And now…. we have Rainbow Tables for Microsoft Excel docs with 40-bit encryption. So, it became possible to reach near-instant recovery of 97% of spreadsheets created in MS Excel 97-2003. Unfortunately, due to specificity of Excel spreadsheets format it’s unreal to get 100%-recovery, still, you can use brute force to cover the rest 3%.  

Sad information: Hackers grab more than 285M records in 2008. Just curious, how about Sarbanes-Oxley Act, does it really work? 🙂

According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.

Nice lyrics stirs up hacker’s morning drowsy feelings 🙂
 

Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on. 

Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)

You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.

Fresh life experience…A very good friend of mine told me a story I would like to share with you with her kind permission. Recently she has found a new job in a medium size company. She was perfectly satisfied with her new position and new tasks. She also got a well equipped working place including her principal tool for work – computer, which actually she inherited from an ex-employee who lately moved to another company. The company could have bought her a new computer, but what for, if there was working one absolutely ownerless. Windows XP already installed along with numerous useful applications, even her favorite Safari was there.

The Encrypting File System (EFS) was first introduced in Windows 2000 and, as Microsoft claims, is an excellent encryption system with no back door.