an attacker getting this info in the 
first place.

Secure Server plus secure client settings in group policy on a MSFT network and 
this is no longer an issue. "An Ounce of Prevention is worth a pound of cure"...

Craig 

-----Original Message-----
From: Steve.Cummings@barclayscapital.com 
[mailto:Steve.Cummings@barclayscapital.com]
Sent: 21 September 2005 3:37
To: Craig Wright; BMcAninch@PENSON.COM; pen-test@securityfocus.com
Cc: pand0ra.usa@gmail.com
Subject: Re: Whitespace in passwords

Try the password of your choice with alt 255 in the middle currently things 
like lopht and john don't get near it
 

-----Original Message-----
From: Craig Wright <cwright@bdosyd.com.au>
To: Cummings, Steve: IT (LDN) <Steve.Cummings@barclayscapital.com>; 
BMcAninch@PENSON.COM <BMcAninch@PENSON.COM>; pen-test@securityfocus.com 
<pen-test@securityfocus.com>
CC: pand0ra.usa@gmail.com <pand0ra.usa@gmail.com>
Sent: Tue Sep 20 20:27:52 2005
Subject: RE: Whitespace in passwords

HI
 
1st it does not make them untouchable
 
Next, MOST applications do not accept Alt+xxx based passwords - very few users 
will use them as well
 
Do your users authenticate via a Radius systems, the web...? Any of these will 
not accept Alt+xxx chars.
 
Most users will have issues using this
 
the following does not make a very memerable password - see how often it is 
remembered?
¦ß?|?O11s
 
Craig

        -----Original Message----- 
        From: Steve.Cummings@barclayscapital.com 
[mailto:Steve.Cummings@barclayscapital.com] 
        Sent: Wed 21/09/2005 2:41 AM 
        To: Craig Wright; BMcAninch@PENSON.COM; pen-test@securityfocus.com 
        Cc: pand0ra.usa@gmail.com 
        Subject: Re: Whitespace in passwords
        
        
        Why aren't alt characters feasible alt255 is an easy one for anyone to 
remember and if the policy for passwords dictates the requirement then most 
large firms would accept this especially if it made the password in the current 
view untouchable for the for seable future
        
        




------------------------------------------------------------------------
For more information about Barclays Capital, please visit our web site at 
http://www.barcap.com.


Internet communications are not secure and therefore the Barclays Group does 
not accept legal responsibility for the contents of this message.  Although the 
Barclays Group operates anti-virus programmes, it does not accept 
responsibility for any damage whatsoever that is caused by viruses being 
passed.  Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the Barclays Group.  Replies to this email 
may be monitored by the Barclays Group for operational or business reasons.

------------------------------------------------------------------------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Windows XP SP2 and Security Tools, Suramya Tomar
Next by Date:  Re: Whitespace in passwords, Steve.Cummings
Previous by Thread:  Re: Whitespace in passwords, Sahir Hidayatullah
Next by Thread:  Re: Whitespace in passwords, Steve.Cummings
Indexes:  [Date] [Thread] [Top] [All Lists]