EP007

Passwords and other bad ideas: Episode 007

Erata on “Tim Morris” : ( http://en.wikipedia.org/wiki/Morris_worm )

Biometrics: ( http://en.wikipedia.org/wiki/Biometrics )

iPhone fingerprint sensor bypass: ( http://www.zdnet.com/hackers-claim-first-iphone-5s-fingerprint-reader-bypass-bounty-founder-awaiting-verification-7000020990/ )

Steal car by stealing fingers: (http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm)

Password complexity vs time to crack: ( http://www.inetsolution.com/turnleft/post/Complex-Passwords-Harder-to-Crack-but-It-May-Not-Matter.aspx )

Password hashing
Rainbow tables: ( http://netsecurity.about.com/od/hackertools/a/Rainbow-Tables.htm )

Salting hashes twart rainbow tables
How LanMan, NTLM v1 and NTLM v2 work, and how to prevent your computer from speaking the weaker ones (http://technet.microsoft.com/en-us/magazine/2006.08.securitywatch.aspx)

How kerberos works (http://redmondmag.com/articles/2012/02/01/understanding-the-essentials-of-the-kerberos-protocol.aspx)

A better summary of Active Directory and policies(http://en.wikipedia.org/wiki/Active_Directory)

multifactor authentication (http://en.wikipedia.org/wiki/Multi-factor_authentication)

FPGA and crypto (http://www.extremetech.com/computing/133110-are-fpgas-the-future-of-password-cracking-and-supercomputing)

Password cracking with CUDA cores in the cloud (http://du.nham.ca/blog/posts/2013/03/08/password-cracking-on-amazon-ec2/)

Password vaults are really useful. Check out http://www.infoworld.com/d/security/review-7-password-managers-windows-mac-os-x-ios-and-android-189597 for some modern recommendations.

Leave a Comment