XKCD posted quite nice comics with a reallife problem behind them. It is very likely that some Web-services do as described, either sell such info to third parties or use it for evil purposes. Our recommendation is if you cannot trust some of the websites, choose another unique password for them. It would be even wiser if you had different passwords for all websites you visit. Some even unimportant websites can aslo be cracked and even if they (better to say your data stored there) have no value at all, your password, can be tried for Facebook or LinkedIn, hopefully in vain.

In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.

ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.

Last week a colleague of mine, Andrey Belenko, gave a speech at the Troopers conference in Munich. Olga wrote about it in this blog. All the talks at Troopers were awesome. Soon the videos and slide shows will be available for downloading on Troopers website.

No, it’s no a typo :). COFEE means Computer Online Forensic Evidence Extractor, actually. Never heard about it? Then read Microsoft supplies Interpol with DIY forensics tool. Just don’t ask where to get it. We have not seen it either.

According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.

Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)

In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.