How Do I Hack Thee?

Let me count the ways. Actually, I can't count them, because there are far too many.

Let me count the ways. Actually, I can't count them, because there are far too many. The explosion of networking, both local and wide-area, has created unprecedented levels of vulnerability. Once upon a time, the balance between hackers and the people who defend the systems was almost a fair fight.

Although the number of people at the top of the hacking game hasn't changed all that much, the number of people with moderate hacking or cracking skills—and tools—has increased dramatically. But the real population explosion has been among the clueless millions of newcomers to the connected world. The concomitant growth in network and server administrators causes some to be too ill trained or inexperienced to deal with the potential for invading systems.

The situation has been made worse by persistent high-speed connections, such as DSL and cable modems. Combining a persistent connection with file and print sharing leaves the door wide open for people to snoop your files and wreak havoc on your system. When you need to combine a home or small-office network with an Internet connection, the solution is a hardware or software firewall. You need a firewall, because people all over the world are probing your system for weaknesses all the time. You don't see the attacks, because you're not running a server, and the attacks aren't logged unless you're running a firewall that logs its attacks.

Also, many forms of security are illusory at best. Take user and server passwords. Network administrators are often either too lax or too overworked to purge terminated employees off the system, force people to change passwords often, or lock users out after a number of failed log-on attempts. Lockout, even for 15 minutes, can be a big deterrent, and the log files indicate that a security violation is in progress.

Many network administrators have no idea how vulnerable they are to cracking attacks. Password- cracking programs are abundant on the Web; one site has more than 50 of them in its collection. They include crackers for BIOS passwords, Zip files, POP mail, various operating-system log-ons, MSN Hotmail, and even brute-force PGP. I've tried some, and they work. But cracking tools are also invaluable for security audits, because they quickly expose users whose passwords are too easy or don't conform to your company's security policy. My tests show that long, mixed-case passwords with special characters can add days or weeks to a cracker's task.

One of the most notorious and, by contrast, most helpful crackers is L0phtCrack, which cracks Windows NT passwords from a workstation. One reader, a Windows NT system administrator, tried it from a no-privileges Windows 95 machine and was astounded to find that it uncovered 85 percent of his office's passwords in a mere 20 minutes and that it unlocked all but two in 24 hours.

L0phtCrack is from L0pht Heavy Industries (, a hacker group that produces powerful, sophisticated applications and tools. You can download and use L0phtCrack free for 15 days; registration is $100. L0phtCrack's history is interesting; you should read it. Microsoft first dismissed the program as a "theoretical" threat but has finally embraced it as the ultimate Windows NT password security test tool. If you're wondering if one of your employees read this column before you did and perhaps cracked passwords on your system, forget it. L0phtCrack has been downloaded over half a million times. If your system is insecure, it was cracked long ago.

Meanwhile, a couple of your clever coworkers may have figured out how to put their LAN adapters into promiscuous mode, where they can read all the network traffic, not just the packets addressed to them. This technology is the basis of network sniffers, those handy analytical tools that detect misrouted, damaged packets and other network problems. This is also the basis for massive security leaks.

Once again, L0pht comes to the rescue with AntiSniff, a new program that detects machines that are monitoring traffic. You can try it free for 15 days, and registration costs $350. The technical files at the L0pht site make fascinating reading. Check them out.

Finally, I've become convinced that you should be running a personal intrusion detector/firewall on your system, such as AtGuard or BlackICE Defender, even if you're behind the corporate firewall. I've detected several intrusion attempts by coworkers. Nothing malicious, mind you, just twisting the knob to see whether the door is unlocked.