Re: security - "pass the hash" style attacks?

On Nov 3, 2014, at 4:28 AM, Jérémie Courrèges-Anglas wrote: > Philip Guenther writes: > >> [apologies for the contentless previous message] >> >> On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther wrote: >>> On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill wrote: >>> ... what about kerberos? (windo

Re: security - "pass the hash" style attacks?

Philip Guenther writes: > [apologies for the contentless previous message] > > On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther wrote: >> On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill wrote: >> ... >>> what about kerberos? (windows K5 vs Unix K5?) > > There's a bunch of *really good* papers on Kerbe

Re: security - "pass the hash" style attacks?

On November 3, 2014 1:41:24 AM CET, Nex6|Bill wrote: >so, for OpenBSD you would have to get the /etc/passwd for an offline >attack on >the password hashes >and for that they would need a user account to logon to the system. Or >to have >compromised the system in such a >way as they could copy /et

Re: security - "pass the hash" style attacks?

[apologies for the contentless previous message] On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther wrote: > On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill wrote: > ... >> what about kerberos? (windows K5 vs Unix K5?) There's a bunch of *really good* papers on Kerberos's design which discuss exactly th

Re: security - "pass the hash" style attacks?

On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill wrote: ... > what about kerberos? (windows K5 vs Unix K5?) > > >> >> >>> is OpenBSD, or BSD in general vulnerable to these style attacks? >> >> The vulnerability is the authentication protocol/method, independent >> the operating system. >> If you used

Re: security - "pass the hash" style attacks?

On Nov 2, 2014, at 4:30 PM, Philip Guenther wrote: > On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill wrote: >> I know, that “pass the hash” is now getting a lot of playtime on windows. and >> I have heard in a couple of talks >> that its directly related to “SSO” part of the OS, and may be part of pos

Re: security - "pass the hash" style attacks?

On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill wrote: > I know, that “pass the hash” is now getting a lot of playtime on windows. and > I have heard in a couple of talks > that its directly related to “SSO” part of the OS, and may be part of posix? Nope. It's just a bad (as in, completely broken) des

security - "pass the hash" style attacks?

I know, that “pass the hash” is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to “SSO” part of the OS, and may be part of posix? is OpenBSD, or BSD in general vulnerable to these style attacks? or just the normal unix dump the password /e