Today we congratulate all system administrators and those substituting them when these are busy with "the most important problem" of someone else's. We wish you great health and nerve in your multi-tasking job. 
Thank you!!
Our P.U.B. survey goes on, we'll be very much obliged for your ticks
According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking). Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another. One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” 
What’s special about EINPB? Let’s have a quick jog through some of its features. Our new tool instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox & identity passwords in lots of Microsoft versions. It as well supports the new security model employed by Microsoft Internet Explorer 7 and 8.
Think it can be of any interest for you, please visit our site http://www.elcomsoft.com & learn more about EINPB at http://einpb.elcomsoft.com.
For the third time we've been invited to Beijing, China to participate in CCFC (China Computer Forensic Conference), to talk about password recovery and to conduct workshop on password recovery tools. Like two previous times, this time CCFC also was great. Lots of visitors, very nice audience and lots of smart questions. On the first day of conference I gave a talk on password recovery (mostly very generic and not very in-depth) and I'd like to share slides of that talk.
It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.
iOS 4 comes packed with a lot of nice features (long-awaited multitasking, background location services, iBooks and much improved Mail app just to name a few) and we are very pleased to announce today the release of the new version of Elcomsoft iPhone Password Breaker with support for iTunes 9.2 and iOS 4.
Elcomsoft iPhone Password Breaker (or EPPB for short) is a utility to recover passwords for encrypted and password-protected iPhone/iPod/iPad backups created with iTunes (please note that it’s not meant to recover or remove passcode lock on the device).
With iOS 4 Apple has completely changed the way backups are encrypted and stored. Backup and restore processes are way much faster now. Apple have also improved protection against password recovery attacks, thus making our job harder (password recovery is about 5x slower for new backups than for older ones).
We at Elcomsoft try our best to keep up with the times, so most of our tools & programs are adjusted to the latest technologically advanced features. The EPPB is not an exception, new version of EPPB fully supports both old and new backup formats. It also supports hardware acceleration using NVIDIA and ATI GPUs and Tableau TACC1441.
Hello! Yet again, we have launched a survey on password usage behavior.
As our previous survey went like a breeze (you will find the report in our archives), it is a logical next step that we decide to try one more time. From the very first survey we gained curious info, which was also interesting to publicity. Naturally questions about password protection are numerous and some of them remain dark, possibly a little too much so, that is why we are tempted to undertake one more “investigation”.
This time we expanded on questions and made some of them hypothetical, where you are put into a situation to find a way out. It is interesting to trace your way of thinking on both hypothetical and actual matters, so other questions are suggested to understand your attitude to real everyday situations you have to deal with.
As usually, survey completion will be finalized by a report.
We tried not to inundate our questionnaire with baffling questions, but if you still consider it time-consuming, you are welcome to answer one absurdly simple question on home page of ElcomSoft website.
C’mon you are within an ace of getting 10% discount for all our software; just find a little will-power to put a couple of ticks. Again, thank you for taking time from your busy day and completing our questionnaire. And feel free to channel this survey to your friends and colleagues.
Best of luck!
Hurrying to inform you about our adventures in one of the most beautiful cities of Euro-Asian region, Istanbul. This March we were lucky to have a chance of participating in a big forensics and security focused international event in Turkey, namely EuroForensics 2010, thanks to our Turkish partners Forensic People, organizers & hosts of the event.
The city gave us a warm and sunny welcome, regarding its weather, so since the arrival we were filled with positive energy & cheerful mood. We were not only exhibiting, but delivering a presentation as well (however it had been cut in time because of the previous speaker). The exhibition/conference took part in the Military Museum of Istanbul, highly-protected military zone, so that to enter the exhibition area one should have all his belongings scanned. But it wasn’t that annoying, we respected local rules & policies (obedient guys).
Now, a few words about the conference itself. We arrived in Istanbul the day before the event in order to have time to see the city a bit and to organize our booth, want to notice that we were one of the first exhibitors to have our stand constructed in time, can’t resist praising ourselves in this respect .
The first day of the exhibition was busy: hundreds of visitors, most of them were really interested and were in the topic of the show, which was actually a surprising fact for us. The rest two days were not that lively, to say the least of it, only the most forensics-obsessed people sacrificed their weekend to visit the exhibition, hope, it came up to their expectations .
On the whole, it was worthwhile experiments for us, next year we think of having another go at it. Want to thank everybody who visited our booth & took interest in our software.
Your organization probably has a written password policy. Accordingly you also have different technical implementations of that policy across your various systems. Most of the implementations does not match the exact requirements or guidelines given in the written policy, because they cannot be technically implemented.
We are glad to announce that we have a new contributor to our blog and we would like to introduce him to you.
Per Thorsheim is a security professional living and working in Bergen, Norway. He is currently certified CISA and CISM from isaca.org, and CISSP-ISSAP from isc2.org. You can follow him on http://twitter.com/thorsheim and read his personal blog at http://securitynirvana.blogspot.com.
ElcomSoft always have yet another pair of eyes for your privacy…
About a month ago, a SQL Injection flaw was found in the database of RockYou.com, a website dealing with social networking applications. The Tech Herald reports that 32.6 million passwords were exposed and posted online due to the flaw. The complete examination of the passwords from the list showed that the passwords in question are not only short as RockYou.com allows creating 5-character-passwords but also alphanumeric only.
A half of the passwords from the list contained names, slang and dictionary words, or word combinations. The Tech Herald enumerates the most common passwords: “123456″, followed by “12345″, “123456789″, “Password”, “iloveyou”, “princess”, “rockyou”, “1234567″, “12345678″, and “abc123″ to round out the top 10. Other passwords included common names such as “Jessica”, “Ashley”, or patterns like “Qwerty”.
Although the findings of the survey are deplorable, most sites do nothing to improve password security. At the same time some websites block special characters and do not allow users to choose them for passwords making user accounts vulnerable to malicious attacks.
As a part of problem solution, the Tech Herald sees sites enforcing users a hard rule of character length. We at ElcomSoft share the opinion that a password must be at least 9 characters long, consisting of upper and lowercase letters, numbers, and – preferably – special characters.
The article also highlights greater risks for the companies as attackers are using more advanced brute force attacks. According to the Tech Herald, “if an attacker would’ve used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.com users, it would take only one attempt (per account) to guess 0.9-percent of the user’s passwords, or a rate of one success per 111 attempts”.
Related articles and publications: