[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Isn't it a security hole...

Guy Maor wrote:

>> Truly cracking a passwd file would take more than "a bit of time".  Or
>> Maybe you're an extremely patient person.

It may take a while in general, but poor maintenance and naive password
choice often leads to surprising results - besides, the increase in
low-cost high-power CPUs are narrowing the gap. The following excerpt
from 'How to improve the security of your site by breaking into it' by
Dan Farmer and Wietse Venema illustrates this point:

After receiving mail from a site that had been broken into from one of
our systems, an investigation was started.  In time, we found that the
intruder was working from a list of ".com" (commercial) sites, looking
for hosts with easy-to steal password files.  In this case,
"easy-to-steal" referred to sites with a guessable NIS domainname and an
accessible NIS server.  Not knowing how far the intruder had gotten, it
looked like a good idea to warn the sites that were in fact vulnerable
to password file theft.  Of the 656 hosts in the intruder's hit list, 24
had easy-to-steal password files -- about one in twenty-five hosts!  One
third of these files contained at least one password-less account with
an interactive shell.  With a grand total of 1594 password-file entries,
a ten-minute run of a publically-available password cracker (Crack)
revealed more than 50 passwords, using nothing but a low-end Sun
workstation.  Another 40 passwords were found within the next 20
minutes; and a root password was found in just over an hour. The result
after a few days of cracking: five root passwords found, 19 out of 24
password files (eighty percent) with at least one known password, and
259 of 1594 (one in six) passwords guessed.

>Casper Boden-Cummins.

Reply to: