DID you change your computer password?

This simple act can save money and protect your personal information, the Broadband Minister, Stephen Conroy, said yesterday as he launched the first “National Change Your Password Day”.

Senator Conroy, who revealed his own computer had this week been bombarded with more than 50 fake emails pretending to be from his bank, said people should change their passwords at least twice a year.

He recommended passwords always include letters and numbers and warned people to be vigilant. “Stop and think before you click on links or attachments,” he said.

“No one wants to lose their bank details to criminals or fall victim to an online scam and that’s why it’s important that people understand simple steps, such as getting a better, stronger password, can help them stay smart online and protect their personal information.”

He said this would build confidence in the digital economy, especially as more people increasingly use computers for personal, social networking and business purposes.

“Don’t just choose a password with your birthday or the name of your favourite football team. Get security software and update it regularly,” he said.

Meanwhile, the Auditor-General said he would have a full inquiry into the Government’s first failed broadband tender. The Opposition spokesman, Nick Minchin, has urged the audit into the process after Telstra was excluded on a technicality and the Government said none of the other bids was good enough.

The Government made the surprise announcement to instead set up its own $43 billion company to build the broadband network.

Via: smh.com.au

For those of you trying out the new beta version of Opera,the all new opera 10 BETA 2 does not detect previous versions of opera and does not offer upgrading from previous versions.If you want all your passwords copied just do this from a command prompt:

copy "%userprofile%\AppData\Roaming\Opera\Opera\profile\wand.dat" “%userprofile%\AppData\Roaming\Opera\Opera 10 Beta\wand.dat”

The biggest risk to your Mac is if it is lost, stolen or physically compromised. If you setup a secure password as discussed previously and the thief can’t login, they can still gain access to all your data using one of the special start-up modes built into all Macs.

These start-up modes include booting from an install DVD and resetting the password, using Target Disk Mode to use your Mac as an external hard disk, or booting into Unix-style Single User Mode.

There is a way to protect your computer by setting a firmware password. The password is written into the computer’s firmware chips on the motherboard and if anyone tries to use a special start-up mode, they will be prompted for that password.

Apple provides a utility for setting a firmware password called Firmware Password Utility.

For Mac OS X 10.5.x, start from the Leopard Install DVD and choose Firmware Password Utility from the Utilities menu.

1. Click to select the checkbox for “Require password to change Open Firmware settings”, as shown below.

2. Type your password in the Password and Verify fields.

3. Click OK

4. Click lock icon to prevent further changes

5. Choose Quit from the application menu

Now, if anyone attempts to use any of the special start-up modes, they will be prompted for the firmware password you set.

via: mac101.net

Three years after Symantec pulled the plug on L0phtcrack, the tool for auditing and cracking windows passwords is back. It was pulled from the market in late 2005 shortly after Symantec acquired @stake, @stake took control of the rights a year or so earlier when it merged with L0pht. With a price starting at $295, will it live up to it’s name when the market has many freeware options to choose from?

L0phtcrack team member Christien Rioux says the features such as scheduling and a dashboard that simplifies the process of disabling users with weak passwords makes the program stand out. “There are a number of enterprise administrative features that make the product worth it for organizations that are doing this on a regular basis,” he said. “It’s been a very long time that this has been out there. The benefit is that we’ve had the opportunity to interact and fix [customer] issues and take [in] their concerns.”

The $295 Professional versions includes:

• Password assessment
• Password recovery
• Dictionary support
• Hybrid support
• Brute force support
• International character support
• Wizard-based GUI
• Password quality scoring
• Remediation
• Windows & Unix support
• Executive reporting
• Remote system scans
• 500 User Accounts (Professional Version)

Chalk up another $300 for the admin version and it gives you support for

• Unlimited accounts
• Pre-computed hash (rainbow) table support
• Assessment scheduling

http://www.l0phtcrack.com

NSFW: Seems like the 2 singers’ cell phones were hacked in the past few days see the images here http://illmob.org/ NSFW

Vbootkit 2.0 has now been made open-source under GPL license.

Indian security researchers have released proof-of-concept code that can be used to take over a computer running Microsoft’s upcoming Windows 7 operating system, despite earlier promising not to make the code public for fear it could be misused.

VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source license.
Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).

Download Vbootkit 2.0 source code

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation

VIA: nvlabs.in

Password recovery is a fairly frequently used procedure for administrators and engineers. Even though we usually stack our passwords in some word, excel or text file, it’s very easy to forget to update them when changes occur. The end result is you find yourself locked out of the device, wondering what on earth could be the password.
Accessing a Cisco router requires certain privileges. Depending on the router’s configuration, you might be required to firstly log into the router and then enter the popular ‘enable’ password to elevate your access to privileged mode, from where you can issue configuration commands.

This article will show you how you can gain full administrator access to a Cisco router, bypassing all security passwords. The password recovery process, however, can be rendered useless if the administrator has previously configured the router not to allow this process to take place. In this case, the router will warn the user and, if he proceeds, all configuration will be erased, so there will be nothing to recover! (more…)

The Twitter admin hack appears to be the result of a successful social engineering attack against one of Twitter’s employees, using the same password reset “hack” that got Sarah Palin last year, the cracker gained access to the employee’s account by resetting their Yahoo! email account password. The hacker going under the handle of Hacker Croll featured 13 screenshots of Twitter’s admin panel, and commented that “The images were taken from the Admin area that was secured with .htaccess.” The screenshots featured internal data for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter