Archive for May 12th, 2009

Password-related news

Tuesday, May 12th, 2009

There is a few, so I’ll put ‘em all into a single blog post :)

First, Phoenix Technologies announced a program (for Windows XP/Vista) to link mobile phones with computer. But no, this is not about data transfer between the phone and PC. Indeed, this is a security system: walk away from your computer, and it will lock automatically; when the user returns, the program will automatically unlock the system. Of course, using Bluetooth (what else? :) ). More details on Phoenix Freeze web site.

Second, Researchers take over botnet, grab 56,000 passwords an hour. Actually, this is not a very fresh idea (to steal the passwords using the malware). More important: the researchers found that most users reused passwords for multiple sites. I can guess that there are even some users who have the same passwords for accessing web sites (from pet lovers forum to online banking) and critical business data. So instead of breaking your PGP Disk container (which is really secury, even with our GPU acceleration), someone can just get the password saved by your browser. You’re warned.

And finally, just a funny story: Creative passwords only useful if you can remember them. Btw, how many cats do you have? ;)

Hard disk recovery

Tuesday, May 12th, 2009

Highly recommended: Burned, Dropped, Drowned: HDD Recovery In Pictures. I hope that you will not encounter into such situations, though :) .

Another "funny" story about hard disks: US missile launch data on eBay hard drive.

Btw, if you’re looking for good disk/file recovery software, I can recommend you Handy Recovery (this is not an advertisement!). Simple, fast, cheap, and very effective. I’ve used it (personally) several times — it really works even when most of the other similar tools fail.

DC4420

Tuesday, May 12th, 2009

Apart from official IT Security events, London ethical hackers like to organize monthly meetings such as DC4420 in clubs, sometimes changing their location. In an informal manner they exchange their experience, represent new ideas and technologies.

We learned about this event first from icesurfer who follows us on twitter when he dropped by our booth at InfoSecurity Europe 2009 to say hello and so we’ve been lucky to get an invitation to this underground “techno-party”. 
 
After a busy day at the exhibition talking to all from sales guys to journalists this warm and welcome gathering tempted us to stay longer. However, our plane (back to Moscow) was to take off the next morning that is why we could only hear the first presentation (out of three) and to be frank got an over-the-top-pleasure hearing it.
In brief, Andrea Barisani and Daniele Bianco explained how one could find out what is being typed on the keyboard through searching electric signal oscillation registered on a common power socket or even water-pipe. All accompanied by humorous visuals starred by both speakers.
 
 
The second part of presentation introduced a new approach to a pretty known technology for electronic-acoustic reconnaissance – using laser microphone for registering sound vibration as far as 200-300m away. The idea is not fresh, and usually a common window serves as sound reflector. But our techies decided to use laptop cover/display for recording vibrations caused by pressing different keys on the keyboard. Each key has its particular sound. After analyzing laser vibration we get possible variants of typed text. Provided we know what language is being used, it is not a problem to find a right variant.
 
Smart presentations sandwiched between informal chatting and drinking beer gives an absolute sense of belonging to the world of wayward technologies.