20 December, 2012 | FierceCIO - http://www.fiercecio.com

New tool targets BitLocker, TrueCrypt full disk encryption

Russian digital forensics firm ElcomSoft has unveiled a new Forensic Disk Decryptor software that it says can make it possible to decrypt encrypted file volumes protected by tools such as BitLocker, PGP and TrueCrypt. [...] ElcomSoft has a long track record of successfully crafting attacks against security mechanisms such as the image verification system for Nikon and Canon cameras, the on-board encryption employed by the iPhone 3GS and even the encryption used by the BlackBerry Desktop Software to protect data backups.

20 December, 2012 | Simon Edwards - http://simonedwards.blogspot.ru

Popular disk encryption systems cracked

If you want your laptop's data to remain secure, even when stolen, one excellent solution is to encrypt the hard disk's partitions or even the whole disk. Popular options include Microsoft's BitLocker, Symantec's PGP Whole Disk Encryption and the open source TrueCrypt software. Elcomsoft has just announced that all of these encryption systems can be cracked by its new product, Elcomsoft Forensic Disk Decryptor.

11 October, 2012 | Threatpost - http://threatpost.com/

Deeply Flawed Apple-Owned Fingerprint Reader Software a Tough Fix

Caudill and fellow researcher Brandon Wilson recreated work done by Russian security company ElcomSoft, which specializes in password recovery solutions. Both were able to extract Windows passwords from the popular fingerprint reader, technology that was acquired by Apple earlier this year.

10 October, 2012 | CyberSecurity.ru - http://www.cybersecurity.ru/

Система аутентификации по отпечаткам пальцев подвержена уязвимости

Независимые ИТ-консультанты говорят об обнаружении серьезной уязвимости, из-за которой хакеры даже средней руки могут получить доступ к Windows-паролям на компьютерах Dell, Acer и 14 других производителей. Уязвимость была обнаружена в нескольких версиях программного обеспечения UPEK Protector Suite для считывания отпечатков пальцев и последующей авторизации на машине.

10 October, 2012 | VentureBeat - http://venturebeat.com/

Apple subsidiary still not patching ‘security’ software that leaves Dell, Samsung, Lenovo PCs vulnerable (updated)

Almost three months ago, Apple bought AuthenTec, a security company that builds sensors for PCs and phones to verify users and protect communications. One of the company’s products was Protector Suite, a secure way to log into Windows machines with your fingerprint. The only problem? The software stores inadequately encrypted passwords in the Windows Registry. In fact, according to ElemSoft, the passwords were almost in plain text. To put it bluntly, this “security solution” actually made PCs more vulnerable.

3 October, 2012 | Networkworld / Microsoft Insights - http://m.networkworld.com/

Microsoft Office 2013's enhanced protection scheme cracked ahead of official launch

Russian corporate security and IT audit firm ElcomSoft claims to have developed tools with the ability to recover plain-text passwords used to encrypt documents in Microsoft Office 2013. In addition to a host of improvements and other changes, Microsoft beefed up the encryption scheme used to secure users’ data in Office 2013. With Office 2010, Microsoft used an SHA-1 class algorithm with a 128-bit key to encrypt plain-text password-protected documents. With Office 2013, though, Microsoft has moved to a technically more secure SHA-2 class SHA512 algorithm to calculate the hash values for the encryption keys, but it appears even that wasn’t enough. ElcomSoft, a privately owned company headquartered in Moscow, has announced that it has already developed tools to crack Microsoft’s latest protection schemes. Shocking, I know.

26 September, 2012 | Simon Edwards Blog - http://simonedwards.blogspot.co.uk/

Office 2013 encryption cracked

According to Elcomsoft's researchers, Microsoft has done a great job beefing up the encryption of its Office documents. This has forced those who want to break it to move from brute forcing techniques to more advanced methods.

15 September, 2012 | Security Nirvana - http://securitynirvana.blogspot.com/

Elcomsoft, UPEK & more

Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a 'scrambled' format in registry. This allows an attacker through different entry points to get easy access to a users Windows password. I have no reason not to believe Elcomsoft in their claims, but UPEK/Autentec seriously disagrees. In the middle of this I happen to have some questions, and an opinion regarding biometric software today.

13 September, 2012 | Bright Side Of News* - http://www.brightsideofnews.com/

Hacking Your Fingerprint: ElcomSoft Finds Security Holes in Biometric Readers

When purchasing notebooks for the enterprise, one of most common requirements is that they have a fingerprint reader, since biometric is considered safe. However, while it may be hard to fake your footprints - a gaping hole was found in the software suite which can expose all of your saved passwords.

12 September, 2012 | SC Magazine UK - http://www.scmagazineuk.com/

Plenty for crypto fans at 44Con

Field Programmable Gate Arrays (FPGAs) allow cost-effective and highly tailored hardware acceleration for a wide range of computing problems and are a very economical solution to the processing needs of modern password cracking.