Author Archive

Something new….

Thursday, July 15th, 2010

According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking).  Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another.  One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” 🙂

What’s special about EINPB? Let’s have a quick jog through some of its features. Our new tool instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox & identity passwords in lots of Microsoft versions. It as well supports the new security model employed by Microsoft Internet Explorer 7 and 8.

Think it can be of any interest for you, please visit our site http://www.elcomsoft.com & learn more about EINPB at http://einpb.elcomsoft.com.

ElcomSoft at EuroForensics 2010 in Turkey

Friday, April 2nd, 2010

Hurrying to inform you about our adventures in one of the most beautiful cities of Euro-Asian region, Istanbul. This March we were lucky to have a chance of participating in a big forensics and security focused international event in Turkey, namely EuroForensics 2010, thanks to our Turkish partners Forensic People, organizers & hosts of the event.

The city gave us a warm and sunny welcome, regarding its weather, so since the arrival we were filled with positive energy & cheerful mood. We were not only exhibiting, but delivering a presentation as well (however it had been cut in time because of the previous speaker). The exhibition/conference took part in the Military Museum of Istanbul, highly-protected military zone, so that to enter the exhibition area one should have all his belongings scanned. But it wasn’t that annoying, we respected local rules & policies (obedient guys).

Now, a few words about the conference itself. We arrived in Istanbul the day before the event in order to have time to see the city a bit and to organize our booth, want to notice that we were one of the first exhibitors to have our stand constructed in time, can’t resist praising ourselves in this respect 🙂 .

The first day of the exhibition was busy: hundreds of visitors, most of them were really interested and were in the topic of the show, which was actually a surprising fact for us. The rest two days were not that lively, to say the least of it, only the most forensics-obsessed people sacrificed their weekend to visit the exhibition, hope, it came up to their expectations 🙂 .

On the whole, it was worthwhile experiments for us, next year we think of having another go at it. Want to thank everybody who visited our booth & took interest in our software.

(more…)

New sweeping WPA Cracker & its alternatives

Tuesday, December 8th, 2009

It’s a well-know fact that WPA-PSK networks are vulnerable to dictionary attacks, though one cannot but admit that running a respectable-sized dictionary over a WPA network handshake can take days or weeks.

A low-cost service for penetration testers that checks the security of wireless networks by running passwords against a 135-million-word dictionary has been recently unveiled. The so-called WPA Cracker is a cloud-based service that accesses a 400-CPU cluster. For $34, it can run a password against all 135 million entries in about 20 minutes. Want to pay less, do it for $17 and wait 40 minutes to see the results.

Another notable feature is the use of the dictionary that has been set up specifically for cracking Wi-Fi Protected Access passwords. While Windows, UNIX and other systems allow short passwords, WPA pass codes must contain a minimum of eight characters. Its entries use a variety of words, common phrases and "elite speak" that have been compiled with WPA networks in mind.

WPA Cracker is used by capturing a wireless network's handshake locally and then uploading it, along with the network name. The service then compares the PBKDF2, or Password-Based Key Derivation Function, against the dictionary. The approach makes sense, considering each handshake is salted using the network's ESSID, a technique that makes rainbow tables only so useful.

Everything seems to be perfect, but for the fact that there exists another alternative to crack WPA passwords which allows to reach the same speed. Just instead of installing a 400-CPU cluster, it’s possible to set 4 top Radeons or about two Teslas and try Elcomsoft Wireless Security Auditor.

Elcomsoft Wireless Security Auditor: WPA-PSK Password Audit

ElcomSoft at INTERPOLITEX-2009

Tuesday, November 3rd, 2009

In the period from 27 to 30 October 2009 in Moscow the XIII International exhibition of security facilities of the State "INTERPOLITEX – 2009" took place.

Our team was lucky to participate in this great event organized by the Government of Russia. It was the first time that we had the opportunity to take part in this exhibition, hope not the last one 🙂 I’d like to share my opinion and overall impression of this event.

Actually, from the very beginning things went on smoothly, we were supplied with everything that was ordered (pleasant surprise for this country). Though we didn’t have much space at our stand, we were supposed to organize our booth very nicely, thanks to my colleagues, of course 🙂 so our booth, compared to all those enormous, two-storeyed stands, managed to attract the attention not only of gapers, but of security specialists and/or our potential clients as well. Here are some pics from the show:

(more…)