Posted on 07/01/2010 2:02:19 PM PDT by Gomez
A Russian software company today released a password cracking tool that instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail and Windows Live Mail.
Moscow based ElcomSoft, developer of the new password recovery tool, “Elcomsoft Internet Password Breaker,” says the product designed as tool to provide forensics, criminal investigators, security officers and government authorities with the ability to retrieve a variety of passwords stored on a PC.
With a price tag of just $49, it doesn’t seem as though investigators and government authorities are the real target market. These types of programs are by no means new, but this latest commercial software offering shows just how easily it is to gain access to such tools, even for non-technical users.
The password breaker gives users the ability to instantly retrieve the login and password information to a variety of resources such as those routinely cached by Web browsers. The tool can quickly recover cached logins and passwords to Web sites, including pre-filled forms and auto-complete information stored in the Internet Explorer cache. In addition, the tool makes it possible to instantly replace or reset IE Content Advisor passwords.
New features in Internet Explorer 7 and 8 include enhanced security for storing cached password information. The browsers encrypt the information with the URL of a Web site, making it impossible to access stored information without knowing the exact Web address of a resource. Elcomsoft Internet Password Breaker claims to work around this new security model by analyzing cached URL history and identifying Web sites last visited in order to retrieve login and password information stored for those Web sites.
The password cracking tool reveals passwords protecting access to email accounts, identities and Microsoft Outlook PST files. Supporting all versions of Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail, Elcomsoft Internet Password Breaker can retrieve the original plain-text passwords protecting access to mail accounts, POP3, IMAP, SMTP and NNTP news passwords. In addition, Elcomsoft Internet Password Breaker reveals Microsoft Passport passwords stored by Windows Live Mail, user identity passwords, and passwords protecting PST files created by Microsoft Outlook up to version 2010.
Elcomsoft Internet Password Breaker automatically identifies all supported products and user identities, locates all available accounts and PST files, and reveals stored password information.
With tools like these available to the masses, individuals and enterprises need to further consider full disk encryption solutions and additional security measures.
Better not be calling me a liar.
Oh, please. Surely, you can't be enough of a noob not to know the "bfl" means Bump For Later.
Is it? Too many three letter acronyms, in some chunks of the net it’s Big F#$%ing Liar. Don’t know which he meant, hopefully yours and not mine, I tried err to caution.
TY !
the weirdest thing about my ebay acct getting hacked is that the password was so weird,so strange it wasn’t guessable i don’t share a comp & no one else has access-ebay sent me a notice because their system recognizes IP addresses and somehow they picked up that it wasn’t my IP address that was using my acct/that’s what they told me anyway.
Somebody out there is doing some packet sniffing. I got a similar warning from Facebook last week that my account had been accessed from Turkey, and another friend of mine on FB got a similar warning, when FB thinks you got hacked they ask you some weird questions to prove you’re really you, it’s almost worth getting hacked.
Most people use 'bflr' meaning Bump For Later Reading.
Too many three letter acronyms, in some chunks of the net it’s Big F#$%ing Liar.
Way too many acronyms. On FR, though, 'bump' is used fairly often. I guess I just don't hang out in those chunks of the net where it means something else.
Don’t know which he meant, hopefully yours and not mine, I tried err to caution.
In the absence of any other indications, I'd say it was probably just a bump. If I were calling someone a liar, I'd certainly say why I thought so. I think that most people would.
I’ve seen bump for later, if I’ve seen bfl for that I don’t remember it, that’s why I googled it. I google a lot of TLAs, my brain hit TLA capacity a couple of years ago, with military parents, a career in software, and a lifetime of hating the government I’ve just seen too many, can’t keep track anymore.
I’ve seen people jump in, declare everything a person said to be wrong, and jump out again with no explanations or re-visit. You’re probably right, he probably did mean bump for later, but if he meant the other one it wouldn’t be the weirdest least explicable reply I’ve gotten on FR.
DYGI?
your being a little terse there,... when bfl is actually sent to someone instead of having a ‘none’ recipienent , then it is actually pretty rude to include someone else as the recipient for your reminders and to-do list.
BFL
i guess i could look up the term but in laymen’s terms what is packet sniffing?
While I agree that it’s rude to address a ‘bfl’ to someone, I’d suspect that it’s a case of the person neglecting/forgetting to clear the ‘to’ box.
I usually don’t assume malice without some basis for it.
'Packet sniffing' refers to snooping on someone else's traffic between them and their network or access point. An Ethernet card on a hard-wired network set to 'promiscuous' mode will see all of the packets going across the network. I believe that a wireless card can do the same for traffic between a user and his access point.
Packet sniffing is when somebody has a piece of software on the internet between you and your destination that is copying the data packets going back and forth and storing them for deciphering later. They’re usually looking for login data or better yet banking and credit card info. About the only way around it is encrypted data flow, and even that’s not proof positive.
ty for this info! :)
ty for this information :)
I didn’t read it as a bump, either.
I think that for me, it was the lowercase that threw me off, since I don’t usually misread that.
I wouldn’t be too worried about this software - it still requires access to the machine. If you’ve lost that battle, you’ve already lost the war.
Truecrypt is my favorite.
No kidding. I was a victim of identity theft. My credit rating went up.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.