Archive for May, 2009

Cost-effective video cards

Wednesday, May 20th, 2009

Considering a (new) AMD/ATI or NVIDIA video card for password cracking with Wireless Security Auditor or Distributed Password Recovery (to get the most from GPU acceleration technology — at an affordable price)? Read the Best Graphics Cards For The Money: May ’09 at Tom’s Hardware. I especially like the Graphics Card Hierarchy Chart.

Too much security won’t spoil the router, will it make it better?

Monday, May 18th, 2009

A number of D-link routers are now equipped with captcha feature. Sounds interesting. 

Chief technology officer in D-link says: "We are excited to be the first in the market to implement captcha into our routers, providing yet another layer of security to our customers".

No doubt, captcha is a wonderful spam filter for mails and a reliable obstacle to unauthorized access in the web, but is it as good for routers as for the web? (more…)

CUDA-enabled applications

Monday, May 18th, 2009

Tom’s Hardware has tested two mainstream NVIDIA cards (GeForce 9600 GT and GeForce 9800 GTX) on several CUDA-enabled applications. The applications were:

  • SETI@home
  • CyberLink PowerDirector
  • Tsunami MPEG Encoder
  • Super LoiLoScope
  • Badaboom

(more…)

Week of Scams

Friday, May 15th, 2009

This week has witnessed several scams involving social sites. On Tuesday Twitter users posted answers to their online security questions for everyone to see. On Wednesday Twitter account of the New York Times was hacked, and on Thursday we witnessed a phishing attack on Facebook. (more…)

Overclocked AMD/ATI card

Thursday, May 14th, 2009

AMD has hit another megahertz milestone record today. In fact, this is ATI Radeon HD 4890 card, overclocked to 1 GHz at the factory (normally, it runs at 850 MHz); surprisingly, air cooled (I thought that water cooling would be needed).

Laptop security – myths and mistakes

Wednesday, May 13th, 2009

Today’s businesses are very mobile. Sometimes you don’t even need to have a conventional office, it becomes virtual, it is always with you in your mobile phones, netbooks and laptops. Such mobile mini-offices stuffed with corporate documents and reports, partners’ data, confidencial correspondence, access passwords are in danger of being stolen, both virtually and physically. You can try to protect your laptop using laptop security cable locks but what if it was stolen? Let all your information go into adversary’s hands? Do you _really_ think that your Windows logon password is an impenetrable barrier for the adversary? Have you heard of Elcomsoft System Recovery? You still think your laptop is secure because you have BIOS password and/or partial drive encryption? Read an article by Kevin Beaver ‘Securing corporate data on your laptops’ , take off rose-colored glasses and revise your laptop security as suggested in Kevin’s step-by-step outline. 

 

NIST drafts new enterprise password management (open to publication, distribution and adaptation!)

Wednesday, May 13th, 2009

Probably you’ve already heard about this vicious circle thousand times:

Requiring that passwords be long and complex makes it less likely that attackers will guess or crack them, but it also makes the passwords harder for users to remember, and thus more likely to be stored insecurely. This increases the likelihood that users will store their passwords insecurely and expose them to attackers.

So, how to work out an appropriate password policy? Need help? Find some tips in NIST (The National Institute of Standards and Technology) study, GUIDE TO ENTERPRISE PASSWORD MANAGEMENT (DRAFT), which “has been prepared for use by Federal agencies”, but also “may be used by nongovernmental organizations on a voluntary basis”.

Here are some nuggets from the paper: 

• Organizations should review their password policies periodically, particularly as major technology changes occur (e.g., new operating system) that may affect password management.

Users should be made aware of threats against their knowledge and behavior, such as phishing attacks, keystroke loggers, and shoulder surfing, and how they should respond when they suspect an attack may be occurring.

• Organizations should consider having different policies for password expiration for different types of systems, operating systems, and applications, to reflect their varying security needs and usability requirements.

Do you have something to add? So, review and revise it freely – the paper is not subject to copyright. ;)  

 

More on SLI

Wednesday, May 13th, 2009

If you are going to purchase a new computer (or make it yourself), you should definitely think about graphics — for CAD/CAM, gaming, searching for extraterrestrial intelligence at home or password cracking. Of course, thinking of budget, too. I hope you’re already aware of NVIDIA SLI which allows to use multiple video cards, but how a single dual-GPU compares to two single-GPU ones? Read GeForce GTX 295 Vs. GTX 275 SLI: When Two Are Better Than One.

Password-related news

Tuesday, May 12th, 2009

There is a few, so I’ll put ‘em all into a single blog post :)

First, Phoenix Technologies announced a program (for Windows XP/Vista) to link mobile phones with computer. But no, this is not about data transfer between the phone and PC. Indeed, this is a security system: walk away from your computer, and it will lock automatically; when the user returns, the program will automatically unlock the system. Of course, using Bluetooth (what else? :) ). More details on Phoenix Freeze web site.

Second, Researchers take over botnet, grab 56,000 passwords an hour. Actually, this is not a very fresh idea (to steal the passwords using the malware). More important: the researchers found that most users reused passwords for multiple sites. I can guess that there are even some users who have the same passwords for accessing web sites (from pet lovers forum to online banking) and critical business data. So instead of breaking your PGP Disk container (which is really secury, even with our GPU acceleration), someone can just get the password saved by your browser. You’re warned.

And finally, just a funny story: Creative passwords only useful if you can remember them. Btw, how many cats do you have? ;)

Hard disk recovery

Tuesday, May 12th, 2009

Highly recommended: Burned, Dropped, Drowned: HDD Recovery In Pictures. I hope that you will not encounter into such situations, though :) .

Another "funny" story about hard disks: US missile launch data on eBay hard drive.

Btw, if you’re looking for good disk/file recovery software, I can recommend you Handy Recovery (this is not an advertisement!). Simple, fast, cheap, and very effective. I’ve used it (personally) several times — it really works even when most of the other similar tools fail.