Re: MPSA and password tests

From: akomolafe (deji@prontomail.com)
Date: 08/24/01

• Previous message: Aaron Dokey: "Winpcap bindings"
• In reply to: Giovanni Bobbio: "MPSA and password tests"
• Next in thread: Tom Love: "RE: MPSA and password tests"
• Reply: Tom Love: "RE: MPSA and password tests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <00c501c12cc6$f259e950$f701fe0a@commtouch.com>
From: "akomolafe" <deji@prontomail.com>
To: <giovanni@netvalley.it>, <focus-ms@securityfocus.com>
Subject: Re: MPSA and password tests
Date: Fri, 24 Aug 2001 11:02:32 -0700

They are not trying to log in with your accounts. They are trying to
semi-bruteforce the password hash to see if it's easy to crack.

So, your login/logoff auditing won't catch that.

Something like pwdump or l0pht.

Deji
----- Original Message -----
From: "Giovanni Bobbio" <giovanni@netvalley.it>
To: <focus-ms@securityfocus.com>
Sent: Friday, August 24, 2001 2:17 AM
Subject: MPSA and password tests

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Microsoft Personal Security Advisor (MPSA) performs some tests on
> whether the local accounts passwords are 'weak'.
> I wasn't able to find any record of these attempts in the security
> events of the Event Viewer, regardless of the local policy settings
> with respect to auditing of logons. Regular unsuccessful logons are
> recorded in my setup.
>
> Does this mean that there is a way to check for the validity of a
> password without leaving a track of this activity?
> Could this method be used to brute force an account invisibly?
>
> Giovanni
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.4
>
> iQA/AwUBO4YbuGP23OlNAeVGEQJnlwCgyrGlU0pyOakOkoqh9c3af3O9seMAoJuT
> 2dxOyd1DB40TL1l8NqDVzCx3
> =t7Er
> -----END PGP SIGNATURE-----
>

---

• Previous message: Aaron Dokey: "Winpcap bindings"
• In reply to: Giovanni Bobbio: "MPSA and password tests"
• Next in thread: Tom Love: "RE: MPSA and password tests"
• Reply: Tom Love: "RE: MPSA and password tests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: MPSA and password tests ... Subject: MPSA and password tests ... They are not trying to log in with your accounts. ... Regular unsuccessful logons are ... (Focus-Microsoft) RE: MPSA and password tests ... Subject: MPSA and password tests ... ORM. ... If you attempt to open a file, kernel resources must be ... (Focus-Microsoft) MPSA and password tests ... Subject: MPSA and password tests ... Microsoft Personal Security Advisor (MPSA) performs some tests on ... whether the local accounts passwords are 'weak'. ... (Focus-Microsoft) RE: MPSA and password tests ... Subject: MPSA and password tests ... events of the Event Viewer, regardless of the local policy settings ... Regular unsuccessful logons are ... (Focus-Microsoft)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-08