Categories

Recent Comments

Password-protected files

Written by admin on 27 December 2008

Do you wonder how vulnerable word-processing, spreadsheet, and zip files

are as users send them into the wild blue yonder? Wonder no more. Some

great utilities can show how easily passwords are cracked.

 

Cracking files

 

Most password-protected files can be cracked in seconds or minutes. You can

demonstrate this “wow-factor” security vulnerability to users and management.

Here’s a real-world scenario:

  •  Your CFO wants to send some confidential financial information in an Excel spreadsheet to the company’s outside financial advisor.
  •  She protects the spreadsheet by assigning a password to it during the file-save process in Excel 2002.
  •  For good measure, she uses WinZip to compress the file, and adds another password to make it really secure.
  •  The CFO sends the spreadsheet as an e-mail attachment, assuming that it will reach its destination securely.

 

The financial advisor’s network has content filtering, which monitors

incoming e-mails for keywords and file attachments. Unfortunately, the

financial advisory firm’s network administrator is looking in the contentfiltering

system to see what’s coming in.

  •  This rogue network administrator finds the e-mail with the confidential attachment, saves the attachment, and realizes that it’s password-protected.
  •  The network administrator remembers some great password-cracking utilities from ElcomSoft (www.elcomsoft.com) that can help him out. 

 

Cracking password-protected files is as simple as that! Now all that the rogue

network administrator must do is forward the confidential spreadsheet to his

buddies or the company’s competitors.

If you carefully select the right options in Advanced ZIP Password Recovery

and Office XP Password Recovery, you can drastically shorten your testing

time. For example, if you know that a password is not over 5 characters or is

lowercase letters only, you can cut the cracking time in half.

ElcomSoft's Advanced ZIP Password Recovery cracking a zip file

ElcomSoft's Advanced XP Password Recovery cracking a spreadsheet

Countermeasures

 

The best defense against weak file password protection is to require your

users to use a stronger form of file protection, such as PGP, when necessary.

Ideally, you don’t want to rely on users to make decisions about what they

should use this method to secure, but it’s better than nothing. Stress that a

file-encryption mechanism such as PGP is secure only if users keep their

passwords confidential and never transmit or store them in clear text.

  • If you’re concerned about nonsecure transmissions through e-mail, consider one of these options:
  •  Block all outbound e-mail attachments that aren’t protected on your e-mail server.
  •  Use an encryption program, such as PGP, to create self-extracting encrypted files.
  •  Use content-filtering applications.

Tags: , , , , , ,
Posted in Password Hacking | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search
SponsoredTweets referral badge

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

Improve the web with Nofollow Reciprocity.