http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspxWindows provides the best platform for security solutions. So I said . Now, let's imagine the perfectly secure enterprise. Everyone is using smart cards to log on to the systems - user passwords aren't used at all. AD, Kerberos and SSL where applicableenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#892300Sun, 06 May 2007 10:59:06 GMTd67277c4-116b-43f1-b688-e9ef184ea916:892300Robert<p>Yes, Paul Ashton posted something into mailinglists in around 1998. I have been spoking about the concept since 1999 in different conferences. </p> <p>But generally available Linux/SAMBA tools are newer than the POCs I meant.</p> <p>Original public concept for Windows tools was released by Hernan Ochoa, in year 2000. The tool he did was a Windows tool. </p> <p>Earlier to this, Dominique Brezinski and Eric Schultze did local SAM database writing directly, Foundstone spent some time to demo this Core's Windows tool in 2000-2001 mainly in USA conferences. I also heard concept was demoed with a Windows tool, in a conference held in Finland around December 2003, and a year after as well. So nothing new in that sense either - seems that what goes around, goes around.</p> <p>Passing the hash works because that is how protocol was designed. Vectors how to do it...that is another story. </p> <p>Take care,</p> <p>Rob</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=892300" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#888636Thu, 03 May 2007 06:24:59 GMTd67277c4-116b-43f1-b688-e9ef184ea916:888636Slav<p>Yes, I have found few mentions of Linux/SAMBA tools searching for &quot;pass the hash&quot;.</p> <p>I wonder why Microsoft decided to do nothing. Perhaps they see the need to become local system equivalent the root issue - but the ways to collect NTLM hashes aren't limited to that. Some additional threat modeling needs to be done.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=888636" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#877450Wed, 25 Apr 2007 04:55:17 GMTd67277c4-116b-43f1-b688-e9ef184ea916:877450Robert G<p>Hello,</p> <p>This technique is old. There has been public information about using hash since 1998, both in form of POC and whitepapers.</p> <p>Take care,</p> <p>Rob</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=877450" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#814327Mon, 16 Apr 2007 11:02:09 GMTd67277c4-116b-43f1-b688-e9ef184ea916:814327Risque Management<p>Security of PINs (Personal Identification Numbers) that are used in your debit and credit cards is an</p> <img src="http://msmvps.com/aggbug.aspx?PostID=814327" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#689837Sun, 18 Mar 2007 01:14:13 GMTd67277c4-116b-43f1-b688-e9ef184ea916:689837Risque Management<p>The title of this posting comes from Marcus Murray's blog. Marcus blogged in great detail about the NTLM</p> <img src="http://msmvps.com/aggbug.aspx?PostID=689837" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/03/15/the-weakest-link.aspx#682687Thu, 15 Mar 2007 18:14:19 GMTd67277c4-116b-43f1-b688-e9ef184ea916:682687Windows Security Blogs » Blog Archive » The weakest link<p>PingBack from <a rel="nofollow" target="_new" href="http://winblogs.security-feed.com/2007/03/15/the-weakest-link/">http://winblogs.security-feed.com/2007/03/15/the-weakest-link/</a></p> <img src="http://msmvps.com/aggbug.aspx?PostID=682687" width="1" height="1">