September 27, 2016

Facebook Account Password Extractor

ElcomSoft has announced the release of the Facebook Password Extractor, a free tool to recover Facebooks’ user credentials that are stored or cached in popular Web browsers.

The user credentials, such as user account and passwords, are routinely stored or cached in Web browsers to speed up access to protected resources. While it is possible to extract cached passwords from each of the popular Web browsers, it has never been an easy task. Mozilla Firefox, Apple Safari, Opera, Google Chrome and older versions of Microsoft Internet Explorer (v. 6 and earlier) use lighter security mechanisms that are easier to break. However, InternetExplorer 7, 8, and 9 employ an enhanced security model that makes extracting a cached password impossible without knowing the exact authorisation URL.

Facebook Password Extractor is the first free tool on the market to help users to recover lost and forgotten Facebook passwords from all popular Web browsers including enhanced-security Internet Explorer 7 to 9. This free for personal use (non-commercial) utility can instantly reveal cached login and password information to Facebook accounts. Supporting all versions of Microsoft Internet Explorer including IE9, Mozilla Firefox including Firefox 4, Apple Safari up to version 5, Opera up to version 11, and Google Chrome up to version 11, Facebook Password Extractor is the first free Facebook recovery tool to display multiple Facebook logins and passwords instantly and automatically.

Facebook Password Extractor supports the enhanced security model used in Internet Explorer 7 onwards, by including a small database containing exact Web addresses of all possible Facebook login pages.

Facebook Password Extractor can be downloaded now.

New Protection From Internet Routing Hijacking and Incorrect Addressing

The beginning of January saw the start of a new era for Internet routing. Well, it almost did. Four of the five Regional Internet Registries (RIRs) have deployed the Resource Public Key Infrastructure (RPKI), a robust security framework for verifying the association between resource holders and their Internet resources.

RIPE Network Coordination CentreThe RIRs, like the RIPE Network Coordination Centre (which is responsible for the European part of the Internet), provide Internet resource allocations, registration services and co-ordination activities. RPKI allows ISPs and network operators to verify the accuracy of routes on the Internet and to prevent fraudulent or erroneous misdirection of Internet traffic. A famous example of erroneous routing happened in 2008 when the YouTube web site was unavailable in several different parts of the world because Pakistan Telecom incorrectly co-opted YouTube’s IP address range as its own.

The only RIR not to implement RPKI yet is the American Registry for Internet Numbers (ARIN). According to their website their deployment has been delayed until “very early in the second quarter of 2011”.

Once AIRN is up and running the use of Resource Certificates will mean that worldwide each resource holder will own a certificate which lists the Internet resources (IPv4 addresses, IPv6 addresses, and Autonomous System Numbers) that are owned by the certificate holder (e.g. an ISP). The certificate are of course encrypted and by using the public keys associated with the certificate owner the list of Internet resources can be easily verified.