PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more

Infosec In Brief PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.

As explained in a Mandiant post, for over 20 years researchers have known that Microsoft’s Net-NTLMv1 legacy authentication protocol exposes users to credential theft. Yet it’s still out there.

Mandiant therefore released rainbow tables it says allow security pros to easily demonstrate the weakness of Net-NTLMv1.

“The release of this dataset allows defenders and researchers to recover keys in under 12 hours using consumer hardware costing less than $600 USD,” Mandiant’s principal red team consultant Nic Losby wrote last week.

Losby’s post explains how to use the dataset, and concludes “Organizations should immediately disable the use of Net-NTLMv1.”

The Register offered similar advice – in 2010 – underlining the bizarre persistence of ...