What is Digg?Sponsored by Sony Pictures
Watch a scene from 2012, in theaters November 13 view!
whowillsurvive2012.com - Get ready for the biggest event in history – the end of time. How will you survive? 2012- opening 11/13
33 Comments
- sockpuppets, on 10/12/2007, -0/+24Why is that a prerequisite? I digg things when I'm busy to come back to them later. How people use digg is up to them.
- darkliquid, on 10/12/2007, -0/+11If you don't know about something how are you supposed to defend against it? Security through obscurity is hardly an effective tactic. The most basic lesson is to use a better password than "password". Use a sentence.. use a phrase.. use a poem.. anything you remember. Just make sure it's longer than 15 characters.. Don't call things moronic when you don't understand them. :(
- securitydude, on 10/12/2007, -1/+12Great article...very indepth and detailed...I agree that this is one of the definitive works on password cracking...Thanks!
- kd1s, on 10/12/2007, -0/+8Save yourself the hassle - get the ophcrack iso and run it on your windows box. It bagged my mixed case alpha, numerical and symbol containing password in less than 20 minutes.
Truly scary stuff. I brought this into the computer lab at my alma mater and showed the sysadmins how easy it would be to crack admin passwords on their Win XP boxes. On those machines it took approximately 5 minutes to crack because the used simple alpha lowercase passwords of 6 characters.
I also ran it on many machines in my office. But to be honest, in any office environment you don't need to brute force the passwords. Just get to know people, do a little social engineering and you'll find that passwords are most likely a) kids names, b) spouse names c) pet names and so on. - lsochris, on 10/12/2007, -0/+7as the author...
if you have the ability to get the password hashes from the system you are either 1)admin on the box and are supposed to be able to test the strength of your passwords or 2) an attacker already has gained enough privileges on the box to drop the hashes and you have much bigger problems on your hands.
either way, showing people the danger of weak passwords is an ok thing in my opinion, weak passwords have continued to be the weakest length for quite awhile and will be until everyone moves to some sort of multifactor authentication. - sockpuppets, on 10/12/2007, -2/+8http://www.duggmirror.com
- eplawless, on 10/12/2007, -0/+5If there is a mechanism to do so then yes, do it. If the information is made widely available steps will be taken to ensure its obsolescence.
- grumpyrain, on 10/12/2007, -0/+5no, the point is to show the reality rather than the users assuming that they can use 'password' and it can't be cracked.
- smb3d, on 10/12/2007, -1/+5It's just you
- grumpyrain, on 10/12/2007, -0/+4As briefly mentioned in the article, the use of salt characters greatly increases the cost of creating rainbow tables. It also helps to prevent the hacker from knowing that two users have the same password.
Remember that back in the days of Windows 95, you had between 500MB and 4GB hard drives, and at best 300MHz processors. Creating 60GB rainbow table would take months of CPU and a room full of hard drives, and win95 would crash after 49 days ;). But think about where computers will be in 10 years time. Chances are your mobile phone will have enough storage to hold such a table, and enough power to calculate them in hours. It may only take minutes on processors then.
I can tell you now that it takes a few minutes to run every word in the english dictionary through SHA-1. With design flaws like the ones in LM, never use a dictionary word. Unless they have a lot of time on their hands or you are holding something very important, if you do not have a poorly chosen password, there is a good chance they will move on. - antdude, on 10/12/2007, -1/+4Or http://duggmirror.com/security/Tutorial_All_You_Ever_Wanted_to_Know_About_PW_Cracking_and_Rainbow_Tables/ if referrals are blocked.
- dacheetah, on 10/12/2007, -0/+3I've played with ophcrack, and it's scary fast at cracking Windows passwords.
I showed my dad, and it cracked his all lowercase 7 character password in less than a minute. The only reason I havn't used it at uni is because I don't feel like working on getting the machine to boot from a CD, since the bios has been set not to boot from anything but the HDD, and is password protected. While I'm sure that's easy enough to get around, it's enough of a deterrent that I couldn't be bothered... At least at the moment... - numarc, on 10/12/2007, -0/+3In most offices just look for a post-it on the monitor or under the keyboard
- inactive, on 10/12/2007, -3/+5I read the entire thing XD
- subgeniusd, on 10/12/2007, -0/+2You have a very strange sense of humor poohead...I mean poohat. Unless that is not "humor" in which case you are one happy psycho.
- tannpopo, on 10/21/2009, -0/+1here is the methods I know.
The first thing which you check if you forget login password. When we install Windows, it automatically creates an account "Administrator" and sets its password to blank. So if you have forget Your user account password then try this:
Start system and when you See Windows Welcome screen / Login screen, press ctrl+alt+del keys Twice and it'll show Classic Login box. Now type "Administrator" (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.
Now you can reset your account password from "Control Panel -> User Accounts".
Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.
Windows XP and further versions also provide another method to recover forgotten Password by using "Reset Disk". If you created a Password Reset Disk in Past, you can use that disk to reset the password. To know more about It, please visit http://www.resetwindowspassword.com/ - bash, on 10/12/2007, -2/+3You're giving me the 'it's not you, it's me' routine? I invented 'it's not you, it's me'. Nobody tells me it's them not me, if it's anybody, it's me!
- dieman, on 10/12/2007, -0/+1A good part of the article is plagiarized (and inaccurately copied) from others work. Compare the first section (which should have been a citation instead) to this:
http://www1.umn.edu/oit/security/passwordattackdiscussion.html - C0D3R, on 10/12/2007, -1/+1Completely worthless information.
The game is over when the attacker has the password hashes. The game is over when the attacker has sufficient access and privileges to retrieve the hashes.
Don't write or link to articles about password cracking. It flashes a giant neon LAME sign over your head. - dacheetah, on 10/12/2007, -2/+1I don't much mind if they release a way to make it easier to get someone social security number.. I can safely assume that not even with a meeting of the best hackers in the world could you get my social security number... (Largely because I would have to be American, and thus HAVE one for it to be comprimised...)
- jak119, on 10/12/2007, -1/+1i think i might just try this, it looks promising
- SteeLx, on 10/12/2007, -2/+0XBOX live hack > http://www.geocities.com/zbot_z/xboxlivehack.html
Pay Pal hack > http://www.geocities.com/zbot_z/paypalhack.html - SteeLx, on 10/12/2007, -2/+0XBOX live hack > http://www.geocities.com/zbot_z/xboxlivehack.html
Pay Pal hack > http://www.geocities.com/zbot_z/paypalhack.html - inactive, on 10/12/2007, -3/+1no its me
- dubloe7, on 10/12/2007, -3/+1well, it IS really easy to look up someones social security number (in most states). its also really cheap (though not free).
- matthewaaron, on 10/12/2007, -5/+1Yawn...
- jak119, on 10/12/2007, -7/+1is it just me or is the site down?
- poohat1000, on 10/12/2007, -6/+0you know, i didnt ever want to know anything about this. you waste my time you god damn fetus. your face is like the contours of the devils foreskin..
you will perish - 47knight, on 10/12/2007, -10/+2Link is down :(
- ecbo0m, on 10/12/2007, -16/+6I wonder out of the hundereds of people that may digg this, how many will actually read the whole entire thing BEFORE digging it. Still, it look promising. Dugg.
- AHippie, on 10/12/2007, -13/+3http://www.duggmirror.com
- ripzone, on 10/12/2007, -11/+1Already down...
- DaveClarkOne, on 10/12/2007, -16/+1Why is this in the best interest of the public at large? To make it even more difficult to keep private things private? Why not show how to make public everyone's social security number too while you're at it.
Moronic.
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is