NTLM 100% Broken Using Hashes Derived From Captures

New submitter uCallHimDrJ0NES writes "Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a 'white hat' has researched and exposed the how-to details for us all to enjoy. 'You might think that with all the papers and presentations, no one would be using NTLM...or, God forbid, LM. NTLMv2 has been around for quite some time. Surely, everyone is using it. Right? Wrong! According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses!' Microsoft has posted a little guidance for those who need to turn off NTLM. Have fun explaining your new security project to your management, server admins!"

Re:How to harden an XP machine ?

How to harden those XP machines and make them use NTLM2 instead?

My blanket recommendation for hardening XP machines is to encase them in concrete.

Re:A very real attack

[Aardpig]

In fact, I think he may have been penetrated via a back-door.

Re:To disable ntlm on old computers

>14 chars disables LM, but not NTLM.

>14 character passwords also disables some users.