http://www.informationweek.com/security/vulnerabilities/laptop-fingerprint-readers-vulnerable-to/240006528 By Mathew J. Schwartz InformationWeek August 30, 2012 Beware of a "major flaw" in the UPEK Protector Suite software that's been preinstalled on many laptops with built-in UPEK fingerprint readers. That warning comes from ElcomSoft, a Russian provider of encryption-cracking software. "After analyzing a number of laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite, we found that your Windows account passwords are stored in [the] Windows registry almost in plain text, barely scrambled but not encrypted," said Olga Koksharova, marketing director at ElcomSoft, in a blog post. As a result, anyone with physical access to a laptop that runs the UPEK Protector Suite can "extract passwords to all user accounts with fingerprint-enabled logon," she said. To mitigate the information security vulnerability, she advised anyone with a laptop that has UPEK Protector Suite installed to ensure that the "Windows logon feature" in the software is disabled for all accounts on the machine, which should then clear all stored passwords. She noted that UPEK's biometric software has been included on devices manufactured by Acer, Asus, Dell, Gateway, Lenovo, MSI, NEC, Samsung, Sony, and Toshiba. [...]Received on Fri Aug 31 2012 - 02:50:18 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 31 2012 - 02:50:05 PDT