************************************************************************
*
SANS NewsBites November 11, 2005 Vol. 7, Num.
52
************************************************************************
*
--Pay-To-Use Password Cracking Database Debuts
Passwords may have lost their ounce of value because of a new service,
using a 500 gigabyte database of pre-cracked passwords. Anyone with a
password hash or password file can send it in for instant cracking.
[Editor's Note (Pescatore): A 500 GB Crack database being offered in an
application service provider "pay per view" model is a pretty big deal,
especially because it most likely means there are similar super-Crack
capabilities that have been built and being used privately.
(Paller) Sensitive government (and government contractor) password files
are apparently available for purchase from brokers in the Ukraine. This
new service makes those files of immediate value to nation-states and
other attackers. For those CEOs and government officials who know that
your files have been stolen but haven't told anyone for fear of
embarrassment, this would be a very good time to change to two-factor
authentication.]
