John the Ripper 1.8.0 released

A new version of pre-eminent password cracker John the Ripper has been released.  Bringing the version up from 1.7.9 to 1.8.0, the biggest change is a boost in performance, in some cases nearly doubling performance.  The performance edge seems to drop off as the checks go longer, but it’s still present.  The formal jumbo patch isn’t done yet, but it should be here soon.

I expect to see it in Kali and other security distros soon.  Passwords are growing less safe by the day.

Don’t use APNIC ranges for test addresses

A tip for those of you who manage DNS servers:

If you absolutely MUST put a fake entry in your zone, DON’T point it to or  Either point it to an address (of your own!) that you know to be unused or point it to an RFC5737 address (,, and  It’s still not a good idea, but at least they’re non-routable addresses that you’re (probably) not using in your network so it won’t give away internal information.

Pointing it to anything in the 1.x.x.x range sends the resulting traffic to APNIC parts of the Internet that include Asia and Australia.  You have no control over these addresses.  Don’t put your customers in danger.

User security rebellion? Maybe you have too many rules

On a recent pen test engagement, I found myself comparing two very different security environments and drew a lesson from it that can benefit them both.  Both are familiar environments (an IT department in one case and a flight home in the other), both are heavily regulated, and both can easily irritate their users.  The actual results, though, are very, very different.  In the first case, there is widespread compliance and in the second case, there is widespread rebellion, even if at a level that’s harder to track.

Continue reading “User security rebellion? Maybe you have too many rules”

Leading a SANS SEC504: Hacker Techniques Mentor class starting in July

To those in the DFW area (or those who know someone in the area), I will be conducting a SANS Security 504: Hacker Techniques, Exploits & Incident Handling Mentor class beginning in July.

Running over ten sessions, students are able to train with SANS at a pace designed to allow more time to absorb the course content while not being out of the office for a week or incurring travel costs.

Class starts July 23rd and will meet over 10 Tuesday evenings running from 6:30-8:30PM.  Full schedule and details are available at

Tuition is $3077 if you register by June 25th, using Discount Code DRIVE13.

Some of what you will learn includes:

  • The tactics used by computer attackers
  • The latest attack vectors and how to stop them
  • Proactive and reactive defenses for each stage of an attack
  • Strategies and tools for detecting each type of attack
  • Attacks and defenses for Windows, Unix, switches, routers and other systems
  • Application-level vulnerabilities, attacks, and defenses
  • How to develop an incident handling process and prepare a team for battle
  • Legal issues in incident handling
  • How to recover from computer attacks and restore systems for business

When registering, it would be a great help to me if you would enter “MENTOR RECRUIT” in the Comments section of the registration.

Thanks, and I look forward to seeing some familiar faces in July.