@stake, Inc. Launches LC 5 - Newest Version of L0phtCrack Password Auditing and Recovery Application.Business Editors CAMBRIDGE, Mass.--(BUSINESS WIRE)--May 18, 2004 First Cross-Platform Auditing Solution for Windows and UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). ; Pre-Computed Password Tables Speeds Recovery from Hours to Minutes Digital security company @stake, Inc., today announced the latest release of its L0phtCrack automated password auditing and recovery application, LC(TM) 5. This new version is a cross-platform Windows(R) and Unix(R) solution, and features the first commercially available pre-computed password tables, which can reduce password auditing from hours to just minutes. "Every chief security officer and CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. knows that weak passwords are one of the most critical security threats to an organization's network," said Mike Pittenger, general manager of products, @stake, Inc. "Yet conducting audits to root out weak passwords, like family names or birthdays, or canceling outdated passwords, is a cumbersome and expensive manual task that is often left undone. Seven years after LC 1.0 was released, weak passwords still have a top ranking on the SANS Institute The SANS Institute (SysAdmin, Audit, Networking, and Security) is a trade name owned by the for-profit Escal Institute of Advanced Technologies. SANS provides computer security training, professional certification, and a research archive. Top Twenty List of the Most Critical Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Vulnerabilities; they are currently number three." LC 5 features a wizard-based interface to configure, schedule and run comprehensive audits on Windows (2003, XP, 2000 and NT versions) and Unix (multiple versions) accounts across the enterprise automatically and unattended. "Automating regular scans to generate reports and trend data means system administrators can spot and fix vulnerabilities faster and more accurately," continued Pittenger. "LC 5 is the only password assessment product that provides a cross-platform solution for consistent, automated and rapid audits. It represents a quick and practical way to fix vulnerabilities anywhere in the organization, and helps to establish consistent password protection controls." Pre-Computed Password Tables - Audits in Minutes, Not Hours Traditional password auditing tools use one or more of three basic techniques for password auditing and recovery: dictionary, hybrid and brute force (programming) brute force - A primitive programming style in which the programmer relies on the computer's processing power instead of using his own intelligence to simplify the problem, often ignoring problems of scale and applying naive methods suited to small problems directly . Dictionary tools scan for words while hybrid tools scan combinations of both words and numbers. The brute force method, which can take days to run, scans an almost inconceivable number of letters, numbers and character combinations to root out passwords. "One of the unique differentiators of this release of LC 5 Administrator Edition is the inclusion of pre-computed passwords," said Charles Kolodgy, research director for security products at IDC. "Normally brute force audits to discover weak passwords can take days, with only a small portion of the total number of passwords being checked. Now with @stake providing an immense library of pre-computed passwords, it is possible to emulate brute force password audit techniques, but conduct them in a fraction of the time. LC 5 can conduct traditional brute force scans as well, and includes foreign language dictionaries and character sets, allowing companies to scan for password vulnerabilities across the global enterprise." Recovering Passwords Wherever They Reside LC 5 can audit and uncover passwords no matter where they reside - on local or remote PCs, workstations or servers, within domain controllers or in Active Directory. Password data can also be obtained from system memory, SAM files and shadow files on Unix. LC 5 can conduct multi-domain scans securing password integrity across an entire business, not just a single domain. Reports and Password Scoring The new version of @stake's LC can highlight trends and problem areas through its enhanced reporting capability by providing real-time data Real-time data denotes information that is delivered immediately after collection. There is no delay in the timeliness of the information provided. Some uses of this term confuse it with the term dynamic data. and plots in both graphic and text formats. Summary reports cover information ranging from the scope of weak or empty passwords to information on locked, old or dormant accounts. LC 5 reports also summarize password length and types. Recovered passwords are also scored to help establish standards for various users and groups to ensure that higher-level users, such as network administrators, adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. standards of password protection. Actionable Remediation In addition to vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. , LC 5 offers a number of remediation tools to help system administrators make password changes across the enterprise or even disable To turn off; deactivate. See disabled. suspicious accounts. The LC 5 license also includes access to the @stake support Web site, offering users advice on establishing best practices for password assignments and management. Product Availability - 15-Day Free Trial @stake's LC 5 is available in a number of editions including: 1) Professional Edition, which supports both Windows and Unix environments; 2) Administrator Edition, which offers scheduled audits and pre-computed password hashes in multiple domains to dramatically accelerate auditing; 3) Site Edition, for site-wide installations; and 4) a Consultant Edition for multi-client assessments. Product and licensing information and online ordering is available at http://www.atstake.com/lc or by calling 617-768-2715. A free, 15-day trial version is also available. About @stake, Inc. @stake, Inc., the premier digital security company, helps corporations secure critical infrastructure and electronic relationships. Delivering world-class consulting and education through its SmartRisk(TM) methodology and products, @stake clients include six of the world's top ten financial institutions, four of the world's top ten independent software companies and seven of the world's top ten telecommunications carriers. As the first company to develop an empirical model that measures Return On Security Investment (ROSI ROSI Return on Security Investment ROSI Repository of Student Information ROSI Rollergirls of Southern Indiana (Evansville, IN) ROSI Raytheon Optical Systems Incorporated ROSI Romanian Open Source and Free Software Initiative ), @stake helps clients keep security investments in line with business requirements. Headquartered in Cambridge, MA, @stake has offices in Chicago, London, New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of , Raleigh, San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden , and Seattle. For more information, go to www.atstake.com. @stake, LC, and SmartRisk are trademarks of @stake, Inc. Microsoft, Windows, Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. , and the Windows logo are trademarks of Microsoft Corporation (company) Microsoft Corporation - The biggest supplier of operating systems and other software for IBM PC compatibles. Software products include MS-DOS, Microsoft Windows, Windows NT, Microsoft Access, LAN Manager, MS Client, SQL Server, Open Data Base Connectivity (ODBC), MS Mail, in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product and service names may be trademarks or service marks of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion