Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Instant decryption of MS Office 2010 documents now possible

Posted on 21 May 2012.

Passware announced Passware Kit Forensic 11.7, which includes live memory analysis and subsequent decryption of MS Word or Excel 2007-2010 files. In addition, the new version instantly decrypts PGP Whole Disk Encrypted volumes and recovers passwords for Apple disk images.

"Until now, there had been no solution available commercially to crack MS Office 2007-2010 encryption in predictable time. Brute-force attack was the only method available," said Dmitry Sumin, president, Passware, Inc. "With our focus on live memory analysis, which makes instant recovery of MS Office encryption keys and the ability to use them to decrypt the documents possible, we continue to pioneer decrypting MS Office documents."

The latest version of Passware Kit Forensic includes live memory acquisition over FireWire and subsequent recovery of a file's encryption key – regardless of the password length and complexity. This method works if the target MS Word/Excel file was open on a seized computer at the time of its memory acquisition, or when the computer last went into 'sleep' mode.

Other memory analysis options provided by Passware include decryption of BitLocker, TrueCrypt, PGP, and Mac FileVault 2 hard disk images, and recovery of Mac user login passwords.

According to Per Thorsheim, organizer of the "Passwords^12" conference in Norway, "With the addition of instant Microsoft Office password recovery to an already impressive range of features, Passware takes a big step in the evolution of forensic tools. Where we previously could not recover passwords from document files with strong encryption, Passware now offers a solution for instant Office file password recovery in many situations. For forensics work, this is without doubt a very useful feature, and is probably the only solution of its kind in the market today."

Moreover, while these new enhancements may draw concerns from IT security professionals who wonder what effective encryption methods remain, Thorsheim continues, "As security professionals, it is once again time for us all to update our threat analysis, where existing and new configuration options should be considered for safeguarding sensitive and secret information. This applies to both hardware as well as software options, and should be analyzed carefully."