Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Joseph Gama How Safe are Your Passwords? RE: How Safe are Your Passwords?

  • December 15, 2002 at 2:31 am

    #444411

    Thank you. I based my article on NGSS work. They are the best security consultants that I can think of. Their work on SQL injection was also a pioneer and we are always learning from them.

    quote:

    More on the weakness of the passwords:

    http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

    Of course, since this technique requires access to sysxlogins, you can only implement as a sysadmin. Of course, if someone can take advantage of a SQL server vulnerability to escalate his or her access (called privilege escalation)... you get the idea.

    The software that came out of the research:

    http://www.nextgenss.com/software/ngssqlcrack.html

    The review by Steve:

    http://www.sqlservercentral.com/columnists/sjones/reviewmssqlcrack.asp

    The biggest weakness, of course, is if the network traffic can be sniffed and either multiprotocol (with encryption) or SSL are not in use.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1