Domain: caughq.org
Stories and comments across the archive that link to caughq.org.
Comments · 4
-
Automation the NS injection approach
FWIW, CAU has also posted a second sploit script that implements Cédric Blanchard's proof-of-concept.
-
Things to note
The title is a bit of a stretch. Some simple techniques can help protect your self from these attacks. Using special characters will greatly increase the strength of your password, since the rainbow set for ALL characters is 64GB in size. Also, a LONG password, even of simple word can increase the complexity due to its length. Something as simple as my!dear!aunt!sally would be far stronger than 1pass!
Some additional info on this topic can be seen here: http://druid.caughq.org/papers/Mnemonic-Password-Formulas.pdf -
Equivalent Advisory circa 1998
This is not a new discovery, in fact, we released an advisory about it in December of 1998. The advisory can be found here: http://www.caughq.org/files/pub/A dvisories/000005. This advisory was sent at the time of release to Yahoo, who promptly fixed their search engine, and was also sent to the BugTraq mailing list where it was promptly denied posting because "This isn't a hack." This has been around for quite a long time, I guess it just takes a CERT advisory to make people take notice.
NOTE: This is a duplicate post, the original was posted in reply to the wrong post -
Re:Is this a new discovery?
This is not a new discovery, in fact, we released an advisory about it in December of 1998. The advisory can be found here: http://www.caughq.org/files/pub/A dvisories/000005. This advisory was sent at the time of release to Yahoo, who promptly fixed their search engine, and was also sent to the BugTraq mailing list where it was promptly denied posting because "This isn't a hack." This has been around for quite a long time, I guess it just takes a CERT advisory to make people take notice.