Archive for April, 2011

Nikon Image Authentication System: Compromised

Thursday, April 28th, 2011
ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras.
 
The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature.
(more…)

EuroForensics Conference 2011

Wednesday, April 6th, 2011

So we are back again from EuroForensics Conference which took place in Istanbul a week ago, and it feels everything went fantastic. All preparations were quick and painless (our special regards to Kaukab Jamal ZUBERI, Bilal YILMAZ, Meryem Parlak, Canan Tas and the whole team of Forensic People), the event went smoothly with a marked emphasis on the first day, when we were almost stunned by crowds of computer forensic specialists, military people in uniform, government and other security researchers (I personally have never seen so many officials at one place before).
 

(more…)

ElcomSoft Opens a Password Store to Sell Passwords Balancing Strength and Memorability

Friday, April 1st, 2011

Great news, ElcomSoft starts Elcomsoft Password Store, an online service to supply customers with guaranteed secure passwords. The new Password Store provides customers a variety of selections, and complies with all industrial and government requirements regarding the length and complexity of passwords being sold. As a value-added service, the company offers near-instant recovery of all passwords sold through its Password Store for a nominal fee.

The many different security policies and government regulations make standard practices of choosing passwords inadequate (passwords are too easy to break) or unfeasible (passwords are impossible to memorize, get written on yellow stickers, and get easily hijacked).  To facilitate the needs of its customers, ElcomSoft Co. Ltd. employed its extensive expertise in the areas of information security and password recovery, and offers a service to provide the perfect balance between password strength and memorability. After breaking millions of passwords, the company has inside information on what’s strong, what’s weak, and what’s adequate for every task.

Offering three strength levels and several additional options, ElcomSoft offers an economical way to create passwords perfect for the type of information they protect. Customers can choose passwords that are short and strong, long and extremely strong, or very long and guaranteed unbreakable. For a small extra fee, Password Store customers can choose passwords that are easy to pronounce or quick to memorize, without sacrificing a single bit of security. In addition, ElcomSoft offer a “gift-wrap” option that accompanies every password with a digital authenticity certificate.

As a value-added service, ElcomSoft offers exclusive password recovery service to all customers of its Password Store. For a nominal fee, forgotten passwords can be recovered in an instant. Under no circumstances will the company sell passwords to any third-parties or upload the lists to the three-letter agencies, government or law enforcement officials unless they become our clients and buy their own passwords.

More info at http://www.elcomsoft.com/password_store.html