Products and Services
This is a archive for Products and Services.
Tuesday, February 14, 2012 @ 12:02 PM gHale
Apple has done a great job at encrypting passwords in iWork documents, but one company is now able to apply a distributed attack approach to recover lost passwords.
This makes Distributed Password Recovery the first tool to recover passwords for Numbers, Pages and Keynote apps, said ElcomSoft officials.
RELATED STORIES
Botnet Taken Down, then Resurfaces
Malware with Customer Support
New Software Cuts Costs, Risk
Scanner Email Hides Malware
“The recovery process is painfully slow”, said Andy Malyshev, ElcomSoft chief technology officer. “Apple used strong AES encryption with 128-bit keys, which makes password attack the only feasible solution. We’re currently able to try several hundred password combinations per second on an average CPU. This is slow, and thus only distributed attacks can be used to achieve a reasonable recovery time. However, the human factor and our product’s advanced dictionary attacks help recover a significant share of these passwords in reasonable timeframe.”
With strong encryption and long keys, an attack on encryption keys is not feasible as long as the encryption uses proper implementation. Therefore, Elcomsoft Distributed Password Recovery handles the case by performing an attack against user-selectable passwords, attempting to recover the original plain-text password.
Considering the very nature of iWork as an inexpensive, simple-to-use, consumer-oriented product, chances of hitting the right password by executing a distributed dictionary attack are good.
Here are some features of the program:
• Hardware acceleration (patent pending) reduces password recovery time by a factor of 50
• Support for NVIDIA CUDA cards, ATI Radeon and Tableau TACC1441 hardware accelerators
• Linear scalability with no overhead allows using up to 10,000 workstations without performance drop-off
• Allows up to 64 CPUs or CPU cores and up to 32 GPUs per processing node
• Broad compatibility recovers document and system passwords to various file formats (click for the complete list of formats)
• Brute-force and dictionary attacks
• Distributed password recovery over LAN, Internet or both
• Console management for flexible control from any networked PC
• Plug-in architecture allows for additional file formats
• Schedule support for flexible load balancing
• Minimum bandwidth utilization saves network resources and ensures zero scalability overhead
• Storing all discovered passwords, forming a separate/internal dictionary (password cache)
Tuesday, January 24, 2012 @ 12:01 PM gHale
By Gregory Hale
Issues surrounding manufacturers continue to reverberate from trying to get disparate systems to work together to provide unified data that will allow a plant to run smoothly and efficiently. Plus, on top of that they must be secure from the ever increasing cyber threat inherent with today’s open systems.
Security provider Industrial Defender today is taking on that challenge with its new software product for operators of automation systems, including NERC CIP-affected power utilities.
RELATED STORIES
Struggle to Secure Mobile Devices
All Mobile Devices Victimized
Trojan Acts like Carrier IQ Tool
Scareware Meets Smartphones
Automation Systems Manager (ASM) integrates asset management, event management, configuration change management, policy compliance, endpoint security, and reporting. ASM significantly reduces security vulnerabilities, operational overhead, human error and, ultimately, system outages of SCADA, energy management and other automation-related environments, said Brian Ahern, chief executive at Industrial Defender.
“We are addressing issues beyond just security,” Ahern said. “We made a decision to address a functional strategy to a unified platform. We want a unified approach across a disparate array of systems. We worked very closely with our customers on a platform-agnostic, unified view of their complex environments.”
The new platform allows for change management enabling users to address workflow, cost efficiency and sustainable processes to meet their goals.
“Our research shows that as organizations expand their automation systems and upgrade them with new technologies, overlaps emerge in areas such as security and compliance,” said Pike Research Senior Analyst Bob Lockhart. “Solutions that can successfully integrate presently separate and duplicative functions can deliver a range of benefits, including reduced operating expenses, lower risk, greater efficiency and reduced complexity.”
ASM is available in three software editions: Monitor, Manage and Protect:
Monitor – Provides event data collection from disparate industrial endpoints and includes centralized event logging, correlation and archiving. It provides consolidation of log data for analysis and forensics, a customizable dashboard, and offers fast, agent-less deployment.
Manage – Integrates asset management, configuration change management, policy management and compliance reporting with automated data collection and verification tools. It also includes all of the functionality in the Monitor solution.
Protect – Provides application whitelisting and host intrusion prevention system (HIPS) capabilities to protect control systems form rogue applications and malware. It includes all of the functionality of the Manage solution.
This package does integrate separate and duplicative functions and can reduce expenses, lower risk, increase efficiency and reduce complexity, but it also gives a potential new tact to take on how to introduce security into a discussion.
“When you talk about security, it is viewed as an insurance policy and when you talk about compliance it is view as a tax,” Ahern said. “This addresses security as a program across all assets. If you bring in the management discussion — how you manage the process, people and expense – then you can come up with a formula to create actionable items.”
Gregory Hale is editor and founder of ISSSource.com.
Friday, December 16, 2011 @ 04:12 PM gHale
Malaysia’s Kencana Petroleum will pay $3.7 billion in a merger deal for SapuraCrest Petroleum to create the world’s fifth-largest oil and gas service provider.
The merger should wrap up by February with the new entity listed in March, pending regulatory approvals, Kencana said in a statement.
RELATED STORIES
ABB Dealing: Buys UPS Provider
Down Under Deal: ABB for Powercorp
Classic Antenna Gives a Power Boost
Swiss Say No More Nukes
The merger would create an entity that is competitive in the international arena, with a workforce of 9,000 staff in more than 20 countries, said Kencana Chief Executive Mokhzani Mahathir.
Integral will undergo a name change to Sapura Kencana Petroleum Berhad following its listing, said SapuraCrest Vice Chairman Shahril Shamsuddin.
He said the merged entity would have contracts in hand totaling $4.1 billion) of which half would be from overseas — mainly Brazil, Australia, India and the Middle East.
Monday, November 28, 2011 @ 12:11 PM gHale
Bechtel International Inc. selected Honeywell to design and implement automation and safety solutions for a new multi-train liquefied natural gas (LNG) facility under construction as part of the Australia Pacific LNG Project in Queensland, Australia.
The Australia Pacific LNG Project — a joint venture between Origin Energy, ConocoPhillips and Sinopec — will create a long-term industry utilizing Australia Pacific LNG’s coal seam gas (CSG) resources in the Surat and Bowen basins.
Honeywell will provide Integrated Control and Safety Systems (ICSS) at the new facility, which converts CSG to LNG. The Project will produce coal steam gas for commercial markets locally and overseas and already supplies gas to power stations in Queensland, major industrial customers and homes and businesses in south east Queensland.
The solution consists of components including Honeywell’s Experion PKS, distributed control system, Safety Manager, which includes Honeywell’s Safety Instrumented Systems (SIS), their Fire & Gas Systems (FGS), and Enterprise Building Integrator, which serves as a platform for the fire detection systems and security systems, and integrates with the Experion PKS.
Monday, November 21, 2011 @ 05:11 PM gHale
ABB will now work toward integrating Australian renewable power automation company, Powercorp, into its power system portfolio.
Darwin based Powercorp employs 30 people and offers automation and intelligent control solutions to manage renewable energy generation in isolated grids, ensuring utility grade power quality and grid stability. This enables very high levels of wind and solar power penetration into isolated diesel powered grids, thus reducing emissions and dependency on fossil fuel.
RELATED STORIES
Classic Antenna Gives a Power Boost
Swiss Say No More Nukes
Easier Organic Energy on Horizon
Health, Safety Behind the Wheel
“Powercorp brings expertise for the integration of renewable energy generation into conventional micro and remote island grids,” said Peter Leupp, head of ABB’s Power Systems division. “This bolt-on acquisition will add specialist know-how and solutions to our control systems offering and further strengthen our position in the renewable space.”
Powercorp has installed systems to integrate renewable power into remote grids and keep generation in balance with consumption. The company also supplies systems that dynamically store and release energy in response to frequency and voltage deviations, to stabilize small or remote grids.
“Joining forces with ABB is a logical next step for the growth of our business,” said Alan Langworthy chief executive of Powercorp. “It will expand our global reach and help create optimal solutions for higher and better use of renewable energy generation.”
The transaction should close before year end.
Monday, August 22, 2011 @ 05:08 PM gHale
Honeywell launched its Remote Collaboration, Optimization and Operations solution, which helps users share expertise across remote facilities, improving safety in hazardous environments, as well as optimizing production and improving recovery.
In the upstream oil and gas and mining industries, multiple production facilities often spread out over vast geographical distances and, in some cases, in hazardous environments, making it difficult to ensure the safety of plant personnel and production assets, or share valuable information and best practices. Plus, remote facilities often operate independently from one another, making it even harder to share information and to achieve optimal productivity levels across the whole network.
Honeywell Process Solutions’ approach allows industrial organizations to monitor and manage operational activities across multiple facilities from anywhere within a network of sites, leading to better collaboration between staff and process optimization across locations. Sites can connect to each other, through a central facility or via a network of interconnected collaboration centers, supporting real-time collaboration, resolving challenges quickly and improving production/yield over the full lifecycle.
“As organizations grow, it becomes more important for them to work efficiently across different locations to meet growing production demands,” said Ian Brown, Vice President and General Manager, Advanced Solutions. “With this solution, these companies have seen a boost in yield and production, increased profit margins without major capital expansions, faster and more accurate decision making by operations staff, and reduced energy consumption.
Monday, August 1, 2011 @ 05:08 PM gHale
Industrial Defender unveiled System Assurance Services for customers in critical infrastructure sectors, including utilities, chemical, water, and oil and gas.
These new offerings, part of the company’s Sustainability Services portfolio, provide customers the means to drive continuous security and compliance without taxing in-house resources.
The increasingly sophisticated threat environment, coupled with growing complexity in managing regulatory and internal policy requirements, can stress critical infrastructure operators’ ability to sustain security and compliance.
The System Assurance Services program provides the expertise to maintain a rigorous security and compliance posture, while ensuring the user focuses scarce resources on its core competencies.
“For critical infrastructure owners, it is imperative that security and compliance management programs are sustained over time. Failing to maintain an optimal security posture creates risk for any number of security, compliance or operational objectives,” said Brian Ahern, president and chief executive at Industrial Defender. “By leveraging our expertise and resources, customers can ensure continual program rigor while maintaining focus on core operational requirements, such as system reliability and availability.”
The new program offers services for the Monitoring, Managing and Protecting.
System Assurance for Monitoring: This is a security event management-based offering and includes automation system agent technology. The solution delivers real-time security and health activity monitoring to quickly discover and respond to events having an impact on security, compliance and operational efficiency.
The program provides on-site installation of firmware and anti-virus updates. Users also receive an overall review of the solution’s health, support in managing user accounts and updated tuning of the system, including new rules and templates. In addition, they provide solution training.
System Assurance for Managing: The Manage solution leverages security event and compliance management technology, along with automation system agents, to manage and report on critical system attributes such as configurations, patch status, and user accounts, among others.
The plan provides ongoing support of a compliance management technology implementation including re-baselining of system software, patches, ports and services to sustain ongoing compliance. The service also delivers updates on report subscriptions and validation of automation assets integrated into the solution.
System Assurance for Protecting: This program delivers host intrusion prevention capabilities alongside integrated security event, compliance management and automation system agent technology. The Protect solution prevents zero-day malware and other suspicious software from compromising critical host systems.
This plan builds on the Monitor and Manage solution services by adding capabilities associated with host intrusion prevention technology. Through this service, customers receive security policy reviews and updates; trusted change updates, including applications, users, signatures and packages; and removal of unapproved applications permeating end points.
Click here for more information on System Assurance Services.
