"The new utilities are simply NT versions of well-known Unix programs that
sniff out insecure passwords by comparing them with entries in a
dictionary. For a hacker to take advantage of NTCrack, he or she would
first have to log on as a member of the Administrators group."
any fool who bothered to actually read the documentation included with
Crack (the Unix software mentioned above) and NTCrack would know that
NTCrack is not using a simple dictionary attack (brute force dictionary
attacks generally being the fastest way to crack Unix passwords on modern
systems). NTCrack actually exploits a gaping hole in NT security: the
horribly implemented MD4 hashing algorithm used to "encrypt" passwords for
this flaw is so horrendous that the hasing algorithm isn't really MD4, but
rather some degenerate family member who can't be bothered to get his lazy
ass off the couch to stop some burglars walking in the front door.
also, as more recent software shows (RedButton) you *don't* actually need
an account on the NT machine to grab the password file for trivial
overall this article is typical ziff-davis tripe. they lure you in with
NT bashing headlines then give you the usual pro-M$ lies.
On Thu, 3 Jul 1997, CobraBoy! wrote:
> Microsoft provides so much trollbait, it practically attacks itself.
> <> email@example.com <>