A new multi-platform password cracking tool hashcat was just released publicly.
Tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.
(more…)

A new study, which is being published in the Proceedings of the Human Factors and Ergonomics Society, details just how long we’ve been aware of the password problem. It cites a study of Unix passwords from 1979, which showed that about 30 percent of the passwords were four characters or less, and about 15 percent being words that appear in the dictionary. Fast forward to 2006, when a separate survey of 34,000 MySpace passwords revealed that the most common were “password1″, “abc123″, “myspace1″, and “password”.

src: arstechnica.com

The biggest risk to your Mac is if it is lost, stolen or physically compromised. If you setup a secure password as discussed previously and the thief can’t login, they can still gain access to all your data using one of the special start-up modes built into all Macs.

These start-up modes include booting from an install DVD and resetting the password, using Target Disk Mode to use your Mac as an external hard disk, or booting into Unix-style Single User Mode.

There is a way to protect your computer by setting a firmware password. The password is written into the computer’s firmware chips on the motherboard and if anyone tries to use a special start-up mode, they will be prompted for that password.

Apple provides a utility for setting a firmware password called Firmware Password Utility.

For Mac OS X 10.5.x, start from the Leopard Install DVD and choose Firmware Password Utility from the Utilities menu.

1. Click to select the checkbox for “Require password to change Open Firmware settings”, as shown below.

2. Type your password in the Password and Verify fields.

3. Click OK

4. Click lock icon to prevent further changes

5. Choose Quit from the application menu

Now, if anyone attempts to use any of the special start-up modes, they will be prompted for the firmware password you set.

via: mac101.net

ElcomSoft Claims 1 Billion Passwords/Sec Recovery; Uses GPUs in Parallel
Distributes tasks to multiple NVIDIA video accelerators

ElcomSoft has released a new version its Distributed Password Recovery program for recovering system and document passwords at speeds of up to 1 billion passwords per second. (more…)

Synopsis

The password checking routine of DriveCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

(more…)

Features:
» Runs on Windows, Linux/Unix, Mac OS X, …
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
(more…)