Cracking a Windows domain admin password used to be the sort of thing that required a rack of GPUs, a questionable website, and a small fortune in hardware. Now? A $600 laptop and a free set of rainbow tables from Google’s Mandiant division will do the job in under 12 hours. And the kicker? This vulnerability isn’t new. It’s been sitting in plain sight since 1999 . The Ghost of NTLMv1 At the core of this mess is NTLMv1 — an authentication protocol Microsoft introduced in 1993

If you want a single, unfiltered example of how the world manages to be simultaneously brilliant and boneheaded, look no further than the Louvre heist. I’ve seen breaches where the defenders did everything right and still lost — that’s life on the wire. This? This wasn’t that. This was a comedy of errors so spectacular it belongs in a heist movie with popcorn and a two-cocktail intermission. Here’s what went down, in plain terms your CISO will be too embarrassed to admit out