Oh, yes please tell Tony. I can't wait for the 400-word dissertations per posting... ..and in the beginning was CP/M... After a time, there was ZCPR and all was better... -----Original Message----- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:sbradcpa@xxxxxxxxxxx] Sent: Saturday, November 05, 2005 12:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FYI: FW: Cisco Secret 5 and John Password Cracker http://www.ISAserver.org What they don't tell you is normally in these kinds of programs what they get first are the low hanging fruit. Short sucky passwords, LMhashes, if you have weaknesses from the get go... in my Win2k days when LMhashes were on the wire, LC4/5 could nail short 7 character passwords in mere seconds. If your password is of proper length and complexity, you throw out the 9x and NT clients and lose the legacy... you can attempt to brute force in all you want but good luck. http://download.microsoft.com/download/a/d/0/ad0f04a3-21b2-4d79-9049-f5f adb632ace/SEC401-JesperJohansson.pdf And don't tell Tony how Physical security is still an issue as well. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.