A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs).
Essentially, that means a lot of Internet users are affected. And potentially, passwords, private communications and even credit card information could be available to hackers courtesy of this newly-discovered bug.
A few people have been checking major websites to check if they’re vulnerable
Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version of this awesome bootdisk includes support for Win8.1 and a working ‘promote user to admin’ feature among other fixes and driver updates.
2 new commandline functions are:
samusrgrp: a command line tool to add users to groups or remove users from groups. Users and groups must be local (cannot be domain / AD). It can also list the groups with their members in several forms, the output can be used in scripts of course. Listing groups will also list domain users that are members of the group (if any), but it will not be able to look up the name, so it will be listed as a SID only.
sampasswd: Password reset from command line (scriptable) Or list users in SAM file in a few different formats.
Kon-Boot has updated to version 2.4, which ads the capability to bypass Windows 8/8.1 online account authorization. Definitely worth the price for the time and effort it saves.
As you may already know Adobe was breached weeks back. This Breach affected roughly 152989508 users. Adobe encrypted the passwords with 3DES in ECB mode, the passwords in this leak are were all encrypted with the same key. Without that key, we cannot crack a single password. Since the key used to encrypt the passwords isn’t known (yet), researchers have been using a guessing technique of the user’s password hint. That’s right, Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. Matching this information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. This list below was compiled by Jeremi Gosney. (more…)
The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.
Watch the video to see how easy it is to use.
And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::
p.s they also have an Apple Mac version too.
Microsoft GINA technology which stands for Graphical Identification ‘N Authentication is responsible for graphically handling logon requests when events such as CTRL-ALT-DEL are received. Tyler Wrightson finally released his modified GINA stub that silently logs usernames and domains for XP and Win2k. You can dpwnload it ::here::. More information about how GINA works can be found in his excellent blog post.
This will not work for Vista and later Operating Systems, as they have switched to the Credential Provider model. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on). Have no fear he also released a version for Vista/7 ::here::. More information can be found in his blog post.
The Bible might not be quite the good book it claims to be. It’s being employed to help crack passwords to great effect.
The article explains how security researchers Kevin Young and John Dustin have been using books acquired from the Project Gutenberg repository to help them create a massive database of words and phrases to help crack passwords. Feeding in the contents of the Bible, plenty of other books, and Wikipedia, then testing it on 344,000 passwords leaked from intelligence firm Stratfor in 2011, the pair had great success.
A restricted screen bypass via design glitch is detected in the official Apple iOS v7.0.1 for Mobile Devices (iPad|iPhone).
The security vulnerability allows local attackers to bypass the display screen of the restricted sim locked mode.
The bypass vulnerability is located in the iOS v7.0.1/7.0.2 when the `sim locked` mode of an iphone mobile is activated.
Local attackers can redirect the sim locked display to the regular default mode by using a restricted calculator function in
combination with the shutdown and unlock button. As result the local attacker is able to glitch > jump into the regular locked
phone mode with calender + hyperlinks, camera and control center. The regular sim locked display is at the end usable like in
the regular mode without sim locked label in the screen.
The local sim lock screen display bypass vulnerability can be exploited by local attackers with physical device access and without
user interaction. Successful exploitation results in the bypass of the sim lock mode to the regular lock mode. In a earlier test (7.x)
we combined the earlier discovered issues to first unlock the sim display (locked sim card) and bypass the pass code to fully compromise.
You can bypass the HTC One lockscreen by swiping up from the bottom center of the screen during restart. You have a less than 500ms window in which to swipe up before the lock pattern is enforced.