From: InfoSec News (alertsinfosecnews.org)
Date: Fri Aug 28 2009 - 04:01:14 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://gcn.com/articles/2009/08/24/gcn-lab-review-mantech-crowbar.aspx

By John Breeden II
GCN.com
Aug 21, 2009

Pros: Easy to use, can set up password crack groups for greater hacking speed
Cons: Only works with MMC/SD cards
Performance: A
Ease Of Use: A
Features: C
Value: C
Price: $2,300

Sometimes breaking into a place requires a lock pick, and sometimes it
requires a crowbar. In this case, the crowbar is not a chunk of steel
but a handheld device used to crack even the most complex passwords.

There is one extremely effective way of breaking into a
password-protected computer, especially one without a lockout timer or a
security subsystem that looks for attacks: You simply need a program to
perform a dictionary attack against the password, trying every possible
word from the dictionary to see if any fit. You would be surprised at
how many people use a big word like "disestablishmentarianism" and think
that it can’t be hacked.

Sorry, but if it’s a real word, a dictionary attack will find it. If the
dictionary attack fails, the next step is to try dictionary words with
numbers after them, because a lot of people will use something like
Password1 and think that the number makes them secure. It does, but only
by a few seconds on a hack.

Barring that, there is the tedious process of trying every possible
character and letter combination in existence. This will work
eventually, though it might take hours or even days. These attacks can
be stopped if a program is monitoring for too many log-in tries. But
most handheld devices don’t have that protection, making them vulnerable
to attack.

[...]

________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]