Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Sceurity. Show all posts

RTX 4090 can Crack Your Password in 50 Minutes

 

RTX 4090 can Crack Your Password in 50 Minutes RTX 4090 can crack one of your passwords twice as quickly compared to the previous leader RTX 3090. 

Threat analyst and password cracker Sam Croley expressed on Twitter how amazing the latest GeForce RTX 4090 is in breaching passwords. The Ada Lovelace architecture flagship graphics card can crack one of your passwords twice as quickly as the previous leader, the RTX 3090, by circumventing Microsoft’s New Technology LAN Manager (NTLM) authentication technique. 

According to the researcher, all of the tests were performed using Hashcat v6.2.6 in benchmark mode. Hashcat is a popular and widely employed password-cracking tool utilized by system administrators, cybersecurity experts, and hackers to examine or guess user passwords. 

“First @hashcat benchmarks on the new @nvidia RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to a blazer for the run,” Croley tweeted. 

Croley's benchmark run results 

Based on the benchmark findings, a fully outfitted password hashing rig with eight RTX 4090 GPUs has the computing power to bypass through all 200 billion iterations of an eight-character password in 48 minutes. The sub-one-hour result is 2.5 times faster than the RTX 3090's previous record. Both benchmark measurements were performed using only commercially available GPU hardware and related software. 

Additionally, the Hashcat software offers multiple assault types created to facilitate password recovery assistance or, depending on the user, unauthorized access to another's accounts. The attack types include dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force assaults. 

While the benchmark results may sound ominous, it's important to note that the Croley performed a test on a limited set of real-world use cases and the cracking tool was working under ideal conditions on local/offline files. 

Moreover, individuals with enough bank balance can afford to buy RTX 4090. The password-cracking tools cost $1,600 including electricity costs. Therefore, it’s not merely a question of will. The RTX 4090 lowers the cost of actually cracking passwords, which will continue to happen as long as more potent GPUs are published and security techniques are primarily unchanged. 

The researcher advised users to employ multi-factor authentication and not use old passwords as it may allow a malicious hacker to get a hold of a password hash database.

Indianapolis Housing Agency Seeks Experts' Help to Identify the Ransomware Attack Operators

 

After suffering a ransomware attack earlier this month, the Indianapolis Housing Agency confirmed taking experts' assistance to discover the source and operators of the attack. 

The hackers targeted the internal information and email system of the IHA. The private data of nearly 25,000 IHA residents plus the data from vendors and employees as well as financial transactions shared with the Department of Housing and Urban Development was put at risk. 

“When we first learned about the breach, we contacted IHA and made sure they were ramping up and scaling up the technological expertise that they need to protect the data that may be subject to compromise,” Indianapolis Mayor Joe Hogsett stated. 

Although the source of this ransomware attack is still under investigation, hackers typically secure access by sending an unsuspecting email. “Phishing attack is when you get an email that looks like it came from a friend or someone trustworthy, but that sender address has been spoofed,” Apu Kapadia, professor of computer sciences at Indiana University’s Luddy School of Informatics, Computing, and Engineering, stated. 

Because these attacks could have foreign origins, it is challenging to identify the offenders. Hogsett claims he is preventing similar cyberattacks from affecting other city agencies. 

“In the interest of full disclosure, we made sure that the city of Indianapolis was firewalled, appropriately, so that our data would not be breached as the result of an intrusion,” Hogsett said. 

To ensure that landlords and vendors receive salaries on time, the officials at IHS are collaborating with its bank and the US Department of Housing and Urban Development. 

Over the past few years, IHA is making headlines for the wrong reasons. IHA faced federal financial reviews after a federal whistleblower complained that the agency was operating at the whim of private investors who called their loans or moved to seize control of properties that were underperforming. 

Marcia Lewis, IHA’s interim executive director recently extended her temporary one-year tenure while Mayor Hogsett has delayed his search for her permanent replacement even though the agency is selling off its interest in properties or contracting for on-site management. 

According to IU Kelley Business School Professor Scott Shackelford, the risk of disclosing the hack is to tip off the hackers that the agency under attack and its clients are aware their data has been compromised while at the same time the victims need to be recommended to take precautionary measures to guard their data. 

“As soon as the hack happens, the clock does start ticking and unfortunately that means that folks’ information, their identities, could be compromised almost immediately. First, you can put a fraud alert on your credit report,” advised Shackelford. “This makes it much harder for criminals for example to open up new accounts in your name because there’s going to be a double checking that has to happen before they do that. You could also think about freezing your credit.”