Skip to content
Orange County, CA – I just read about a new product announcement, New version of L0phtCrack makes cracking Windows passwords easier than ever. At Alvaka we used to do a hacking demo during a lunch and learn. Rex Frank would usually do the demo by doing a SQL Injection attack and bumping out to the command prompt. From there he would download the SAM (Security Access Manager) file and then use L0phtCrack to decode a password right in front of the eyes of everyone. Nearly everyone was shocked beyond compare. Of course that approach is now a bit dated, but it showed our guests just how vulnerable unpatched and inadequately secured systems can be. From the start of the demo to the revelation of an account password would only take five or ten minutes even while answering questions. The L0phtCrack decoding of one of the more simple and vulnerable passwords would take just a handful of seconds. More difficult and sophisticated passwords would take longer.
On August 16, 2016 I wrote a blog about how it is important really to have both good length and good complexity. Doing so could make the cracking of a password take years. That blog is here, Is password length more important than complexity? A guideline for password creation policy.
Cracking weak passwords can happen in less than five seconds. This underscores the need to enforce good password policies.
The bottom-line is that having a good and secure password that matches my recommendations in the August password blog is more important than ever. L0phtCrack in their announcement says:
“On a circa-1998 computer with a Pentium II 400 MHz CPU, the original L0phtCrack could crack a windows NT, 8 character long alphanumeric password in 24 hours. On a 2016 gaming machine, at less hardware cost, L0phtCrack 7 can crack the same passwords stored on the latest Windows 10 in 2 hours.”
Following good password creation rules can still make it effectively impractical for a hacker to get your password, but making that happen just got harder. Make sure you are diligent in setting your company-wide password policy rules.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.