Advanced Search
Search
  
  1. Send a release
  2. Member sign in
  3. Become a member
  4. For journalists
  5. Global sites
PR Newswire: news distribution, targeting and monitoring
  1. Products & Services
  2. Knowledge Center
  3. Browse News Releases
  4. Contact PR Newswire

Other News Releases in High Tech Security

Document Security Systems Announces Ruling in Patent Validity Hearing by Austrian Patent Office

eVoter Launches in Illinois for the February 2010 Primary Election

GLOBAL Defense Technology to Ring Closing Bell at NASDAQ on Monday, November 23, 2009

Other News Releases in Surveys, Polls and Research

U.S. Census Bureau Daily Feature for Nov. 23

Majorities Reject Banning Defamation of Religion: 20 Nation Poll

Amid the Flu Epidemic, Don't Forget RSV in Young Children

Journalists and Bloggers

Visit PR Newswire for Journalists for releases, photos, ProfNet experts, and customized feeds just for Media.

View and download archived video content distributed by MultiVu on The Digital Center.

See more news releases in: High Tech Security, Internet Technology, Computer Electronics, Computer Software, Web Site, Surveys, Polls and Research

 

ElcomSoft Surveys Corporate Users, Discovers Major Security Hole

MOSCOW, October 12 /PRNewswire/ -- ElcomSoft Co. Ltd. has conducted a survey on its customers, and discovered a major security hole in the choice of passwords among respondents. According to poll data, up to 77% of computer users use the same password to protect multiple types of information, making even securely protected data susceptible to the 'weakest link' attack.

Password recovery products such as Elcomsoft Forensic Bundle can therefore gain access to information protected with long passwords and secure encryption by obtaining these very same passwords from accounts and document types that lack secure protection. Newly discovered data allows the company to claim that most information can be unlocked by criminal investigators and forensics when analyzing entire hard disks as opposed to individual documents.

The Issue

According to the survey conducted by ElcomSoft, as many as 77% of respondents use or have used the same passwords for different applications, documents and websites. This fact per se does not help an outside attacker to quickly unlock a single document protected with a strong password and an adequate encryption algorithm. However, if one gets access to the entire hard drive, extracting passwords protecting certain types of information (e.g. email accounts, Web forms, instant messenger accounts and so on) is near instant. By using passwords extracted from the weaker link, it becomes possible to unlock other types of information protected with much stronger encryption algorithms if the same or similar passwords are used.

While using the same password on multiple types of information is usually against corporate security policies, other researches suggest that such users can avoid automatic enforcement of a security policy by adding numbers or suffixes to such passwords. Password recovery tools with advanced dictionary attacks allowing permutations of dictionary words can easily handle the slight differences in password prefixes and suffixes.

"People tend to re-use passwords among different accounts, and to protect different types of information", says ElcomSoft CEO Vladimir Katalov. "We just haven't realized how large the extent of the issue is." Sharing passwords among different accounts and types of information gives those equipped with appropriate password recovery tools a good chance to gain access to everything protected with said password in almost no time.

Discoveries by ElcomSoft help reassure forensics and criminal investigators that, if password recovery tools such as Elcomsoft Forensic Bundle are used, it becomes possible to unlock the most securely protected information quickly; often in real-time. Elcomsoft Forensic Bundle can retrieve many kinds of passwords instantly, form a dictionary of discovered passwords, and perform a full-scale dictionary attack in an attempt to unlock documents and system accounts protected with strong encryption algorithms.

Polls and surveys conducted by other companies on similar topics confirm ElcomSoft's findings. A survey on security awareness conducted by PC Tools found that 47 per cent of men and 26 per cent of women use the same password for every website they visit. Data from this and other surveys as well as ElcomSoft in-house studies suggest that, in about 40 to 78 per cent of all cases, the recovery will successfully complete in just minutes.

The Survey

The "Password Usage Behavior" survey was conducted online from June 3, 2009 through September 1, 2009. ElcomSoft has invited its clients - CIOs, IT administrators, security experts from governmental and military sectors as well as ordinary users - from around the globe. The results of this survey are based on responses from more than 1000 security and IT professionals from more than 70 countries. Thirty-nine percent of respondents were from Europe, followed by North America (36%), Asia (12%), the Middle East (6%), Australia (4%), South America and Africa (3%).

According to the poll findings, 50 percent of respondents use more than 10 different passwords. While 29 percent have from 4 to 10 passwords, 11 percent claimed to use only from 1 to 3 passwords to get access to websites and applications. This news is disturbing as 3 passwords used everywhere cannot guarantee proper security, especially when these passwords are used to access both personal and work accounts. 77% of respondents use or have used the same passwords for different applications, documents and websites.

Elcomsoft Forensic Bundle

The complete set of ElcomSoft password recovery tools enables forensics and criminal investigators to gain access to protected information, unlock password-protected accounts and decrypt encrypted files and documents in many popular formats. Based on in-house tests and feedback from ElcomSoft valuable customers, ElcomSoft password recovery tools are the fastest on the market, the easiest to use and the least expensive. Elcomsoft Forensic Bundle is the most complete set of password recovery tools currently available on the market.

About ElcomSoft Co. Ltd.

Established in 1990 in Moscow, Russia, ElcomSoft Co.Ltd. manufactures state-of-the-art computer forensics tools and provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft was serving the needs of businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools and products are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association. ElcomSoft is a Microsoft Gold Certified Partner and an Intel Software Partner.

Prices for Elcomsoft Forensic Bundle start from $1399. For more information about the product and to download an evaluation version of Elcomsoft Forensic Bundle, visit ElcomSoft Co. Ltd. at http://www.elcomsoft.com/eprb.html

Full data and methodology of this survey are available online at ElcomSoft Web site at http://www.elcomsoft.com/

    ElcomSoft Co. Ltd.
    http://www.elcomsoft.com/
    info@elcomsoft.com

SOURCE Elcomsoft s.r.o.