Weekly security week wrapup 23 and 24

It’s been two weeks since the weekly security wrapup, which makes ‘weekly’ a rather week term. Lots of excuses I could utter, but they’re all saying: “been busy”, which is another way of saying “I decided that other things were more important to do”. However, here we go again.

Cheap GPUs are breaking passwords faster

Obviously, they’re good at doing stupid things fast(er), and cracking passwords is about the stupidest task possible for a computer. However, for some of the strong stuff out there, like truecrypt, it does not really matter.  Truecrypt, for instance, has a rather slow initialization routine, which takes about 10ms on an average processor, which means you can check 100 passwords/sec. If a CUDA implementation were to increase that 1 million times (10^6), you can check 10^8 passwords per second. But if you have a 10 char password (upper/lower/digits), there are roughly 10^17 possibilities. Checking 10^8 passes/s means it takes 10^17/10^8/2 ~= 10^8 seconds. Which is another way of saying 76 years. That’s longer than the average time it takes for a disk to disintegrate by itself, last time I checked. Still, using CUDA to speed things up is quite cool.


Mac Reversing: Starter’s guide

I’ve found this article on (OSX) malware analysis for beginners. It talks you through the beginning of using IDAPro and how to start analysing it. It’s excellent, but you need to keep paying attention, or you loose track quite easily.


Electric car trouble

And we’re not talking about the trouble you have driving your new electric Nissan Leaf and looking for a place to have lunch, dinner and a nap before your car is charged up. No, we’re talking about the car’s builtin firmware’s RSS reader telling all servers your current location, speed and whether you have the aircon on. That’s not funny.