Excellent summary. This. -- Espi
On Fri, Sep 9, 2011 at 10:59 AM, Crawford, Scott <crawfo...@evangel.edu>wrote: > Back in the day, L0pht would be completely ineffectual against such a > password, even if you included said character in its character set. I > emailed L0pht at the time and they said they didn’t support cracking > alt-char passwords. I’ve heard that this is not the case with other > password crackers, but even if so, adding these types of characters extends > the time for brute-force cracking astronomically. Even if you take into > account rainbow tables, I haven’t been able to find a rainbow table that > includes that wide of a character set.**** > > ** ** > > All that said, we moved away from alt-char passwords since they often > introduced incompatibilities. Outlook Web Access was one place they failed > for us years ago. Again, I don’t know if this has improved, but I would > guess not. Another possible problem is trying to use them on devices that > lack a method of entering them. Most phone’s don’t have an alt key and > numeric keypad J**** > > ** ** > > One other, note, not all alt-chars are created equal, especially if you’re > cracking against an LM hash. For instance, alt-141 (ì) is interpreted as > simply a lowercase (i). There’s a quite dated, yet relevant, article at > sysopt about some of my findings at > http://www.sysopt.com/tutorials/article.php/3532756. The download > referenced is no longer available, but I have the original if you’re > interested.**** > > ** ** > > *From:* Shauna Hensala [mailto:she...@msn.com] > *Sent:* Friday, September 09, 2011 11:32 AM > > *To:* NT System Admin Issues > *Subject:* password questions**** > > ** ** > > I have been asked to speak to an group regarding personal internet > security. This will be a fairly light weight discussion and I have a couple > of really good references regarding choosing secure passwords and the > https://www.grc.com/haystack.htm site for testing. > > My question for all of you is this: > > What if you incorporate a symbol not normally found on a keyboard into your > password - such as ¢ which requires the key combo alt/0162? Does this > increase or decrease the hackability of your password - or is it completely > irrelevant? To a hacker, is the actual password alt0162 or is it ¢? > > Thanks for any information you can offer. > > > Shauna Hensala > > > > **** > ------------------------------ > > Date: Fri, 9 Sep 2011 16:07:15 +0100 > Subject: Re: External subdomains considered dangerous? > From: kz2...@googlemail.com > To: ntsysadmin@lyris.sunbelt-software.com > > Aha, you are therefore a Chinese agent :-)**** > > On 9 September 2011 15:47, Matthew B Ames <matthew.a...@qinetiq.com> > wrote:**** > > Maybe those companies only use external hosted pop3/imap accounts (granted > that is unlikely).**** > > **** > > I assume from the article is more about a company emailing another company. > **** > > **** > > I own a .org.uk domain in the UK, and I quite often get emails (which is > meant for the .org). I have even had invoices, emails from their accounts > department, etc landing in my personal email. More recently I had a batch > of CVs for people apply for job applications as a secretary – either they > misread the advert or just automatically typed in the .uk without thinking > about it – as the .org is a UK based company).**** > > **** > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* 09 September 2011 15:31 > *To:* NT System Admin Issues > *Subject:* Re: External subdomains considered dangerous?**** > > **** > > Why are internal email addresses being typed in manually? > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Fri, Sep 9, 2011 at 10:04 AM, Kurt Buff <kurt.b...@gmail.com> wrote:*** > * > > 20gb of email in six months, and it includes full router configs with > passwords, too. > http://www.wired.com/threatlevel/2011/09/doppelganger-domains/**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. If you are not > the intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. QinetiQ may monitor > email traffic data and also the content of email for the purposes of > security. QinetiQ Limited (Registered in England & Wales: Company Number: > 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, > Hampshire, GU14 0LX http://www.qinetiq.com. > http://www.qinetiq.com**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > ****** IMPORTANT INFORMATION/DISCLAIMER ***** > > This document should be read only by those persons to whom it is addressed. > If you have received this message it was obviously addressed to you and > therefore you can read it, even it we didn't mean to send it to you. > However, if the contents of this email make no sense whatsoever then you > probably were not the intended recipient, or, alternatively, you are a > mindless cretin; either way, you should immediately kill yourself and > destroy your computer (not necessarily in that order). Once you have taken > this action, please contact us.. no, sorry, you can't use your computer, > because you just destroyed it, and possibly also committed suicide > afterwards, but I am starting to digress...... The originator of this email > is not liable for the transmission of the information contained in this > communication. Or are they? Either way it's a pretty dull legal query and > frankly one I'm not going to dwell on. But should you have nothing better to > do, please feel free to ruminate on it, and please pass on any concrete > conclusions should you find them. However, if you pass them on via email, be > sure to include a disclaimer regarding liability for transmission. > * > *In the event that the originator did not send this email to you, then > please return it to us and attach a scanned-in picture of your mother's > brother's wife wearing nothing but a kangaroo suit, and we will immediately > refund you exactly half of what you paid for the can of Whiskas you bought > when you went to Pets At Home yesterday. * > *We take no responsibility for non-receipt of this email because we are > running Exchange 5.5 and everyone knows how glitchy that can be. In the > event that you do get this message then please note that we take no > responsibility for that either. Nor will we accept any liability, tacit or > implied, for any damage you may or may not incur as a result of receiving, > or not, as the case may be, from time to time, notwithstanding all > liabilities implied or otherwise, ummm, hell, where was I...umm, no matter > what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * > *The comments and opinions expressed herein are my own and NOT those of my > employer, who, if he knew I was sending emails and surfing the seamier side > of the Internet, would cut off my manhood and feed it to me for afternoon > tea. * > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin