Re: Top NT Lies

Sidney Becker (black@wookie.net)
Thu, 3 Jul 1997 15:40:42 -0600 (MDT)


i love when they claim something is riddled with inaccuracies...then
riddle their own article with inaccuracies:

"The new utilities are simply NT versions of well-known Unix programs that
sniff out insecure passwords by comparing them with entries in a
dictionary. For a hacker to take advantage of NTCrack, he or she would
first have to log on as a member of the Administrators group."

any fool who bothered to actually read the documentation included with
Crack (the Unix software mentioned above) and NTCrack would know that
NTCrack is not using a simple dictionary attack (brute force dictionary
attacks generally being the fastest way to crack Unix passwords on modern
systems). NTCrack actually exploits a gaping hole in NT security: the
horribly implemented MD4 hashing algorithm used to "encrypt" passwords for
storage.

this flaw is so horrendous that the hasing algorithm isn't really MD4, but
rather some degenerate family member who can't be bothered to get his lazy
ass off the couch to stop some burglars walking in the front door.

also, as more recent software shows (RedButton) you *don't* actually need
an account on the NT machine to grab the password file for trivial
cracking.

overall this article is typical ziff-davis tripe. they lure you in with
NT bashing headlines then give you the usual pro-M$ lies.

b3n

On Thu, 3 Jul 1997, CobraBoy! wrote:

> http://www4.zdnet.com/pccomp/features/fea0797/nt/welcome.html
>
> -T
>
> -
>
> Microsoft provides so much trollbait, it practically attacks itself.
>
> <> tbyars@earthlink.net <>
>
>
>