Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation
39 points
2 hours ago
| 10 comments
| cloud.google.com
| HN
BrandoElFollito
18 minutes ago
[-]
This is like reminding that there are CVSes from 2010. Yes there are. And there are plenty of vulnerable systems.

They decided to not fix the vulns (either directly by not patching, or indirectly by not investing in cybersecurity). So exploiting them is somehow an act of mercy. They may not know they have a problem and they have an opportunity to learn.

Let's just hope they will have white or gray-ish hats teaching the lesson

reply
davidkellis
16 minutes ago
[-]
Didn't l0phtcrack do this like 25 years ago?
reply
rubyfan
15 minutes ago
[-]
I actually got a job that long ago by using l0phtcrack to expose an admin password for an NT4 network.
reply
observationist
1 hour ago
[-]
This empowers script kiddies, but not significantly moreso than they already were. Of all the places this is still in use, they've been exposed for years, so this isn't likely to result in a a bunch of new exploitations.

However, it's most likely to be used by governments, with legacy servers that are finicky, with filesharing set up that's impacted other computers configured for compatibility, or legacy ancient network gear or printers.

I wonder who they're pushing around, and what the motivation is?

reply
bigfatkitten
54 minutes ago
[-]
Mandiant is Google's incident response consulting business. Having worked for many years in that field myself (though not for Mandiant), they're probably sick of going to the same old engagements where companies have been getting owned the same way over and over again for the last 15 years.

What releases like this do is give IT ops people the ammunition they need to convince their leadership to actually spend some money on fixing systemic security problems.

reply
Retr0id
52 minutes ago
[-]
I suspect Mandiant hears a lot of "this is impractical to exploit so we don't care" from their clients. Now they have a compelling rebuttal to that.
reply
1970-01-01
1 hour ago
[-]
They're just dumping them out as 2GB blobs onto a cloud? Where is the zippy search UI? Very lazy behavior for the hyper giant Google.
reply
Nerada
17 minutes ago
[-]
Right? I feel like rainbow tables for NTLM have been around for decades, though at-cost. This seems incredibly low effort on Google's part.
reply
bflesch
39 minutes ago
[-]
I wonder how the Mandiant acquisition is regarded within google.

Was it a success? Is Mandiant a cash cow or was it basically an acquihire?

The big "contact mandiant" button next to the post feels a bit like trying to stay relevant and acquire more customers.

reply
warkdarrior
1 minute ago
[-]
> trying to stay relevant and acquire more customers

Is there any business that does NOT try to do this? Why wouldn't they?

reply
aunty_helen
1 hour ago
[-]
> under 12 hours using consumer hardware costing less than $600 USD

Great, so someone with half a motherboard can break this hash

reply
ubuntulover2011
2 hours ago
[-]
pretty cool
reply
TacticalCoder
1 hour ago
[-]
Holy smoke. I honestly thought the 90s called and wanted their Windows exploits back (TFA mentions 1999). I do remember talk about this from many moons ago.

But we are in two-thousand-twenty-FUCKING-six.

It's unbelievable. Just plain unbelievable.

reply
postepowanieadm
1 hour ago
[-]
Can't wait for someone to decide one of protocols used by google needs to be deprecated.
reply
bawolff
1 hour ago
[-]
Plenty of protocols used by google over the years have been deprecated. The difference being that google actually stops using insecure protocols when they are discovered to be insecure instead of trying to sweep things under the rug.

Keep in mind we are talking about a protocol from 1987. How many protocols from 1987 is google currently using?

reply
schmuckonwheels
1 hour ago
[-]
Google does whatever is convenient and makes them money. Altruism was never part of the equation.
reply
bawolff
1 hour ago
[-]
Sure. Not being hacked is good for business.

Keep in mind that google is primarily a cloud business. That means that they take on a lot more of a risk, as when they are hacked its a them problem vs traditional software where its much more the customer's problem. Security is very much about incentives, and the incentives line up better for google to do the right thing.

reply
schmuckonwheels
1 hour ago
[-]
It's more about when Google assumed full control of the cloud, the browser, the OS, and everything in between they self-appointed themselves as the unelected standards board of the Internet, and forced everyone else to follow their whims and timelines. Some of which are completely insane.
reply
Retr0id
1 hour ago
[-]
Well, you'll be waiting 20 years or so post-deprecation if you want an equivalent timeline.
reply
schmuckonwheels
1 hour ago
[-]
Google thrives on being the Internet's biggest bully.

It turns out when nerds get a billion dollars they like being bullies too.

reply
schmuckonwheels
1 hour ago
[-]
"To demonstrate how crappy most front door locks are, to boost our company's social media cred we will be leaving drills and a dish of bump keys at the entrance of the neighborhood."
reply
bigfatkitten
1 hour ago
[-]
NTLMv1 rainbow tables have been available for 15-20 years. The only thing new is that Google are publishing theirs.
reply
throawayonthe
31 minutes ago
[-]
you say that like it's a negative analogy
reply