IT Security

Defending against pass-the-hash attacks

CU Insight

written by Pierluigi Stella

There is a nice article about this attack here http://en.wikipedia.org/wiki/Pass_the_hash. This is not a new attack as it was first described in 1997.  But it is a relatively obscure attack that is apparently little known, albeit very effective.

What happens with hashes is that Windows systems create these ‘unique identifiers’ and use them to identify users logged on to systems, so they don’t have to ask you for your password every time you try to do something more than open a window.  Anything system related requiring authentication, for instance, uses these hashes so you don’t have to reenter your password over and over.  In a way, it’s like cookies for web browsing if you will. (Read more)
This entry was posted in: IT Security
Tagged with:

by

Our mission is to produce, configure and maintain effective, affordable, computer security systems to protect the computer systems of enterprises of all sizes. We believe that all companies, regardless of size, should be afforded the same level of protection.