Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A USB device is all it takes to steal credentials from locked PCs

Lucian Constantin | Sept. 9, 2016
Attackers can use rogue USB-to-Ethernet adapters to steal credentials from locked Windows, and possibly OS X, computers

Depending on the Windows version installed on the computer and its configuration, the password hashes will be in NT LAN Manager (NTLM) version 2 or NTLMv1 format. NTLMv2 hashes are harder to crack, but not impossible, especially if the password is not very complex and the attacker has access to a powerful password cracking rig.

There are also some relay attacks against network services where NTLM hashes can be used directly without having to know the user's plaintext password.

The lesson from all this is, as Fuller noted on Twitter: "Don't leave your workstation logged in, especially overnight, unattended, even if you lock the screen."

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.