Graphics cards encryption skulduggery

The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations out to apply tighter VPN controls, or abandon wireless networks altogether, in response.

Russian firm ElcomSoft has applied GPU acceleration technology to its password recovery tool to allow PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs.

By running the same software on a desktop with two or more NVIDIA GTX 280 boards installed, this figure increases to a factor of 100.

We've known for years that the previous generation of wireless encryption, WEP, was vulnerable to brute force attack. The infamous compromise of TJX, which resulted in the compromise of at least 45.7m credit card records, has been traced back to a hack in a weak security retail network with older point of sale terminals running WEP.

Elcomsoft advance makes WPA and WPA2 encryption open to attack. In fact, the software is specifically designed to support "passport recovery" on Wi-Fi networks running either WPA or the newer WPA2 encryption.

The software needs to intercept only a few packets in order to perform a brute force attack, where a huge number of possible passwords are tried in an attempt to stumble upon the correct code. ElcomSoft positions the tool as a means of auditing corporate Wi-Fi networks for inappropriately weak passwords.

The firm is also marketing its technology to forensic and government agencies, as well as data and password recovery services.

The raw horsepower of graphics chips, normally used as 3D graphic accelerators by gamers, can also be applied for a variety of other number-crunching password-breaking uses beyond uncovering WiFi passwords. Elcomsoft Distributed Password Recovery can also be used to recover Windows startup passwords, crack MD5 hashes, and unlock password-protected documents created by Microsoft Office or PDF files created by Adobe Acrobat, according to ElcomSoft.

More about Elcomsoft's tool can be found here.

Posted by Justin Payton in Adware, Spyware and Trojans at 15:27

Barracuda Networks has detected and begun blocking a malicious "backdoor" virus distributed through a socially engineered email made to look like it was coming from Microsoft.

The virus, categorized by Barracuda Central as "Trojan. Backdoor Haxdoor," is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message.

The email informs the recipient "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista."

The bogus email also "strongly" recommends that the recipient install an "update" to protect your computer against security threats and performance problems." Once installed the malware "phones home" and leaves an outbound TCP connection open to await further instructions.

Posted by Justin Payton in Adware, Spyware and Trojans at 09:40