lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <096A04F511B7FD4995AE55F13824B833119756@banneretcs1.local.banneretcs.com>
Date: Sat, 27 May 2006 08:07:35 -0400
From: "Roger A. Grimes" <roger@...neretcs.com>
To: <feedb4ck@...k.org>, <bugtraq@...urityfocus.com>
Subject: RE: LM hashes in a hot-desking environment


If you have enough access and time to pwdump somebody's computer, you
have physical access for every other computer crime you could think of.
You can plant a trojan, put in a backdoor, format the drive, set it
afire.

If you're attack scenario begins with 'I have physical local access to
the computer with admin credentials', you can't just mention one
scenario as what we should be afraid of. The problem isn't the pwdump
threat, it's the unmonitored physical access to a machine with admin
credentials.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@...oworld.com or roger@...neretcs.com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************

 

-----Original Message-----
From: feedb4ck@...k.org [mailto:feedb4ck@...k.org] 
Sent: Thursday, May 25, 2006 9:47 AM
To: bugtraq@...urityfocus.com
Subject: LM hashes in a hot-desking environment

Although it is a well known fact that Windows desktops and servers still
use LM Hashes and cache the last ten userids and passwords locally, just
in-case an Active Directory, Domain, or NDS tree are not available, has
anyone thought about the consequences of this issue in a hot-desking, or
flexible working environment?

With the increasing cost of real-esate, many corporates are beginning to
look into hot-desking, where users share desk-space and in most cases a
desktop PC.

In large corporates it may be the case that a user is now sitting next
to someone for a short period of time that they have never seen before,
affording greater opportunity for someone undertaking an attack to go
un-noticed or unchallenged.

The speed and ease with which an attacker in this scenario can obtain
other users logins, which may afford them access to a greater chunk of
the
network is quite frightening.   PWDUMP to extract the SAM database,
remove
the file using a USB key, and crack at your leisure...usually very
quickly.

Now, I know what everyone is saying, wait a minute, for PWDUMP to work
you
need to be administrator to the local machine.   But think again, how
often is this the case?  Many companys only look to restrict network
access - as restricting local access may cause issues with applications
which need to access the local drive.

This is also a potential issue at drop-in centres where corporate users
from the IT staff to sales and HR staff all use the systems for a short
spell.

My thinking is that prior to any hot-desking roll-out it is imperative
that these issues are taken into consideration and dealt with, otherwise
who knows who will be using your login id tomorrow!

Any thoughts?

K Milne
Infosec Professional
Author of Z4CK and Digital Force
http://www.z4ck.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ