Re: security - pass the hash style attacks?

2014-11-03 Thread Jérémie Courrèges-Anglas
Philip Guenther guent...@gmail.com writes: [apologies for the contentless previous message] On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote: ... what about kerberos? (windows K5 vs Unix K5?)

Re: security - pass the hash style attacks?

2014-11-03 Thread Nex6|Bill
On Nov 3, 2014, at 4:28 AM, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote: Philip Guenther guent...@gmail.com writes: [apologies for the contentless previous message] On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill

security - pass the hash style attacks?

2014-11-02 Thread Nex6|Bill
I know, that “pass the hash” is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to “SSO” part of the OS, and may be part of posix? is OpenBSD, or BSD in general vulnerable to these style attacks? or just the normal unix dump the password

Re: security - pass the hash style attacks?

2014-11-02 Thread Philip Guenther
On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill n6gh...@yahoo.com wrote: I know, that “pass the hash” is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to “SSO” part of the OS, and may be part of posix? Nope. It's just a bad (as in,

Re: security - pass the hash style attacks?

2014-11-02 Thread Nex6|Bill
On Nov 2, 2014, at 4:30 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill n6gh...@yahoo.com wrote: I know, that “pass the hash” is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to “SSO” part of

Re: security - pass the hash style attacks?

2014-11-02 Thread Philip Guenther
On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote: ... what about kerberos? (windows K5 vs Unix K5?) is OpenBSD, or BSD in general vulnerable to these style attacks? The vulnerability is the authentication protocol/method, independent the operating system. If you used

Re: security - pass the hash style attacks?

2014-11-02 Thread Philip Guenther
[apologies for the contentless previous message] On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote: ... what about kerberos? (windows K5 vs Unix K5?) There's a bunch of *really good* papers on Kerberos's

Re: security - pass the hash style attacks?

2014-11-02 Thread Alexander Hall
On November 3, 2014 1:41:24 AM CET, Nex6|Bill n6gh...@yahoo.com wrote: so, for OpenBSD you would have to get the /etc/passwd for an offline attack on the password hashes and for that they would need a user account to logon to the system. Or to have compromised the system in such a way as they