web site

2008-10-23 Thread Lily Zey 



Dear:Debian-security

If you're wondering why you're online business is not doing as well as you 
would like - the answer is
web traffic.  Basically - you need a lot more visibility.  Email us today at 
[EMAIL PROTECTED]  We will
take a look at your site and give you an assessment free of charge.  It doesn't 
have to cost a fortune to
make business happen online.  Be sure to include all of your URL(s) and how you 
prefer we contact
you.

Sincerely,
Lily Zey



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

web site

2008-10-23 Thread Lily Zey 





Dear:Debian-security

Do you need more targeted web traffic?  We can help.  Email us now at [EMAIL 
PROTECTED]  In your
reply, include your all your web addresses in your reply and how we can contact 
you.  We will give you
a free site review and show you why we are the best at getting you the most.

Sincerely,
Lily Zey



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Rainbow tables on Linux?

2008-10-23 Thread Johan 'yosh' Marklund 
Ed Wiget skrev:
> On Thursday 23 October 2008 06:53:05 Christian Franke wrote:
>   
>> On 10/23/2008 12:14 PM, Johann Spies wrote:
>> 
>>> Is it possible to use rainbow tables with a password cracker on Linux
>>> like 'john'?  If so, how?  If not, is it possible with any other
>>> password cracker on Linux?
>>>   
>
> If you are not trying to break in and just testing windows passwords, then I 
> assume you also have access to the real passwords and usernames.  Why don't 
> you just import them into linux and test them from there.  My reasoning is 
> that if john can determine the passwords relatively quickly, then the 
> passwords are too weak.
>
> I did some performance testing on john using a dual core patch vs single core 
> at http://www.edwiget.name/content/view/195/27/
>
> the open source rainbow tables are about 121GB (if my memory serves me 
> correctly) and are only available via bittorrent.  I think it took me about 2 
> months to download them.  http://www.antsight.com/zsl/rainbowcrack/
>
> Also, something to consider, if you (or an attacker) have physical or remote 
> access, game is over anywaysirregardless of passwords.
>
>   
Still, it's sneakier to logon with somebody elses account. And if they
retain their original password, who would suspect anything? :o

/yosh


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Rainbow tables on Linux?

2008-10-23 Thread Ed Wiget 
On Thursday 23 October 2008 06:53:05 Christian Franke wrote:
> On 10/23/2008 12:14 PM, Johann Spies wrote:
> > Is it possible to use rainbow tables with a password cracker on Linux
> > like 'john'?  If so, how?  If not, is it possible with any other
> > password cracker on Linux?

If you are not trying to break in and just testing windows passwords, then I 
assume you also have access to the real passwords and usernames.  Why don't 
you just import them into linux and test them from there.  My reasoning is 
that if john can determine the passwords relatively quickly, then the 
passwords are too weak.

I did some performance testing on john using a dual core patch vs single core 
at http://www.edwiget.name/content/view/195/27/

the open source rainbow tables are about 121GB (if my memory serves me 
correctly) and are only available via bittorrent.  I think it took me about 2 
months to download them.  http://www.antsight.com/zsl/rainbowcrack/

Also, something to consider, if you (or an attacker) have physical or remote 
access, game is over anywaysirregardless of passwords.

-- 
-BEGIN GEEK SIGNATURE-
\| ascii: Ed Wiget
\| hex: 65 64 20 77 69 67 65 74 
\| bin: 01100101 01100100 0010 01110111
\| .: 01101001 01100111 01100101 01110100
\| m: 6064071838 l: 6067591175 e: [EMAIL PROTECTED]
\| Version: 3.12  www.edwiget.name
\| GIT d- s--: a C UL P+ L E--- W+++ N++ o+++ K- w---
\| O- M+ V PS+ PE Y+ PGP+ t 5 X- R- tv- b+ DI-- D
\| G e+ h++ r++ y**
--END GEEK SIGNATURE--
:
The BOFH for today is.
Melting hard drives
:
BOFH based on http://pages.cs.wisc.edu/~ballard/bofh/


signature.asc
Description: This is a digitally signed message part.

Re: [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution

2008-10-23 Thread Florian Weimer 
* Florian Weimer:

> Package: libspf2
> Vulnerability  : buffer overflow
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)  : CVE-2008-2469

The missing update for the mips architecture will be provided as soon as
it's ready.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Etch 4.0r5 in preparation

2008-10-23 Thread Alexander Reichle-Schmehl 
Hi!

During the next hours you might notice some package updates and wonder,
why there hasn't been any security advisory for these updates.

That's because the next stable point release Debian GNU/Linux 4.0r5
"Etch" is currently spread to the mirrors.

A proper announcement will be send out soon to our announce mailing list
(see http://lists.debian.org/debian-announce) as soon as synchronization
of the mirrors has been completed.  I apologise for any inconvenience
caused by the small delay between releasing of the upgraded packages and
 the releasing of the announcement.


Best regards,
  Alexander



signature.asc
Description: OpenPGP digital signature

Re: Rainbow tables on Linux?

2008-10-23 Thread Christian Franke 
On 10/23/2008 12:14 PM, Johann Spies wrote:
> Is it possible to use rainbow tables with a password cracker on Linux
> like 'john'?  If so, how?  If not, is it possible with any other
> password cracker on Linux?

As far as I know, the hashes in /etc/shadow are salted, so a rainbow
table, for all possible salts and the the intended password range, would
be probably very huge.

Regards,
Christian Franke



signature.asc
Description: OpenPGP digital signature

Re: Rainbow tables on Linux?

2008-10-23 Thread Henri Salo 
On Thu, Oct 23, 2008 at 12:14:57PM +0200, Johann Spies wrote:
>
> I have John now running for 74 hours to try and crack one
> password. That is on a 2xquadcore Intel server.  
>
> Regards
> Johann

Regular john doesn't use all of your cores for good reasons. More
information can be found from http://www.openwall.com/john/. You should
also check their wiki.

- Henri Salo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Rainbow tables on Linux?

2008-10-23 Thread Rida 
Hi,

I think you can't use rainbow tables on linux because it uses a salt
http://en.wikipedia.org/wiki/Salt_(cryptography) ; that's why john is using
bruteforce

On Thu, Oct 23, 2008 at 12:14 PM, Johann Spies <[EMAIL PROTECTED]> wrote:

> Is it possible to use rainbow tables with a password cracker on Linux
> like 'john'?  If so, how?  If not, is it possible with any other
> password cracker on Linux?
>
> I know about Ophcrack but it seems to be geared towards the Windows
> environment.
>
> I have John now running for 74 hours to try and crack one
> password. That is on a 2xquadcore Intel server.
>
> By the way, I am not trying to break in.  I am testing the
> effectiveness of John.
>
> Regards
> Johann
> --
> Johann Spies  Telefoon: 021-808 4036
> Informasietegnologie, Universiteit van Stellenbosch
>
> "I press toward the mark for the prize of the high
>  calling of God in Christ Jesus."
>   Philippians 3:14
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
>

Re: Rainbow tables on Linux?

2008-10-23 Thread Vincent Hautot 
Hi, 

Perhaps with rainbow crack ? 

You can seesource code for linux.  here ==>
http://www.antsight.com/zsl/rainbowcrack/ 


Regards
Vincent

Le jeudi 23 octobre 2008 à 12:14 +0200, Johann Spies a écrit :

> Is it possible to use rainbow tables with a password cracker on Linux
> like 'john'?  If so, how?  If not, is it possible with any other
> password cracker on Linux?
> 
> I know about Ophcrack but it seems to be geared towards the Windows
> environment.
> 
> I have John now running for 74 hours to try and crack one
> password. That is on a 2xquadcore Intel server.  
> 
> By the way, I am not trying to break in.  I am testing the
> effectiveness of John.
> 
> Regards
> Johann
> -- 
> Johann Spies  Telefoon: 021-808 4036
> Informasietegnologie, Universiteit van Stellenbosch
> 
>  "I press toward the mark for the prize of the high 
>   calling of God in Christ Jesus." 
>Philippians 3:14 
> 
>

Rainbow tables on Linux?

2008-10-23 Thread Johann Spies 
Is it possible to use rainbow tables with a password cracker on Linux
like 'john'?  If so, how?  If not, is it possible with any other
password cracker on Linux?

I know about Ophcrack but it seems to be geared towards the Windows
environment.

I have John now running for 74 hours to try and crack one
password. That is on a 2xquadcore Intel server.  

By the way, I am not trying to break in.  I am testing the
effectiveness of John.

Regards
Johann
-- 
Johann Spies  Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

 "I press toward the mark for the prize of the high 
  calling of God in Christ Jesus." 
   Philippians 3:14 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]