Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Erik Kamerling remove filter
Elcomsoft Debuts Graphics Processing Unit (GPU) Password Recovery Advancement
Erik Kamerling | 12 Nov 2007 | 0 comments

On October 25, 2007, Elcomsoft Co Ltd. inMoscow, Russia filed for a US patent on a reportedly new passwordrecovery method that makes use of a video card's graphics processingunit (GPU). Elcomsoft credits the February 2007 release of the NVIDIACUDA C-Compiler and developer's kit for providing the necessarylow-level GPU access they needed to make this cryptographicadvancement. The newest NVIDIA GPUs act as multiprocessors that utilizeshared memory, cache, and multiple registers. The newest graphics cardsutilize fixed point calculations, relatively massive amounts of memory,and multiple processing units. They differ significantly from acomputer's central processing unit (CPU) in terms of theircryptanalytic processing capabilities and Elcomsoft claims to haveleveraged newer GPU architectures to improve brute force passwordcracking by a factor of 25.

Statistics from Elcomsoft state that the new method can be used toexhaustively crack an eight character pseudo-...

Read more
Elcomsoft Debuts Graphics Processing Unit (GPU) Password Recovery Advancement
Erik Kamerling | 12 Nov 2007 | 0 comments

On October 25, 2007, Elcomsoft Co Ltd. in Moscow, Russia filed for a US patent on a reportedly new password recovery method that makes use of a video card's graphics processing unit (GPU). Elcomsoft credits the February 2007 release of the NVIDIA CUDA C-Compiler and developer's kit for providing the necessary low-level GPU access they needed to make this cryptographic advancement. The newest NVIDIA GPUs act as multiprocessors that utilize shared memory, cache, and multiple registers. The newest graphics cards utilize fixed point calculations, relatively massive amounts of memory, and multiple processing units. They differ significantly from a computer's central processing unit (CPU) in terms of their cryptanalytic processing capabilities and Elcomsoft claims to have leveraged newer GPU architectures to improve brute force password cracking by a factor of 25.

Statistics from Elcomsoft state that the new method can be used to exhaustively crack an eight...

Read more
Tricks of the Semi-Passive Adversary – Conclusion
Erik Kamerling | 01 Nov 2007 | 0 comments

In the previous entries in this series (part 1, part 2)I discussed the different tricks and indicators of issues involvingtimestamping anomalies, specifically with Windows-based computers. Now,from a defense and detection standpoint it is relatively easy to detectsuch activities on the network using a tool like Wireshark or its command-line equivalent tshark.

In the example below we make two assumptions: 1) Windows clients onour network should not be using the timestamp option on outgoing SYNpackets (this violates default configurations), and 2) a host on theoutside of our network that receives a SYN with no timestamp set shouldnot respond in turn with a...

Read more
Tricks of the Semi-Passive Adversary – Part 2
Erik Kamerling | 30 Oct 2007 | 0 comments

Welcome back. In my previous blog I was telling you about Kohno et al discovering how we can manipulate a Windows machine into starting to timestamp in the middleof a non-Tsopt enabled flow. If we have control of a machine that aWindows client connects to or we act in a man-in-the-middle (MiTM)capacity on a flow involving Windows hosts, we can perform a simpletrick. The “attacker” must actively modify a TCP SYN/ACK packet halfwaythrough the regular TCP handshake with a Windows host (server toclient) to incorrectly contain Tsval in violation of thetimestamp standard. If RFC 1323 guidance was adhered to in thissituation, a Windows system facing such an unexpected Tsopt in SYN/ACKwould not begin to timestamp its packets. However, it was discoveredthat if we introduce such a Tsopt-enabled SYN/ACK we can trick...

Read more
Tricks of the Semi-Passive Adversary
Erik Kamerling | 28 Oct 2007 | 0 comments

Kohno, Broido, and Clafy introduced theseminal paper "Remote physical device fingerprinting" at the IEEESymposium on Security and Privacy held May 8-11, 2005. In this paperthey outlined for the first time how TCP timestamp values can be usedto physically differentiate one Internet-connected host from another.Their work is based on the concept of “clockskew,” which is the amountand rate at which a computer's clock uniquely deviates from a baseline.Every physical machine's internal clock components deviate from truetime in a measurable and unique way. By measuring this drift patternusing linear regression/curve fitting (using the TCP timestamps option(Tsopt) value in normal TCP traffic) they were able to passively andsemi-passively perform clockskew calculations on remote hosts thatallowed them to accurately fingerprint individual computers. Thiscutting-edge methodology has subsequently enabled them to perform amyriad of brand new de-anonymization attacks.

...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,806