New Windows password cracking tool available

Thanks to Noam Rathaus for not only tipping me off to this, but convincingme that it was important to tell you about it. L0pht Heavy Industries hasreleased the latest version of its "L0phtCrack" utility which allowssystem administrators to access the encrypted password list on their Windows NT network. The tool is billed as a "password cracker" and is somewhat notorious because it could conceivably be used by the wrong peopleto maliciously hack into a computer.

The program takes advantages of the weak LAN Manager security that is stillin place in many Windows NT networks. To use the tool, however, you have tohave access to the Network, through a valid login. Of course, given thealmost non-existent security on a Windows 95 machine, this is hardly ahindrance as long as you have physical access to the network.

Microsoft released a hot-fix that handles the earlier release of L0phtCrackand the company says it prevents this version from working as well. Additionally, system administrators can use the "syskey" utility in ServicePack 3 to add a second layer of security over NT passwords and foil L0phtCrack 1.0 and 2.0.

And that's why I'm mentioning it: if you're running a Windows NT network,you need to check out one of these fixes and getting it running.

Microsoft commented that the next version of NT, Windows NT 5.0, includesthe Kerberos security system which offers far more reliable authenticationthan the old LAN Manager system. "Every computer operating system is susceptible to security issues if basic security guidelines are not followed. Security is achieved through a combination of technology and policy," the company said in a statement.

For more information about L0phtCrack 2.0, check out the L0phtCrack homepage