Archive for the ‘Tips & Tricks’ Category
Monday, August 15th, 2011
SANS Information Security Reading Room has recently publicized a whitepaper about iOS security where they mentioned our software – Elcomsoft iOS Forensic Toolkit – in a section about encryption. Kiel Thomas, the author of the whitepaper, explained one more time the main principles of iOS 4 encryption, which became stronger in comparison with iOS 3.x and how our toolkit can bypass new strong algorithms.
In its next part about iTunes Backups Kiel touches upon Elcomsoft Phone Password Breaker which virtually crunches backup passwords at speed of 35000 passwords per second (with AMD Radeon HD 5970) using both brute force and dictionary attacks, here are some benchmarks.
It seems the paper does not miss out on any nuance about iOS 4 and provides practical advice to either avoid or prevent from the depressing outcomes, such as loss of data. Closer to the end of the paper you will also find several sagacious tips for using the devices within organizations, including passcode management, a so called “first line of defense” which according Kiel’s view “can be matched to existing password policies”, however he inclines to use passwords instead of 4 digit passcodes.
And in conclusion the author discovers that smartphone and tablet security measurements resemble the ones of laptops, because they all belong to mobile devices. Find out more details in the source itself: http://www.sans.org/reading_room/whitepapers/pda/security-implications-ios_33724
Tags: Elcomsoft iOS Forensic Toolkit, Elcomsoft Phone Password Breaker, iOS, iOS Forensic Toolkit, passcode, SANS
Posted in Cryptography, Did you know that...?, General, Tips & Tricks | No Comments »
Thursday, November 11th, 2010
What i
s a Web browser for you? It’s virtually a whole world, all together: web sites, blogging, photo and video sharing, social networks, instant messaging, shopping… did I forget anything? Oh yes, logins and passwords. :) Set an account here, sign in there, register here and sing up there – everywhere you need logins and passwords to confirm your identity.
Yesterday, we recovered login and password information to Internet Explorer only, but it was yesterday… Now, Mozilla Firefox, Apple Safari, Google Chrome and Opera Web browsers are at your disposal.
Let’s plunge into some figures…
(more…)
Tags: Chrome, DES, DPAPI, EINPB, Elcomsoft Distributed Password Recovery, Elcomsoft Internet Password Breaker, Firefox, Network Security Services, Opera, plist, Safari, SQLite, Web Browser
Posted in Elcom-News, General, Industry News, Security, Software, Tips & Tricks | No Comments »
Tuesday, November 2nd, 2010
Although this new book is on sale from January this year, we are happy to officially say our words of gratitude to Kevin Beaver and advise it to you.
In his book Kevin insists that the best way to really understand how to protect your systems and assess their security is to think from a hacker’s viewpoint, get involved, learn how systems can be attacked, find and eliminate their vulnerabilities. It all practically amounts to being inquisitive and focusing on real problems as in contrast to blindly following common security requirements without understanding what it’s all about.
Kevin extensively writes on the questions of cracking passwords and weak encryption implementations in widely used operating systems, applications and networks. He also suggests Elcomsoft software, in particular Advanced Archive Password Recovery, Elcomsoft Distributed Password Recovery, Elcomsoft System Recovery, Proactive Password Auditor, and Elcomsoft Wireless Security Auditor, as effective tools to regularly audit system security and close detected holes.
In this guide Kevin communicates the gravity of ethical hacking in very plain and clear words and gives step –by- step instructions to follow. He easily combines theory and praxis providing valuable tips and recommendations to assess and then improve security weaknesses in your systems.
We want to thank Kevin for testing and including our software in his very “digestible” beginner guide to hacking and recommend our readers this book as a helpful tool to get all facts in order. 
Tags: Advanced Archive Password Recovery, Elcomsoft Distributed Password Recovery, Elcomsoft System Recovery, Elcomsoft Wireless Security Auditor, Encryption, hacking, Hacking for Dummies, Kevin Beaver, password, password recovery, Proactive Password Auditor, Security
Posted in Did you know that...?, General, Security, Software, Tips & Tricks | No Comments »
Wednesday, May 12th, 2010
Two months ago I wrote a blog post "ATI and NVIDIA: Making Friends out of Enemies" where (among other things) I wrote:
Developing software for ATI cards is (okay — was) a nightmare. In 2009 ATI quietly introduced two changes in their drivers which made previously perfectly functional and compatible applications to crash (if you are curious: with Catalyst 9.2 or 9.3 they’ve changed names of supporting DLLs bundled with drivers; with Catalyst 9.9 or 9.10 they’ve probably changed format of underlying binary so that anything compiled and linked in with earlier versions caused a driver to crash).
Well, with the release of Catalyst 10.4 drivers ATI is again at it. This time problem only affects users who have display adapters from different vendors in their computer. Applications utilizing ATI Stream will work on such configurations just fine with Catalyst 10.3, but once you upgrade to 10.4, applications will crash with faulting module being aticaldd.dll, a part of ATI Display driver. Kinda embarrassing, I would say. Regression testing is really something one with millions of users should consider.
Users of our software relying on ATI hardware accelerations (as well as any other ATI Stream enabled applications) should not update to 10.4 if ATI Readeon is not the only card in their computer.
Tags: ATI, ATI Stream, Catalyst
Posted in Hardware, Tips & Tricks | 1 Comment »
Tuesday, August 4th, 2009
Every time when you open a document in Advanced Office Password Recovery it performs the preliminary attack in case when the "file open" password is set. This attack tries all passwords that you recovered in past (which are stored in password cache), dictionary attack and finally the brute-force attack is running.
The brute-force attack consists of two parts:
1. Trying digits and latin letters
2. Trying national characters depending on code page set in Windows.
Before this time these parts were hardcoded in the program. The new version of Advanced Office Password Recovery has an option to customize the preliminary brute-force attack.
Look to the directory where AOPR is installed. There is "attacks.xml" file inside. The first section of this file is the language map:
The codes are Windows language identifiers. You can link any LID to your custom name.
The next section contains predefined charsets:
.gif)
All charsets are in unicode so you can define any national characters here.
And the final section is "documents". All parts of this section has comments about document types. You can define the "common" charsets and charsets that are related to system language. Each "attack" record defines password length and charset.
In this XML file you can simply change the standard preliminary attack and define the custom charsets for your language. I hope this will help to recover your Office passwords faster.
Posted in Software, Tips & Tricks | 3 Comments »
Tuesday, July 7th, 2009
.jpg)
Ever heard of password masking problem? To be honest, I have not – until I’ve read the Stop Password Masking article by Jakob Nielsen (somewhere referred to as "usability guru"), followed by a lot of other publications, blog posts and comments (see ‘em all); so-called security guru Bruce Schneier wrote even two essays on that.
Well, that reminded me of a very funny stupid CAPSoff Campaign…
In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.
(more…)
Tags: Bruce Schneier, Jakob Nielsen, password masking, password recovery, password security, passwords, PGP
Posted in General, Human Factor, Security, Software, Tips & Tricks | 3 Comments »
Monday, July 6th, 2009
New statistics* shows disaster recovery (DR) is getting more attention, and more upper level execs become involved with DR issues. Ideally, each company should have an emergency plan in case of power/system failure, loss of access, outside attack, sabotage or else – called DRP (disaster recovery plan) or even DRRP (disaster response and recovery plan). DRP is only a part of risk management practices which ensure emergency preparedness and risk reduction and include such initiatives as regular data backups, stocking recovery software, archiving, etc. – these activities are reflected in PMI and NIST standards.
(more…)
Tags: Advanced EFS Data Recovery, Disaster Recovery, DRP, Elcomsoft System Recovery, NIST, Security Standards
Posted in General, Security, Software, Tips & Tricks | 2 Comments »
Thursday, June 18th, 2009
In this entry I’d like to suggest a kind of a list of various legal decisions on password [ab]use I could find on the web. Your add-ins are welcome, just put in any other acts you know…
Georgia Computer Systems Protection Act
(e) Computer Password Disclosure. Any person who discloses a number, code, password, or other means of access to a computer or computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim expenditure) to the owner of the computer or computer network in excess of $500.00 shall be guilty of the crime of computer password disclosure.
Tags: computer cryme, computer fraud, Computer password disclosure, computer trespass, identity theft, password
Posted in Did you know that...?, General, Security, Tips & Tricks | 2 Comments »
Monday, June 1st, 2009
Today’s technologies allow staying online practically 24 hrs a day, periodically falling into a sleeping mode. The Internet became easily accessible and numerous devices can connect us to the web from everywhere, and every time when we surf the web we are being registered, at least via IP address of our devices.
I bet it was more than once that you had to fill out a sort of name-company-position-email-telephone-whatever form when registering or subscribing to something. Do you think about preserving privacy of your information when leaving such data on someone’s website? (more…)
Tags: AIEPR, online passwords, password recovery, phishing, secret questions
Posted in General, Human Factor, Security, Software, Tips & Tricks | 1 Comment »
Friday, May 22nd, 2009
Wow, Adobe rethinks PDF security. Curious why? Because of vulnerabilities in Abobe Reader (and so zero-day exploits), of course. From the article:
According to Finnish security company F-Secure, patching 48.9% of all targeted attacks conducted this year involved a malicious PDF file attached to a legitimate-looking e-mail, a huge change from 2008, when PDFs made up just 28.6% of targeted attacks.
But security model of PDF encryption/protection is not going to change, [un]fortunately. (more…)
Tags: Acrobat, Adobe, AES, exploits, GPU acceleration, PDF, RC4, vulnerabilities
Posted in Human Factor, Security, Software, Tips & Tricks | No Comments »