It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Apple security software reveals Windows passwords Apple security software reveals Windows passwords
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Apple security software reveals Windows passwords
Reply
 
Thread Tools
Old 15th October 2012, 08:32   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 147,798
Stefan Mileschin Freshly Registered
Default Apple security software reveals Windows passwords

Security software created by Apple is ideal for taking apart Windows machines according to a report from insecurity experts Elcomsoft.

The software can turn over Windows computers sold by Dell, Acer, and at least 14 other manufacturers and exploits Apple's fingerprint-reading software known as UPEK Protector Suite.

In July, Apple paid $356 million to buy Authentek which had bought acquired the technology from privately held UPEK in 2010.

Although Jobs' Mob is not responsible for creating the flawed software, it is playing its usual security games which place users at risk. Apple has yet to acknowledge the flaw or warn end users how to work around it.

UPEK software is used for logging into Windows computers using an owner's unique fingerprint, instead of a user-memorized password.

But Elcomsoft said the software makes users less secure than they otherwise would be because it stores Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve.

It takes seconds for people with the key to extract a password, company officials.

According to Ars Technica, Brandon Wilson, another security consultant, has confirmed the vulnerability and released open-source software that makes it easy to exploit it.

Easily decrypted passwords are stored in one of several registry keys located in HKEY_LOCAL_MACHINE\Software\Virtual Token\Passport\, depending on the application version. The duo said they released the software and additional information so that penetration testers, who are paid to penetrate the defences of their customers, can exploit the weakness.

When Protector Suite isn't activated, Windows doesn't store account passwords in the registry unless users have specifically configured an account to automatically log in.

According to Wilson, every version of the software labeled "UPEK Protector Suite" that he looked at has the vulnerability.

Dell and Acer, other PC makers that preinstall the software include Amoi, Asus, Clevo, Compal, Dell, Gateway, IBM/Lenovo, Itronix, MPC, MSI, NEC, Sager, Samsung, Sony, and Toshiba are vulnerable to attack from the Apple software.

UPEK Protector Suite is also rebranded by Lenovo as ThinkVantage Fingerprint Software, Wilson said.

Authentic issued a patch for UPEK Protector Suite in mid September which Wilson called a "band-aid" because under the new version, passwords are protected using encryption that's trivial to brute force.

Apple and Authentec both claim that the software is a safe alternative to account logins, and on that basis the product should be recalled.

http://news.techeye.net/security/app...dows-passwords
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Salesforce boss reveals dystopian future where software looks like Facebook Stefan Mileschin WebNews 0 24th September 2012 07:49
LinkedIn confirms security breach, 'some passwords' affected Stefan Mileschin WebNews 0 7th June 2012 08:40
Apple 10 Years Behind Microsoft on Security: Kaspersky Lab Stefan Mileschin WebNews 0 27th April 2012 09:17
Apple shows it hasn't a clue about security Stefan Mileschin WebNews 0 11th April 2012 09:43
Windows 8 to implement picture passwords Stefan Mileschin WebNews 0 20th December 2011 07:31
8 Out of 10 Software Apps Fail Security Test Stefan Mileschin WebNews 0 8th December 2011 08:02
iSpy software can read texts and steal passwords with its little eye (video) Stefan Mileschin WebNews 0 7th November 2011 07:53
Create a Shortcut to the Stored User Names and Passwords Dialog in Windows jmke WebNews 2 1st August 2008 09:31
Huge Security Hole Found in Symantec Antivirus Software jmke WebNews 0 27th May 2006 15:42

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 08:33.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO