Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
schmuckonwheels 7 hours ago

"To demonstrate how crappy most front door locks are, to boost our company's social media cred we will be leaving drills and a dish of bump keys at the entrance of the neighborhood."

bigfatkitten 7 hours ago | parent | next [-]

NTLMv1 rainbow tables have been available for 15-20 years. The only thing new is that Google are publishing theirs.

coopreme 4 hours ago | parent [-]

NTLM is often used for more of the underlying technologies, some more secure than others… nthash, net-ntlmv1, net-ntlmv2. There’s a little more complexity here and this is different than the stuff that was out 15 years ago

bri3d 2 hours ago | parent | next [-]

> this is different than the stuff that was out 15 years ago

This stuff was out at least 10-15 years ago. It’s different from the ancient local ntlm hash cracking everyone used to get admin in high school, yes, but it’s not a novel technique.

on cursory google, https://github.com/NotMedic/NetNTLMtoSilverTicket/blob/maste... is 6 years old and was old news when it was committed, and https://crack.sh/netntlm/ has been around online for at least 10 and I think more like 15+ years.

patmorgan23 2 hours ago | parent | prev [-]

Microsoft has deprecated NTLM and is actively ripping it out of windows.

https://support.microsoft.com/en-us/topic/upcoming-changes-t...

Windows 11 is probably the last version that will contain NTLM (and hopefully NTLMv2). Going forward everything will be Kerberos or Oauth based.

bigfatkitten 5 minutes ago | parent [-]

Ironically enough, the things that tend to break first when you try to turn off NTLM are still Windows components.

sequin 3 hours ago | parent | prev | next [-]

It's certainly morally and legally dubious to facilitate attacks on things that others choose to use in within their own private domains, just because you disagree with that choice. But that's how these people roll.

kstrauser 4 hours ago | parent | prev | next [-]

The bad guys already know you live in a bad neighborhood and have been closing your front door with a plastic combination lock you got in a Happy Meal 40 years ago. They can already come and go at a whim. This is Google letting you know that your crappy lock is pre-broken to encourage you to upgrade to literally anything else.

throawayonthe 6 hours ago | parent | prev [-]

you say that like it's a negative analogy