Dangerous USB

As all who read here (both of them) know, physical access to a computer and time can always get you all the info on the computer. But now I have a much scarier realization: it is quite possible that a thief (intruder?) could pop in, be at the computer for no more than a second, and be on their way. It is unlikely that the owner will realize as I steal their data over the next few hours. Then the thief pops back in, catches the device, runs out, and the owner never realizes. Doesn’t it sound awesome? Doesn’t it sound like a huge security risk? Yeah. It is. Read the rest of this entry »


Windows Password Security- Part 3

As I recall, I was talking about hashes. The answer to yesterday’s question is that you can; one program that allows you to do this is called fgdump. It takes the hash and directly logs in, without using the login screen. I’m pretty sure that this is the end of the series.

Windows Password Security- Part 2

Where was I? Oh, yes rainbow tables. Rainbow tables are massive tables with many different hash-password combos. Using this, ophcracker reads the hash Windows has stored and finds it on the table, with the matching passwords. Now you may ask why one might not read the hash and simply use that. And that is a valid question, and hopefully a valid answer will be in the next post.

Windows Password Security- Part 1

Ophcracker is a free windows password breaking program. It uses rainbow tables to find which hashes have which passwords. But I’m getting ahead of myself by now.

Windows does not store passwords as plain text files, because programs could read them and the password would be moot. Instead, Windows stores passwords as hashes, which are derived from the password but there is no way to tell from the hash what the password is- unless you use rainbow tables. That’s it for today, tune in tomorrow!

Windows Password Security- Disclaimer

Disclaimer: While this series of posts may include information that could be used for illegal purposes, that is not what I had in mind while writing these posts. Instead, I meant for it to be an educational post about the feasiblity of hacking and allowed you to decide to use this information best.

This series will update around once a day, and I know the next two posts will be at noon on the 25th GMT (or 7:00 Eastern time) WITHOUT daylight savings (for all you folks ’round the equator) and the next will be at noon the next day.

IMPORTANT: Windows is not the only OS to be vulnerable to these hacks, but I am working with windows only. ALL OS’s are vulnerable to the likes of fgdump (explained in third entry)

Windows 7 and Vista crash via SMB exploit

Here is where I first saw the exploit: http://hackaday.com/2009/09/09/windows-7-and-vista-crash-via-smb-exploit/

Microsoft’s release, with helpful information on what it is and how to fix it, is here: http://www.microsoft.com/technet/security/advisory/975497.mspx

Test if your computer is affected here: http://sinisterware.blogspot.com/2009/09/smb-check.html

SMB: Server Message Block Only computers with SMB 2.0 are affected.

<writers block, forcing forward, quality not tested>

This vulnerability can lead to to remote code execution, which is not good. If you are lucky, you only get BSODed.

Man in the Middle

This post is about Man in the Middle (hereby refered to as MITM) attacks. MITM refers to the hacker, with computer C, tapping the line between computer A and computer B. If there was not any previous connection between A and B, C can see all communication, no matter the security. Let us imagine a simplification. A says “let’s use algorithm X” B sees this and says, in algorithm X, “OK, here’s your webpage”. C sees A changing the algorithm and decrypts all traffic in algorithm X, seeing the webpage. I can see no way to get around this other than A) send the information along a different path or B) if the hacker taps the conversation after it has started. If anyone knows another way, please comment.