"Google's security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol. As explained in a Mandiant post, for over 20 years researchers have known that Microsoft's Net-NTLMv1 legacy authentication protocol exposes users to credential theft. Yet it's still out there. Mandiant therefore released rainbow tables it says allow security pros to easily demonstrate the weakness of Net-NTLMv1."
"A US District court last week sentenced a US Navy sailor convicted of selling secrets to China to 16 years and eight months of prison time. The court last year convicted Wei of six espionage-related charges, stemming from the sale of technical manuals and operational information to a Chinese intelligence official between 2022 and 2023. According to the Department of Justice's note on his sentencing, he earned around $12,000 for his spying activities."
Mandiant published rainbow tables and tools that can recover Net-NTLMv1 keys in under 12 hours using consumer hardware costing less than $600. Net-NTLMv1 has been known for over 20 years to expose users to credential theft, yet the legacy authentication protocol remains in use. Mandiant's dataset is intended to let security professionals demonstrate the protocol's weakness and recommends that organizations immediately disable Net-NTLMv1. The Register gave similar advice in 2010. Separately, a US Navy sailor named Wei received 16 years and eight months for selling technical manuals and operational information to a Chinese intelligence official, earning about $12,000. Nicholas Moore pleaded guilty to hacking the US Supreme Court's electronic filing system after 25 days of illegal access in 2023.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]