By John Leyden
25th April 2006
Infosec - As web apps are becoming more secure stolen laptops have
become among the easiest ways to break into corporate networks. High
profile firms such as Fidelity and Ernst and Young along with
celebrities such as Kevin Costner have lost laptops over recent
months. Concern over these thefts has focused on the exposure of data
left on these devices. But the potential to use stolen kit to lift
user credentials also poses a grave risk.
During a presentation at Infosec on Tuesday, penetration testing firm
SecureTest explained how DIY hardware devices or software available
for purchase from eBay might be used to reset or circumvent passwords
set in a laptop's BIOS. "If that fails you can always take the drive
out and fit it with a USB connector," explained SecureTest's Rob Pope.
A Linux tool called Backtrack, which can run from a CD loaded onto a
Windows PC, might then be used to get system keys and password hashes.
Windows stores the hashes of passwords derived from the LM algorithm
instead of directly storing passwords. But LM encryption is weak and
susceptible to brute force attack using Rainbow Crack or other tools.
SecureTest pre-computed a rainbow table of password hashes totaling
19GB. Thereafter obtaining the plain text of a password becomes a
simple job of matching password hashes. Most of the hacker tools in
this area are American so the inclusion of a pound sign in passwords
is capable of frustrating attacks.
Next up SecureTest showed how a program called Disk Investigator might
be used to extract the encrypted form of WEP key passwords or remote
desktop login credential from a Windows Registry file. It showed how a
program called Cain was able to decode Cisco VPN client passwords
given access to a purloined corporate PC. "What we find during
penetration testing is that most passwords are based either around the
Lord of The Rings, the names of planets or Star Wars," said Pope.
SecureTest md Ken Munro outlined a number of defences firms might
employ against the attacks the firm highlighted. Although not
foolproof, use of BIOS passwords is a significant barrier against
attack. Firm should avoid setting up machines that can be booted from
USBs, floppy discs, CD ROMs or from a network. Strong passwords
contained a mix of alphanumeric characters should be used. Finally
firms should implement either disc encryption or, at minimum, the
encryption of sensitive files, Munro advised. =AE
InfoSec News v2.0 - Coming Soon!