Passware Kit decrypts hard disks encrypted with BitLocker or TrueCrypt in a matter of minutes if the target computer is running. Now Passware Kit is capable of this instant decryption even for powered-off computers by analyzing a hibernation file (hiberfil.sys).

The software instantly extracts BitLocker and TrueCrypt encryption keys from a hiberfil.sys file, which is created automatically when a system hibernates. This means that if the target computer with a mounted BitLocker or TrueCrypt hard disk has hibernated at least once, Passware Kit will instantly decrypt the hard disk even if the target computer is no longer running.
http://bit.ly/pw-55

The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund . The speakers were Dakykilla, Purehate_ and Irongeek.

Lots of password finding and crack topics were covered. Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much more.
(more…)

During a recent password audit, it was found that a blonde was using the following password:

“MickeyMinniePlutoHueyLouieDeweyDonaldGoofy”

When asked why such a big password, she said (wait for it)….

… that it had to be at least 8 characters long.

If you’re one of the many who are jailbreaking your iPhone to get options such as tethering, make sure you change the root access password once you do.
In addition to your possibly getting Rick-Rolled

Your jailbroken phone could possibly be held for ransom

If you’ve never changed the default device password, now’s the time. Here’s how:

The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

iPhoneName: ~ Mobile$

• At that prompt, type: passwd
• You’ll be prompted for the ‘old’ (current) password for the mobile user.  Enter this as the old password: alpine
• You’ll then be prompted to enter the new password – so just type in your desired new password.  Use good password principles if possible (long and stong).  You will not see characters appearing on the screen as you type – that’s normal, not a concern.
• You’ll then be prompted to re-enter the new password.  Do that.
• You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app.  There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful.  And you’re done with change for the mobile account.
• The second primary admin account for the iPhone is called root – so now you need to change that as well.
• Type this to switch to the root user: login root
• You’ll be prompted for the root user’s current password.  Enter this: alpine
• Type this to start the password change routine again: passwd
• Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account

http://www.thelstalk.com/how-to-hide-your-password/

Follow-up to yesterdays post. A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.
(more…)

Thousands of Windows Live Hotmail passwords have been leaked online, Microsoft has confirmed. The news was first reported by Neowin.
According to Microsoft, it “learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site” at some point over the weekend. Neowin.com originally reported that the credentials were posted to a developer forum on Pastebin.com on October 1. A google cache of pastebin was still available for hours after it was taken down.

The latest video card generation that is manufactured by ATI and Nvidia can be used to speed up password recovery attempts tremendously. Toolkits like Nvidia’s CUDA offer drivers and development examples to aid developer’s in the integration of gpu accelerated password recovery programs. One of the programs that is making use of the gpu to recover passwords is Rar GPU Password Recovery. The supported video cards at this point in time are ATI HD RV7×0s cards that include ATI Radeon 4870, 4890 and 4770 or Nvidia cards supported CUDA including GTX 260, 8600 GTS or 8600 GT. It is also recommended to have the latest Catalyst or Geforce drivers installed.

The developer provides some plain numbers to show the effectiveness of using the GPU to recover a rar password with four characters:

* ~168 passwords per second on single core of Q6600 @ 2.4Ghz
* ~325 passwords per second on 8600 GT
* ~3120 passwords per second on ATI HD4850
* ~2075 passwords per second on GTX260/192SP

The performance of the listed ATI card is almost 20 times that of a password recovery where only the cpu is used. The password recovery software is a command line utility and the developer is offering extensive information on the possible parameters that can be used to recover the password. The suggested length of the password should not exceed six characters although it is theoretically possible to start a password recovery for a password with up to 17 chars.
http://www.golubev.com/rargpu.htm