lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D2741CF@pivxwin2k1.secnet.pivx.com>
From: thor at pivx.com (Thor Larholm)
Subject: Backdoor not recognized by Kaspersky

> From: Larry Seltzer [mailto:larry@...ryseltzer.com] 
>>if you can read the users login credentials to his corporate 
>>mailserver you are far better off.

> Rather casually put. How would you do this? I've heard how 
> Swen asks the user for their credentials, but if you know a 
> general crack for obtaining them I'd say that's news.

I wouldn't call it news, try googling for "Outlook Express Password
Recovery" and you will find numerous commercial solutions that
programmatically give you the password. It's stored in a key called
Password2 under HKEY_CURRENT_USER\Software\Microsoft\Internet Account
Manager\Accounts\00000001 where 00000001 is the account number.

The same applies to Outlook and any other mail application that allows
the user to store their password locally. Since POP3 and SMTP are
plaintext protocols the login credentials need to be stored in a form
that can have them decrypted.



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ