|
|
On Fri, 12 Aug 2011 18:18:00 +0100, Orchid XP v8 wrote:
>>> (Obviously, before you try breaking people's passwords "for real",
>>> there are various political issues to consider. But I didn't even get
>>> as far as /testing/ the tool, since the AV classes it as "greyware".
>>> Which I suppose is reasonable.)
>>
>> Indeed, the proper way to do this in a production environment is to get
>> the approval of management so they know what you're doing and why.
>> It's a 'security audit' or 'password audit'. You don't want to get
>> caught doing any kind of penetration testing on your company's network
>> without TPTB being aware of it - that can lead to serious consequences
>> (potentially personal legal liabilities for that matter).
>
> Sure. But first I wanted to check whether the tool I've picked actually
> /works/, and have a bit of a play around with it. /Then/ I might see
> about using it on real passwords...
That's what a lab server is for (ie, a server in an IT lab, not a server
in the lab you work for <g>).
You might have to disable the AV software, since it's 'greyware' (that's
a term I've not heard before, but presumably it means 'this is a hacking
tool', to which one might say 'well, duh!').
Jim
Post a reply to this message
|
|