Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
New Features:
- Added support for Windows 2008 Terminal server in APR-RDP sniffer filter.
- Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
- Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
[click to continue…]
As Microsoft prepares to release patches, researchers said they’ve seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in a driver used for the SMB file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. ET, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
Researchers don’t know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That’s dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs
[click to continue…]
Yahoo and Microsoft have announced a long-rumoured internet search deal that will help the two companies take on chief rival Google.
Microsoft’s Bing search engine will power the Yahoo website and Yahoo will in turn become the advertising sales team for Microsoft’s online offering.
Yahoo has been struggling to make profits in recent years.
But last year it rebuffed several takeover bids from Microsoft in an attempt to go it alone.
Yahoo shares closed down 12.1% on the day, while Microsoft shares moved up by 1.4%.
Microsoft boss Steve Ballmer said the 10-year deal would provide Microsoft’s Bing search engine with the necessary scale to compete.
“Through this agreement with Yahoo, we will create more innovation in search, better value for advertisers, and real consumer choice in a market currently dominated by a single company,” said Mr Ballmer.
“Microsoft and Yahoo know there’s so much more that search could be. This agreement gives us the scale and resources to create the future of search,” he added.
[click to continue…]
Microsoft has released more details about the security measures it is adding in Windows 7. The focus is on finding a balance between security and ease of use for businesses which have workers computing on the move.
Among the new or enhanced features:
Users can now use more than one set of firewall rules at once. The firm gives the example of a worker on the road who gets their Internet connection through a public network such as a wireless hotspot, but then needs to remotely connect to their corporate network. They will now be able to run different firewall set-ups for the two connections. An added benefit of this change is that firms can now set-up a standard firewall policy for all employees on the corporate network, regardless of where they are connecting from.
A DirectAccess feature automatically sets up a two way link between your computer and your corporate network whenever you are online. This also means your company can access your machine the moment you get online, allowing it to run any security checks or apply updates without having to wait for you to return to the office.
BranchCache uses cacheing to minimize the problem of workers visiting a branch office but being slowed by limited bandwidth. The goal is that accessing a corporate network from a branch office should feel as quick as if you were in the main office itself.
BitLocker To Go takes the existing hard disk encryption technology from Vista and applies it to removable media such as USB drives.
[click to continue…]
