Archive for July, 2009

SysAdminDay

Friday, July 31st, 2009

Guys,

it is SysAdminDay today.  We wish you to have thankful colleagues that will respect your time and show gratitude each time you print a test page.  Let accountants brew you hot tea. We wish you tolerance each time users forget their passwords (passwords can always be recovered with our tools). Keep your networks safe and sound.

To celebrate SysAdminDay we are eating real salo in the office and singing this sysadmin song :)

The salo. Click to enlarge this piece. Mmmmmmmmm 

Believe me, it’s tasty.

Office 2010: two times more secure

Tuesday, July 28th, 2009

We are waiting for release of new Microsoft office suite – Office 2010. Right now Microsoft has only technical preview of new Office; this preview has been leaked from Microsoft and everyone can download it with the help of torrent trackers. We’ve got a copy of Office 2010 and analysed its (new) password protection.

Starting from Office 2007, Microsoft used password protection system called ECMA-376, developed by ECMA International. This standard is open and everyone can write ECMA-376 based protection which will be accepted by Microsoft Office. The standard allows to select hash and encryption algorithms as well as the number of hash rounds (up to 10 millions is allowed).

In Office 2007, ECMA-376 with SHA-1 hash and AES-128 encryption is implemented. The number of hash rounds is 50000 that makes password recovery really difficult and slow. Office 2010 also uses SHA-1 and AES-128, but the number of hash rounds is now 100000. Therefore password recovery for new Office files will be two times slower.

Here is a diagram of password recovery speed for Office 2007:

To get a speed for Office 2010, simply divide these values to 2. We’ll get about 175 pps on Core2 6600 and about 8750 pps on Tesla S1070.

Why don’t increase the number of hash rounds to 10 millions ? Security is really important but it always affects usability. The hash is calculating to verify a password and when each document block is decrypted. If we add hash rounds – the document decryption time is increased. If a document is opening in MS Office during one hour – its unacceptable despite of high security.

Anyway – Office 2010 documents will be more secure than Office 2007 ones. And the new encryption has backward compatibility – all Office 2010 documents can be opened in Office 2007. 

ElcomSoft News

Wednesday, July 22nd, 2009

 As the second summer month is coming to an end, it’s time to sum up our news and updates that you might have missed because of vacation in some tropical heaven. Last two weeks brought us really hot days, not only because of the temperature in Moscow City but also due to hard work on program updates. Here is the news:

  • We released the new version of Distributed Password Recovery. It features support for TheBat! and TheBat! Voyager mail clients master passwords (masterkey.dat) and passwords to TheBat! backup files (*.tbk). The GPU acceleration has been extended and now works for Domain Cached Credentials (DCC), as well as Office 2007, Adobe PDF 9, Windows logon passwords (LM and NTLM), WPA/WPA2, and MD5 hashes.
  • A new version of Elcomsoft Wireless Security Auditor was released. EWSA 1.03 is able to extract WPA-PSK password hashes from local systems when Wireless Zero Configuration is used.
  • Our website is now available in Spanish, Italian, and Polish. We promise to add more languages soon to bring our customers information in their native tongues.
  • Follow us on Twitter to be the first to receive our news or become a fan on our brand-new Facebook page. You can also subscribe to our newsletter.

Password masking: myths and truths

Tuesday, July 7th, 2009

Password masking: myths and truthsEver heard of password masking problem? To be honest, I have not – until I’ve read the Stop Password Masking article by Jakob Nielsen (somewhere referred to as "usability guru"), followed by a lot of other publications, blog posts and comments (see ‘em all); so-called security guru Bruce Schneier wrote even two essays on that. 

Well, that reminded me of a very funny stupid CAPSoff Campaign

In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.

(more…)

Disaster Recovery and its key objectives

Monday, July 6th, 2009

Disaster Recovery and its key objectives

New statistics* shows disaster recovery (DR) is getting more attention, and more upper level execs become involved with DR issues. Ideally, each company should have an emergency plan in case of power/system failure, loss of access, outside attack, sabotage or else – called DRP (disaster recovery plan) or even DRRP (disaster response and recovery plan). DRP is only a part of risk management practices which ensure emergency preparedness and risk reduction and include such initiatives as regular data backups, stocking recovery software, archiving, etc. – these activities are reflected in PMI and NIST standards.

(more…)

Encryption and decryption from security law perspective (Part II)

Friday, July 3rd, 2009

In my previous post I suggested several variants of computer security translated by different laws. Now I’d like to get to ciphers…again viewed by law.

So, how does the law see encryption and decryption issues through glasses of security standard? First of all, it says there simply should be encryption/decryption tools available.

ENCRYTION AND DECRYPTION (A) – § 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must:
“Implement a mechanism to encrypt and decrypt electronic protected health information.”

(more…)

Rumored AMD Phenom II X4 TWKR chips accessible?

Wednesday, July 1st, 2009

Not long ago I wrote about AMD’s TWKR when the first rumors reached the media. Now we have more news on that. And the sad one is that TWKR still cannot be purchased in retail and most probably won’t be, at least not the ones from the sought-after 100 exemplars that exist today.

Good one?

(more…)

Password by Toolman

Wednesday, July 1st, 2009

Do you understand a word? Except for "password"? Translator needed! :)