Your Mac OS X Lion Login Passwords can be Extracted With Ease
Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.
Mac OS Lion Passwords vulnerability relates to the user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware's software captures live Mac computer memory over FireWire and analyzes it, extracting these passwords, a process that takes just a few minutes--regardless of password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.
Apple finally updates iOS with a security certificate fix
Apple has issued an update to address a security vulnerability in its iOS mobile operating system.
The company said that the iOS 4.3.5 and 4.2.10 updates would address a flaw in the way devices handle data on SSL/TSL secured connections.
According to Apple, a malicious users could exploit a vulnerability in the handling of X.509 security certificates to intercept or modify secured. If exploited, the flaw could leave users at risk for data theft. Apple's update will address the issue by properly validating information on X.509 certificates. The iOS 4 update comes as Apple is preparing to launch the next version of its mobile platform. The company has released a beta version of iOS 5 which introduces the ability to wirelessly sync devices.
Military chip crypto cracked using power-analysis probe
German computer scientists have taken advantage of the powerful number-crunching abilities of graphics chips to demonstrate a practical attack on the encryption scheme in programmable chips.
Field Programmable Gate Array (FPGA) chips of the type used in embedded systems belonging to the military and the aerospace industry are vulnerable to attacks based on analyzing power usage during the power up sequence of the chip. The side-channel attack against the bitstream encryption mechanism used by Virtex 4 and Virtex 5 chips from Xilinx allowed researchers from the Ruhr University to extract a key used to decrypt configuration instruction files. The technique uncovered secret keys by analyzing fluctuations in power consumption during the decryption process.
Only one power up sequence needs to be monitored. The subsequent number crunching took up to nine hours, in the case of the more advanced Virtex 5 chip, or six hours in the case of the earlier Virtex 4. The approach is akin to listening to the clicks coming from the tumblers of a safe to work out a combination, but using variations in power consumption rather than sound.
