Chip.de got hacked. 2.5 million SHA1-hashes

March 31, 2014 at 7:34 pm (Uncategorized) (, , , )

The german newsletter:

Liebe Forums-Mitglieder,
ein unberechtigter Dritter hat sich Zugriff auf die Verwaltung des CHIP Forums verschafft. CHIP nimmt diesen Vorfall sehr ernst: Deshalb wurde das Forum sofort abgeschaltet und unabhängige Forensik-Experten mit der Untersuchung des Angriffs beauftragt. Bis der genaue Angriffs-Weg nachvollzogen und die ausgenutzte Sicherheitslücke behoben ist, arbeiten die Systeme in einem sicheren Read-Only-Modus. Die Anmeldung am System ist so lange nicht möglich.

Was bedeutet das für die betroffenen User?
Wir wissen nicht, ob überhaupt Nutzerdaten entwendet wurden. Diese Meldung ist eine Vorsichtsmaßnahme im Sinne unserer User. Es ist jedoch nicht auszuschließen, dass E-Mail-Adressen und verschlüsselte Passwörter (so genannte Passwort-Hashes) entwendet wurden. Der Angreifer könnte mithilfe der Passwort-Hashes schwache User-Passwörter entschlüsseln. Daher sollten Nutzer, die dasselbe Passwort auch bei anderen Diensten verwenden, dort umgehend ein neues, sicheres Passwort erstellen.

Was unternimmt CHIP, um solche Angriffe in Zukunft zu verhindern?
Gemeinsam mit den externen Experten prüfen wir den genauen Angriffsweg. Anschließend wird die ausgenutzte Sicherheitslücke geschlossen. Sobald die Anmeldung im CHIP Forum wieder möglich ist, werden wir euch über einen Forenbanner informieren. Die User des Forums müssen ihr Passwort beim nächsten Login zurücksetzen.

Weitere Informationen und Tipps findet ihr in den FAQ, die wir für euch erstellt haben:
http://www.chip.de/artikel/CHIP-Forum_68832986.html

Die Sicherheit der User-Daten liegt uns sehr am Herzen. Wir werden alles unternehmen, um diese Sicherheit wiederherzustellen und bedauern den Vorfall. Solltet ihr noch Fragen haben, stellt diese bitte an forum@chip.de . Möchtet ihr euren Account löschen lassen, schreibt bitte in den Betreff der E-Mail „Löschen“. Als Mailinhalt schreibt bitte euren Usernamen dazu.

Vielen Dank für euer Verständnis!

Florian Konrad Schmitz,
Teamleiter Social und Community im Namen des gesamten Community-Teams

Permalink Leave a Comment

Happy New Year – 2014

January 1, 2014 at 12:00 am (Uncategorized)

Permalink Leave a Comment

oclHashcat v1.00 – The fusion of plus and lite

December 7, 2013 at 10:01 am (Uncategorized) (, , , , )

oclHashcat v1.00 is a fusion of oclHashcat-plus v0.15 and oclHashcat-lite v0.15

The reason for fusion was:

  • Simplify the project! Users were confused which tool among -lite and -plus they should choose.
  • Fusioned oclHashcat will automatically decide which kernel type to choose based on the attack-mode and the hash-type you selected
  • Save maintaining two programs with nearly the same codebase
  • Save disk-space and packages

http://hashcat.net/forum/thread-2897.html

Permalink Leave a Comment

New AMD cards R7 & R9

September 26, 2013 at 6:52 pm (Uncategorized) (, , , , , , , )

New sexy cards!!!

amd (1) amd (2)amd (3)

 

 

http://www.techspot.com/news/54124-amd-reveals-the-radeon-r9-290x-their-next-generation-gpu.html

http://wccftech.com/amd-radeon-r9-290x-hawaii-gpu-final-model-pictured-hot-cooler-design/

Permalink Leave a Comment

oclHashcat-plus v0.15

August 24, 2013 at 8:26 pm (Uncategorized) (, , , , )

Before we go into the details of the changes, here’s a quick summary of the major changes:

  • Added support for cracking passwords longer than 15 characters
  • Added support for mask-files, which enables password policy-specific candidate generation using PACK
  • Added support for multiple dictionaries in attack modes other than straight mode
  • Rewrote workload dispatcher from scratch
  • Rewrote restore support from scratch
  • Rewrote kernel scheduler to reduce screen lags
  • Better handling of smaller workloads/dictionaries
  • Language-specific charset presets for use with masks

New supported algorithms:

  • TrueCrypt 5.0+
  • 1Password
  • Lastpass
  • OpenLDAP {SSHA512}
  • AIX {SMD5} and {SSHA*}
  • SHA256(Unix) aka sha256crypt
  • MacOSX v10.8
  • Microsoft SQL Server 2012
  • Microsoft EPi Server v4+
  • Samsung Android Password/PIN
  • GRUB2
  • RipeMD160, Whirlpool, sha256-unicode, sha512-unicode, …

 

Read the full post on: https://hashcat.net/forum/thread-2543.html

Permalink Leave a Comment

hashcat v0.46

June 26, 2013 at 6:13 pm (Uncategorized) (, , , , )

We are happy to announce hashcat version 0.46; a major release w/ some new algorithms,
several interesting new features, improvements and some bug fixes

Download here: http://hashcat.net/hashcat/

Some algorithms we added that were not available in cpu hashcat but in oclHashcat:

  • Joomla
  • osCommerce, xt:Commerce
  • md5(unicode($pass).$salt)
  • md5($salt.unicode($pass))
  • Oracle 11g
  • sha1(unicode($pass).$salt)
  • MSSQL(2005)
  • sha1($salt.unicode($pass))
  • Cisco-PIX MD5
  • Samsung Android Password/PIN

Several other new algorithms:

  • Fortigate (FortiOS)
  • OS X v10.8
  • GRUB 2
  • IPMI2 RAKP HMAC-SHA1
  • bcrypt, Blowfish(OpenBSD)

A very important goal of this release was especially to improve speed for some algorithms, like:

  • NTLM: Performance increased by 22% (60 MH/s -> 73 MH/s)
  • sha512crypt: Performance increased by 82% (2010H/s -> 3670H/s)

Note: since we had to rewrite some core parts of cpu hashcat to allow some new features (like longer salts etc),
there might be some slight speed drops for some single hash types. We are aware of some of them and try to improve
them too, but in general this release increases the speed for several algorithms while adding new features.
There are of course also some bug fixes that hopefully are (among others) all in the list below.

 

http://hashcat.net/forum/thread-2408.html

Permalink Leave a Comment

hashcat v0.45

June 1, 2013 at 1:03 pm (Uncategorized) (, , , , , , , , , )

 Release with some new algorithms:

  • AIX smd5
  • AIX ssha1, ssha256, ssha512
  • GOST R 34.11-94

We managed also to fix some bugs and implement some additional feature requests

Download here: http://hashcat.net/hashcat/

http://hashcat.net/forum/thread-2329.html

Permalink Leave a Comment

PHD 2013 – Positive Hack Days

May 6, 2013 at 5:27 pm (Uncategorized) (, , , , , , )

Positive Hack Days will be held on 23-24 May 2013 in Moscow (Russia)

 

Positive Hack Days is an international forum on practical information security held by Positive Technologies. The unprecedentedly large event brings together specialists from both sides of the barricade, theory and practice, professional discussion and fascinating competitions.

The forum is hosting a record number of participants — more than 2,000 people, among whom are leading information security experts, the most important personalities of the hacking scene, students and young scientists, government representatives, CIO and CISO of the largest Russian and foreign companies.

Two days of non-stop activities:

  • information about the most recently developed products at first hand
  • discussions, seminars, round tables
  • CTF contests among the world’s best hacking teams
  • competitions in hacking and protecting information resources
  • experimenting and learning during hands-on labs under the guidance of experts.

The speakers will tell about hacking services underground market, how intruders hack iOS and Android smartphones, steal money from credit cards, penetrate SCADA, ERP, attack e-government websites, and will also speak on recent protection techniques.

Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems, it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.

 

Please check Hash Runner on the contest list: http://phdays.com/program/contests/

The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.

 

 

Site: http://phdays.com/
Contests: http://phdays.com/program/contests/
YouTube: http://www.youtube.com/user/positivehackdays

Permalink Leave a Comment

hashcat v0.44, oclHashcat-plus v0.14 and oclHashcat-lite v0.15

March 22, 2013 at 11:11 pm (Uncategorized) (, , , , )

3 new versions of the cats with bug fixes and new features. Check the post at hashcat forums:

http://hashcat.net/forum/thread-2160-post-12960.html

 

hashcat v0.44: http://hashcat.net/hashcat/

oclHashcat-plus v0.14: http://hashcat.net/oclhashcat-plus/

oclHashcat-lite v0.15: http://hashcat.net/oclhashcat-lite/

Permalink Leave a Comment

oclHashcat-plus v0.13 and oclHashcat-lite v0.14

February 2, 2013 at 12:42 am (Uncategorized) (, )

Good news!

 

This update is about:

  • Support for new drivers
  • Support for new algorithms
  • Support for new GPU types
  • Bugfixes

Based on what user reported on our new tracker: http://hashcat.net/trac/ – Thanks guys!

 

http://hashcat.net/forum/thread-2024.html

Permalink Leave a Comment

Next page »

Follow

Get every new post delivered to your Inbox.

Join 102 other followers