| ||Thread Tools|
|15th October 2012, 08:32||#1|
Join Date: May 2010
Apple security software reveals Windows passwords
Security software created by Apple is ideal for taking apart Windows machines according to a report from insecurity experts Elcomsoft.
The software can turn over Windows computers sold by Dell, Acer, and at least 14 other manufacturers and exploits Apple's fingerprint-reading software known as UPEK Protector Suite.
In July, Apple paid $356 million to buy Authentek which had bought acquired the technology from privately held UPEK in 2010.
Although Jobs' Mob is not responsible for creating the flawed software, it is playing its usual security games which place users at risk. Apple has yet to acknowledge the flaw or warn end users how to work around it.
UPEK software is used for logging into Windows computers using an owner's unique fingerprint, instead of a user-memorized password.
But Elcomsoft said the software makes users less secure than they otherwise would be because it stores Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve.
It takes seconds for people with the key to extract a password, company officials.
According to Ars Technica, Brandon Wilson, another security consultant, has confirmed the vulnerability and released open-source software that makes it easy to exploit it.
Easily decrypted passwords are stored in one of several registry keys located in HKEY_LOCAL_MACHINE\Software\Virtual Token\Passport\, depending on the application version. The duo said they released the software and additional information so that penetration testers, who are paid to penetrate the defences of their customers, can exploit the weakness.
When Protector Suite isn't activated, Windows doesn't store account passwords in the registry unless users have specifically configured an account to automatically log in.
According to Wilson, every version of the software labeled "UPEK Protector Suite" that he looked at has the vulnerability.
Dell and Acer, other PC makers that preinstall the software include Amoi, Asus, Clevo, Compal, Dell, Gateway, IBM/Lenovo, Itronix, MPC, MSI, NEC, Sager, Samsung, Sony, and Toshiba are vulnerable to attack from the Apple software.
UPEK Protector Suite is also rebranded by Lenovo as ThinkVantage Fingerprint Software, Wilson said.
Authentic issued a patch for UPEK Protector Suite in mid September which Wilson called a "band-aid" because under the new version, passwords are protected using encryption that's trivial to brute force.
Apple and Authentec both claim that the software is a safe alternative to account logins, and on that basis the product should be recalled.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Salesforce boss reveals dystopian future where software looks like Facebook||Stefan Mileschin||WebNews||0||24th September 2012 07:49|
|LinkedIn confirms security breach, 'some passwords' affected||Stefan Mileschin||WebNews||0||7th June 2012 08:40|
|Apple 10 Years Behind Microsoft on Security: Kaspersky Lab||Stefan Mileschin||WebNews||0||27th April 2012 09:17|
|Apple shows it hasn't a clue about security||Stefan Mileschin||WebNews||0||11th April 2012 09:43|
|Windows 8 to implement picture passwords||Stefan Mileschin||WebNews||0||20th December 2011 07:31|
|8 Out of 10 Software Apps Fail Security Test||Stefan Mileschin||WebNews||0||8th December 2011 08:02|
|iSpy software can read texts and steal passwords with its little eye (video)||Stefan Mileschin||WebNews||0||7th November 2011 07:53|
|Create a Shortcut to the Stored User Names and Passwords Dialog in Windows||jmke||WebNews||2||1st August 2008 09:31|
|Huge Security Hole Found in Symantec Antivirus Software||jmke||WebNews||0||27th May 2006 15:42|