Subscriber Discussion

"Our Security Auditor Is An Idiot" (Old)

Avatar
Ari Erenthal
Sep 05, 2016
Chesapeake & Midlantic

It's five years old but this is the first time I'm seeing it, so here it is. I'm sure someone out there will get a laugh out of it. 

(3)
DW
David Westberry
Sep 06, 2016
IPVMU Certified

That was a good read. Thanks for sharing.

Avatar
Joseph Marotta
Sep 06, 2016
IPVMU Certified

Pretty amazing read. Sounds like a social engineering attempt to me.

U
Undisclosed #1
Sep 06, 2016
IPVMU Certified

Unix systems don't store passwords to begin with.

They typically store salted one-way hashes.

Simply, lets imagine that only 4 digits were allowed as passwords, like a bank pin. If your password was 1234 (not reccommended) a valid hash might be 10, assuming the systems algorithm is "add the digits" (not recommended).

But, the hash would be the same for 4231 and 6004, etc.*

Salting your hash is a way of protecting everyones password from hashing the same on different systems by adding a little something unexpected at the end. So a simple salt might double your hash and add 11 (recommended because everyone knows prime numbers are way more secure).

So now whats in the system is 10 * 2 + 11 = 31, not 1234.

Therefore to know for sure, you would have to ask everyone what their password was and then hash and salt it and see if matches what the system has.

*Yes, in the real world, even with 56 byte hashes, there is a infestimally small chance your password would work on some else's account, but your not trying right?

U
Undisclosed #2
Sep 07, 2016
JH
John Honovich
Sep 07, 2016
IPVM

And the original article where he describes what the hackers / penetration testers did, including pretending to be his wife to get into and lock him our of his cell phone and running a phishing scheme tricking the guy into downloading malware allowing the hacker to take over his Mac.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions