[CS-FSLUG] New 25-GPU Monster Devours Strong Passwords In Minutes

Tim Young Tim.Young at LightSys.org
Fri Dec 7 10:18:39 CST 2012

This is often used when a virus or something hits your computer, 
grabs the hashed password, and sends it off to someone.

In the Linux world, it is when someone grabs the password/shadow 
files and takes them off-site.

I once managed a bunch of Unix computers (Sun, Dec, Linux, and 
others) and had one that I was not monitoring.  Somewhere along the 
line I logged into it to find that a hacker had gotten into it and 
was running password breaking tools on it.  The hacker had downloaded 
some 30 different password files and was hammering on them one after 
the other.  This was from a bunch of different sites around the world 
that he had managed to snag the password file from.  Anyway.  I have 
seen it in action.  It works... (that was before the shadow file 
needed root privs to be able to read.  It is easy to snag the whole 
password file if you use NIS on your system.)

     - Tim Young

On 12/7/2012 7:59 AM, dcolburn at bibleseven.com wrote:
> BTW: I am not sure how this gets around a Try -3 then Wait 3-Hours
> limit + a Warning when multiple attempts are made.

More information about the Christiansource mailing list