The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Cached Windows passwords sound risky -- but aren't

http://www.flickr.com/photos/bwa32/6607434907/in/set-72157628651915739

I deal with a lot of customers who area worried about Windows password attacks. These days, the biggest fear is of pass-the-hash attacks, a topic I've written about many times in the past couple of years.

Often, when customers voice concern about pass-the-hash attacks, they ask me about cached log-ons in Windows. They've heard about the vulnerability and have read one or more whitepapers about it. Even Microsoft recommends disabling cached log-ons.

In fact, cached Windows log-ons aren't a big risk at all. I'll tell you why in a minute, but first, let's review the basics.