What tools can a hacker use to crack a laptop password?

BROWSE BY TAG Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Expert Archive: Information Security Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults Expert Archive: Information Security Threats The telltale signs of a network attack Will Google Chrome enhance overall browser security? Are there antivirus suites that pick up more than just run-of-the-mill viruses? Are social networking sites an easy target for malicious hackers? What are the dangers of cross-site request forgery attacks (CSRF)? Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? Best practices for using restriction policy whitelists Defining mobile device security concerns What are the risks associated with RIM's line of PDAs?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary graphical password  (SearchSecurity.com) identity chaos  (SearchSecurity.com) logon  (SearchSecurity.com) masquerade  (SearchSecurity.com) OpenID  (WhatIs.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) TACACS  (SearchSecurity.com) war dialer  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

If the laptop password described is merely the operating system password, an attacker with physical access to the machine could simply boot it from a Linux CD, mount the NTFS partition on the hard drive if it is a Windows machine, and change the administrator password to some value the attacker knows (possibly even blank). Peter Nordahl released a CD ISO image that performs this attack quite well against Windows NT/2000/2003/XP/Vista. Users can download Peter Nordahl's tool for free. Once the attacker has changed the admin password, he or she can then boot the system to Windows and log on with admin credentials. If the sensitive user files are in clear text, the attacker can seize them.

Even if they are encrypted on the machine using Windows Encrypted File System (EFS), the attacker can still log on to the machine with administrator access. As long as the EFS-protected files are encrypted by a user other than the default administrator, the attacker can use admin privileges to dump the machine's local SAM database. He could then crack the user's password for the account that encrypted the file, relying on a free password cracking tool such as Cain or John the Ripper, and use this password to gain access to the files, with EFS transparently un-encrypting the files for the user.

Yet there are stronger methods available beyond EFS, like whole-disk encryption technologies that encrypt everything, including the operating system booted via a special secure boot loader. Attackers are not above using simple trial and error, which is a possibility that should not be discounted. For instance, a malicious hacker could create a hardware device that interfaces with the USB port of a stolen laptop, trying thousands of passwords per hour, possibly eventually guessing one successfully.

But, in February 2008, another useful attack vector called a "cold-boot" was discussed widely. It was based on some fascinating research from Ed Felton's team at Princeton University. In this so-called cold-boot attack, the bad guy takes a hibernating machine and disconnects power. As we all know, RAM is volatile, but it's not volatile enough so that secrets (including passwords and crypto keys) stored in memory vanish instantly; in fact, they remain for several minutes and potentially longer if the memory is cooled. After removing power, the attacker can boot the system to an external device, such as a CD or USB token, and dump RAM, storing the results on the USB drive or sending it across the network. The attacker can then scour the memory image looking for the data structures that store the secret needed to decrypt the laptop. With this secret, the attacker can either copy the entire encrypted partitions or reboot the machine and have the built-in software decrypt it. There's even free software appearing now that helps automate part of this attack, particularly the boot process and dumping of memory.

More information:

• Looking to ensure the strength of corporate passwords? Find out more.
• Check out the current trends in identity and access management.