Great idea! Are we going to see some EH swag? 

Maybe I wasn't clear enough.

If he's connected via ethernet, enabling encryption won't effect HIS speed at all and will give him the answer. If he is connected only through wireless his problem probably has more to do with interference from other devices operating in the spectrum and killing his through put being nothing is showing up on the router.

Encrypt your wireless! One, that would answer your question immediately. If you the slow down goes away, problem solved (although I doubt that's the problem). Two, the wireless and wired networks on that router(and most default home routers) are automatically bridged. So everyone in your neighborhood has access to everything you send over the wire.

If you don't, it's just a matter of time before you are 0wn3d (not to mention broke). Point being, someone leaching your bandwidth is the least of your worries.

I don't have a problem with being out of the competition for 12 months although I will admit getting motivated by prizes. Before winning I tried to evaluate everything I posted to make sure it had value and I wasn't just trying to fill the board crap so I don't see any harm in keeping it open either. I'm seeing more and more talented contributors lately so hopefully it won't be an issue.

I think I'm going to try to go to dual purpose cards. We use prox cards for physical access control. If I make them dual purpose then they have to take them out to go anywhere in the building. Hopefully that will help them get used to the idea of removing them when not in use. LOL@myself. Wishful thinking I'm sure.

I've seen about ten of these in the wild so far today. Symantec reports it as W32.Wargbot with the newest definitions and Backdoor.IRC.Bot with definitions older than August 13th. The Common Malware Enumeration number is CME-482.

So far I have only seen it attack W2K machines on networks comprised of XP and 2003 Server also. All infections appear to have been contained by antivirus, even with out of date definitions.

The payload appears to be a typcial IRC bot that listens for instructions on port 18067 although I can't confirm that being no machines have been infected.

Looks interesting but I must be inept because I couldn't find any information on it. What's the cost, how do you sign up, what's the depth of knowledge? Seems like they had a good idea then never really followed through with it. LOL

No problem. It actually spurred some more research for me actually which is very timely being I'm rolling out EFS. The biggest weakness being authentication.

It seems after spending hours and hours reading and testing that NTLMv2 passwords over 14 characters seem pretty strong even with a minimum of complexity. I've read it before but never really taken the time to try and crack something that long. Beyond my technical ability for sure but that may only be for a short time. Still going to stick with two factor though. I think if you get into passwords that long you are almost forcing your users to put it on a sticky note. Of course they'll probably just leave their smartcards in their laptops all the time anyway. 

If you work in IT, this is hands down the best sitcom ever. I've seen all six episodes multiple times and laugh everytime I see it. Great stuff.

I recently listened to a podcast rountable that was made up mostly of security professionals and a couple security vendors. This exact question came up and the pannel was split down the middle. Some of the security pros said they wanted to know about the problem immediately so they at least had the information and possibly could put in some type of safeguards to mitigate it. The vendors, not surprisingly, said they should know first so they can start working on a solution.

I don't believe any of the certifications deal with this issue because they all come from the practisioner or manager perspective. New exploits usually come from researchers and real crackers. Completely different animals.

Congrats Kev!

Most services, even the commercial ones, only have NTLM tables for up to 9 characters max. So basically if you want to use rainbow tables, you're going to have to create your own. I've tried a multitude of available resources and tools. It's an interesting practical exercise that's for sure.

Have you seen this?

http://weblog.infoworld.com/securityadviser/archives/2006/07/win_money_and_b.html

The guy is offering prizes for cracking his NTLM passwords. The catch is they are long passwords 10-15 characters with varying complexity.

The question I have for you all is what strategy would you use to start cracking these passwords?

I was thinking the best way would be to start generating simple lowercase alpha rainbow tables with a length of exactly 15 characters. The second one just seems like it should be the easiest to tackle first. Am I way off?

Sounds like a good project for the members of EH...

Oh I motivated her alright!