Darren Miller, a network security consultant, has written an easy-to-grasp piece on exactly how password cracking is done. Although his example uses social engineering to bypass the first few layers of security, it’s the type of breach that could happen to anyone. For those of you concerned about the value that your databases of information are accruing, it might be wise to understand how it works so you can defend yourself.
The disk we were using was labeled to look like it contained anti-virus tools. In reality, it contained a modified version of a program called “pwdump”. The moment we ran the script, a bunch of information came up that indicated that their systems memory was clear of any known virus. What was really happening was all domain account information and the corresponding password hashes were being dumped to a file on the disk. We rapped (sic) up our tour and walked out of the building with everything we needed.
The tool Darren talks about, Cain & Able, isn’t the oft-cited Nmap (now of Matrix fame), but it does sound like a fun one to play with.
I’ve heard tales of security attacks being used to attack a site’s rankings in the engines, so all you readers who are #1 for online pharmacy best be wary.