background preloader

Why passwords have never been weaker—and crackers have never been stronger

Why passwords have never been weaker—and crackers have never been stronger
In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too. The warnings Brooks and millions of other people received that December weren't fabrications. Within hours of anonymous hackers penetrating Gawker servers and exposing cryptographically protected passwords for 1.3 million of its users, botnets were cracking the passwords and using them to commandeer Twitter accounts and send spam. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.

http://arstechnica.com/security/2012/08/passwords-under-assault/

Related:  securityRégression des libertésPassword security

Oh great: New attack makes some password cracking faster, easier than ever A researcher has devised a method that reduces the time and resources required to crack passwords that are protected by the SHA1 cryptographic algorithm. The optimization, presented on Tuesday at the Passwords^12 conference in Oslo, Norway, can speed up password cracking by 21 percent. The optimization works by reducing the number of steps required to calculate SHA1 hashes, which are used to cryptographically represent strings of text so passwords aren't stored as plain text. Such one-way hashes—for example 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 to represent "password" (minus the quotes) and e38ad214943daad1d64c102faec29de4afe9da3d for "password1"—can't be mathematically unscrambled, so the only way to reverse one is to run plaintext guesses through the same cryptographic function until an identical hash is generated. Aumasson is the main designer of BLAKE, one of five finalist hash functions in the competition to designate the SHA3 algorithm.

How I cracked my neighbor’s WiFi password without breaking a sweat Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.

password analysis and cracking kit PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers. NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient. Before we can begin using the toolkit we must establish a selection criteria of password lists. BitLocker Drive Encryption Availability[edit] BitLocker is available in the Enterprise and Ultimate editions of Windows Vista and Windows 7. It is also available in the Pro and Enterprise editions of Windows 8.[4] Users of other versions of Windows that do not include BitLocker can use a third-party encryption program to satisfy the need for full disk encryption (see comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI; encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder.[5] An example of how to use the WMI interface is in the script manage-bde.wsf that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be encrypted using the graphical Control Panel applet as well.[6] Overview[edit]

Phil Zimmermann's Silent Circle Builds A Secure, Seductive Fortress Around Your Smartphone In the 1990s, cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann faced federal criminal investigation. His encryption software was so strong, it was charged, there was fear it violated arms trafficking export controls. Now Zimmermann has launched a new startup that provides industrial strength encryption for smartphone users.

Password Safe The security of Twofish in a password database Support Password Safe is now an open source project. As of February 7, 2014, the latest Windows version is 3.33. A Linux version is currently in beta. Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do. Five digital trends that will transform the way you run your business Here are five fascinating trends that are about to turn the way we do business on its head. Technology enthusiast Kevin Kelly compared technology to a biological organism: a complex, evolving organism, that moves so fast it's often hard for us humans to keep up. There are plenty of fascinating movements in the digital space happening at any given moment. Today, we're looking a little closer at some of the trends in technology that will have an enormous effect on the way business works. 1.

About The Honeynet Project The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.

DEAR APPLE: I'm Leaving You Ed Conway (@edconwaysky) is the economics editor for Sky News and the author of The Real Economy. He recently wrote a letter to Apple CEO Tim Cook explaining why he was done with the company. Ed gave us permission to reprint his letter via an email from his new Samsung. Dear Tim, There’s no easy way to put this so I’ll just come right out with it. I’m leaving you.

Related: