As you may already know Adobe was breached weeks back. This Breach affected roughly 152989508 users. Adobe encrypted the passwords with 3DES in ECB mode, the passwords in this leak are were all encrypted with the same key. Without that key, we cannot crack a single password. Since the key used to encrypt the passwords isn’t known (yet), researchers have been using a guessing technique of the user’s password hint. That’s right, Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. Matching this information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. This list below was compiled by Jeremi Gosney. (more…)

The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.

Watch the video to see how easy it is to use.

And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::

p.s they also have an Apple Mac version too.

Microsoft GINA technology which stands for Graphical Identification ‘N Authentication is responsible for graphically handling logon requests when events such as CTRL-ALT-DEL are received. Tyler Wrightson finally released his modified GINA stub that silently logs usernames and domains for XP and Win2k. You can dpwnload it ::here::. More information about how GINA works can be found in his excellent blog post.

This will not work for Vista and later Operating Systems, as they have switched to the Credential Provider model. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on). Have no fear he also released a version for Vista/7 ::here::. More information can be found in his blog post.

The Bible might not be quite the good book it claims to be. It’s being employed to help crack passwords to great effect.

The article explains how security researchers Kevin Young and John Dustin have been using books acquired from the Project Gutenberg repository to help them create a massive database of words and phrases to help crack passwords. Feeding in the contents of the Bible, plenty of other books, and Wikipedia, then testing it on 344,000 passwords leaked from intelligence firm Stratfor in 2011, the pair had great success.

Src: arstechnica.com

A restricted screen bypass via design glitch is detected in the official Apple iOS v7.0.1 for Mobile Devices (iPad|iPhone).
The security vulnerability allows local attackers to bypass the display screen of the restricted sim locked mode.

The bypass vulnerability is located in the iOS v7.0.1/7.0.2 when the `sim locked` mode of an iphone mobile is activated.
Local attackers can redirect the sim locked display to the regular default mode by using a restricted calculator function in
combination with the shutdown and unlock button. As result the local attacker is able to glitch > jump into the regular locked
phone mode with calender + hyperlinks, camera and control center. The regular sim locked display is at the end usable like in
the regular mode without sim locked label in the screen.

The local sim lock screen display bypass vulnerability can be exploited by local attackers with physical device access and without
user interaction. Successful exploitation results in the bypass of the sim lock mode to the regular lock mode. In a earlier test (7.x)
we combined the earlier discovered issues to first unlock the sim display (locked sim card) and bypass the pass code to fully compromise.
(more…)

You can bypass the HTC One lockscreen by swiping up from the bottom center of the screen during restart. You have a less than 500ms window in which to swipe up before the lock pattern is enforced.

Using a technique he outlined over 10 years ago, starbug from CCC has broken the biometric lock on the new iPhone.
Source: ccc.de

Here’s how it works:

• Swipe up on the locked phone to get to the control panel
• Open the stopwatch app
• Go over to alarm clock
• Hold the power button until you get the “Power down” prompt
• Hit the cancel button and immediately hit the home button twice, holding it down just a little longer on the second press. Like, buh-baah. It takes a try or two to get the hang of.

Then you’re in the target’s multitasking menu. If you go to the camera app, you’ll have unrestricted access to the Photo Stream, and can share the pictures from there with email, Twitter, and more.

Update:
someone else figured out another work-around here.

Cisco’s WebEx is a hugely popular platform for scheduling meetings. You can conduct video and voice calls, screen sharing, and chat through the system. WebEx also provides a One-Click Client that offers standalone meeting scheduling and outlook integration so that users can avoid the Web Portal. This is how to reverse the password

SRC: blog.opensecurityresearch.com

Awesome write on how the major web browsers store your password and how you can recover them on
raidersec’s blog