March 28, 2014 IT SECURITY

Defending against pass-the-hash attacks

There is a nice article about this attack here http://en.wikipedia.org/wiki/Pass_the_hash. This is not a new attack as it was first described in 1997.  But it is a relatively obscure attack that is apparently little known, albeit very effective.

What happens with hashes is that Windows systems create these ‘unique identifiers’ and use them to identify users logged on to systems, so they don’t have to ask you for your password every time you try to do something more than open a window.  Anything system related requiring authentication, for instance, uses these hashes so you don’t have to reenter your password over and over.  In a way, it’s like cookies for web browsing if you will. (Read more)