<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Garamond, sans-serif; ">
<div><span style="font-family: Helvetica; ">In this issue:</span></div>
<div><span class="Apple-style-span" style="border-collapse: separate; font-family: Calibri; font-size: medium; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-family: Helvetica; font-size: 14px; ">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-size: 12px; ">
<div>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">1. Microsoft Security Updates for December 2012</p>
<p style="margin: 0px; font-size: 14px; ">2. Passwords: Now Cracked Faster</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">------------------------------------------------------------------</p>
<p style="margin: 0px; font-size: 14px; ">1. Microsoft Security Updates for December 2012</p>
<p style="margin: 0px; font-size: 14px; ">------------------------------------------------------------------</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">This week, for Patch Tuesday, Microsoft is planning to release seven new
<a href="http://technet.microsoft.com/en-us/security/bulletin/ms12-dec">security bulletins</a>. Five are critical, two are important. The fixes affect the following products:</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<ul>
<li style="margin: 0px; font-size: 14px; ">Microsoft Windows and Windows Server (all versions)
</li><li style="margin: 0px; font-size: 14px; ">Internet Explorer (IE6 through IE10) </li><li style="margin: 0px; font-size: 14px; ">Microsoft Office (in particular Word) </li><li style="margin: 0px; font-size: 14px; ">Microsoft Exchange Server </li><li style="margin: 0px; font-size: 14px; ">Microsoft Office Web Apps </li></ul>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">On Tuesday, the security updates will be available from the Windows Update tool, the Windows Server Update Services or the Download Center. MIT WAUS subscribers will receive the updates when they have been tested and
released.</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">------------------------------------------------</p>
<p style="margin: 0px; font-size: 14px; ">2. Passwords: Now Cracked Faster</p>
<p style="margin: 0px; font-size: 14px; ">------------------------------------------------</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">At a conference in Oslo last week, a presentation described how a cluster of 25 AMD Radeon GPUs (read: very, very fast computers) using a combination of software (including a freely available password-cracking suite
optimized for GPU computing) can make <b>348 billion guesses per second </b>against NTLM hashed passwords (NTLM stands for NT LAN Manager, a suite of Microsoft security protocols that provides authentication, integrity and confidentiality to users). It makes
63 billion guesses against SHA-1 hashed passwords (SHA-1 is an algorithm used in cryptography).</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">In human speak: Passwords can now be cracked faster, giving password thieves even stronger tools to read your passwords.</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">The system described above operates against off-line password lists which are now available due to the large number of system breaches that led to password leaks.</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; ">What this means for users is that 8-character passwords are no longer sufficient and we should use longer passwords to help defeat brute force attacks and complex passwords to help defeat dictionary attacks. Of course,
users should also not use the same password on multiple accounts. See these <a href="http://ist.mit.edu/security/passwords">
additional tips on passwords</a>.</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; "><a href="http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/">Read the story in the news</a>.</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">===================================================================================</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">Read all Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/">http://securityfyi.wordpress.com/</a>.</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">===================================================================================</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class="khtml-block-placeholder">
</div>
<br class="Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>