Dec 4, 2008

Cracking Acrobat 9 Password

Adobe admits Acrobat 9 passwords can be guessed more quickly.

Is this a True-Positive or True-Negative alert?
Adobe recently replied to the online discussion of Acrobat's vulnerability to brute-force attacks. Adobe claims that the specification for the 256-bit AES encryption in Acrobat 9 provides greater performance than the 128-bit implementation in previous versions. It is this improved performance that allows Acrobat 9 to open protected documents much more quickly.

Adobe has admitted that brute-force attacks and dictionary-based password cracks benefit from the program's extra speed, because "fewer processor cycles are required" to test each password guess than with AES 128-encrypted documents. Adobe does not say how much faster attacks can be carried out, but Elcomsoft, a manufacturer of password-recovery tools, claims that passwords can now be cracked 100 times faster.

To help mitigate dictionary attacks, Adobe advises customers to use long passwords or pass-phrases. Version 9 supports Unicode pass-phrases up to 127 characters in length. For even greater security, Adobe recommends using encryption based on the Public Key Infrastructure (PKI), although this requires the use of Adobe LiveCycle Rights Management.

See also:

Dec 2, 2008

Patching via Command Line

An interesting article about patching via command line. Below outlines the process and the command involves step-by-step.

  • Create a list of server to be patched.
get-qadobject -sizelimit 0 -type computer | where {$_.osname -match "server"} | select name > c:\servers.txt
  • Deploy the patch from a share folder.
psexec @serverlist.txt -c "\\File-Server\SecurityPatches$\MS08-067.exe /quiet /norestart /overwriteoem"
  • Reboot the servers.
gc c:\servers.txt | ForEach-Object { gwmi win32_operatingsystem -ComputerName $_ | ForEach-Object { $_.reboot() }}
  • Verify if any server failed the patching.
function Get-HotFix($server,$hotFixID) {
PROCESS{
$results = gwmi win32_quickfixengineering -computer $_ -filter "HotFixID='$hotFixID'"
if ($results) {
$results | select CSName,HotFixID,@{n="Installed";e={"Yes"}}
} else {
$results = "" | select CSName,HotFixID,Installed
$results.CSName=$_
$results.HotFixID=$hotFixID
$results.Installed="No"
$results
}
}
}
gc (Read-Host "Please provide path to server list file") | Get-HotFix -hotFixID (Read-Host "Hotfix ID") | ft -auto
>>>> See Poor Mans Patching with PSExec and PowerShell