GPU Processing And Password Cracking

September 27, 2010 by James Munns 53 Comments

Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is processing complexity. The more operations that need to be run, the longer it takes, and the less useful each tool is for cracking passwords. In the past, most recommendations for password security revolved around making sure your password wasn’t something predictable, such as “password” or your birthday. With today’s (and tomorrows) GPUs, this may no longer be enough.

Continue reading “GPU Processing And Password Cracking” →

Password Exploitation Classes Online

September 9, 2010 by Caleb Kraft 9 Comments

open sesame

Irongeek.com is hosting an online class on password exploitation. The event was a fundraiser called ShoeCon, but they are hosting the entire series for everyone to share. Not only are the videos there, but you can download the powerpoint slides as well. There is a massive amount of information here on various topics like Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win. There’s so much info, they split it into 3 sections. The videos are fairly long, between 1 and 2.5 hours each. What might surprise people is the amount of time that google is actually one of the main tools.

These videos can be a fantastic resource for hobby hackers, IT admins, and security professionals.

PHP Runtime Rewritten, By Facebook?

February 3, 2010 by Jakob Griffith 42 Comments

Yes, its true. Facebook has completely rewritten the PHP runtime to make it faster and more efficient, and its completely open source. Named HipHop, its described as a source code transformer, changing PHP into optimized C++ which is then compiled using g++. Thus keeping the best aspects of PHP while taking advantage of the performance of C++. Using HipHop, the Facebook web server CPU usage has been decreased by about fifty percent! And who would have thought that this and many other cool advances in programming, started at a Hackathon.

PS3 Exploit Released

January 27, 2010 by Mike Szczys 53 Comments

You can now download the exploit package for the PlayStation 3. [Geohot] just posted the code you need to pull off the exploit we told you about on Sunday, making it available on a “silver platter” with just a bit of explanation on how it works. He’s located a critical portion of the memory to attack. By allocating it, pointing a whole bunch of code at those addresses, then deallocating it he causes many calls to invalid addresses. At the same time as those invalid calls he “glitches” the memory bus using a button on his FPGA board to hold it low for 40ns. This trips up the hypervisor security and somehow allows read/write access to that section of memory. Gentleman and Ladies, start your hacking. We wish you the best of luck!

[Thanks Phileas]

Repair Or Improve Your NES

January 26, 2010 by Mike Szczys 20 Comments

There’s a warm place in our hearts for the original Nintendo Entertainment System. It’s too bad we don’t have that hardware sitting around anymore. But if you do there’s a chance it needs some TLC and there’s always room for a blue LED mod. [Raph] has a wonderful collection of NES hardware repairs and hacks that you should take a look at. These include replacing the power supply, fixing the cartridge connector, monkeying with the CIC chip, adding a reset button on the controller, converting the audio from mono to stereo, and yes, swapping in a blue LED. Oh, and as a side note, [Raph] gets a bit of extra hacker ‘cred for including “coded manually using VIM” at the bottom of his page. Classic.

SparkFun Product Used For Immoral Hacking

November 23, 2009 by Jakob Griffith 43 Comments

While we have our fun ethically hacking, its very easy to forget that sometimes our ideas could be used with malicious goals. Take for instance SparkFun’s BlueSMiRF – the device’s original intention is simply to act as a wireless serial cable replacement. After hackers discovered several PIN pads use a serial interface, they put one and one together to steal several hundreds of people’s personal bank accounts.

It seems SparkFun is getting a lot of heat lately, but we’re glad they stand up and address these issues. You can check out the original news clipping here.

Brute Force Attack On Twitter

January 7, 2009 by Caleb Kraft 22 Comments

[youtube=http://www.youtube.com/watch?v=IKNbggNJMVI]

Wired Threat Level has posted an interview with the hacker who recently broke into several high profile twitter accounts, such as Fox News, and Barack Obama. Since we know how much you all love twitter, we thought you might want to learn more about it. Apparently he used a brute force method to get into a member of the support team. The password was “happiness” which was cracked pretty quickly. This might be a good time to review your own strategies to prevent brute force attacks.