Archive for June, 2009

The smallest password cracking device

Tuesday, June 9th, 2009

We wrote about the new iPhone last week, but these we only rumors. And now it is officially announced (on WWDC); the sales will start on June 17th (in the U.S.). Additional information is available at Apple web site: general and about iPhone 3.0 software update. But unfortunately, still no tech specs of its GPU; according to the above article, Maybe there is some truth to the rumors that Apple is using OpenCL. If that’s true, there will be (technical) ability to crack passwords on it, and the speed should not be disappointing.

News from the other side: Intel could Atomise handsets in two years. An era of portable password crackers is coming ;)

Did You Change Your Password on a Happy ‘Change Your Password Day’?

Monday, June 8th, 2009

 

Password management has got government support and the status of the national initiative in Australia. The National E-security Awareness Week is held from 5-12 June this year. A series of events and workshops take place across Australia to raise awareness of e-security risks.

In the interview to ABC radio, Australian Communications Minister Stephen Conroy urged to use stronger passwords and update them regularly. He recommended passwords that are 8 or more characters long, including lower- and upper-case characters, one digit and one special symbol. Passwords should be updated at least twice a year.

We welcome the Australian initiative to raise awareness of secure passwords. In the recent years we at ElcomSoft have been trying to draw attention to the fact that both individuals and businesses have to rethink passwords they use. Password recovery techniques have developed much thanks to growing potential of parallel computations and supporting architectures, cheaper graphic adaptors’ prices and constant cryptographic research.

We recommend changing your password every 3 months. Do not forget that for applications with 40-bit encryption (e.g.MS Office 97/2000) 8-character passwords are not enough. Never use any personal data or dictionary words for your password. Read our white papers to learn more about password strength.

 

Dark Tangent called for help in strengthening homeland security

Monday, June 8th, 2009

He started from hacking for fun (cracking phone systems), then he founded DefCon and Black Hat hacker conferences (btw, we had a chance to visit DefCon9 in 2001) and now Jeff Moss is chosen to take care of US cyber security affairs. No doubt, Jeff Moss has the guts to resist cyber terrorism and protect national interests. Good luck, Jeff!

Home and Corporate Wireless Security

Monday, June 8th, 2009

Securing home Wi-Fi remains uncertain when it comes to law. Some urge users are not liable when they use default security settings and it is manufacturer who is guilty when/if wireless network was ‘successfully’ abused. Others put whole responsibility on users. This is practically a question to law and usually its resolution depends on lawyers’ skills to gather and manipulate the details. Your security encompasses not only security against the law when you happen to fall a victim to an intruder, but also protection against that very intruder. In the long run, it’s up to you whether to endeavor to prove your innocence or take measures to build a reliable fence.

If we turn to corporate wireless security, this fence is a must, as it is public data and corporate confidential information that are at risk. Unfortunately, AirTight study shows that 57% of surveyed companies from 6 US districts and London still have to sort out their priorities in terms of data security. In my opinion, if protecting home wireless network can be a dark horse requiring scrupulous examination, nonexistence of corporate wireless security should have relevant decision in court.

Surely, I couldn’t leave this message without mentioning our newest product for Wireless Security Audit, so if you care and use passwords for Wi-Fi protection, use this tool regularly not to allow strangers to poke their nose into your network.

New iPhone

Saturday, June 6th, 2009

Latest rumors about iPhone: probably, it will have 3D Graphics Chip in it, according to Fudzilla article. Let’s hope that it will be CUDA-enabled, so we can make GPU-accelerated password cracker for it ;)

From COMPUTEX TAIPEI

Saturday, June 6th, 2009

Sorry I did not write blog for some time… Just returned from one-week vacation at Rhodos (Greece).

I think you’re aware of COMPUTEX TAIPEI — the largest computer exhibition in Asia and the second largest in the world, next to CeBIT in Germany. It is already running; actually; today (June 6th) is the last day. But this year that was almost nothing really new/interesting (from password cracking point of view, I mean) there. Well, just something about NVIDIA Tegra and ION, Intel Atom and AMD DX11 GPU: here is some coverage. And of course, The Ladies of Computex: part 1, part 2, part 3 and part 4; plus even some video :)

Microsoft UK NTO turns from praxis to theory

Friday, June 5th, 2009

 Jerry Fishenden, Microsoft National Technology Officer in the UK leaves his post to work on his own. He intends to elaborate “a guidebook for politicians and policymakers about what does and doesn’t work in terms of delivering an effective technology policy”

Source: CIO business technology leadership
Jerry Fishenden’s blog: http://ntouk.com/ 

 

Preliminary Larrabee perfomance revealed

Friday, June 5th, 2009

When it comes to Larrabee one of most intriguing things is its performance. Official information provided by Intel was not enough to get good estimation. In my previous post I’ve estimated it as "roughly equivalent to GTX 295". Well, it seems I was too optimistic. Latest rumors are that current Larrabee samples deliver same performance as GTX 285.

We’ve written earlier that Larrabee is probably delayed till early 2010. This almost certainly means that it will have to compete with next-generation ATI and NVIDIA cards, both are currently scheduled for Q3-Q4 2009 (ATI have even presented their new chip at COMPUTEX 2009).

Nonetheless, Larrabee still seems promising to us and we will definitely try our best to make our GPU-enabled products such as Distributed Password Recovery and Wireless Security Auditor compatible with Larrabee once it’ll become available.

Update (06/08): Intel’s ‘Larrabee’ to Be "Huge".

Hard news from COMPUTEX 2009

Wednesday, June 3rd, 2009

It looks like AMD has outrun NVIDIA today. Its World’s First Microsoft DirectX® 11 Graphics Processor, presented a few hours ago in Taipei, is currently the best hardware for Windows 7. Catch up, NVIDIA! However not many details of it suggested. At least enjoy the graphics:  

Password Usage Behavior Survey Announced

Wednesday, June 3rd, 2009

ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.

The questionnaire is well designed and if you have no time you can simply tick the matching answers which are prepared for your convenience. If you have a special experience to share or lots of thoughts on passwords, please take a while and use empty spaces provided for your own answers.

The survey is set to run for several weeks in order to cover more people, for we understand that summer is the best season for vacations. After the survey is completed and results calculated, we will release a full report with facts and figures. We tried to put sensible questions in the belief that results’ analysis will help us find out which questions should be better and more deeply highlighted in our articles, whitepapers, as well as in our blog.

This is the first our empirical research and we hope you will find it interesting and enjoyable. You definitely have your own opinion on passwords, and as you understand this survey is a perfect way for you to share that opinion. So what do you think? Be frank and open, take the questionnaire, and help us let others know about it.