Re: Kerberos login sniffer and cracker for Windows 2000/XP

From: Frank O'Dwyer (fod@LITTLECATZ.COM)
Date: 12/01/02

Next message: John Stanners: "Attachment blocking with Gordano Messaging Suite"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sun, 1 Dec 2002 11:23:20 -0000
From: Frank O'Dwyer <fod@LITTLECATZ.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

> I've coded a simple Kerberos login sniffer and cracker for Windows 2000/XP
> that you might find useful. You can find it for download at:
>
> http://ntsecurity.nu/toolbox/kerbcrack/
>
> Regards /Arne

This should shed some light on the 'full disclosure' debate.

The vulnerability used by this thing, and the associated fixes, are well
known and documented in the literature for over a decade. I and others have
been banging on about it for years. Several papers, including one of my own,
have been written in an attempt to hammer home the message that tools like
this one were possible and simply a matter of time.

And yet somehow 1000s of admins have STILL got the message that Kerberos is
'unsniffable'. There doesn't seem to have been any urgency from vendors to
correct this impression, never mind the vulnerability itself. Instead
solutions to the problem are currently quietly and slowly wending their way
through the IETF process.

What will happen now? Will there be a sudden scramble to implement fixes now
that this tool has been announced? This guy hasn't put a nice GUI on the
tool. Yet. Will we have to wait for that?

After all the 'full disclosure' to and fro, is this sort of nonsense STILL
what it takes to get information into the hands of users, and obvious
security issues treated with urgency?

Cheers,
Frank O'Dwyer
fod@littlecatZ.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.

Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;

http://www.trusecure.com/solutions/certifications/ticsa/

for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Next message: John Stanners: "Attachment blocking with Gordano Messaging Suite"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Revised: Microsoft Security Bulletin - MS02-066
... Subject: Revised: Microsoft Security Bulletin - MS02-066 ... Delivery co-sponsored by TruSecure Corporation ... Do you want to prove your IT security knowledge and increase ...
(NT-Bugtraq)
Re: bind 8 info update regarding ISS
... I don't understand why instead of finding bugs you whine about responsibility ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
(NT-Bugtraq)
Re: CISSP
... I see many job postings that are asking for CISSP certs. ... "Have a minimum 4 years of direct full-time security professional work ... that requires IS security knowledge and involves the ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: MS02-071, shatter?
... I have no time for testing, but think its not only WM_TIMER problem resolution. ... Getad use WM_COPYDATA message. ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
(NT-Bugtraq)